gofmt

Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>
v0.0.5
2026-05-20 09:42:34 +02:00 · 2026-05-19 23:09:00 +02:00 · 2026-05-19 23:08:18 +02:00 · 2026-05-19 23:06:26 +02:00 · 2026-05-19 23:06:06 +02:00 · 2026-05-19 23:01:04 +02:00
101 changed files with 3998 additions and 1664 deletions
@@ -1,28 +0,0 @@
 ---
 name: "🐞 Bug Report"
 about: Report a reproducible error
 title: "[BUG] "
 labels: bug
 ---
 **Describe the bug**
 A clear and concise description of the issue.
 **To Reproduce**
 1. Go to '...'
 2. Click on '....'
 3. See error
 **Expected Behavior**
 What should have happened.
 **Environment**
 - OS:
 - Version (`spilltea -v`):
 **Additional Context**
 Add any logs or screenshots here.
@@ -0,0 +1,57 @@
 name: "🐞 Bug Report"
 description: Report a reproducible error
 title: "[BUG] "
 labels: ["bug"]
 body:
  - type: textarea
    id: description
    attributes:
      label: Describe the bug
      description: A clear and concise description of the issue.
    validations:
      required: true
  - type: textarea
    id: steps
    attributes:
      label: Steps to reproduce
      description: Step-by-step instructions to trigger the bug.
      placeholder: |
        1. ...
        2. ...
        3. See error
    validations:
      required: true
  - type: textarea
    id: expected
    attributes:
      label: Expected behavior
      description: What should have happened instead.
    validations:
      required: true
  - type: input
    id: os
    attributes:
      label: Operating system
      placeholder: "e.g. Ubuntu 24.04, macOS 15"
    validations:
      required: true
  - type: input
    id: version
    attributes:
      label: spilltea version
      description: Output of `spilltea -v`
      placeholder: "e.g. v0.3.1"
    validations:
      required: true
  - type: textarea
    id: additional
    attributes:
      label: Additional context
      description: Logs, screenshots, or anything else relevant.
    validations:
      required: false
@@ -1,22 +0,0 @@
 ---
 name: "🚀 Feature Request"
 about: Suggest an idea for this project
 title: "[FEATURE] "
 labels: enhancement
 ---
 **Is your feature request related to a problem?**
 A description of what the problem is (e.g. I'm always frustrated when...).
 **Describe the solution**
 A clear description of what you want to happen.
 **Describe alternatives**
 Any alternative solutions or features you've considered.
 **Additional context**
 Add any other context or mockups here.
@@ -0,0 +1,37 @@
 name: "🚀 Feature Request"
 description: Suggest an idea for this project
 title: "[FEATURE] "
 labels: ["enhancement"]
 body:
  - type: textarea
    id: problem
    attributes:
      label: Problem
      description: Is your feature request related to a problem? Describe it.
      placeholder: "I'm always frustrated when..."
    validations:
      required: false
  - type: textarea
    id: solution
    attributes:
      label: Proposed solution
      description: A clear description of what you want to happen.
    validations:
      required: true
  - type: textarea
    id: alternatives
    attributes:
      label: Alternatives considered
      description: Any alternative solutions or features you've thought about.
    validations:
      required: false
  - type: textarea
    id: additional
    attributes:
      label: Additional context
      description: Mockups, related issues, or anything else relevant.
    validations:
      required: false
@@ -0,0 +1,52 @@
 name: "🧩 Plugin Request"
 description: Suggest a plugin idea or propose an existing plugin
 title: "[PLUGIN] "
 labels: ["plugin"]
 body:
  - type: dropdown
    id: request_type
    attributes:
      label: Request type
      description: Are you proposing an idea or an already-built plugin?
      options:
        - "Plugin idea — I have an idea but haven't built it"
        - "Plugin proposal — I have already built a plugin"
    validations:
      required: true
  - type: textarea
    id: description
    attributes:
      label: Description
      description: >
        **If this is an idea:** describe what the plugin would do and the problem it solves.
        **If this is a proposal:** describe what your plugin does and link to its repository.
      placeholder: "This plugin would..."
    validations:
      required: true
  - type: input
    id: repo
    attributes:
      label: Repository (proposals only)
      description: Link to the plugin repository, if it exists.
      placeholder: "https://github.com/..."
    validations:
      required: false
  - type: textarea
    id: use_case
    attributes:
      label: Use case
      description: Who would benefit from this plugin and in what scenario?
      placeholder: "Useful when testing APIs that..."
    validations:
      required: false
  - type: textarea
    id: additional
    attributes:
      label: Additional context
      description: Screenshots, mockups, related issues, or anything else relevant.
    validations:
      required: false
@@ -0,0 +1,41 @@
 Output ./.github/assets/demo.gif
 Require spilltea
 Set Shell "zsh"
 Set FontSize 32
 Set Width 1600
 Set Height 1900
 Type "spilltea"
 Sleep 800ms
 Enter
 Sleep 3s
 Down@800ms 2
 Up@800ms 1
 Enter@800ms 1
 Wait+Screen     /hadi.icu/
 Sleep 3s
 Ctrl+Y
 Sleep 3s
 Down@1.9 4
 Escape@1.3 1
 Ctrl+R
 Sleep 3s
 Type "e"
 Sleep 1s
 Escape
 Sleep 1s
 Type "s"
 Sleep 6s
 Type "1"
 Sleep 2s
 Type "f"
 Sleep 2s
 Type "2"
 Sleep 2s
@@ -1,127 +0,0 @@
 # Plugins
 Spilltea supports Lua plugins that can intercept, modify, and analyze HTTP traffic.
 ## Where to place plugins
 Put `.lua` files in the directory configured by `plugins_dir` in your config file (default: `~/.config/spilltea/plugins`).
 Each file is loaded as a separate plugin at startup. The plugin list is shown on the **Plugins** page.
 ## Plugin structure
 Every plugin must declare a `Plugin` table and implement the hooks it wants to use.
 ```lua
 Plugin = {
  name = "My Plugin",
  -- Declare which hooks you use and whether they are synchronous.
  on_start         = { sync = true  },
  on_request       = { sync = true  },
  on_response      = { sync = false },
  on_history_entry = {},
  on_quit          = {},
 }
 ```
 ### Hook reference
 | Hook                      | When called                 | Sync/async   | Return value        |
 | ------------------------- | --------------------------- | ------------ | ------------------- |
 | `on_start(config_text)`   | Once at startup             | always sync  | ignored             |
 | `on_quit()`               | When the app exits          | always sync  | ignored             |
 | `on_request(req)`         | Every request               | declared     | `"drop"`, `"forward"`, or `nil` (sync only) |
 | `on_response(req, res)`   | Every response              | declared     | `"drop"`, `"forward"`, or `nil` (sync only) |
 | `on_history_entry(entry)` | After a flow is saved to DB | always async | ignored             |
 ## Request and response objects
 ### `req` (request)
 | Field / method                | Type   | Description                         |
 | ----------------------------- | ------ | ----------------------------------- |
 | `req.method`                  | string | HTTP method                         |
 | `req.url`                     | string | Full URL                            |
 | `req.host`                    | string | Host                                |
 | `req.path`                    | string | Path                                |
 | `req.headers["Name"]`         | string | Request header value                |
 | `req:get_body()`              | string | Raw request body (loaded on demand) |
 | `req:set_header(name, value)` | -      | Set a request header                |
 | `req:set_body(body)`          | -      | Replace the request body            |
 ### `res` (response)
 | Field / method                | Type   | Description               |
 | ----------------------------- | ------ | ------------------------- |
 | `res.status_code`             | number | HTTP status code          |
 | `res.headers["Name"]`         | string | Response header value     |
 | `res:get_body()`              | string | Raw response body         |
 | `res:set_header(name, value)` | -      | Set a response header     |
 | `res:set_body(body)`          | -      | Replace the response body |
 ### `entry` (history entry)
 | Field                | Type                         |
 | -------------------- | ---------------------------- |
 | `entry.id`           | number                       |
 | `entry.method`       | string                       |
 | `entry.host`         | string                       |
 | `entry.path`         | string                       |
 | `entry.status_code`  | number                       |
 | `entry.timestamp`    | string (YYYY-MM-DD HH:MM:SS) |
 | `entry.request_raw`  | string                       |
 | `entry.response_raw` | string                       |
 ## Utility functions
 ```lua
 -- Log a message to logs.log (prefixed with the plugin name)
 log("message")
 -- Send a notification bubble in the TUI
 notif("Title", "Body text")
 -- Create a finding (shown on the Findings page, persisted in DB)
 create_finding({
  title       = "API Key Found",
  description = "Markdown description of the finding...",
  key         = "stable-unique-id",  -- used for deduplication; defaults to title
  severity    = "high",              -- info | low | medium | high | critical
 })
 -- Check if a URL matches the current scope (whitelist/blacklist)
 local ok = is_in_scope("https://example.com/api/v1")
 -- Quit the app (useful for startup checks that fail)
 quit("reason message")
 ```
 ### Finding deduplication
 A finding is identified by `(plugin_name, key)`. If a finding with that pair already exists in the database it will **not** be re-created, even across restarts. If the user **dismisses** a finding it is permanently hidden and will never reappear, even if the plugin generates it again.
 ## Configuration
 Each plugin gets a **config textarea** on the Plugins page. The raw text is passed as-is to `on_start(config_text)`. Parse it however you like (line by line, key=value, JSON, etc.).
 ## Sync vs async
 - **`sync = true`**: spilltea waits for the hook to return before continuing. For `on_request`/`on_response` this blocks the proxy goroutine; the hook can return one of the values below.
 - **`sync = false`** (or omitted for supported hooks): the hook runs in a background goroutine. Return values are ignored. Use this for analysis and findings.
 ### Return values for `on_request` and `on_response` (sync only)
 | Return value | Effect |
 | ------------ | ------ |
 | `"drop"`    | The flow is dropped immediately and never shown in the intercept panel. |
 | `"forward"` | The flow is forwarded immediately without going through the intercept panel. |
 | `nil`        | Normal behaviour: the flow appears in the intercept panel for the user to decide. |
 The `sync` declaration is only meaningful for `on_request` and `on_response`. The other hooks have fixed behaviour:
 - `on_start` is **always synchronous**: plugins are initialised one by one before the first request is accepted.
 - `on_quit` is **always synchronous**: the app waits for all `on_quit` hooks before exiting.
 - `on_history_entry` is **always asynchronous**.
 > A sync `on_request` or `on_response` hook that hangs will block traffic for that flow. There is no automatic timeout.
@@ -1,19 +0,0 @@
 ## Scopes
 Scopes let you control which requests Spilltea intercepts. Patterns are Go regular expressions matched against `host/path` (e.g. `api.example.com/v1/users`).
 - **Whitelist**: if non-empty, only matching requests are intercepted.
 - **Blacklist**: matching requests are always ignored, even if whitelisted.
 When both lists are set, a request must pass the whitelist _and_ not be in the blacklist.
 ### Examples
 | Pattern                    | Matches                             |
 | -------------------------- | ----------------------------------- |
 | `example\.com`             | any request to `example.com`        |
 | `^api\.example\.com`       | only the `api` subdomain            |
 | `example\.com/api/v2`      | a specific path prefix              |
 | `\.(js\|css\|png\|woff2?)` | static assets (useful in blacklist) |
 | `googleapis\.com`          | all Google API traffic              |
 | `/graphql$`                | any host with a `/graphql` endpoint |
@@ -1,48 +0,0 @@
 -- Check that the proxy's outbound IP is in the whitelist before starting.
 -- Config: one allowed IP per line. Leave empty to disable the check.
 Plugin = {
  name     = "IP Whitelist",
  on_start = {},
 }
 function on_start(config_text)
  local allowed = {}
  for line in config_text:gmatch("[^\n]+") do
    local ip = line:match("^%s*(.-)%s*$")
    if ip ~= "" then
      table.insert(allowed, ip)
    end
  end
  if #allowed == 0 then
    log("no IPs configured, skipping check")
    return
  end
  -- Fetch the current outbound IP via a public API.
  local ok, result = pcall(function()
    local handle = io.popen("curl -sf https://api.ipify.org 2>/dev/null")
    if not handle then return nil end
    local ip = handle:read("*a")
    handle:close()
    return ip and ip:match("^%s*(.-)%s*$") or nil
  end)
  if not ok or not result or result == "" then
    log("could not determine outbound IP, skipping check")
    return
  end
  log("outbound IP: " .. result)
  for _, ip in ipairs(allowed) do
    if result == ip then
      log("IP " .. result .. " is whitelisted")
      return
    end
  end
  notif("IP Whitelist", "Outbound IP " .. result .. " is NOT in the whitelist!")
  quit("outbound IP " .. result .. " not whitelisted")
 end
@@ -1,35 +0,0 @@
 -- Scan response bodies for common API key / secret patterns.
 -- Runs asynchronously so it never delays traffic.
 Plugin = {
  name        = "Secret Finder",
  on_response = { sync = false },
 }
 local PATTERNS = {
  { pattern = "AIza[0-9A-Za-z%-_]{35}",                label = "Google API Key" },
  { pattern = "AKIA[0-9A-Z]{16}",                      label = "AWS Access Key" },
  { pattern = "sk%-[a-zA-Z0-9]{20,}",                  label = "OpenAI API Key" },
  { pattern = "ghp_[a-zA-Z0-9]{36}",                   label = "GitHub Personal Token" },
  { pattern = "Bearer%s+[a-zA-Z0-9%-_%.]+%.[a-zA-Z0-9%-_%.]+%.[a-zA-Z0-9%-_%.]+",
                                                         label = "JWT Bearer Token" },
 }
 function on_response(req, res)
  local body = res:get_body()
  if body == "" then return end
  for _, p in ipairs(PATTERNS) do
    if body:find(p.pattern) then
      local key = p.label .. ":" .. req.host
      create_finding({
        title       = p.label .. " in response",
        description = "**Host:** `" .. req.host .. "`\n\n" ..
                      "**Path:** `" .. req.path .. "`\n\n" ..
                      "Pattern `" .. p.pattern .. "` matched in the response body.",
        key         = key,
        severity    = "high",
      })
    end
  end
 end
@@ -0,0 +1,27 @@
 #!/usr/bin/env bash
 set -euo pipefail
 CURRENT_HASH=$(grep -oP '(?<=vendorHash = ")[^"]+' flake.nix)
 go mod vendor
 COMPUTED_HASH=$(nix hash path vendor/)
 rm -rf vendor/
 if [ "$CURRENT_HASH" = "$COMPUTED_HASH" ]; then
  echo "vendorHash is up to date"
  exit 0
 fi
 echo "Updating vendorHash in flake.nix..."
 python3 -c "
 import sys
 with open('flake.nix', 'r') as f:
    content = f.read()
 content = content.replace('$CURRENT_HASH', '$COMPUTED_HASH')
 with open('flake.nix', 'w') as f:
    f.write(content)
 "
 echo "  Old: $CURRENT_HASH"
 echo "  New: $COMPUTED_HASH"
@@ -0,0 +1,33 @@
 #!/usr/bin/env python3
 import re
 import subprocess
 import sys
 from pathlib import Path
 PATTERN = re.compile(r"<!-- exec: (.+?) -->.*?<!-- endexec -->", re.DOTALL)
 def replace(match):
    cmd = match.group(1).strip()
    result = subprocess.run(cmd, shell=True, capture_output=True, text=True)
    output = result.stdout
    if result.returncode != 0:
        print(f"[inject-exec] command failed ({result.returncode}): {cmd}", file=sys.stderr)
        print(result.stderr, file=sys.stderr)
        sys.exit(1)
    output = re.sub(r"<!-- exec: .+? -->\n?|<!-- endexec -->\n?", "", output)
    if output and not output.endswith("\n"):
        output += "\n"
    return f"<!-- exec: {cmd} -->\n{output}<!-- endexec -->"
 def process(path):
    content = Path(path).read_text()
    new_content = PATTERN.sub(replace, content)
    if new_content != content:
        Path(path).write_text(new_content)
        print(f"[inject-exec] updated {path}")
 for p in sys.argv[1:]:
    process(p)
@@ -14,24 +14,92 @@
 [![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)
 [![Go Report Card](https://goreportcard.com/badge/github.com/anotherhadi/spilltea)](https://goreportcard.com/report/github.com/anotherhadi/spilltea)
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 - [What is Spilltea?](#what-is-spilltea)
 - [Legal Disclaimer](#legal-disclaimer)
 - [Features](#features)
 - [Installation](#installation)
 - [Project Management](#project-management)
 - [Configuration](#configuration)
 - [CLI Flags](#cli-flags)
 - [Plugin System](#plugin-system)
 - [Deployment](#deployment)
 - [Tech Stack](#tech-stack)
 <!-- END doctoc generated TOC please keep comment here to allow auto update -->
 ## What is Spilltea?
 Spilltea is a **terminal-native HTTP(S) interception proxy**. It sits between your browser and the internet, letting you inspect, modify, and replay traffic without ever leaving your terminal.
 It is intentionally minimal. No Electron, no browser, no bloat. Just a fast, keyboard-driven tool that gets out of your way.
 <img alt="demo" src="./.github/assets/demo.gif" width="700" />
 <!-- exec: cat ./docs/legal-disclaimer.md -->
 ## Legal Disclaimer
 **This tool is provided for educational purposes and authorized security testing only.**
 Use Spilltea only on systems and networks you own or have explicit written permission to test. Intercepting network traffic without authorization may violate local laws (such as the Computer Fraud and Abuse Act, GDPR, or equivalent legislation in your jurisdiction).
 The author(s) and contributors are not responsible for any misuse, damage, or legal consequences resulting from the use of this software. By using Spilltea, you agree that you are solely responsible for ensuring your usage is lawful and authorized.
 <!-- endexec -->
 ## Features
 - **Intercept**: Pause requests and responses in-flight. Inspect and modify them (even with your favorite editor) before forwarding.
 - **HTTP History**: Every request that passes through the proxy is stored. Browse, search and filter your full session history.
 - **Replay**: Pick any request from the history, modify it if needed, and send it again. Useful for manual testing and quick iteration
 - **Scopes**: Keep your history clean by white/blacklisting domains or specific paths.
 - **HTTPS Support** (using go-mitmproxy under the hood)
 - **Vim-like Navigation**: The entire interface is keyboard-driven with Vim-inspired shortcuts. Use `h/j/k/l` to move, `gg`/`G` to jump to the top/bottom, `/` to search, `q` to close panels, and more. All keybindings are fully customizable via the config file.
 - Built-in Integrations:
  - **FFuf Export**: Generate a ffuf command or configuration directly from a request to start fuzzing instantly.
  - **cURL / HTTPie**: Copy any request as a curl or httpie command to your clipboard.
  - **Markdown Export**: Export any request and its response as a clean Markdown snippet, ready to drop into a report.
 ## Installation
 <details>
 <summary>Go install</summary>
 ```sh
 go install github.com/anotherhadi/spilltea/cmd/spilltea@latest
 ```
 Requires Go 1.22+. The binary will be placed in `$GOPATH/bin` (or `~/go/bin`).
 </details>
 <details>
 <summary>Nix (temporary run, no install)</summary>
 ```sh
 nix run github:anotherhadi/spilltea
 ```
 </details>
 <details>
 <summary>NixOS (flake)</summary>
 Add spilltea to your flake inputs:
 ```nix
 inputs.spilltea.url = "github:anotherhadi/spilltea";
 ```
 Then add the package to your system or home-manager packages:
 ```nix
 environment.systemPackages = [ inputs.spilltea.packages.${pkgs.system}.default ];
 ```
 </details>
 <!-- exec: cat ./docs/basics.md -->
 ## Project Management
 Spilltea organizes work into **projects**. Each project maps to a SQLite database file that stores all intercepted traffic for that session & a log files.
@@ -42,16 +110,33 @@ On startup, you choose:
 - **Existing project**: pick from a list of previous projects
 - **Temporary**: no name needed, stored in `/tmp/spilltea/projects/` and will be deleted on your next reboot!
 ## Plugin System
 Spilltea supports plugins written in **Lua**. Plugins are loaded from `~/.config/spilltea/plugins/` by default and do not require recompilation or access to the source code.
 For a full reference and examples, see the [plugin documentation](./.github/docs/plugins.md).
 ## Configuration
 Spilltea is fully configured via a YAML file at `~/.config/spilltea/config.yaml`.
 Check the default configuration with all the options [here](./internal/config/default_config.yaml)
 ## CLI Flags
 ```
 Usage: spilltea [flags]
      --add-default-config      copy the default config file to the config path and exit
      --add-default-plugins     copy built-in example plugins into the plugins dir and exit
  -c, --config string           path to config file
      --host string             proxy host (overrides config)
      --plugins-dir string      path to plugins dir (overrides config)
  -p, --port int                proxy port (overrides config)
  -P, --project string          project name to open directly, or "tmp" for a temporary session
      --upstream-proxy string   upstream proxy URL, e.g. http://user:pass@host:8888 (overrides config)
  -v, --version                 print version
 ```
 <!-- endexec -->
 ## Plugin System
 Spilltea supports plugins written in **Lua**. Plugins are loaded from `~/.config/spilltea/plugins/` by default and do not require recompilation or access to the source code.
 For a full reference and examples, see the [plugin documentation](./docs/plugins.md) or [plugin examples](./plugins/).
 ## Deployment
 spilltea runs **locally** on the machine used for pentesting or CTF. There is no separate server component.
@@ -2,11 +2,12 @@ package main
 import (
 	"fmt"
 	"net"
 	"os"
 	"path/filepath"
 	"runtime/debug"
 	tea "charm.land/bubbletea/v2"
 	spilltea "github.com/anotherhadi/spilltea"
 	"github.com/anotherhadi/spilltea/internal/config"
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/intercept"
@@ -20,14 +21,32 @@ import (
 // Version is overwritten at build time by goreleaser/ldflag with the current version tag, or "dev" if not set.
 var version = "dev"
 func init() {
 	if version != "dev" {
 		return
 	}
 	if info, ok := debug.ReadBuildInfo(); ok && info.Main.Version != "" && info.Main.Version != "(devel)" {
 		version = info.Main.Version
 	}
 }
 func main() {
 	var (
 		flagConfig            = flag.StringP("config", "c", "", "path to config file")
 		flagPluginsDir        = flag.String("plugins-dir", "", "path to plugins dir (overrides config)")
 		flagHost              = flag.String("host", "", "proxy host (overrides config)")
 		flagPort              = flag.IntP("port", "p", 0, "proxy port (overrides config)")
 		flagUpstreamProxy     = flag.String("upstream-proxy", "", "upstream proxy URL, e.g. http://user:pass@host:8888 (overrides config)")
 		flagVersion           = flag.BoolP("version", "v", false, "print version")
 		flagProject           = flag.StringP("project", "P", "", `project name to open directly, or "tmp" for a temporary session`)
 		flagAddDefaultPlugins = flag.Bool("add-default-plugins", false, "copy built-in example plugins into the plugins dir and exit")
 		flagAddDefaultConfig  = flag.Bool("add-default-config", false, "copy the default config file to the config path and exit")
 	)
 	flag.CommandLine.SetOutput(os.Stdout)
 	flag.Usage = func() {
 		fmt.Println("Usage: spilltea [flags]\n")
 		flag.PrintDefaults()
 	}
 	flag.Parse()
 	if *flagVersion {
@@ -35,12 +54,50 @@ func main() {
 		os.Exit(0)
 	}
 	if *flagAddDefaultPlugins {
 		home, _ := os.UserHomeDir()
 		cfgPath := filepath.Join(home, ".config", "spilltea", "config.yaml")
 		if *flagConfig != "" {
 			cfgPath = *flagConfig
 		}
 		if err := config.Load(cfgPath); err != nil {
 			fmt.Fprintf(os.Stderr, "config: %v\n", err)
 			os.Exit(1)
 		}
 		dir := config.ExpandPath(config.Global.App.PluginsDir)
 		if *flagPluginsDir != "" {
 			dir = *flagPluginsDir
 		}
 		n, err := spilltea.InstallDefaultPlugins(dir)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "add-default-plugins: %v\n", err)
 			os.Exit(1)
 		}
 		fmt.Printf("added %d plugin(s) to %s\n", n, dir)
 		os.Exit(0)
 	}
 	if *flagAddDefaultConfig {
 		home, _ := os.UserHomeDir()
 		cfgPath := filepath.Join(home, ".config", "spilltea", "config.yaml")
 		if *flagConfig != "" {
 			cfgPath = *flagConfig
 		}
 		if err := config.WriteDefaultConfig(cfgPath); err != nil {
 			fmt.Fprintf(os.Stderr, "add-default-config: %v\n", err)
 			os.Exit(1)
 		}
 		fmt.Printf("default config written to %s\n", cfgPath)
 		os.Exit(0)
 	}
 	if *flagProject != "" && !homeUI.IsValidProjectName(*flagProject) {
 		fmt.Fprintf(os.Stderr, "project: invalid name %q (only lowercase letters, digits, - and _ are allowed)\n", *flagProject)
 		os.Exit(1)
 	}
-	cfgPath := filepath.Join(os.Getenv("HOME"), ".config", "spilltea", "config.yaml")
+	home, _ := os.UserHomeDir()
 	cfgPath := filepath.Join(home, ".config", "spilltea", "config.yaml")
 	if *flagConfig != "" {
 		cfgPath = *flagConfig
 	}
@@ -51,21 +108,18 @@ func main() {
 	}
 	config.Global.Version = version
 	if *flagPluginsDir != "" {
 		config.Global.App.PluginsDir = *flagPluginsDir
 	}
 	if *flagHost != "" {
 		config.Global.App.Host = *flagHost
 	}
 	if *flagPort != 0 {
 		config.Global.App.Port = *flagPort
 	}
-
+	if *flagUpstreamProxy != "" {
-	addr := fmt.Sprintf("%s:%d", config.Global.App.Host, config.Global.App.Port)
+		config.Global.App.UpstreamProxy = *flagUpstreamProxy
 	// Check if the proxy port is available before starting the UI.
 	ln, err := net.Listen("tcp", addr)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "proxy: cannot bind to %s: %v\n", addr, err)
 		os.Exit(1)
 	}
 	ln.Close()
 	style.Init(config.Global)
 	icons.Init(config.Global)
@@ -73,33 +127,26 @@ func main() {
 	projectDir := config.ExpandPath(config.Global.App.ProjectDir)
-	// Resolve project: either from --project flag or by running the home UI.
+	// If --project flag is set, skip the home screen entirely.
 	var project *homeUI.Project
 	if *flagProject != "" {
-		p, err := homeUI.OpenProject(projectDir, *flagProject)
+		project, err := homeUI.OpenProject(projectDir, *flagProject)
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "project: %v\n", err)
 			os.Exit(1)
 		}
 		project = p
 	} else {
 		finalModel, err := tea.NewProgram(homeUI.New(projectDir)).Run()
 		if err != nil {
 			fmt.Fprintf(os.Stderr, "tui: %v\n", err)
 			os.Exit(1)
 		}
 		project = finalModel.(homeUI.Model).Selected()
 	}
 	// User quit the home screen without selecting a project.
 	if project == nil {
 		return
 	}
 		broker := intercept.NewBroker()
 		m := appUI.New(broker, project.Name, project.Path)
 		if _, err := tea.NewProgram(m).Run(); err != nil {
 			fmt.Fprintf(os.Stderr, "tui: %v\n", err)
 			os.Exit(1)
 		}
 		return
 	}
 	// Run home + app in a single program to avoid a blank flash on transition.
 	root := rootModel{home: homeUI.New(projectDir)}
 	if _, err := tea.NewProgram(root).Run(); err != nil {
 		fmt.Fprintf(os.Stderr, "tui: %v\n", err)
 		os.Exit(1)
 	}
 }
@@ -0,0 +1,60 @@
 package main
 import (
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/intercept"
 	appUI "github.com/anotherhadi/spilltea/internal/ui/app"
 	homeUI "github.com/anotherhadi/spilltea/internal/ui/home"
 )
 type rootState int
 const (
 	rootStateHome rootState = iota
 	rootStateApp
 )
 type rootModel struct {
 	state  rootState
 	home   homeUI.Model
 	app    tea.Model
 	width  int
 	height int
 }
 func (m rootModel) Init() tea.Cmd {
 	return m.home.Init()
 }
 func (m rootModel) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	if ws, ok := msg.(tea.WindowSizeMsg); ok {
 		m.width = ws.Width
 		m.height = ws.Height
 	}
 	if m.state == rootStateHome {
 		if sel, ok := msg.(homeUI.ProjectSelectedMsg); ok {
 			broker := intercept.NewBroker()
 			app := appUI.New(broker, sel.Project.Name, sel.Project.Path)
 			m.app = app
 			m.state = rootStateApp
 			return m, tea.Batch(app.Init(), func() tea.Msg {
 				return tea.WindowSizeMsg{Width: m.width, Height: m.height}
 			})
 		}
 		updated, cmd := m.home.Update(msg)
 		m.home = updated.(homeUI.Model)
 		return m, cmd
 	}
 	updated, cmd := m.app.Update(msg)
 	m.app = updated
 	return m, cmd
 }
 func (m rootModel) View() tea.View {
 	if m.state == rootStateApp {
 		return m.app.(interface{ View() tea.View }).View()
 	}
 	return m.home.View()
 }
@@ -2,5 +2,5 @@ package spilltea
 import "embed"
-//go:embed .github/docs
+//go:embed docs
 var DocsFS embed.FS
@@ -0,0 +1,32 @@
 ## Project Management
 Spilltea organizes work into **projects**. Each project maps to a SQLite database file that stores all intercepted traffic for that session & a log files.
 On startup, you choose:
 - **New project**: enter a name, stored in `~/.local/share/spilltea/projects/` by default
 - **Existing project**: pick from a list of previous projects
 - **Temporary**: no name needed, stored in `/tmp/spilltea/projects/` and will be deleted on your next reboot!
 ## Configuration
 Spilltea is fully configured via a YAML file at `~/.config/spilltea/config.yaml`.
 Check the default configuration with all the options [here](./internal/config/default_config.yaml)
 ## CLI Flags
 <!-- exec: echo '```' && go run ./cmd/spilltea -h && echo '```' -->
 ```
 Usage: spilltea [flags]
      --add-default-config      copy the default config file to the config path and exit
      --add-default-plugins     copy built-in example plugins into the plugins dir and exit
  -c, --config string           path to config file
      --host string             proxy host (overrides config)
      --plugins-dir string      path to plugins dir (overrides config)
  -p, --port int                proxy port (overrides config)
  -P, --project string          project name to open directly, or "tmp" for a temporary session
      --upstream-proxy string   upstream proxy URL, e.g. http://user:pass@host:8888 (overrides config)
  -v, --version                 print version
 ```
 <!-- endexec -->
@@ -5,10 +5,13 @@
   - On Chrome:
     - Open your Chrome settings, search for "Certificates" and click on "Security".
     - In the security settings page, scroll down and click on "Manage certificates".
-     - Select the "Authorities" tab and click on "Import tab and click on "Import".
+     - Select the "Authorities" tab and click on "Import".
     - Select the `mitmproxy-ca-cert.pem` file in `{{.Cfg.App.CertDir}}`.
   - On Firefox:
     - Open your Firefox settings, search for "Certificates" and click on "View Certificates".
     - Select the "Authorities" tab and click on "Import".
     - Select the `mitmproxy-ca-cert.pem` file in `{{.Cfg.App.CertDir}}`.
     - When prompted, click the "Trust this CA to identify websites" checkbox, then click on "OK".
 > [!WARNING]
 > Never install this certificate in a permanent system trust store: it grants decryption of all HTTPS traffic. Remove it from your browser after use.
@@ -4,9 +4,7 @@ The History page has a built-in search bar with two modes:
 **Fulltext search**: press `/` to open it. Results filter in real time as you type across all fields: method, host, path, and the raw request/response bodies.
-**SQL mode**: press `:` to open it, then `Enter` to run. You can write either a WHERE expression or a full SELECT query against the `entries` table.
+**SQL mode**: press `:` to open it, then `Enter` to run. Type a WHERE expression: the full `SELECT … FROM entries WHERE` is added automatically.
 WHERE expression (the `SELECT` is added automatically):
 ```sql
 status_code = 404
@@ -16,10 +14,8 @@ status_code = 404
 host LIKE '%.api.%' AND method = 'POST'
 ```
 Full SELECT query:
 ```sql
-SELECT * FROM entries WHERE response_raw LIKE '%password%' ORDER BY timestamp DESC LIMIT 20
+response_raw LIKE '%password%' ORDER BY timestamp DESC LIMIT 20
 ```
 The `entries` table has the following columns: `id`, `timestamp`, `method`, `host`, `path`, `status_code`, `request_raw`, `response_raw`.
@@ -0,0 +1,7 @@
 ## Legal Disclaimer
 **This tool is provided for educational purposes and authorized security testing only.**
 Use Spilltea only on systems and networks you own or have explicit written permission to test. Intercepting network traffic without authorization may violate local laws (such as the Computer Fraud and Abuse Act, GDPR, or equivalent legislation in your jurisdiction).
 The author(s) and contributors are not responsible for any misuse, damage, or legal consequences resulting from the use of this software. By using Spilltea, you agree that you are solely responsible for ensuring your usage is lawful and authorized.
@@ -0,0 +1,194 @@
 # Plugins
 Spilltea supports Lua plugins that can intercept, modify, and analyze HTTP traffic.
 You can found some pre-built plugins [here](../../plugins/).
 ## Where to place plugins
 Put `.lua` files in the directory configured by `plugins_dir` in your config file (default: `~/.config/spilltea/plugins`).
 Each file is loaded as a separate plugin at startup. The plugin list is shown on the **Plugins** page.
 ## Plugin structure
 Every plugin must declare a `Plugin` table and implement the hooks it wants to use.
 ```lua
 Plugin = {
  name               = "My Plugin",
  description        = "What this plugin does.",
  priority           = 0,     -- higher = runs before other plugins (default: 0)
  disable_by_default = true,  -- if true, plugin starts disabled on first load (default: false)
  -- Declare which hooks you use and whether they are synchronous (default: false).
  -- on_config and on_quit are always sync and do not need to be declared here.
  on_start          = { sync = true  },
  on_request        = { sync = true  },
  on_response       = { sync = false },
  on_history_entry  = { sync = true  },
 }
 ```
 ### Hook reference
 | Hook                      | When called                           | Sync/async   | Return value                                    |
 | ------------------------- | ------------------------------------- | ------------ | ----------------------------------------------- |
 | `on_config(config_text)`  | At startup and on config save         | always sync  | ignored                                         |
 | `on_start()`              | Once at startup, after `on_config`    | configurable | `false` to self-disable the plugin, otherwise ignored |
 | `on_quit()`               | When the app exits                    | always sync  | ignored                                         |
 | `on_request(req)`         | Every request, before auto-forward    | configurable | `"drop"`, `"forward"`, or `nil` (sync only)     |
 | `on_response(req, res)`   | Every response                        | configurable | `"drop"`, `"forward"`, or `nil` (sync only)     |
 | `on_history_entry(entry)` | Sync: before DB insert / Async: after | configurable | `"skip"` (don't save), `"keep"` or `nil` (save) -- sync only |
 ## Request and response objects
 ### `req` (request)
 | Field / method                | Type   | Description                         |
 | ----------------------------- | ------ | ----------------------------------- |
 | `req.method`                  | string | HTTP method                         |
 | `req.url`                     | string | Full URL                            |
 | `req.host`                    | string | Host                                |
 | `req.path`                    | string | Path                                |
 | `req.headers["Name"]`         | string | Request header value                |
 | `req:get_body()`              | string | Raw request body (loaded on demand) |
 | `req:set_header(name, value)` | -      | Set a request header                |
 | `req:set_body(body)`          | -      | Replace the request body            |
 ### `res` (response)
 | Field / method                | Type   | Description               |
 | ----------------------------- | ------ | ------------------------- |
 | `res.status_code`             | number | HTTP status code          |
 | `res.headers["Name"]`         | string | Response header value     |
 | `res:get_body()`              | string | Raw response body         |
 | `res:set_header(name, value)` | -      | Set a response header     |
 | `res:set_body(body)`          | -      | Replace the response body |
 ### `entry` (history entry)
 | Field                | Type                         |
 | -------------------- | ---------------------------- |
 | `entry.id`           | number                       |
 | `entry.method`       | string                       |
 | `entry.host`         | string                       |
 | `entry.path`         | string                       |
 | `entry.status_code`  | number                       |
 | `entry.timestamp`    | string (YYYY-MM-DD HH:MM:SS) |
 | `entry.request_raw`  | string                       |
 | `entry.response_raw` | string                       |
 ## Utility functions
 ```lua
 -- Log a message to logs.log (prefixed with the plugin name)
 log("message")
 -- Send a notification bubble in the TUI
 -- kind is optional: "info" (default), "success", "warning", "error"
 notif("Title", "Body text", "warning")
 -- Create a finding (shown on the Findings page, persisted in DB)
 create_finding({
  title       = "API Key Found",
  description = "Markdown description of the finding...",
  key         = "stable-unique-id",  -- used for deduplication; defaults to title
  severity    = "high",              -- info | low | medium | high | critical
 })
 -- Run a raw SQL query against the project DB (entries, findings, replay_entries, …)
 -- Returns a table of rows; each row is a table indexed by column name.
 -- Returns nil + error string on failure.
 local rows, err = db_query("SELECT id, host FROM entries WHERE host = ?", "example.com")
 if err then
  log("query failed: " .. err)
 else
  for i = 1, #rows do
    log(rows[i].host)
  end
 end
 -- Quit the app (useful for startup checks that fail)
 quit("reason message")
 -- Run a shell command, optionally piping a string to its stdin.
 -- Returns: output string, error string (nil on success).
 -- The command runs via "sh -c" with a 30-second timeout.
 local out, err = shell_pipe("trufflehog filesystem --no-update --json /dev/stdin", body)
 if err then
  log("command failed: " .. err)
 else
  log("output: " .. out)
 end
 ```
 ### Finding deduplication
 A finding is identified by `(plugin_name, key)`. If a finding with that pair already exists in the database it will **not** be re-created, even across restarts. If the user **dismisses** a finding it is permanently hidden and will never reappear, even if the plugin generates it again.
 ## Configuration
 Each plugin gets a **config textarea** on the Plugins page. The raw text is passed as-is to `on_config(config_text)`. Parse it however you like (line by line, key=value, JSON, etc.).
 `on_config` is called once at startup (before `on_start`) and again every time the user saves the config in the UI.
 ## Sync vs async
 - **`sync = true`**: spilltea waits for the hook to return before continuing. The hook can return a decision value (see below).
 - **`sync = false`** (default for all configurable hooks): the hook runs in a background goroutine. Return values are ignored.
 `on_config` and `on_quit` are always synchronous regardless of the Plugin table declaration.
 ### Return values for sync hooks
 **`on_start`:**
 | Return value | Effect                                                                                       |
 | ------------ | -------------------------------------------------------------------------------------------- |
 | `false`      | The plugin is disabled immediately and the state is persisted (equivalent to toggling it off). |
 | anything else | Ignored.                                                                                    |
 This is useful for prerequisite checks (binary not found, config invalid, etc.) so the plugin does not silently run in a broken state:
 ```lua
 function on_start()
  local h = io.popen("command -v mytool 2>/dev/null")
  local result = h and h:read("*a") or ""
  if h then h:close() end
  if result:match("^%s*$") then
    notif("MyPlugin", "mytool not found, plugin disabled", "error")
    return false
  end
 end
 ```
 **`on_request` and `on_response`:**
 | Return value | Effect                                                                            |
 | ------------ | --------------------------------------------------------------------------------- |
 | `"drop"`     | The flow is dropped immediately and never shown in the intercept panel.           |
 | `"forward"`  | The flow is forwarded immediately without going through the intercept panel.      |
 | `nil`        | Normal behaviour: the flow appears in the intercept panel for the user to decide. |
 **`on_history_entry` (sync only):**
 | Return value      | Effect                            |
 | ----------------- | --------------------------------- |
 | `"skip"`          | The entry is not saved to the DB. |
 | `"keep"` or `nil` | The entry is saved normally.      |
 Sync `on_history_entry` runs **before** the DB insert, so it can prevent an entry from ever appearing in history. Async `on_history_entry` runs **after** the insert and cannot affect it.
 ## Priority
 Plugins with a higher `priority` value run before plugins with a lower value (default `0`). This matters for sync hooks that return a decision: the first plugin to return a non-nil value short-circuits the remaining plugins.
 ```lua
 Plugin = {
  name     = "Scopes",
  priority = 100,  -- runs before all default-priority plugins
  ...
 }
 ```
 > A sync hook that hangs will block traffic for that flow. There is no automatic timeout.
@@ -7,3 +7,5 @@ You can install it from the [Google Chrome extension store](https://chromewebsto
 2. Click the "Manual Proxy Configuration" radio button. Set the "HTTP Proxy" field to `{{.Cfg.App.Host}}` and the "Port" field to `{{.Cfg.App.Port}}`. Click "Save".
 3. Forward traffic to Spilltea by selecting the new proxy in FoxyProxy's extension button.
 4. You're all set! You can now use Spilltea.
 If `proxy_auth` is set in the config (`user:pass`), enter the same credentials in FoxyProxy under "Username" and "Password" in the proxy settings.
@@ -14,7 +14,7 @@
      (system: f system (import nixpkgs {inherit system;}));
    pname = "spilltea";
-    version = "0.0.1";
+    version = "0.0.5";
    ldflags = ["-s" "-w" "-X main.version=${version}"];
  in {
@@ -25,7 +25,7 @@
        src = ./.;
        outputs = ["out"];
-        vendorHash = "sha256-u+u38Qr5Dugk5eFmxTK4vKUEv2SlXcfY6ZFlu1cPqVk=";
+        vendorHash = "sha256-1iPwFsyzdonak9EWMRnudwcCQZfI+Uvre38+puG4s0s=";
        meta = with pkgs.lib; {
          description = "A minimal, terminal-based HTTP(S) proxy for pentesters and CTF players.";
@@ -37,5 +37,20 @@
      "${pname}" = pkg;
      default = pkg;
    });
    devShells = forAllSystems (system: pkgs: {
      default = pkgs.mkShell {
        packages = with pkgs; [
          go
          python3
          lefthook
          doctoc
        ];
        shellHook = ''
          lefthook install
        '';
      };
    });
  };
 }
@@ -9,13 +9,13 @@ require (
 	charm.land/lipgloss/v2 v2.0.3
 	github.com/charmbracelet/x/ansi v0.11.7
 	github.com/lqqyt2423/go-mitmproxy v1.8.11
-	github.com/sirupsen/logrus v1.8.1
+	github.com/sirupsen/logrus v1.9.4
 	github.com/spf13/pflag v1.0.10
 	github.com/spf13/viper v1.21.0
 	github.com/yuin/gopher-lua v1.1.2
-	golang.org/x/net v0.39.0
+	golang.org/x/net v0.54.0
 	gopkg.in/yaml.v3 v3.0.1
-	modernc.org/sqlite v1.50.0
+	modernc.org/sqlite v1.50.1
 )
 require (
@@ -24,8 +24,8 @@ require (
 	github.com/atotto/clipboard v0.1.4 // indirect
 	github.com/aymerick/douceur v0.2.0 // indirect
 	github.com/charmbracelet/colorprofile v0.4.3 // indirect
-	github.com/charmbracelet/ultraviolet v0.0.0-20260416155717-489999b90468 // indirect
+	github.com/charmbracelet/ultraviolet v0.0.0-20260511121909-c840852527f3 // indirect
-	github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf // indirect
+	github.com/charmbracelet/x/exp/slice v0.0.0-20260517005351-920740d613be // indirect
 	github.com/charmbracelet/x/term v0.2.2 // indirect
 	github.com/charmbracelet/x/termios v0.1.1 // indirect
 	github.com/charmbracelet/x/windows v0.2.2 // indirect
@@ -33,38 +33,37 @@ require (
 	github.com/clipperhouse/uax29/v2 v2.7.0 // indirect
 	github.com/dlclark/regexp2 v1.12.0 // indirect
 	github.com/dustin/go-humanize v1.0.1 // indirect
-	github.com/fsnotify/fsnotify v1.9.0 // indirect
+	github.com/fsnotify/fsnotify v1.10.1 // indirect
-	github.com/go-viper/mapstructure/v2 v2.4.0 // indirect
+	github.com/go-viper/mapstructure/v2 v2.5.0 // indirect
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/google/uuid v1.6.0 // indirect
 	github.com/gorilla/css v1.0.1 // indirect
 	github.com/gorilla/websocket v1.5.0 // indirect
 	github.com/klauspost/compress v1.17.8 // indirect
 	github.com/lucasb-eyer/go-colorful v1.4.0 // indirect
-	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-isatty v0.0.22 // indirect
 	github.com/mattn/go-runewidth v0.0.23 // indirect
 	github.com/microcosm-cc/bluemonday v1.0.27 // indirect
 	github.com/muesli/cancelreader v0.2.2 // indirect
 	github.com/ncruces/go-strftime v1.0.0 // indirect
-	github.com/pelletier/go-toml/v2 v2.2.4 // indirect
+	github.com/pelletier/go-toml/v2 v2.3.1 // indirect
 	github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec // indirect
 	github.com/rivo/uniseg v0.4.7 // indirect
-	github.com/sagikazarmark/locafero v0.11.0 // indirect
+	github.com/sagikazarmark/locafero v0.12.0 // indirect
 	github.com/sahilm/fuzzy v0.1.1 // indirect
 	github.com/satori/go.uuid v1.2.0 // indirect
 	github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 // indirect
 	github.com/spf13/afero v1.15.0 // indirect
 	github.com/spf13/cast v1.10.0 // indirect
 	github.com/subosito/gotenv v1.6.0 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
-	github.com/yuin/goldmark v1.7.8 // indirect
+	github.com/yuin/goldmark v1.8.2 // indirect
-	github.com/yuin/goldmark-emoji v1.0.5 // indirect
+	github.com/yuin/goldmark-emoji v1.0.6 // indirect
 	go.uber.org/atomic v1.11.0 // indirect
 	go.yaml.in/yaml/v3 v3.0.4 // indirect
 	golang.org/x/sync v0.20.0 // indirect
-	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/sys v0.44.0 // indirect
-	golang.org/x/text v0.28.0 // indirect
+	golang.org/x/text v0.37.0 // indirect
-	modernc.org/libc v1.72.0 // indirect
+	modernc.org/libc v1.72.3 // indirect
 	modernc.org/mathutil v1.7.1 // indirect
 	modernc.org/memory v1.11.0 // indirect
 )
@@ -24,14 +24,14 @@ github.com/aymerick/douceur v0.2.0 h1:Mv+mAeH1Q+n9Fr+oyamOlAkUNPWPlA8PPGR0QAaYuP
 github.com/aymerick/douceur v0.2.0/go.mod h1:wlT5vV2O3h55X9m7iVYN0TBM0NH/MmbLnd30/FjWUq4=
 github.com/charmbracelet/colorprofile v0.4.3 h1:QPa1IWkYI+AOB+fE+mg/5/4HRMZcaXex9t5KX76i20Q=
 github.com/charmbracelet/colorprofile v0.4.3/go.mod h1:/zT4BhpD5aGFpqQQqw7a+VtHCzu+zrQtt1zhMt9mR4Q=
-github.com/charmbracelet/ultraviolet v0.0.0-20260416155717-489999b90468 h1:Q9fO0y1Zo5KB/5Vu8JZoLGm1N3RzF9bNj3Ao3xoR+Ac=
+github.com/charmbracelet/ultraviolet v0.0.0-20260511121909-c840852527f3 h1:pxGjlWZFcRQMWAdtjRelpL3Gbu8iYIyuO3Eqbd037Ow=
-github.com/charmbracelet/ultraviolet v0.0.0-20260416155717-489999b90468/go.mod h1:bAAz7dh/FTYfC+oiHavL4mX1tOIBZ0ZwYjSi3qE6ivM=
+github.com/charmbracelet/ultraviolet v0.0.0-20260511121909-c840852527f3/go.mod h1:SnKWaPaTnkTNXJgdgdquu66de12V8pW/b/qlTGaF9xg=
 github.com/charmbracelet/x/ansi v0.11.7 h1:kzv1kJvjg2S3r9KHo8hDdHFQLEqn4RBCb39dAYC84jI=
 github.com/charmbracelet/x/ansi v0.11.7/go.mod h1:9qGpnAVYz+8ACONkZBUWPtL7lulP9No6p1epAihUZwQ=
 github.com/charmbracelet/x/exp/golden v0.0.0-20250806222409-83e3a29d542f h1:pk6gmGpCE7F3FcjaOEKYriCvpmIN4+6OS/RD0vm4uIA=
 github.com/charmbracelet/x/exp/golden v0.0.0-20250806222409-83e3a29d542f/go.mod h1:IfZAMTHB6XkZSeXUqriemErjAWCCzT0LwjKFYCZyw0I=
-github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf h1:rLG0Yb6MQSDKdB52aGX55JT1oi0P0Kuaj7wi1bLUpnI=
+github.com/charmbracelet/x/exp/slice v0.0.0-20260517005351-920740d613be h1:O22D2Od8gEsRGTDPKDTRzx2BGrvVcIAJlwBf+1sTeN0=
-github.com/charmbracelet/x/exp/slice v0.0.0-20250327172914-2fdc97757edf/go.mod h1:B3UgsnsBZS/eX42BlaNiJkD1pPOUa+oF1IYC6Yd2CEU=
+github.com/charmbracelet/x/exp/slice v0.0.0-20260517005351-920740d613be/go.mod h1:vqEfX6xzqW1pKKZUUiFOKg0OQ7bCh54Q2vR/tserrRA=
 github.com/charmbracelet/x/term v0.2.2 h1:xVRT/S2ZcKdhhOuSP4t5cLi5o+JxklsoEObBSgfgZRk=
 github.com/charmbracelet/x/term v0.2.2/go.mod h1:kF8CY5RddLWrsgVwpw4kAa6TESp6EB5y3uxGLeCqzAI=
 github.com/charmbracelet/x/termios v0.1.1 h1:o3Q2bT8eqzGnGPOYheoYS8eEleT5ZVNYNy8JawjaNZY=
@@ -50,10 +50,10 @@ github.com/dustin/go-humanize v1.0.1 h1:GzkhY7T5VNhEkwH0PVJgjz+fX1rhBrR7pRT3mDkp
 github.com/dustin/go-humanize v1.0.1/go.mod h1:Mu1zIs6XwVuF/gI1OepvI0qD18qycQx+mFykh5fBlto=
 github.com/frankban/quicktest v1.14.6 h1:7Xjx+VpznH+oBnejlPUj8oUpdxnVs4f8XU8WnHkI4W8=
 github.com/frankban/quicktest v1.14.6/go.mod h1:4ptaffx2x8+WTWXmUCuVU6aPUX1/Mz7zb5vbUoiM6w0=
-github.com/fsnotify/fsnotify v1.9.0 h1:2Ml+OJNzbYCTzsxtv8vKSFD9PbJjmhYF14k/jKC7S9k=
+github.com/fsnotify/fsnotify v1.10.1 h1:b0/UzAf9yR5rhf3RPm9gf3ehBPpf0oZKIjtpKrx59Ho=
-github.com/fsnotify/fsnotify v1.9.0/go.mod h1:8jBTzvmWwFyi3Pb8djgCCO5IBqzKJ/Jwo8TRcHyHii0=
+github.com/fsnotify/fsnotify v1.10.1/go.mod h1:TLheqan6HD6GBK6PrDWyDPBaEV8LspOxvPSjC+bVfgo=
-github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs=
+github.com/go-viper/mapstructure/v2 v2.5.0 h1:vM5IJoUAy3d7zRSVtIwQgBj7BiWtMPfmPEgAXnvj1Ro=
-github.com/go-viper/mapstructure/v2 v2.4.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
+github.com/go-viper/mapstructure/v2 v2.5.0/go.mod h1:oJDH3BJKyqBA2TXFhDsKDGDTlndYOZ6rGS0BRZIxGhM=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE=
 github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI=
@@ -82,8 +82,8 @@ github.com/lqqyt2423/go-mitmproxy v1.8.11 h1:Au/qwhXSlKKCkDxPVa6aSfCJeoxoH6I+7zm
 github.com/lqqyt2423/go-mitmproxy v1.8.11/go.mod h1:dSGnI17tVZ8dtYu9vnaIz7kxVwJNFH0CoNQwEQlTpxE=
 github.com/lucasb-eyer/go-colorful v1.4.0 h1:UtrWVfLdarDgc44HcS7pYloGHJUjHV/4FwW4TvVgFr4=
 github.com/lucasb-eyer/go-colorful v1.4.0/go.mod h1:R4dSotOR9KMtayYi1e77YzuveK+i7ruzyGqttikkLy0=
-github.com/mattn/go-isatty v0.0.20 h1:xfD0iDuEKnDkl03q4limB+vH+GxLEtL/jb4xVJSWWEY=
+github.com/mattn/go-isatty v0.0.22 h1:j8l17JJ9i6VGPUFUYoTUKPSgKe/83EYU2zBC7YNKMw4=
-github.com/mattn/go-isatty v0.0.20/go.mod h1:W+V8PltTTMOvKvAeJH7IuucS94S2C6jfK/D7dTCTo3Y=
+github.com/mattn/go-isatty v0.0.22/go.mod h1:ZXfXG4SQHsB/w3ZeOYbR0PrPwLy+n6xiMrJlRFqopa4=
 github.com/mattn/go-runewidth v0.0.23 h1:7ykA0T0jkPpzSvMS5i9uoNn2Xy3R383f9HDx3RybWcw=
 github.com/mattn/go-runewidth v0.0.23/go.mod h1:XBkDxAl56ILZc9knddidhrOlY5R/pDhgLpndooCuJAs=
 github.com/microcosm-cc/bluemonday v1.0.27 h1:MpEUotklkwCSLeH+Qdx1VJgNqLlpY2KXwXFM08ygZfk=
@@ -92,8 +92,8 @@ github.com/muesli/cancelreader v0.2.2 h1:3I4Kt4BQjOR54NavqnDogx/MIoWBFa0StPA8ELU
 github.com/muesli/cancelreader v0.2.2/go.mod h1:3XuTXfFS2VjM+HTLZY9Ak0l6eUKfijIfMUZ4EgX0QYo=
 github.com/ncruces/go-strftime v1.0.0 h1:HMFp8mLCTPp341M/ZnA4qaf7ZlsbTc+miZjCLOFAw7w=
 github.com/ncruces/go-strftime v1.0.0/go.mod h1:Fwc5htZGVVkseilnfgOVb9mKy6w1naJmn9CehxcKcls=
-github.com/pelletier/go-toml/v2 v2.2.4 h1:mye9XuhQ6gvn5h28+VilKrrPoQVanw5PMw/TB0t5Ec4=
+github.com/pelletier/go-toml/v2 v2.3.1 h1:MYEvvGnQjeNkRF1qUuGolNtNExTDwct51yp7olPtrEc=
-github.com/pelletier/go-toml/v2 v2.2.4/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
+github.com/pelletier/go-toml/v2 v2.3.1/go.mod h1:2gIqNv+qfxSVS7cM2xJQKtLSTLUE9V8t9Stt+h56mCY=
 github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
 github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/remyoudompheng/bigfft v0.0.0-20230129092748-24d4a6f8daec h1:W09IVJc94icq4NjY3clb7Lk8O1qJ8BdBEF8z0ibU0rE=
@@ -102,16 +102,14 @@ github.com/rivo/uniseg v0.4.7 h1:WUdvkW8uEhrYfLC4ZzdpI2ztxP1I582+49Oc5Mq64VQ=
 github.com/rivo/uniseg v0.4.7/go.mod h1:FN3SvrM+Zdj16jyLfmOkMNblXMcoc8DfTHruCPUcx88=
 github.com/rogpeppe/go-internal v1.9.0 h1:73kH8U+JUqXU8lRuOHeVHaa/SZPifC7BkcraZVejAe8=
 github.com/rogpeppe/go-internal v1.9.0/go.mod h1:WtVeX8xhTBvf0smdhujwtBcq4Qrzq/fJaraNFVN+nFs=
-github.com/sagikazarmark/locafero v0.11.0 h1:1iurJgmM9G3PA/I+wWYIOw/5SyBtxapeHDcg+AAIFXc=
+github.com/sagikazarmark/locafero v0.12.0 h1:/NQhBAkUb4+fH1jivKHWusDYFjMOOKU88eegjfxfHb4=
-github.com/sagikazarmark/locafero v0.11.0/go.mod h1:nVIGvgyzw595SUSUE6tvCp3YYTeHs15MvlmU87WwIik=
+github.com/sagikazarmark/locafero v0.12.0/go.mod h1:sZh36u/YSZ918v0Io+U9ogLYQJ9tLLBmM4eneO6WwsI=
 github.com/sahilm/fuzzy v0.1.1 h1:ceu5RHF8DGgoi+/dR5PsECjCDH1BE3Fnmpo7aVXOdRA=
 github.com/sahilm/fuzzy v0.1.1/go.mod h1:VFvziUEIMCrT6A6tw2RFIXPXXmzXbOsSHF0DOI8ZK9Y=
 github.com/satori/go.uuid v1.2.0 h1:0uYX9dsZ2yD7q2RtLRtPSdGDWzjeM3TbMJP9utgA0ww=
 github.com/satori/go.uuid v1.2.0/go.mod h1:dA0hQrYB0VpLJoorglMZABFdXlWrHn1NEOzdhQKdks0=
-github.com/sirupsen/logrus v1.8.1 h1:dJKuHgqk1NNQlqoA6BTlM1Wf9DOH3NBjQyu0h9+AZZE=
+github.com/sirupsen/logrus v1.9.4 h1:TsZE7l11zFCLZnZ+teH4Umoq5BhEIfIzfRDZ1Uzql2w=
-github.com/sirupsen/logrus v1.8.1/go.mod h1:yWOB1SBYBC5VeMP7gHvWumXLIWorT60ONWic61uBYv0=
+github.com/sirupsen/logrus v1.9.4/go.mod h1:ftWc9WdOfJ0a92nsE2jF5u5ZwH8Bv2zdeOC42RjbV2g=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8 h1:+jumHNA0Wrelhe64i8F6HNlS8pkoyMv5sreGx2Ry5Rw=
 github.com/sourcegraph/conc v0.3.1-0.20240121214520-5f936abd7ae8/go.mod h1:3n1Cwaq1E1/1lhQhtRK2ts/ZwZEhjcQeJQ1RuC6Q/8U=
 github.com/spf13/afero v1.15.0 h1:b/YBCLWAJdFWJTN9cLhiXXcD7mzKn9Dm86dNnfyQw1I=
 github.com/spf13/afero v1.15.0/go.mod h1:NC2ByUVxtQs4b3sIUphxK0NioZnmxgyCrfzeuq8lxMg=
 github.com/spf13/cast v1.10.0 h1:h2x0u2shc1QuLHfxi+cTJvs30+ZAHOGRic8uyGTDWxY=
@@ -120,18 +118,16 @@ github.com/spf13/pflag v1.0.10 h1:4EBh2KAYBwaONj6b2Ye1GiHfwjqyROoF4RwYO+vPwFk=
 github.com/spf13/pflag v1.0.10/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
 github.com/spf13/viper v1.21.0 h1:x5S+0EU27Lbphp4UKm1C+1oQO+rKx36vfCoaVebLFSU=
 github.com/spf13/viper v1.21.0/go.mod h1:P0lhsswPGWD/1lZJ9ny3fYnVqxiegrlNrEmgLjbTCAY=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.11.1 h1:7s2iGBzp5EwR7/aIZr8ao5+dra3wiQyKjjFuvgVKu7U=
 github.com/stretchr/testify v1.11.1/go.mod h1:wZwfW3scLgRK+23gO65QZefKpKQRnfz6sD981Nm4B6U=
 github.com/subosito/gotenv v1.6.0 h1:9NlTDc1FTs4qu0DDq7AEtTPNw6SVm7uBMsUCUjABIf8=
 github.com/subosito/gotenv v1.6.0/go.mod h1:Dk4QP5c2W3ibzajGcXpNraDfq2IrhjMIvMSWPKKo0FU=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e h1:JVG44RsyaB9T2KIHavMF/ppJZNG9ZpyihvCd0w101no=
 github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e/go.mod h1:RbqR21r5mrJuqunuUZ/Dhy/avygyECGrLceyNeo4LiM=
-github.com/yuin/goldmark v1.7.1/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark v1.8.2 h1:kEGpgqJXdgbkhcOgBxkC0X0PmoPG1ZyoZ117rDVp4zE=
-github.com/yuin/goldmark v1.7.8 h1:iERMLn0/QJeHFhxSt3p6PeN9mGnvIKSpG9YYorDMnic=
+github.com/yuin/goldmark v1.8.2/go.mod h1:ip/1k0VRfGynBgxOz0yCqHrbZXhcjxyuS66Brc7iBKg=
-github.com/yuin/goldmark v1.7.8/go.mod h1:uzxRWxtg69N339t3louHJ7+O03ezfj6PlliRlaOzY1E=
+github.com/yuin/goldmark-emoji v1.0.6 h1:QWfF2FYaXwL74tfGOW5izeiZepUDroDJfWubQI9HTHs=
-github.com/yuin/goldmark-emoji v1.0.5 h1:EMVWyCGPlXJfUXBXpuMu+ii3TIaxbVBnEX9uaDC4cIk=
+github.com/yuin/goldmark-emoji v1.0.6/go.mod h1:ukxJDKFpdFb5x0a5HqbdlcKtebh086iJpI31LTKmWuA=
 github.com/yuin/goldmark-emoji v1.0.5/go.mod h1:tTkZEbwu5wkPmgTcitqddVxY9osFZiavD+r4AzQrh1U=
 github.com/yuin/gopher-lua v1.1.2 h1:yF/FjE3hD65tBbt0VXLE13HWS9h34fdzJmrWRXwobGA=
 github.com/yuin/gopher-lua v1.1.2/go.mod h1:7aRmXIWl37SqRf0koeyylBEzJ+aPt8A+mmkQ4f1ntR8=
 go.uber.org/atomic v1.11.0 h1:ZvwS0R+56ePWxUNi+Atn9dWONBPp/AUETXlHW0DxSjE=
@@ -140,29 +136,27 @@ go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc=
 go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d h1:jtJma62tbqLibJ5sFQz8bKtEM8rJBtfilJ2qTU199MI=
 golang.org/x/exp v0.0.0-20231006140011-7918f672742d/go.mod h1:ldy0pHrwJyGW56pPQzzkH36rKxoZW1tw7ZJpeKx+hdo=
-golang.org/x/mod v0.33.0 h1:tHFzIWbBifEmbwtGz65eaWyGiGZatSrT9prnU8DbVL8=
+golang.org/x/mod v0.35.0 h1:Ww1D637e6Pg+Zb2KrWfHQUnH2dQRLBQyAtpr/haaJeM=
-golang.org/x/mod v0.33.0/go.mod h1:swjeQEj+6r7fODbD2cqrnje9PnziFuw4bmLbBZFrQ5w=
+golang.org/x/mod v0.35.0/go.mod h1:+GwiRhIInF8wPm+4AoT6L0FA1QWAad3OMdTRx4tFYlU=
-golang.org/x/net v0.39.0 h1:ZCu7HMWDxpXpaiKdhzIfaltL9Lp31x/3fCP11bc6/fY=
+golang.org/x/net v0.54.0 h1:2zJIZAxAHV/OHCDTCOHAYehQzLfSXuf/5SoL/Dv6w/w=
-golang.org/x/net v0.39.0/go.mod h1:X7NRbYVEA+ewNkCNyJ513WmMdQ3BineSwVtN2zD/d+E=
+golang.org/x/net v0.54.0/go.mod h1:Sj4oj8jK6XmHpBZU/zWHw3BV3abl4Kvi+Ut7cQcY+cQ=
 golang.org/x/sync v0.20.0 h1:e0PTpb7pjO8GAtTs2dQ6jYa5BWYlMuX047Dco/pItO4=
 golang.org/x/sync v0.20.0/go.mod h1:9xrNwdLfx4jkKbNva9FpL6vEN7evnE43NNNJQ2LF3+0=
-golang.org/x/sys v0.0.0-20191026070338-33540a1f6037/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
-golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/text v0.37.0 h1:Cqjiwd9eSg8e0QAkyCaQTNHFIIzWtidPahFWR83rTrc=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/text v0.37.0/go.mod h1:a5sjxXGs9hsn/AJVwuElvCAo9v8QYLzvavO5z2PiM38=
-golang.org/x/text v0.28.0 h1:rhazDwis8INMIwQ4tpjLDzUhx6RlXqZNPEM0huQojng=
+golang.org/x/tools v0.44.0 h1:UP4ajHPIcuMjT1GqzDWRlalUEoY+uzoZKnhOjbIPD2c=
-golang.org/x/text v0.28.0/go.mod h1:U8nCwOR8jO/marOQ0QbDiOngZVEBB7MAiitBuMjXiNU=
+golang.org/x/tools v0.44.0/go.mod h1:KA0AfVErSdxRZIsOVipbv3rQhVXTnlU6UhKxHd1seDI=
 golang.org/x/tools v0.42.0 h1:uNgphsn75Tdz5Ji2q36v/nsFSfR/9BRFvqhGBaJGd5k=
 golang.org/x/tools v0.42.0/go.mod h1:Ma6lCIwGZvHK6XtgbswSoWroEkhugApmsXyrUmBhfr0=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk=
 gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-modernc.org/cc/v4 v4.27.3 h1:uNCgn37E5U09mTv1XgskEVUJ8ADKpmFMPxzGJ0TSo+U=
+modernc.org/cc/v4 v4.28.2 h1:3tQ0lf2ADtoby2EtSP+J7IE2SHwEJdP8ioR59wx7XpY=
-modernc.org/cc/v4 v4.27.3/go.mod h1:3YjcbCqhoTTHPycJDRl2WZKKFj0nwcOIPBfEZK0Hdk8=
+modernc.org/cc/v4 v4.28.2/go.mod h1:OnovgIhbbMXMu1aISnJ0wvVD1KnW+cAUJkIrAWh+kVI=
-modernc.org/ccgo/v4 v4.32.4 h1:L5OB8rpEX4ZsXEQwGozRfJyJSFHbbNVOoQ59DU9/KuU=
+modernc.org/ccgo/v4 v4.34.0 h1:yRLPFZieg532OT4rp4JFNIVcquwalMX26G95WQDqwCQ=
-modernc.org/ccgo/v4 v4.32.4/go.mod h1:lY7f+fiTDHfcv6YlRgSkxYfhs+UvOEEzj49jAn2TOx0=
+modernc.org/ccgo/v4 v4.34.0/go.mod h1:AS5WYMyBakQ+fhsHhtP8mWB82KTGPkNNJDGfGQCe0/A=
 modernc.org/fileutil v1.4.0 h1:j6ZzNTftVS054gi281TyLjHPp6CPHr2KCxEXjEbD6SM=
 modernc.org/fileutil v1.4.0/go.mod h1:EqdKFDxiByqxLk8ozOxObDSfcVOv/54xDs/DUHdvCUU=
 modernc.org/gc/v2 v2.6.5 h1:nyqdV8q46KvTpZlsw66kWqwXRHdjIlJOhG6kxiV/9xI=
@@ -171,18 +165,18 @@ modernc.org/gc/v3 v3.1.2 h1:ZtDCnhonXSZexk/AYsegNRV1lJGgaNZJuKjJSWKyEqo=
 modernc.org/gc/v3 v3.1.2/go.mod h1:HFK/6AGESC7Ex+EZJhJ2Gni6cTaYpSMmU/cT9RmlfYY=
 modernc.org/goabi0 v0.2.0 h1:HvEowk7LxcPd0eq6mVOAEMai46V+i7Jrj13t4AzuNks=
 modernc.org/goabi0 v0.2.0/go.mod h1:CEFRnnJhKvWT1c1JTI3Avm+tgOWbkOu5oPA8eH8LnMI=
-modernc.org/libc v1.72.0 h1:IEu559v9a0XWjw0DPoVKtXpO2qt5NVLAnFaBbjq+n8c=
+modernc.org/libc v1.72.3 h1:ZnDF4tXn4NBXFutMMQC4vtbTFSXhhKzR73fv0beZEAU=
-modernc.org/libc v1.72.0/go.mod h1:tTU8DL8A+XLVkEY3x5E/tO7s2Q/q42EtnNWda/L5QhQ=
+modernc.org/libc v1.72.3/go.mod h1:dn0dZNnnn1clLyvRxLxYExxiKRZIRENOfqQ8XEeg4Qs=
 modernc.org/mathutil v1.7.1 h1:GCZVGXdaN8gTqB1Mf/usp1Y/hSqgI2vAGGP4jZMCxOU=
 modernc.org/mathutil v1.7.1/go.mod h1:4p5IwJITfppl0G4sUEDtCr4DthTaT47/N3aT6MhfgJg=
 modernc.org/memory v1.11.0 h1:o4QC8aMQzmcwCK3t3Ux/ZHmwFPzE6hf2Y5LbkRs+hbI=
 modernc.org/memory v1.11.0/go.mod h1:/JP4VbVC+K5sU2wZi9bHoq2MAkCnrt2r98UGeSK7Mjw=
-modernc.org/opt v0.1.4 h1:2kNGMRiUjrp4LcaPuLY2PzUfqM/w9N23quVwhKt5Qm8=
+modernc.org/opt v0.2.0 h1:tGyef5ApycA7FSEOMraay9SaTk5zmbx7Tu+cJs4QKZg=
-modernc.org/opt v0.1.4/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
+modernc.org/opt v0.2.0/go.mod h1:03fq9lsNfvkYSfxrfUhZCWPk1lm4cq4N+Bh//bEtgns=
 modernc.org/sortutil v1.2.1 h1:+xyoGf15mM3NMlPDnFqrteY07klSFxLElE2PVuWIJ7w=
 modernc.org/sortutil v1.2.1/go.mod h1:7ZI3a3REbai7gzCLcotuw9AC4VZVpYMjDzETGsSMqJE=
-modernc.org/sqlite v1.50.0 h1:eMowQSWLK0MeiQTdmz3lqoF5dqclujdlIKeJA11+7oM=
+modernc.org/sqlite v1.50.1 h1:l+cQvn0sd0zJJtfygGHuQJ5AjlrwXmWPw4KP3ZMwr9w=
-modernc.org/sqlite v1.50.0/go.mod h1:m0w8xhwYUVY3H6pSDwc3gkJ/irZT/0YEXwBlhaxQEew=
+modernc.org/sqlite v1.50.1/go.mod h1:tcNzv5p84E0skkmJn038y+hWJbLQXQqEnQfeh5r2JLM=
 modernc.org/strutil v1.2.1 h1:UneZBkQA+DX2Rp35KcM69cSsNES9ly8mQWD71HKlOA0=
 modernc.org/strutil v1.2.1/go.mod h1:EHkiggD70koQxjVdSBM3JKM7k6L0FbGE5eymy9i3B9A=
 modernc.org/token v1.1.0 h1:Xl7Ap9dKaEs5kLoOQeQmPWevfnk/DM5qcLcYlA8ys6Y=
@@ -2,6 +2,7 @@ package config
 import (
 	_ "embed"
 	"errors"
 	"fmt"
 	"os"
 	"path/filepath"
@@ -23,6 +24,10 @@ type Config struct {
 		CertDir        string `mapstructure:"cert_dir"`
 		ProjectDir     string `mapstructure:"project_dir"`
 		PluginsDir     string `mapstructure:"plugins_dir"`
 		UpstreamProxy  string `mapstructure:"upstream_proxy"`
 		ProxyAuth      string `mapstructure:"proxy_auth"`
 		MaxBodySizeMB  int    `mapstructure:"max_body_size_mb"`
 		ExternalEditor string `mapstructure:"external_editor"`
 	} `mapstructure:"app"`
 	TUI struct {
@@ -33,8 +38,9 @@ type Config struct {
 	} `mapstructure:"tui"`
 	Intercept struct {
-		DefaultAutoForward     bool `mapstructure:"default_auto_forward"`
+		DefaultInterceptEnabled bool     `mapstructure:"default_intercept_enabled"`
 		DefaultCaptureResponse  bool     `mapstructure:"default_capture_response"`
 		AutoForwardRegex        []string `mapstructure:"auto_forward_regex"`
 	} `mapstructure:"intercept"`
 	Replay struct {
@@ -43,6 +49,7 @@ type Config struct {
 	History struct {
 		SkipDuplicates bool `mapstructure:"skip_duplicates"`
 		KeepResponses  bool `mapstructure:"keep_responses"`
 	} `mapstructure:"history"`
 	Keybindings Keybindings `mapstructure:"keybindings"`
@@ -62,7 +69,7 @@ func Load(path string) error {
 	viper.SetConfigType("yaml")
 	viper.SetConfigFile(path)
 	if err := viper.ReadInConfig(); err != nil {
-		if !os.IsNotExist(err) {
+		if !errors.Is(err, os.ErrNotExist) {
 			return err
 		}
 	}
@@ -71,6 +78,16 @@ func Load(path string) error {
 	return viper.Unmarshal(Global)
 }
 func WriteDefaultConfig(path string) error {
 	if err := os.MkdirAll(filepath.Dir(path), 0o755); err != nil {
 		return fmt.Errorf("create config dir: %w", err)
 	}
 	if err := os.WriteFile(path, defaultConfig, 0o644); err != nil {
 		return fmt.Errorf("write config: %w", err)
 	}
 	return nil
 }
 func ExpandPath(p string) string {
 	if strings.HasPrefix(p, "~/") {
 		home, err := os.UserHomeDir()
@@ -4,19 +4,26 @@ app:
  cert_dir: ~/.local/share/spilltea
  project_dir: ~/.local/share/spilltea
  plugins_dir: ~/.config/spilltea/plugins
  upstream_proxy: "" # e.g. http://corporate-proxy:8888 or http://user:pass@host:8888
  proxy_auth: "" # require basic auth to use the proxy, format: user:pass (empty = disabled)
  max_body_size_mb: 50 # max response body size read into memory for large streamed responses (MB)
  external_editor: "" # override $EDITOR for external editing (e.g. nvim, code --wait)
 intercept:
-  default_auto_forward: false
+  default_intercept_enabled: true
  default_capture_response: false
  auto_forward_regex:
    - '\.(js|css|png|gif|ico|woff2?|ttf|svg)(\?.*)?$'
 replay:
-  switch_to_page_on_send: false
+  switch_to_page_on_send: true
 history:
-  skip_duplicates: false # if true, skip saving entries with the same method, host, path and body
+  skip_duplicates: true # if true, skip saving entries with the same method, host, path and body
  keep_responses: false # if true, response body and headers are stored in history
 tui:
-  use_nerdfont_icons: true
+  use_nerdfont_icons: false
  default_sidebar_state: "expanded" # hidden, collapsed, expanded
  pretty_print_body: true # auto-indent JSON and HTML response bodies
  colors:
@@ -40,52 +47,58 @@ tui:
 keybindings:
  global:
    quit: "q,ctrl+c"
    help: "?"
    open_logs: "ctrl+g"
    toggle_sidebar: "ctrl+b"
-    help: "?"
+    cycle_focus: "tab"
    send_to_replay: "ctrl+r"
    send_to_diff: "ctrl+d"
    copy_as: "ctrl+y"
    copy: "y"
    up: "up,k"
    down: "down,j"
    left: "left,h"
    right: "right,l"
-    cycle_focus: "tab"
+    goto_top: "g"
-    copy_request: "ctrl+y"
+    goto_bottom: "G,end"
    send_to_replay: "ctrl+r"
    scroll_up: "pgup"
    scroll_down: "pgdown"
-    send_to_diff: "ctrl+d"
+    prev_page: "["
    next_page: "]"
  intercept:
    toggle_intercept: "i"
    capture_response: "r"
    forward: "f"
    forward_all: "F"
    drop: "d"
    drop_all: "D"
    auto_forward: "a"
    capture_response: "r"
    undo_edits: "ctrl+z"
    edit: "e,enter"
    edit_external: "E"
    undo_edits: "ctrl+z"
  history:
    delete_entry: "x"
    delete_all: "X"
    sql_query: ":"
    filter: "/"
    flag: "m"
  home:
-    open: "enter,l"
+    open: "l,enter"
    delete: "x"
    filter: "/"
  replay:
-    send: "enter,s"
+    send: "s, enter"
    edit: "e"
    edit_external: "E"
-    undo_edits: "R"
+    undo_edits: "ctrl+z"
    delete_entry: "x"
    delete_all: "X"
  diff:
-    clear: "c"
+    clear: "x"
  findings:
    dismiss: "x"
@@ -94,3 +107,9 @@ keybindings:
    toggle: "space"
    edit_config: "e,enter"
    filter: "/"
  docs:
    search: "/"
    search_reset: "r"
    search_next: "n"
    search_prev: "N"
@@ -10,11 +10,16 @@ type GlobalKeys struct {
 	Left          string `mapstructure:"left"`
 	Right         string `mapstructure:"right"`
 	CycleFocus    string `mapstructure:"cycle_focus"`
-	CopyRequest   string `mapstructure:"copy_request"`
+	CopyAs        string `mapstructure:"copy_as"`
 	Copy          string `mapstructure:"copy"`
 	SendToReplay  string `mapstructure:"send_to_replay"`
 	ScrollUp      string `mapstructure:"scroll_up"`
 	ScrollDown    string `mapstructure:"scroll_down"`
 	SendToDiff    string `mapstructure:"send_to_diff"`
 	GotoTop       string `mapstructure:"goto_top"`
 	GotoBottom    string `mapstructure:"goto_bottom"`
 	PrevPage      string `mapstructure:"prev_page"`
 	NextPage      string `mapstructure:"next_page"`
 }
 type InterceptKeys struct {
@@ -22,7 +27,7 @@ type InterceptKeys struct {
 	ForwardAll      string `mapstructure:"forward_all"`
 	Drop            string `mapstructure:"drop"`
 	DropAll         string `mapstructure:"drop_all"`
-	AutoForward     string `mapstructure:"auto_forward"`
+	ToggleIntercept string `mapstructure:"toggle_intercept"`
 	CaptureResponse string `mapstructure:"capture_response"`
 	UndoEdits       string `mapstructure:"undo_edits"`
 	Edit            string `mapstructure:"edit"`
@@ -34,6 +39,7 @@ type HistoryKeys struct {
 	DeleteAll   string `mapstructure:"delete_all"`
 	Filter      string `mapstructure:"filter"`
 	SqlQuery    string `mapstructure:"sql_query"`
 	Flag        string `mapstructure:"flag"`
 }
 type HomeKeys struct {
@@ -65,6 +71,13 @@ type PluginsKeys struct {
 	Filter     string `mapstructure:"filter"`
 }
 type DocsKeys struct {
 	Search      string `mapstructure:"search"`
 	SearchReset string `mapstructure:"search_reset"`
 	SearchNext  string `mapstructure:"search_next"`
 	SearchPrev  string `mapstructure:"search_prev"`
 }
 type Keybindings struct {
 	Global    GlobalKeys    `mapstructure:"global"`
 	Intercept InterceptKeys `mapstructure:"intercept"`
@@ -74,4 +87,5 @@ type Keybindings struct {
 	Diff      DiffKeys      `mapstructure:"diff"`
 	Findings  FindingsKeys  `mapstructure:"findings"`
 	Plugins   PluginsKeys   `mapstructure:"plugins"`
 	Docs      DocsKeys      `mapstructure:"docs"`
 }
@@ -2,12 +2,15 @@ package db
 import (
 	"database/sql"
 	"sync"
 	_ "modernc.org/sqlite"
 )
 type DB struct {
 	conn    *sql.DB
 	path    string
 	dedupMu sync.Mutex
 }
 func Open(path string) (*DB, error) {
@@ -15,7 +18,11 @@ func Open(path string) (*DB, error) {
 	if err != nil {
 		return nil, err
 	}
-	d := &DB{conn: conn}
+	// SQLite only supports one concurrent writer; a pool of connections would
 	// cause SQLITE_BUSY errors when multiple proxy goroutines try to insert
 	// history entries at the same time.
 	conn.SetMaxOpenConns(1)
 	d := &DB{conn: conn, path: path}
 	if err := d.migrate(); err != nil {
 		conn.Close()
 		return nil, err
@@ -24,6 +31,9 @@ func Open(path string) (*DB, error) {
 }
 func (d *DB) migrate() error {
 	if _, err := d.conn.Exec(`PRAGMA journal_mode=WAL; PRAGMA synchronous=NORMAL; PRAGMA foreign_keys=OFF;`); err != nil {
 		return err
 	}
 	_, err := d.conn.Exec(`
 		CREATE TABLE IF NOT EXISTS entries (
 			id           INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -33,12 +43,9 @@ func (d *DB) migrate() error {
 			path         TEXT NOT NULL,
 			status_code  INTEGER NOT NULL,
 			request_raw  TEXT NOT NULL,
-			response_raw TEXT NOT NULL
+			response_raw TEXT NOT NULL,
-		);
+			body_hash    TEXT NOT NULL DEFAULT '',
-		CREATE TABLE IF NOT EXISTS scope (
+			flagged      INTEGER NOT NULL DEFAULT 0
 			id      INTEGER PRIMARY KEY AUTOINCREMENT,
 			kind    TEXT NOT NULL CHECK(kind IN ('whitelist','blacklist')),
 			pattern TEXT NOT NULL
 		);
 CREATE TABLE IF NOT EXISTS replay_entries (
 			id           INTEGER PRIMARY KEY AUTOINCREMENT,
@@ -69,12 +76,19 @@ func (d *DB) migrate() error {
 			created_at  DATETIME NOT NULL,
 			UNIQUE(plugin_name, dedup_key)
 		);
 		INSERT INTO scope (kind, pattern)
 			SELECT 'blacklist', '\.(js|css|png|gif|ico|woff2?|ttf|svg)(\?.*)?$'
 			WHERE NOT EXISTS (SELECT 1 FROM scope);
 	`)
 	if err != nil {
 		return err
 	}
 	_, err = d.conn.Exec(`CREATE INDEX IF NOT EXISTS idx_entries_dedup ON entries(method, host, path, body_hash)`)
 	return err
 }
 // Query executes a SQL query and returns the rows. The caller must close the
 // returned rows. Args are passed as positional parameters.
 func (d *DB) Query(query string, args ...any) (*sql.Rows, error) {
 	return d.conn.Query(query, args...)
 }
 func (d *DB) Close() error {
 	if d == nil {
@@ -1,6 +1,7 @@
 package db
 import (
 	"crypto/sha256"
 	"database/sql"
 	"fmt"
 	"strings"
@@ -16,42 +17,48 @@ type Entry struct {
 	StatusCode  int
 	RequestRaw  string
 	ResponseRaw string
 	Flagged     bool
 }
 func bodyHash(body string) string {
 	sum := sha256.Sum256([]byte(body))
 	return fmt.Sprintf("%x", sum)
 }
 // HasDuplicate returns true if an entry with the same method, host, path and
-// request body already exists. Used to implement skip_duplicates filtering.
+// request body hash already exists.
 func (d *DB) HasDuplicate(method, host, path, body string) (bool, error) {
-	rows, err := d.conn.Query(
+	hash := bodyHash(body)
-		`SELECT request_raw FROM entries WHERE method = ? AND host = ? AND path = ?`,
+	var exists int
-		method, host, path,
+	err := d.conn.QueryRow(
-	)
+		`SELECT 1 FROM entries WHERE method = ? AND host = ? AND path = ? AND body_hash = ? LIMIT 1`,
-	if err != nil {
+		method, host, path, hash,
-		return false, err
+	).Scan(&exists)
 	if err == sql.ErrNoRows {
 		return false, nil
 	}
-	defer rows.Close()
+	return err == nil, err
 	for rows.Next() {
 		var raw string
 		if err := rows.Scan(&raw); err != nil {
 			return false, err
 		}
 		parts := strings.SplitN(raw, "\n\n", 2)
 		entryBody := ""
 		if len(parts) == 2 {
 			entryBody = parts[1]
 		}
 		if entryBody == body {
 			return true, nil
 		}
 	}
 	return false, rows.Err()
 }
-func (d *DB) InsertEntry(e Entry) (Entry, error) {
+// InsertIfNotDuplicate atomically checks for a duplicate and inserts if none
 // exists. Returns (entry, isDuplicate, error).
 func (d *DB) InsertIfNotDuplicate(e Entry, body string) (Entry, bool, error) {
 	d.dedupMu.Lock()
 	defer d.dedupMu.Unlock()
 	dup, err := d.HasDuplicate(e.Method, e.Host, e.Path, body)
 	if err != nil || dup {
 		return e, dup, err
 	}
 	e, err = d.InsertEntry(e, body)
 	return e, false, err
 }
 func (d *DB) InsertEntry(e Entry, body string) (Entry, error) {
 	res, err := d.conn.Exec(
-		`INSERT INTO entries (timestamp, method, host, path, status_code, request_raw, response_raw)
+		`INSERT INTO entries (timestamp, method, host, path, status_code, request_raw, response_raw, body_hash)
-		 VALUES (?, ?, ?, ?, ?, ?, ?)`,
+		 VALUES (?, ?, ?, ?, ?, ?, ?, ?)`,
 		e.Timestamp.UTC().Format(time.RFC3339),
-		e.Method, e.Host, e.Path, e.StatusCode, e.RequestRaw, e.ResponseRaw,
+		e.Method, e.Host, e.Path, e.StatusCode, e.RequestRaw, e.ResponseRaw, bodyHash(body),
 	)
 	if err != nil {
 		return e, err
@@ -65,10 +72,12 @@ func scanEntries(rows *sql.Rows) ([]Entry, error) {
 	for rows.Next() {
 		var e Entry
 		var ts string
-		if err := rows.Scan(&e.ID, &ts, &e.Method, &e.Host, &e.Path, &e.StatusCode, &e.RequestRaw, &e.ResponseRaw); err != nil {
+		var flagged int
 		if err := rows.Scan(&e.ID, &ts, &e.Method, &e.Host, &e.Path, &e.StatusCode, &e.RequestRaw, &e.ResponseRaw, &flagged); err != nil {
 			return nil, err
 		}
 		e.Timestamp, _ = time.Parse(time.RFC3339, ts)
 		e.Flagged = flagged != 0
 		entries = append(entries, e)
 	}
 	return entries, rows.Err()
@@ -76,7 +85,7 @@ func scanEntries(rows *sql.Rows) ([]Entry, error) {
 func (d *DB) ListEntries() ([]Entry, error) {
 	rows, err := d.conn.Query(
-		`SELECT id, timestamp, method, host, path, status_code, request_raw, response_raw
+		`SELECT id, timestamp, method, host, path, status_code, request_raw, response_raw, flagged
 		 FROM entries ORDER BY id DESC`,
 	)
 	if err != nil {
@@ -89,7 +98,7 @@ func (d *DB) ListEntries() ([]Entry, error) {
 func (d *DB) SearchEntries(term string) ([]Entry, error) {
 	like := "%" + term + "%"
 	rows, err := d.conn.Query(
-		`SELECT id, timestamp, method, host, path, status_code, request_raw, response_raw
+		`SELECT id, timestamp, method, host, path, status_code, request_raw, response_raw, flagged
 		 FROM entries
 		 WHERE method LIKE ? OR host LIKE ? OR path LIKE ? OR request_raw LIKE ? OR response_raw LIKE ?
 		 ORDER BY id DESC`,
@@ -102,17 +111,21 @@ func (d *DB) SearchEntries(term string) ([]Entry, error) {
 	return scanEntries(rows)
 }
-// QueryEntries executes a user-supplied query against the entries table.
+// QueryEntries runs a WHERE expression supplied by the user against the entries
-// If the query does not start with SELECT, it is treated as a WHERE expression
+// table (e.g. "status_code = 404" or "host LIKE '%example.com%'").
-// and wrapped automatically (e.g. "status_code = 404" becomes a full SELECT).
+// It opens a dedicated read-only connection so that any DML or DDL in the
-func (d *DB) QueryEntries(rawSQL string) ([]Entry, error) {
+// user-supplied expression is rejected by SQLite before it can execute.
-	q := strings.TrimSpace(rawSQL)
+func (d *DB) QueryEntries(where string) ([]Entry, error) {
-	if !strings.HasPrefix(strings.ToUpper(q), "SELECT") {
+	roConn, err := sql.Open("sqlite", d.path)
-		q = "SELECT id, timestamp, method, host, path, status_code, request_raw, response_raw FROM entries WHERE " + q
+	if err != nil {
-	} else if strings.ContainsAny(strings.ToUpper(q), "INSERTDELETEUPDATEDROP") {
+		return nil, err
 		return nil, fmt.Errorf("only SELECT queries are allowed")
 	}
-	rows, err := d.conn.Query(q)
+	defer roConn.Close()
 	if _, err := roConn.Exec("PRAGMA query_only=ON"); err != nil {
 		return nil, err
 	}
 	q := "SELECT id, timestamp, method, host, path, status_code, request_raw, response_raw, flagged FROM entries WHERE " + strings.TrimSpace(where)
 	rows, err := roConn.Query(q)
 	if err != nil {
 		return nil, err
 	}
@@ -120,6 +133,11 @@ func (d *DB) QueryEntries(rawSQL string) ([]Entry, error) {
 	return scanEntries(rows)
 }
 func (d *DB) ToggleFlag(id int64) error {
 	_, err := d.conn.Exec(`UPDATE entries SET flagged = NOT flagged WHERE id = ?`, id)
 	return err
 }
 func (d *DB) DeleteEntry(id int64) error {
 	_, err := d.conn.Exec(`DELETE FROM entries WHERE id = ?`, id)
 	return err
@@ -17,6 +17,8 @@ type Finding struct {
 // UpsertFinding inserts the finding if the (plugin_name, dedup_key) pair does
 // not already exist. Returns true when the row was actually inserted.
 func (d *DB) UpsertFinding(f Finding) (bool, error) {
 	d.dedupMu.Lock()
 	defer d.dedupMu.Unlock()
 	res, err := d.conn.Exec(
 		`INSERT OR IGNORE INTO findings (plugin_name, dedup_key, title, description, severity, dismissed, created_at)
 		 VALUES (?, ?, ?, ?, ?, 0, ?)`,
@@ -48,7 +50,7 @@ func (d *DB) LoadFindings() ([]Finding, error) {
 		}
 		for _, layout := range findingTimeFormats {
 			if t, err := time.Parse(layout, ts); err == nil {
-				f.CreatedAt = t
+				f.CreatedAt = t.Local()
 				break
 			}
 		}
@@ -1,45 +0,0 @@
 package db
 func (d *DB) SaveScope(whitelist, blacklist []string) error {
 	tx, err := d.conn.Begin()
 	if err != nil {
 		return err
 	}
 	if _, err := tx.Exec(`DELETE FROM scope`); err != nil {
 		tx.Rollback()
 		return err
 	}
 	for _, p := range whitelist {
 		if _, err := tx.Exec(`INSERT INTO scope (kind, pattern) VALUES ('whitelist', ?)`, p); err != nil {
 			tx.Rollback()
 			return err
 		}
 	}
 	for _, p := range blacklist {
 		if _, err := tx.Exec(`INSERT INTO scope (kind, pattern) VALUES ('blacklist', ?)`, p); err != nil {
 			tx.Rollback()
 			return err
 		}
 	}
 	return tx.Commit()
 }
 func (d *DB) LoadScope() (whitelist, blacklist []string, err error) {
 	rows, err := d.conn.Query(`SELECT kind, pattern FROM scope`)
 	if err != nil {
 		return nil, nil, err
 	}
 	defer rows.Close()
 	for rows.Next() {
 		var kind, pattern string
 		if err := rows.Scan(&kind, &pattern); err != nil {
 			return nil, nil, err
 		}
 		if kind == "whitelist" {
 			whitelist = append(whitelist, pattern)
 		} else {
 			blacklist = append(blacklist, pattern)
 		}
 	}
 	return whitelist, blacklist, rows.Err()
 }
@@ -20,6 +20,7 @@ type Icons struct {
 	New       string
 	Temp      string
 	Project   string
 	Flag      string
 }
 var I *Icons
@@ -44,6 +45,7 @@ func Init(cfg *config.Config) {
 			New:       "󰐕 ",
 			Temp:      "󰙨 ",
 			Project:   "󰉋 ",
 			Flag:      "󰈻 ",
 		}
 	} else {
 		I = &Icons{}
@@ -1,6 +1,7 @@
 package intercept
 import (
 	"log"
 	"regexp"
 	"sync"
 	"sync/atomic"
@@ -41,88 +42,63 @@ type Broker struct {
 	droppedFlows sync.Map // *proxy.Flow → struct{}
 	outOfScope   sync.Map // *proxy.Flow → struct{}
-	scopeMu   sync.RWMutex
+	autoFwdMu      sync.RWMutex
-	whitelist []*regexp.Regexp
+	autoFwdRegexes []*regexp.Regexp
 	blacklist []*regexp.Regexp
 	onBeforeNewEntry func(db.Entry) bool
 	onNewEntry       func(db.Entry)
 }
 func (b *Broker) SetOnBeforeNewEntry(cb func(db.Entry) bool) {
 	b.onBeforeNewEntry = cb
 }
 func (b *Broker) SetOnNewEntry(cb func(db.Entry)) {
 	b.onNewEntry = cb
 }
 // IsInScope reports whether the given target string (host+path) matches the
 // current scope rules. Used by the plugin API.
 func (b *Broker) IsInScope(target string) bool {
 	b.scopeMu.RLock()
 	wl := b.whitelist
 	bl := b.blacklist
 	b.scopeMu.RUnlock()
 	return scopeMatches(wl, bl, target)
 }
 func NewBroker() *Broker {
-	return &Broker{
+	b := &Broker{
 		Incoming:         make(chan *PendingRequest, 64),
 		IncomingResponse: make(chan *PendingResponse, 64),
 	}
 	b.SetAutoForwardRegex(config.Global.Intercept.AutoForwardRegex)
 	return b
 }
 func (b *Broker) SetCaptureResponse(v bool) {
 	b.captureResponse.Store(v)
 }
-// SetScope compiles and stores whitelist/blacklist regex patterns.
+// SetAutoForwardRegex compiles and stores patterns for requests that should
 // be forwarded automatically without interception or history logging.
 // Invalid patterns are silently skipped.
-func (b *Broker) SetScope(whitelist, blacklist []string) {
+func (b *Broker) SetAutoForwardRegex(patterns []string) {
-	wl := compilePatterns(whitelist)
+	compiled := make([]*regexp.Regexp, 0, len(patterns))
 	bl := compilePatterns(blacklist)
 	b.scopeMu.Lock()
 	b.whitelist = wl
 	b.blacklist = bl
 	b.scopeMu.Unlock()
 }
 func compilePatterns(patterns []string) []*regexp.Regexp {
 	out := make([]*regexp.Regexp, 0, len(patterns))
 	for _, p := range patterns {
-		if r, err := regexp.Compile(p); err == nil {
+		r, err := regexp.Compile(p)
-			out = append(out, r)
+		if err != nil {
 			log.Printf("intercept: invalid auto_forward_regex %q: %v", p, err)
 			continue
 		}
 		compiled = append(compiled, r)
 	}
-	return out
+	b.autoFwdMu.Lock()
 	b.autoFwdRegexes = compiled
 	b.autoFwdMu.Unlock()
 }
-func (b *Broker) matchesScope(f *proxy.Flow) bool {
+func (b *Broker) isAutoForwarded(target string) bool {
-	target := f.Request.URL.Host + f.Request.URL.Path
+	b.autoFwdMu.RLock()
-	b.scopeMu.RLock()
+	regexes := b.autoFwdRegexes
-	wl := b.whitelist
+	b.autoFwdMu.RUnlock()
-	bl := b.blacklist
+	for _, r := range regexes {
 	b.scopeMu.RUnlock()
 	return scopeMatches(wl, bl, target)
 }
 func scopeMatches(wl, bl []*regexp.Regexp, target string) bool {
 	if len(wl) > 0 {
 		matched := false
 		for _, r := range wl {
 		if r.MatchString(target) {
 				matched = true
 				break
 			}
 		}
 		if !matched {
 			return false
 		}
 	}
 	for _, r := range bl {
 		if r.MatchString(target) {
 			return false
 		}
 	}
 			return true
 		}
 	}
 	return false
 }
 func (b *Broker) SetDB(d *db.DB) {
 	b.dbMu.Lock()
@@ -132,7 +108,8 @@ func (b *Broker) SetDB(d *db.DB) {
 // Hold is called from the proxy addon: it blocks until a decision is made in the TUI.
 func (b *Broker) Hold(f *proxy.Flow) Decision {
-	if !b.matchesScope(f) {
+	target := f.Request.URL.Host + f.Request.URL.Path
 	if b.isAutoForwarded(target) {
 		b.outOfScope.Store(f, struct{}{})
 		return Forward
 	}
@@ -168,7 +145,7 @@ func (b *Broker) HoldResponse(f *proxy.Flow) Decision {
 // SaveEntry persists the completed flow to the history DB.
 // It must be called after HoldResponse and before modifying f.Response.
-// Flows that were dropped at the request phase are silently skipped.
+// Flows that were dropped or auto-forwarded are silently skipped.
 func (b *Broker) SaveEntry(f *proxy.Flow) {
 	b.dbMu.RLock()
 	d := b.database
@@ -191,27 +168,47 @@ func (b *Broker) SaveEntry(f *proxy.Flow) {
 	if path == "" {
 		path = "/"
 	}
 	if config.Global.History.SkipDuplicates {
 	body := string(r.Body)
-		if dup, _ := d.HasDuplicate(r.Method, r.URL.Host, path, body); dup {
+	pending := db.Entry{
 			return
 		}
 	}
 	entry, err := d.InsertEntry(db.Entry{
 		Timestamp:  time.Now(),
 		Method:     r.Method,
 		Host:       r.URL.Host,
 		Path:       path,
 		StatusCode: status,
 		RequestRaw: FormatRawRequest(f),
-		ResponseRaw: FormatRawResponse(f),
+		ResponseRaw: func() string {
-	})
+			if config.Global.History.KeepResponses {
-	if err == nil {
+				return FormatRawResponse(f)
 			}
 			return ""
 		}(),
 	}
 	if cb := b.onBeforeNewEntry; cb != nil {
 		if !cb(pending) {
 			return
 		}
 	}
 	var (
 		entry db.Entry
 		err   error
 	)
 	if config.Global.History.SkipDuplicates {
 		var dup bool
 		entry, dup, err = d.InsertIfNotDuplicate(pending, body)
 		if dup {
 			return
 		}
 	} else {
 		entry, err = d.InsertEntry(pending, body)
 	}
 	if err != nil {
 		log.Printf("intercept: failed to save history entry: %v", err)
 		return
 	}
 	if cb := b.onNewEntry; cb != nil {
 		go cb(entry)
 	}
 }
 }
 func (b *Broker) Decide(p *PendingRequest, d Decision) {
 	p.decision <- d
@@ -3,9 +3,9 @@ package intercept
 import (
 	"fmt"
 	"net/http"
 	"sort"
 	"strings"
 	"github.com/anotherhadi/spilltea/internal/util"
 	"github.com/lqqyt2423/go-mitmproxy/proxy"
 )
@@ -14,15 +14,8 @@ func FormatRawRequest(f *proxy.Flow) string {
 	r := f.Request
 	var sb strings.Builder
 	fmt.Fprintf(&sb, "%s %s %s\n", r.Method, r.URL.RequestURI(), r.Proto)
-	keys := make([]string, 0, len(r.Header))
+	for _, line := range util.SortedHeaderLines(r.Header) {
-	for k := range r.Header {
+		sb.WriteString(line)
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	for _, k := range keys {
 		for _, v := range r.Header[k] {
 			fmt.Fprintf(&sb, "%s: %s\n", k, v)
 		}
 	}
 	sb.WriteString("\n")
 	if len(r.Body) > 0 {
@@ -43,15 +36,8 @@ func FormatRawResponse(f *proxy.Flow) string {
 		proto = "HTTP/1.1"
 	}
 	fmt.Fprintf(&sb, "%s %d %s\n", proto, r.StatusCode, http.StatusText(r.StatusCode))
-	keys := make([]string, 0, len(r.Header))
+	for _, line := range util.SortedHeaderLines(r.Header) {
-	for k := range r.Header {
+		sb.WriteString(line)
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	for _, k := range keys {
 		for _, v := range r.Header[k] {
 			fmt.Fprintf(&sb, "%s: %s\n", k, v)
 		}
 	}
 	sb.WriteString("\n")
 	if len(r.Body) > 0 {
@@ -0,0 +1,26 @@
 package keys
 import (
 	"charm.land/bubbles/v2/key"
 	"github.com/anotherhadi/spilltea/internal/config"
 )
 type DocsKeyMap struct {
 	Search      key.Binding
 	SearchReset key.Binding
 	SearchNext  key.Binding
 	SearchPrev  key.Binding
 }
 func newDocsKeyMap(cfg config.DocsKeys) DocsKeyMap {
 	return DocsKeyMap{
 		Search:      binding(cfg.Search, "search"),
 		SearchReset: binding(cfg.SearchReset, "reset search"),
 		SearchNext:  binding(cfg.SearchNext, "next match"),
 		SearchPrev:  binding(cfg.SearchPrev, "prev match"),
 	}
 }
 func (d DocsKeyMap) Bindings() []key.Binding {
 	return []key.Binding{d.Search, d.SearchReset, d.SearchNext, d.SearchPrev}
 }
@@ -15,12 +15,17 @@ type GlobalKeyMap struct {
 	Left          key.Binding
 	Right         key.Binding
 	CycleFocus    key.Binding
-	CopyRequest   key.Binding
+	CopyAs        key.Binding
 	Copy          key.Binding
 	Escape        key.Binding
 	SendToReplay  key.Binding
 	ScrollUp      key.Binding
 	ScrollDown    key.Binding
 	SendToDiff    key.Binding
 	GotoTop       key.Binding
 	GotoBottom    key.Binding
 	PrevPage      key.Binding
 	NextPage      key.Binding
 }
 func newGlobalKeyMap(cfg config.GlobalKeys) GlobalKeyMap {
@@ -34,12 +39,17 @@ func newGlobalKeyMap(cfg config.GlobalKeys) GlobalKeyMap {
 		Left:          binding(cfg.Left, "scroll left"),
 		Right:         binding(cfg.Right, "scroll right"),
 		CycleFocus:    binding(cfg.CycleFocus, "cycle focus"),
-		CopyRequest:   binding(cfg.CopyRequest, "copy as..."),
+		CopyAs:        binding(cfg.CopyAs, "copy as..."),
 		Copy:          binding(cfg.Copy, "copy..."),
 		Escape:        key.NewBinding(key.WithKeys("esc"), key.WithHelp("esc", "cancel")),
 		SendToReplay:  binding(cfg.SendToReplay, "send to replay"),
 		ScrollUp:      binding(cfg.ScrollUp, "scroll up"),
 		ScrollDown:    binding(cfg.ScrollDown, "scroll down"),
 		SendToDiff:    binding(cfg.SendToDiff, "send to diff"),
 		GotoTop:       binding(cfg.GotoTop, "go to top"),
 		GotoBottom:    binding(cfg.GotoBottom, "go to bottom"),
 		PrevPage:      binding(cfg.PrevPage, "prev page"),
 		NextPage:      binding(cfg.NextPage, "next page"),
 	}
 }
@@ -47,8 +57,14 @@ func (g GlobalKeyMap) Bindings() []key.Binding {
 	return []key.Binding{
 		g.Up, g.Down, g.Left, g.Right, g.CycleFocus,
 		g.Quit, g.Escape, g.Help,
-		g.OpenLogs, g.ToggleSidebar, g.CopyRequest,
+		g.OpenLogs, g.ToggleSidebar, g.CopyAs, g.Copy,
 		g.SendToReplay, g.SendToDiff,
 		g.ScrollUp, g.ScrollDown,
 		g.GotoTop, g.GotoBottom, g.PrevPage, g.NextPage,
 	}
 }
 // CommonBindings returns keys available on every page.
 func (g GlobalKeyMap) CommonBindings() []key.Binding {
 	return []key.Binding{g.Quit, g.Help, g.OpenLogs, g.ToggleSidebar}
 }
@@ -10,6 +10,7 @@ type HistoryKeyMap struct {
 	DeleteAll   key.Binding
 	Filter      key.Binding
 	SqlQuery    key.Binding
 	Flag        key.Binding
 }
 func newHistoryKeyMap(cfg config.HistoryKeys) HistoryKeyMap {
@@ -18,9 +19,10 @@ func newHistoryKeyMap(cfg config.HistoryKeys) HistoryKeyMap {
 		DeleteAll:   binding(cfg.DeleteAll, "delete all"),
 		Filter:      binding(cfg.Filter, "filter"),
 		SqlQuery:    binding(cfg.SqlQuery, "sql query"),
 		Flag:        binding(cfg.Flag, "flag"),
 	}
 }
 func (h HistoryKeyMap) Bindings() []key.Binding {
-	return []key.Binding{h.DeleteEntry, h.DeleteAll}
+	return []key.Binding{h.DeleteEntry, h.DeleteAll, h.Flag}
 }
@@ -10,7 +10,7 @@ type InterceptKeyMap struct {
 	ForwardAll      key.Binding
 	Drop            key.Binding
 	DropAll         key.Binding
-	AutoForward     key.Binding
+	ToggleIntercept key.Binding
 	CaptureResponse key.Binding
 	UndoEdits       key.Binding
 	Edit            key.Binding
@@ -23,7 +23,7 @@ func newInterceptKeyMap(cfg config.InterceptKeys) InterceptKeyMap {
 		ForwardAll:      binding(cfg.ForwardAll, "forward all"),
 		Drop:            binding(cfg.Drop, "drop"),
 		DropAll:         binding(cfg.DropAll, "drop all"),
-		AutoForward:     binding(cfg.AutoForward, "auto forward"),
+		ToggleIntercept: binding(cfg.ToggleIntercept, "toggle intercept"),
 		CaptureResponse: binding(cfg.CaptureResponse, "capture response"),
 		UndoEdits:       binding(cfg.UndoEdits, "undo edits"),
 		Edit:            binding(cfg.Edit, "edit"),
@@ -36,6 +36,6 @@ func (ic InterceptKeyMap) Bindings() []key.Binding {
 		ic.Forward, ic.ForwardAll,
 		ic.Drop, ic.DropAll,
 		ic.Edit, ic.EditExternal, ic.UndoEdits,
-		ic.AutoForward, ic.CaptureResponse,
+		ic.ToggleIntercept, ic.CaptureResponse,
 	}
 }
@@ -16,6 +16,7 @@ type KeyMap struct {
 	Diff      DiffKeyMap
 	Findings  FindingsKeyMap
 	Plugins   PluginsKeyMap
 	Docs      DocsKeyMap
 }
 var Keys *KeyMap
@@ -31,6 +32,7 @@ func Init(cfg *config.Config) {
 		Diff:      newDiffKeyMap(kb.Diff),
 		Findings:  newFindingsKeyMap(kb.Findings),
 		Plugins:   newPluginsKeyMap(kb.Plugins),
 		Docs:      newDocsKeyMap(kb.Docs),
 	}
 }
@@ -1,8 +1,10 @@
 package plugins
 import (
 	"bytes"
 	"context"
 	"log"
-	"net/url"
+	"os/exec"
 	"strings"
 	"time"
@@ -12,7 +14,25 @@ import (
 )
 func newLuaState(mgr *Manager, p *Plugin) *lua.LState {
-	L := lua.NewState()
+	L := lua.NewState(lua.Options{SkipOpenLibs: true})
 	for _, lib := range []struct {
 		name string
 		fn   lua.LGFunction
 	}{
 		{lua.BaseLibName, lua.OpenBase},
 		{lua.TabLibName, lua.OpenTable},
 		{lua.StringLibName, lua.OpenString},
 		{lua.MathLibName, lua.OpenMath},
 		{lua.CoroutineLibName, lua.OpenCoroutine},
 	} {
 		L.Push(L.NewFunction(lib.fn))
 		L.Push(lua.LString(lib.name))
 		L.Call(1, 0)
 	}
 	// Remove filesystem-access functions to prevent plugins from reading/executing arbitrary files.
 	for _, name := range []string{"dofile", "loadfile", "load"} {
 		L.SetGlobal(name, lua.LNil)
 	}
 	registerUtilities(L, mgr, p)
 	return L
 }
@@ -27,8 +47,9 @@ func registerUtilities(L *lua.LState, mgr *Manager, p *Plugin) {
 	L.SetGlobal("notif", L.NewFunction(func(L *lua.LState) int {
 		title := L.CheckString(1)
 		body := L.CheckString(2)
 		kind := L.OptString(3, "info")
 		select {
-		case mgr.Notifs <- PluginNotifMsg{Title: title, Body: body}:
+		case mgr.Notifs <- PluginNotifMsg{Title: title, Body: body, Kind: kind}:
 		default:
 		}
 		return 0
@@ -65,23 +86,84 @@ func registerUtilities(L *lua.LState, mgr *Manager, p *Plugin) {
 		return 0
 	}))
-	L.SetGlobal("is_in_scope", L.NewFunction(func(L *lua.LState) int {
+	L.SetGlobal("db_query", L.NewFunction(func(L *lua.LState) int {
-		raw := L.CheckString(1)
+		if mgr.db == nil {
-		if mgr.broker == nil {
+			L.Push(lua.LNil)
-			L.Push(lua.LTrue)
+			L.Push(lua.LString("db not available"))
-			return 1
+			return 2
 		}
-		u, err := url.Parse(raw)
+		query := L.CheckString(1)
 		var args []any
 		for i := 2; i <= L.GetTop(); i++ {
 			switch v := L.Get(i).(type) {
 			case lua.LString:
 				args = append(args, string(v))
 			case lua.LNumber:
 				args = append(args, float64(v))
 			case lua.LBool:
 				args = append(args, bool(v))
 			default:
 				args = append(args, nil)
 			}
 		}
 		rows, err := mgr.db.Query(query, args...)
 		if err != nil {
-			L.Push(lua.LFalse)
+			L.Push(lua.LNil)
-			return 1
+			L.Push(lua.LString(err.Error()))
 			return 2
 		}
-		path := u.Path
+		defer rows.Close()
-		if path == "" {
+		cols, err := rows.Columns()
-			path = "/"
+		if err != nil {
 			L.Push(lua.LNil)
 			L.Push(lua.LString(err.Error()))
 			return 2
 		}
-		L.Push(lua.LBool(mgr.broker.IsInScope(u.Host + path)))
+		result := L.NewTable()
-		return 1
+		rowIdx := 1
 		for rows.Next() {
 			vals := make([]any, len(cols))
 			ptrs := make([]any, len(cols))
 			for i := range vals {
 				ptrs[i] = &vals[i]
 			}
 			if err := rows.Scan(ptrs...); err != nil {
 				L.Push(lua.LNil)
 				L.Push(lua.LString(err.Error()))
 				return 2
 			}
 			row := L.NewTable()
 			for i, col := range cols {
 				switch v := vals[i].(type) {
 				case int64:
 					L.SetField(row, col, lua.LNumber(v))
 				case float64:
 					L.SetField(row, col, lua.LNumber(v))
 				case string:
 					L.SetField(row, col, lua.LString(v))
 				case []byte:
 					L.SetField(row, col, lua.LString(string(v)))
 				case bool:
 					if v {
 						L.SetField(row, col, lua.LTrue)
 					} else {
 						L.SetField(row, col, lua.LFalse)
 					}
 				case nil:
 					L.SetField(row, col, lua.LNil)
 				}
 			}
 			L.RawSetInt(result, rowIdx, row)
 			rowIdx++
 		}
 		if err := rows.Err(); err != nil {
 			L.Push(lua.LNil)
 			L.Push(lua.LString(err.Error()))
 			return 2
 		}
 		L.Push(result)
 		L.Push(lua.LNil)
 		return 2
 	}))
 	L.SetGlobal("quit", L.NewFunction(func(L *lua.LState) int {
@@ -92,6 +174,31 @@ func registerUtilities(L *lua.LState, mgr *Manager, p *Plugin) {
 		}
 		return 0
 	}))
 	L.SetGlobal("shell_pipe", L.NewFunction(func(L *lua.LState) int {
 		cmd := L.CheckString(1)
 		input := L.OptString(2, "")
 		ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
 		defer cancel()
 		c := exec.CommandContext(ctx, "sh", "-c", cmd)
 		c.Stdin = strings.NewReader(input)
 		var stdout, stderr bytes.Buffer
 		c.Stdout = &stdout
 		c.Stderr = &stderr
 		err := c.Run()
 		if err != nil {
 			L.Push(lua.LString(stdout.String()))
 			L.Push(lua.LString(err.Error() + ": " + stderr.String()))
 			return 2
 		}
 		L.Push(lua.LString(stdout.String()))
 		L.Push(lua.LNil)
 		return 2
 	}))
 }
 func luaTableString(t *lua.LTable, key string) string {
@@ -185,22 +292,19 @@ func pushEntry(L *lua.LState, e db.Entry) *lua.LTable {
 	return t
 }
-func callHook(p *Plugin, hookName string, args ...lua.LValue) (string, error) {
+func callHook(p *Plugin, hookName string, args ...lua.LValue) (lua.LValue, error) {
 	fn := p.L.GetGlobal(hookName)
 	if fn == lua.LNil {
-		return "", nil
+		return lua.LNil, nil
 	}
 	if err := p.L.CallByParam(lua.P{
 		Fn:      fn,
 		NRet:    1,
 		Protect: true,
 	}, args...); err != nil {
-		return "", err
+		return lua.LNil, err
 	}
 	ret := p.L.Get(-1)
 	p.L.Pop(1)
-	if s, ok := ret.(lua.LString); ok {
+	return ret, nil
 		return string(s), nil
 	}
 	return "", nil
 }
@@ -5,6 +5,7 @@ import (
 	"log"
 	"os"
 	"path/filepath"
 	"sort"
 	"strings"
 	"sync"
@@ -32,7 +33,8 @@ func NewManager(broker *intercept.Broker) *Manager {
 		Quit:   make(chan string, 4),
 	}
 	if broker != nil {
-		broker.SetOnNewEntry(mgr.RunOnHistoryEntry)
+		broker.SetOnBeforeNewEntry(mgr.RunSyncOnHistoryEntry)
 		broker.SetOnNewEntry(mgr.RunAsyncOnHistoryEntry)
 	}
 	return mgr
 }
@@ -79,6 +81,9 @@ func (m *Manager) LoadFromDir(dir string) error {
 		m.plugins = append(m.plugins, p)
 		m.mu.Unlock()
 	}
 	m.mu.Lock()
 	sort.Slice(m.plugins, func(i, j int) bool { return m.plugins[i].Priority > m.plugins[j].Priority })
 	m.mu.Unlock()
 	return nil
 }
@@ -107,27 +112,45 @@ func (m *Manager) loadPlugin(path string) (*Plugin, error) {
 		p.Name = strings.TrimSuffix(filepath.Base(path), ".lua")
 	}
-	// Defaults when not overridden by the Plugin table.
+	if s, ok := pluginTable.RawGetString("description").(lua.LString); ok {
-	hookDefaults := map[string]bool{
+		p.Description = string(s)
 		"on_start":         true,  // always sync
 		"on_request":       false, // async
 		"on_response":      false, // async
 		"on_quit":          true,  // always sync
 		"on_history_entry": false, // always async
 	}
-	for hookName, defaultSync := range hookDefaults {
+
-		// Plugin table entry overrides the default (except on_start/on_quit/on_history_entry which are fixed).
+	if n, ok := pluginTable.RawGetString("priority").(lua.LNumber); ok {
-		if hookName != "on_start" && hookName != "on_quit" && hookName != "on_history_entry" {
+		p.Priority = int(n)
 	}
 	if pluginTable.RawGetString("disable_by_default") == lua.LTrue {
 		p.Enabled = false
 	}
 	// Hooks configurable via the Plugin table (sync field).
 	configurableHooks := map[string]bool{
 		"on_start":         false, // async by default
 		"on_request":       false,
 		"on_response":      false,
 		"on_history_entry": false,
 	}
 	// Fixed-sync hooks: always sync, not configurable.
 	fixedSyncHooks := map[string]struct{}{
 		"on_config": {},
 		"on_quit":   {},
 	}
 	for hookName, defaultSync := range configurableHooks {
 		if tbl, ok := pluginTable.RawGetString(hookName).(*lua.LTable); ok {
 			p.hooks[hookName] = HookConfig{Sync: tbl.RawGetString("sync") == lua.LTrue}
 			continue
 		}
 		}
 		// Auto-detect: register the hook if the function exists as a global.
 		if p.L.GetGlobal(hookName) != lua.LNil {
 			p.hooks[hookName] = HookConfig{Sync: defaultSync}
 		}
 	}
 	for hookName := range fixedSyncHooks {
 		if p.L.GetGlobal(hookName) != lua.LNil {
 			p.hooks[hookName] = HookConfig{Sync: true}
 		}
 	}
 	return p, nil
 }
@@ -161,6 +184,42 @@ func (m *Manager) TogglePlugin(name string) {
 	if m.db != nil {
 		_ = m.db.SavePluginState(name, enabled, configText)
 	}
 	if !enabled {
 		return
 	}
 	hc, ok := found.hooks["on_start"]
 	if !ok {
 		return
 	}
 	disableIfFalse := func(p *Plugin, ret lua.LValue) {
 		if ret == lua.LFalse {
 			p.Enabled = false
 			if m.db != nil {
 				_ = m.db.SavePluginState(p.Name, false, p.ConfigText)
 			}
 		}
 	}
 	if hc.Sync {
 		found.mu.Lock()
 		ret, err := callHook(found, "on_start")
 		if err != nil {
 			log.Printf("plugin %s on_start: %v", found.Name, err)
 		} else {
 			disableIfFalse(found, ret)
 		}
 		found.mu.Unlock()
 	} else {
 		go func() {
 			found.mu.Lock()
 			ret, err := callHook(found, "on_start")
 			if err != nil {
 				log.Printf("plugin %s on_start: %v", found.Name, err)
 			} else {
 				disableIfFalse(found, ret)
 			}
 			found.mu.Unlock()
 		}()
 	}
 }
 func (m *Manager) SaveConfig(name, configText string) {
@@ -179,46 +238,76 @@ func (m *Manager) SaveConfig(name, configText string) {
 	found.mu.Lock()
 	found.ConfigText = configText
 	enabled := found.Enabled
-	hc, hasOnStart := found.hooks["on_start"]
+	_, hasOnConfig := found.hooks["on_config"]
 	found.mu.Unlock()
 	if m.db != nil {
 		_ = m.db.SavePluginState(name, enabled, configText)
 	}
-	if !hasOnStart {
+	if !hasOnConfig {
 		return
 	}
-	// Re-run on_start so the plugin can re-parse the new config.
+	// on_config is always sync.
 	if hc.Sync {
 	found.mu.Lock()
-		if _, err := callHook(found, "on_start", lua.LString(configText)); err != nil {
+	if _, err := callHook(found, "on_config", lua.LString(configText)); err != nil {
-			log.Printf("plugin %s on_start (config reload): %v", name, err)
+		log.Printf("plugin %s on_config (config reload): %v", name, err)
 	}
 	found.mu.Unlock()
 	} else {
 		go func() {
 			found.mu.Lock()
 			if _, err := callHook(found, "on_start", lua.LString(configText)); err != nil {
 				log.Printf("plugin %s on_start (config reload): %v", name, err)
 			}
 			found.mu.Unlock()
 		}()
 	}
 }
 func (m *Manager) RunOnStart() {
 	// on_config runs first, always sync, for every enabled plugin that has it.
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
-		if _, ok := p.hooks["on_start"]; !ok {
+		if _, ok := p.hooks["on_config"]; !ok {
 			continue
 		}
 		p.mu.Lock()
-		if _, err := callHook(p, "on_start", lua.LString(p.ConfigText)); err != nil {
+		if _, err := callHook(p, "on_config", lua.LString(p.ConfigText)); err != nil {
-			log.Printf("plugin %s on_start: %v", p.Name, err)
+			log.Printf("plugin %s on_config: %v", p.Name, err)
 		}
 		p.mu.Unlock()
 	}
 	// on_start runs after, sync or async depending on plugin config.
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
 		hc, ok := p.hooks["on_start"]
 		if !ok {
 			continue
 		}
 		disableIfFalse := func(p *Plugin, ret lua.LValue) {
 			if ret == lua.LFalse {
 				p.Enabled = false
 				if m.db != nil {
 					_ = m.db.SavePluginState(p.Name, false, p.ConfigText)
 				}
 			}
 		}
 		if hc.Sync {
 			p.mu.Lock()
 			ret, err := callHook(p, "on_start")
 			if err != nil {
 				log.Printf("plugin %s on_start: %v", p.Name, err)
 			} else {
 				disableIfFalse(p, ret)
 			}
 			p.mu.Unlock()
 		} else {
 			go func(p *Plugin) {
 				p.mu.Lock()
 				ret, err := callHook(p, "on_start")
 				if err != nil {
 					log.Printf("plugin %s on_start: %v", p.Name, err)
 				} else {
 					disableIfFalse(p, ret)
 				}
 				p.mu.Unlock()
 			}(p)
 		}
 	}
 }
 func (m *Manager) RunOnQuit() {
@@ -237,110 +326,107 @@ func (m *Manager) RunOnQuit() {
 	}
 }
-func (m *Manager) RunSyncOnRequest(f *goproxy.Flow) intercept.Decision {
+// runSyncDecisionForPlugins runs hookName synchronously for all enabled plugins
 // that registered it as sync, and returns the first non-Intercept decision.
 func (m *Manager) runSyncDecisionForPlugins(hookName string, argsFor func(*Plugin) []lua.LValue) intercept.Decision {
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
-		hc, ok := p.hooks["on_request"]
+		hc, ok := p.hooks[hookName]
 		if !ok || !hc.Sync {
 			continue
 		}
 		p.mu.Lock()
-		result, err := callHook(p, "on_request", pushRequest(p.L, f))
+		result, err := callHook(p, hookName, argsFor(p)...)
 		p.mu.Unlock()
 		if err != nil {
-			log.Printf("plugin %s on_request: %v", p.Name, err)
+			log.Printf("plugin %s %s: %v", p.Name, hookName, err)
 			continue
 		}
-		switch result {
+		if s, ok := result.(lua.LString); ok {
 			switch string(s) {
 			case "drop":
 				return intercept.Drop
 			case "forward":
 				return intercept.Forward
 			}
 		}
 	}
 	return intercept.Intercept
 }
 // runAsyncForPlugins fires hookName asynchronously for all enabled plugins
 // that registered it as async.
 func (m *Manager) runAsyncForPlugins(hookName string, argsFor func(*Plugin) []lua.LValue) {
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
 		hc, ok := p.hooks[hookName]
 		if !ok || hc.Sync {
 			continue
 		}
 		go func(p *Plugin) {
 			p.mu.Lock()
 			if _, err := callHook(p, hookName, argsFor(p)...); err != nil {
 				log.Printf("plugin %s %s: %v", p.Name, hookName, err)
 			}
 			p.mu.Unlock()
 		}(p)
 	}
 }
 func (m *Manager) RunSyncOnRequest(f *goproxy.Flow) intercept.Decision {
 	return m.runSyncDecisionForPlugins("on_request", func(p *Plugin) []lua.LValue {
 		return []lua.LValue{pushRequest(p.L, f)}
 	})
 }
 func (m *Manager) RunAsyncOnRequest(f *goproxy.Flow) {
-	for _, p := range m.GetPlugins() {
+	m.runAsyncForPlugins("on_request", func(p *Plugin) []lua.LValue {
-		if !p.Enabled {
+		return []lua.LValue{pushRequest(p.L, f)}
-			continue
+	})
 		}
 		hc, ok := p.hooks["on_request"]
 		if !ok || hc.Sync {
 			continue
 		}
 		go func(p *Plugin) {
 			p.mu.Lock()
 			if _, err := callHook(p, "on_request", pushRequest(p.L, f)); err != nil {
 				log.Printf("plugin %s on_request: %v", p.Name, err)
 			}
 			p.mu.Unlock()
 		}(p)
 	}
 }
 func (m *Manager) RunSyncOnResponse(f *goproxy.Flow) intercept.Decision {
 	return m.runSyncDecisionForPlugins("on_response", func(p *Plugin) []lua.LValue {
 		return []lua.LValue{pushRequest(p.L, f), pushResponse(p.L, f)}
 	})
 }
 func (m *Manager) RunAsyncOnResponse(f *goproxy.Flow) {
 	m.runAsyncForPlugins("on_response", func(p *Plugin) []lua.LValue {
 		return []lua.LValue{pushRequest(p.L, f), pushResponse(p.L, f)}
 	})
 }
 // RunSyncOnHistoryEntry is called before DB insert; returns false to skip saving.
 func (m *Manager) RunSyncOnHistoryEntry(e db.Entry) bool {
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
-		hc, ok := p.hooks["on_response"]
+		hc, ok := p.hooks["on_history_entry"]
 		if !ok || !hc.Sync {
 			continue
 		}
 		p.mu.Lock()
-		result, err := callHook(p, "on_response", pushRequest(p.L, f), pushResponse(p.L, f))
+		result, err := callHook(p, "on_history_entry", pushEntry(p.L, e))
 		p.mu.Unlock()
 		if err != nil {
 			log.Printf("plugin %s on_response: %v", p.Name, err)
 			continue
 		}
 		switch result {
 		case "drop":
 			return intercept.Drop
 		case "forward":
 			return intercept.Forward
 		}
 	}
 	return intercept.Intercept
 }
 func (m *Manager) RunAsyncOnResponse(f *goproxy.Flow) {
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
 		hc, ok := p.hooks["on_response"]
 		if !ok || hc.Sync {
 			continue
 		}
 		go func(p *Plugin) {
 			p.mu.Lock()
 			if _, err := callHook(p, "on_response", pushRequest(p.L, f), pushResponse(p.L, f)); err != nil {
 				log.Printf("plugin %s on_response: %v", p.Name, err)
 			}
 			p.mu.Unlock()
 		}(p)
 	}
 }
 func (m *Manager) RunOnHistoryEntry(e db.Entry) {
 	for _, p := range m.GetPlugins() {
 		if !p.Enabled {
 			continue
 		}
 		if _, ok := p.hooks["on_history_entry"]; !ok {
 			continue
 		}
 		go func(p *Plugin) {
 			p.mu.Lock()
 			if _, err := callHook(p, "on_history_entry", pushEntry(p.L, e)); err != nil {
 			log.Printf("plugin %s on_history_entry: %v", p.Name, err)
 			continue
 		}
-			p.mu.Unlock()
+		if s, ok := result.(lua.LString); ok && string(s) == "skip" {
-		}(p)
+			return false
 		}
 	}
 	return true
 }
 func (m *Manager) RunAsyncOnHistoryEntry(e db.Entry) {
 	m.runAsyncForPlugins("on_history_entry", func(p *Plugin) []lua.LValue {
 		return []lua.LValue{pushEntry(p.L, e)}
 	})
 }
@@ -12,9 +12,11 @@ type HookConfig struct {
 type Plugin struct {
 	Name        string
 	Description string
 	FilePath    string
 	Enabled     bool
 	ConfigText  string
 	Priority    int
 	L     *lua.LState
 	mu    sync.Mutex
@@ -36,22 +38,31 @@ func (p *Plugin) HookConfig(name string) (HookConfig, bool) {
 type Info struct {
 	Name        string
 	Description string
 	FilePath    string
 	Enabled     bool
 	ConfigText  string
 	Priority    int
 	Hooks       map[string]HookConfig
 }
 func (p *Plugin) Info() Info {
 	p.mu.Lock()
 	enabled := p.Enabled
 	configText := p.ConfigText
 	p.mu.Unlock()
 	hooks := make(map[string]HookConfig, len(p.hooks))
 	for k, v := range p.hooks {
 		hooks[k] = v
 	}
 	return Info{
 		Name:        p.Name,
 		Description: p.Description,
 		FilePath:    p.FilePath,
-		Enabled:    p.Enabled,
+		Enabled:     enabled,
-		ConfigText: p.ConfigText,
+		ConfigText:  configText,
 		Priority:    p.Priority,
 		Hooks:       hooks,
 	}
 }
@@ -59,6 +70,7 @@ func (p *Plugin) Info() Info {
 type PluginNotifMsg struct {
 	Title string
 	Body  string
 	Kind  string // "info", "success", "warning", "error"
 }
 type PluginQuitMsg struct {
@@ -1,10 +1,13 @@
 package proxy
 import (
 	"encoding/base64"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"os"
 	"strings"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/config"
@@ -63,7 +66,15 @@ func (a *interceptAddon) Request(f *goproxy.Flow) {
 func (a *interceptAddon) Response(f *goproxy.Flow) {
 	if f.Response != nil {
 		if len(f.Response.Body) == 0 && f.Response.BodyReader != nil {
-			body, _ := io.ReadAll(f.Response.BodyReader)
+			limit := int64(config.Global.App.MaxBodySizeMB) * 1024 * 1024
 			body, err := io.ReadAll(io.LimitReader(f.Response.BodyReader, limit))
 			if err != nil {
 				log.Printf("proxy: reading response body: %v", err)
 			}
 			if int64(len(body)) == limit {
 				log.Printf("proxy: response body truncated at %dMB for %s", config.Global.App.MaxBodySizeMB, f.Request.URL.Host)
 				body = append(body, []byte(fmt.Sprintf("\n\n[body truncated at %dMB]", config.Global.App.MaxBodySizeMB))...)
 			}
 			f.Response.Body = body
 			f.Response.BodyReader = nil
 		}
@@ -106,8 +117,9 @@ func Start(broker *intercept.Broker, mgr *plugins.Manager) error {
 	opts := &goproxy.Options{
 		Addr:              addr,
-		StreamLargeBodies: 1024 * 1024 * 5,
+		StreamLargeBodies: int64(cfg.MaxBodySizeMB) * 1024 * 1024,
 		CaRootPath:        caPath,
 		Upstream:          cfg.UpstreamProxy,
 	}
 	p, err := goproxy.NewProxy(opts)
@@ -115,10 +127,41 @@ func Start(broker *intercept.Broker, mgr *plugins.Manager) error {
 		return err
 	}
 	if cfg.ProxyAuth != "" {
 		parts := strings.SplitN(cfg.ProxyAuth, ":", 2)
 		if len(parts) == 2 {
 			wantUser, wantPass := parts[0], parts[1]
 			p.SetAuthProxy(func(res http.ResponseWriter, req *http.Request) (bool, error) {
 				user, pass, ok := parseBasicProxyAuth(req.Header.Get("Proxy-Authorization"))
 				if !ok || user != wantUser || pass != wantPass {
 					res.Header().Set("Proxy-Authenticate", `Basic realm="spilltea"`)
 					return false, fmt.Errorf("invalid credentials")
 				}
 				return true, nil
 			})
 		}
 	}
 	p.AddAddon(&interceptAddon{broker: broker, plugins: mgr})
 	return p.Start()
 }
 func parseBasicProxyAuth(header string) (user, pass string, ok bool) {
 	const prefix = "Basic "
 	if !strings.HasPrefix(header, prefix) {
 		return "", "", false
 	}
 	decoded, err := base64.StdEncoding.DecodeString(header[len(prefix):])
 	if err != nil {
 		return "", "", false
 	}
 	parts := strings.SplitN(string(decoded), ":", 2)
 	if len(parts) != 2 {
 		return "", "", false
 	}
 	return parts[0], parts[1], true
 }
 func dropResponse() *goproxy.Response {
 	return &goproxy.Response{
 		StatusCode: 502,
@@ -36,8 +36,8 @@ func RenderWithTitle(border lipgloss.Style, title, content string, width, height
 	if fillW < 0 {
 		fillW = 0
 	}
-	topLine := "╭" + label + strings.Repeat("─", fillW) + "╮"
+	bc := lipgloss.NewStyle().Foreground(border.GetBorderTopForeground())
-	topLine = lipgloss.NewStyle().Foreground(border.GetBorderTopForeground()).Render(topLine)
+	topLine := bc.Render("╭ ") + bc.Render(title) + bc.Render(" "+strings.Repeat("─", fillW)+"╮")
 	return lipgloss.JoinVertical(lipgloss.Left, topLine, box)
 }
@@ -28,20 +28,24 @@ func NewTextarea(showLineNumbers bool) textarea.Model {
 	ta.Prompt = ""
 	ta.ShowLineNumbers = showLineNumbers
 	ta.CharLimit = 0
 	ta.EndOfBufferCharacter = '~'
 	ts := ta.Styles()
 	ts.Focused.Base = lipgloss.NewStyle()
 	ts.Blurred.Base = lipgloss.NewStyle()
 	ts.Focused.Text = lipgloss.NewStyle().Foreground(S.Text)
 	ts.Focused.CursorLine = lipgloss.NewStyle().Background(S.Selection).Foreground(S.Text)
 	ts.Focused.CursorLineNumber = lipgloss.NewStyle().Background(S.Selection).Foreground(S.Primary).Bold(true)
 	ts.Focused.LineNumber = lipgloss.NewStyle().Foreground(S.Subtle)
 	ts.Focused.Placeholder = lipgloss.NewStyle().Foreground(S.Subtle)
 	ts.Blurred.Placeholder = lipgloss.NewStyle().Foreground(S.Subtle)
 	ts.Focused.EndOfBuffer = lipgloss.NewStyle().Foreground(S.SubtleBg)
 	ts.Blurred.EndOfBuffer = lipgloss.NewStyle().Foreground(S.SubtleBg)
 	ts.Blurred.Text = lipgloss.NewStyle().Foreground(S.MutedFg)
 	ts.Blurred.LineNumber = lipgloss.NewStyle().Foreground(S.SubtleBg)
 	ts.Blurred.Placeholder = lipgloss.NewStyle().Foreground(S.Subtle)
 	ts.Blurred.EndOfBuffer = lipgloss.NewStyle().Foreground(S.SubtleBg)
 	ta.SetStyles(ts)
 	return ta
 }
 // SeverityStyle returns a bold lipgloss style coloured by finding severity level.
 func SeverityStyle(sev string) lipgloss.Style {
 	base := lipgloss.NewStyle().Bold(true)
 	switch sev {
@@ -58,7 +62,6 @@ func SeverityStyle(sev string) lipgloss.Style {
 	}
 }
 // StatusStyle returns a bold lipgloss style coloured by HTTP status code.
 func StatusStyle(code, width int) lipgloss.Style {
 	base := lipgloss.NewStyle().Bold(true).Width(width)
 	switch {
@@ -15,7 +15,6 @@ func Paint(c color.Color, s string) string {
 	return lipgloss.NewStyle().Foreground(c).Render(s)
 }
 // HighlightHTTP highlights a full raw HTTP message (headers + body).
 func HighlightHTTP(raw string) string {
 	raw = strings.ReplaceAll(raw, "\r\n", "\n")
 	raw = strings.ReplaceAll(raw, "\r", "\n")
@@ -24,6 +24,7 @@ type Styles struct {
 	Panel        lipgloss.Style
 	PanelFocused lipgloss.Style
 	PanelEditing lipgloss.Style
 	PagerDotActive   string
 	PagerDotInactive string
@@ -43,6 +44,7 @@ func Init(cfg *config.Config) {
 	warning := lipgloss.Color("#" + c.Base09)   // Orange: warnings
 	success := lipgloss.Color("#" + c.Base0B)   // Green: success
 	primary := lipgloss.Color("#" + c.Base0D)   // Accent: primary
 	purple := lipgloss.Color("#" + c.Base0E)    // Purple: editing
 	S = &Styles{
 		Primary:   primary,
@@ -66,6 +68,10 @@ func Init(cfg *config.Config) {
 			Border(lipgloss.RoundedBorder()).
 			BorderForeground(primary),
 		PanelEditing: lipgloss.NewStyle().
 			Border(lipgloss.RoundedBorder()).
 			BorderForeground(purple),
 		PagerDotActive:   lipgloss.NewStyle().Foreground(primary).SetString("•").String(),
 		PagerDotInactive: lipgloss.NewStyle().Foreground(subtle).SetString("•").String(),
 	}
@@ -1,6 +1,7 @@
 package app
 import (
 	"fmt"
 	"log"
 	"os"
 	"path/filepath"
@@ -13,6 +14,7 @@ import (
 	"github.com/anotherhadi/spilltea/internal/intercept"
 	"github.com/anotherhadi/spilltea/internal/plugins"
 	proxyPkg "github.com/anotherhadi/spilltea/internal/proxy"
 	copyUI "github.com/anotherhadi/spilltea/internal/ui/components/copy"
 	copyasUI "github.com/anotherhadi/spilltea/internal/ui/components/copyas"
 	notificationsUI "github.com/anotherhadi/spilltea/internal/ui/components/notifications"
 	diffUI "github.com/anotherhadi/spilltea/internal/ui/diff"
@@ -22,7 +24,6 @@ import (
 	interceptUI "github.com/anotherhadi/spilltea/internal/ui/intercept"
 	pluginsUI "github.com/anotherhadi/spilltea/internal/ui/plugins"
 	replayUI "github.com/anotherhadi/spilltea/internal/ui/replay"
 	scopeUI "github.com/anotherhadi/spilltea/internal/ui/scope"
 	"github.com/sirupsen/logrus"
 )
@@ -31,10 +32,9 @@ const tickInterval = 2 * time.Second
 type tickMsg struct{}
 func tickCmd() tea.Cmd {
-	return func() tea.Msg {
+	return tea.Tick(tickInterval, func(time.Time) tea.Msg {
 		time.Sleep(tickInterval)
 		return tickMsg{}
-	}
+	})
 }
 var sidebarEntries = pageRegistry
@@ -64,10 +64,10 @@ type Model struct {
 	replay        replayUI.Model
 	diff          diffUI.Model
 	docs          docsUI.Model
 	scope         scopeUI.Model
 	pluginsPage   pluginsUI.Model
 	findingsPage  findingsUI.Model
 	copyAs        copyasUI.Model
 	copy          copyUI.Model
 	notifications notificationsUI.Model
 }
@@ -86,26 +86,25 @@ func New(broker *intercept.Broker, name, path string) Model {
 		replay:        replayUI.New(),
 		diff:          diffUI.New(),
 		docs:          docsUI.New(),
 		scope:         scopeUI.New(name, path),
 		pluginsPage:   pluginsUI.New(mgr),
 		findingsPage:  findingsUI.New(),
 		copyAs:        copyasUI.New(),
 		copy:          copyUI.New(),
 		notifications: notificationsUI.New(),
 		sidebarState:  sidebarState(cfg.TUI.DefaultSidebarState),
 	}
-	if d, err := db.Open(path); err == nil {
+	d, err := db.Open(path)
 	if err != nil {
 		fmt.Fprintf(os.Stderr, "db: %v\n", err)
 		os.Exit(1)
 	}
 	m.database = d
 	broker.SetDB(d)
 	m.history.SetDB(d)
 	m.replay.SetDB(d)
 	m.findingsPage.SetDB(d)
 	mgr.SetDB(d)
 		if wl, bl, err := d.LoadScope(); err == nil {
 			broker.SetScope(wl, bl)
 			m.scope.SetScope(wl, bl)
 		}
 	}
 	pluginsDir := config.ExpandPath(cfg.App.PluginsDir)
 	if err := mgr.LoadFromDir(pluginsDir); err != nil {
@@ -10,7 +10,6 @@ import (
 	interceptUI "github.com/anotherhadi/spilltea/internal/ui/intercept"
 	pluginsUI "github.com/anotherhadi/spilltea/internal/ui/plugins"
 	replayUI "github.com/anotherhadi/spilltea/internal/ui/replay"
 	scopeUI "github.com/anotherhadi/spilltea/internal/ui/scope"
 )
 type page string
@@ -20,7 +19,6 @@ const (
 	pageHistory   page = "History"
 	pageReplay    page = "Replay"
 	pageDiff      page = "Diff"
 	pageScopes    page = "Scopes"
 	pagePlugins   page = "Plugins"
 	pageFindings  page = "Findings"
 	pageDocs      page = "Docs"
@@ -93,19 +91,6 @@ var pageRegistry = []pageEntry{
 		},
 		resize: func(m *Model, w, h int) { m.diff.SetSize(w, h) },
 	},
 	{
 		id:   pageScopes,
 		icon: func() string { return icons.I.Scope },
 		render: func(m *Model) string { return m.scope.View().Content },
 		update: func(m *Model, msg tea.Msg) tea.Cmd {
 			updated, cmd := m.scope.Update(msg)
 			m.scope = updated.(scopeUI.Model)
 			return cmd
 		},
 		isEditing: func(m *Model) bool { return m.scope.IsEditing() },
 		resize:    func(m *Model, w, h int) { m.scope.SetSize(w, h) },
 	},
 	{
 		id:   pagePlugins,
 		icon: func() string { return icons.I.Plugin },
@@ -141,6 +126,7 @@ var pageRegistry = []pageEntry{
 			m.docs = updated.(docsUI.Model)
 			return cmd
 		},
 		isEditing: func(m *Model) bool { return m.docs.IsEditing() },
 		resize:    func(m *Model, w, h int) { m.docs.SetSize(w, h) },
 	},
 }
@@ -51,6 +51,7 @@ func (m *Model) renderSidebar() string {
 		titleText = "SPLT"
 	}
 	title := lipgloss.NewStyle().Width(inner).Bold(true).Foreground(s.Primary).Padding(0, 1).Render(titleText)
 	divider := strings.Repeat("─", inner)
 	badgeSelected := lipgloss.NewStyle().Foreground(s.Primary).Bold(true)
@@ -75,14 +76,28 @@ func (m *Model) renderSidebar() string {
 			label += string(entry.id)
 		}
 		line := lineStyle.Render(badgeStyle.Render(strconv.Itoa(i+1)) + textStyle.Render(label))
 		if m.sidebarState == sidebarCollapsed && icon == "" {
 			line = " " + line
 		}
 		items.WriteString(line + "\n")
 	}
-	body := lipgloss.JoinVertical(lipgloss.Left,
+	maxLen := inner - 2
 	name := m.projectName
 	if m.sidebarState == sidebarCollapsed && name == "temporary" {
 		name = "tmp"
 	} else if len(name) > maxLen {
 		name = name[:maxLen-1] + "…"
 	}
 	parts := []string{
 		title,
 		lipgloss.NewStyle().Width(inner).Foreground(s.Subtle).Padding(0, 1).Render(name),
 	}
 	parts = append(parts,
 		lipgloss.NewStyle().Foreground(s.Subtle).Render(divider),
 		items.String(),
 	)
 	body := lipgloss.JoinVertical(lipgloss.Left, parts...)
 	return s.Panel.Width(m.getSidebarWidth()).Height(m.height).Render(body)
 }
@@ -13,6 +13,7 @@ import (
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/plugins"
 	proxyPkg "github.com/anotherhadi/spilltea/internal/proxy"
 	copyUI "github.com/anotherhadi/spilltea/internal/ui/components/copy"
 	copyasUI "github.com/anotherhadi/spilltea/internal/ui/components/copyas"
 	notificationsUI "github.com/anotherhadi/spilltea/internal/ui/components/notifications"
 	diffUI "github.com/anotherhadi/spilltea/internal/ui/diff"
@@ -20,7 +21,6 @@ import (
 	historyUI "github.com/anotherhadi/spilltea/internal/ui/history"
 	interceptUI "github.com/anotherhadi/spilltea/internal/ui/intercept"
 	replayUI "github.com/anotherhadi/spilltea/internal/ui/replay"
 	scopeUI "github.com/anotherhadi/spilltea/internal/ui/scope"
 )
 func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
@@ -45,11 +45,20 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	case plugins.PluginNotifMsg:
 		cmd := plugins.WaitForNotif(m.pluginManager)
 		kind := notificationsUI.KindInfo
 		switch msg.Kind {
 		case "success":
 			kind = notificationsUI.KindSuccess
 		case "warning":
 			kind = notificationsUI.KindWarning
 		case "error":
 			kind = notificationsUI.KindError
 		}
 		notifCmd := func() tea.Msg {
 			return notificationsUI.NotificationMsg{
 				Title: msg.Title,
 				Body:  msg.Body,
-				Kind:  notificationsUI.KindInfo,
+				Kind:  kind,
 			}
 		}
 		return m, tea.Batch(cmd, notifCmd)
@@ -73,24 +82,38 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		return m, cmd
 	}
 	if m.copy.IsOpen() {
 		if ws, ok := msg.(tea.WindowSizeMsg); ok {
 			m.width = ws.Width
 			m.height = ws.Height
 			m.copy.SetSize(ws.Width, ws.Height)
 			m.resizeChildren()
 			return m, nil
 		}
 		var cmd tea.Cmd
 		m.copy, cmd = m.copy.Update(msg)
 		return m, cmd
 	}
 	switch msg := msg.(type) {
 	case tea.WindowSizeMsg:
 		m.width = msg.Width
 		m.height = msg.Height
 		m.resizeChildren()
 	case scopeUI.ScopeChangedMsg:
 		m.broker.SetScope(msg.Whitelist, msg.Blacklist)
 		if m.database != nil {
 			if err := m.database.SaveScope(msg.Whitelist, msg.Blacklist); err != nil {
 				log.Printf("failed to persist scope: %v", err)
 			}
 		}
 		return m, nil
 	case proxyPkg.ErrMsg:
 		if msg.Err != nil {
 			log.Printf("proxy error: %v", msg.Err)
 			return m, tea.Batch(
 				func() tea.Msg {
 					return notificationsUI.NotificationMsg{
 						Title: "Proxy Error",
 						Body:  msg.Err.Error(),
 						Kind:  notificationsUI.KindError,
 					}
 				},
 				tea.Quit,
 			)
 		}
 		return m, nil
@@ -162,23 +185,64 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		if !m.activeIsEditing() {
 			switch {
-			case key.Matches(msg, keys.Keys.Global.CopyRequest):
+			case key.Matches(msg, keys.Keys.Global.CopyAs):
-				if m.page == pageDiff {
+				var raw, scheme string
-					if raw := m.diff.CurrentRaw(); raw != "" {
+				var responseFocused bool
-						m.copyAs.SetSize(m.width, m.height)
+				switch m.page {
-						m.copyAs.Open(copyasUI.OpenMsg{
+				case pageIntercept:
-							RawRequest: raw,
+					raw = m.intercept.CurrentRaw()
-							Scheme:     "https",
+					scheme = m.intercept.CurrentScheme()
-						})
+					responseFocused = m.intercept.IsResponseFocused()
 				case pageHistory:
 					raw = m.history.CurrentRaw()
 					scheme = m.history.CurrentScheme()
 					responseFocused = m.history.IsResponseFocused()
 				case pageReplay:
 					raw = m.replay.CurrentRaw()
 					scheme = m.replay.CurrentScheme()
 					responseFocused = m.replay.IsResponseFocused()
 				}
-				} else if m.page == pageIntercept {
+				if raw != "" && !responseFocused {
 					if raw := m.intercept.CurrentRaw(); raw != "" {
 					m.copyAs.SetSize(m.width, m.height)
-						m.copyAs.Open(copyasUI.OpenMsg{
+					m.copyAs.Open(copyasUI.OpenMsg{RawRequest: raw, Scheme: scheme})
 							RawRequest: raw,
 							Scheme:     m.intercept.CurrentScheme(),
 						})
 				}
 				return m, nil
 			case key.Matches(msg, keys.Keys.Global.Copy):
 				if m.page == pageFindings {
 					if md := m.findingsPage.CurrentMarkdown(); md != "" {
 						return m, tea.Batch(
 							tea.SetClipboard(md),
 							func() tea.Msg {
 								return notificationsUI.NotificationMsg{
 									Title: "Copied",
 									Body:  "Finding copied to clipboard",
 									Kind:  notificationsUI.KindSuccess,
 								}
 							},
 						)
 					}
 					return m, nil
 				}
 				var raw, scheme string
 				var responseFocused bool
 				switch m.page {
 				case pageIntercept:
 					raw = m.intercept.CurrentRaw()
 					scheme = m.intercept.CurrentScheme()
 					responseFocused = m.intercept.IsResponseFocused()
 				case pageHistory:
 					raw = m.history.CurrentRaw()
 					scheme = m.history.CurrentScheme()
 					responseFocused = m.history.IsResponseFocused()
 				case pageReplay:
 					raw = m.replay.CurrentRaw()
 					scheme = m.replay.CurrentScheme()
 					responseFocused = m.replay.IsResponseFocused()
 				}
 				if raw != "" {
 					m.copy.SetSize(m.width, m.height)
 					m.copy.Open(copyUI.OpenMsg{RawRequest: raw, Scheme: scheme, ShowURL: !responseFocused})
 				}
 				return m, nil
@@ -22,6 +22,13 @@ func (m Model) View() tea.View {
 		return v
 	}
 	if m.copy.IsOpen() {
 		v := tea.NewView(m.copy.View(normal))
 		v.AltScreen = true
 		v.MouseMode = tea.MouseModeCellMotion
 		return v
 	}
 	rendered := normal
 	if m.notifications.HasNotifications() {
 		rendered = m.notifications.View(normal)
@@ -0,0 +1,180 @@
 package copy
 import (
 	"strings"
 	"charm.land/bubbles/v2/list"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/style"
 )
 const (
 	popupW = 55
 	popupH = 20
 )
 type OpenMsg struct {
 	RawRequest string
 	Scheme     string
 	ShowURL    bool
 }
 type copyItem struct {
 	id    string
 	title string
 	desc  string
 }
 func (c copyItem) Title() string       { return c.title }
 func (c copyItem) Description() string { return c.desc }
 func (c copyItem) FilterValue() string { return c.title }
 var allItems = []list.Item{
 	copyItem{"raw", "Raw", "full HTTP request"},
 	copyItem{"headers", "Headers", "request headers only"},
 	copyItem{"body", "Body", "request body only"},
 	copyItem{"url", "URL", "request URL"},
 }
 type Model struct {
 	open       bool
 	list       list.Model
 	rawRequest string
 	scheme     string
 	width      int
 	height     int
 }
 func New() Model {
 	s := style.S
 	delegate := list.NewDefaultDelegate()
 	delegate.SetSpacing(0)
 	delegate.Styles.NormalTitle = lipgloss.NewStyle().Foreground(s.Text).PaddingLeft(2)
 	delegate.Styles.NormalDesc = lipgloss.NewStyle().Foreground(s.Subtle).PaddingLeft(2)
 	delegate.Styles.SelectedTitle = lipgloss.NewStyle().
 		Border(lipgloss.NormalBorder(), false, false, false, true).
 		BorderForeground(s.Primary).
 		Foreground(s.Primary).Bold(true).PaddingLeft(1)
 	delegate.Styles.SelectedDesc = lipgloss.NewStyle().
 		Border(lipgloss.NormalBorder(), false, false, false, true).
 		BorderForeground(s.Primary).
 		Foreground(s.MutedFg).PaddingLeft(1)
 	l := list.New(allItems, delegate, popupW, 8)
 	l.SetShowTitle(false)
 	l.SetShowStatusBar(false)
 	l.SetShowHelp(false)
 	l.SetFilteringEnabled(true)
 	l.KeyMap.Quit.SetEnabled(false)
 	l.KeyMap.ForceQuit.SetEnabled(false)
 	l.KeyMap.ShowFullHelp.SetEnabled(false)
 	l.KeyMap.CloseFullHelp.SetEnabled(false)
 	return Model{list: l}
 }
 func (m Model) Init() tea.Cmd { return nil }
 func (m Model) IsOpen() bool { return m.open }
 func (m *Model) Open(msg OpenMsg) {
 	m.rawRequest = msg.RawRequest
 	m.scheme = msg.Scheme
 	m.open = true
 	items := allItems
 	if !msg.ShowURL {
 		filtered := make([]list.Item, 0, len(allItems))
 		for _, it := range allItems {
 			if it.(copyItem).id != "url" {
 				filtered = append(filtered, it)
 			}
 		}
 		items = filtered
 	}
 	m.list.SetItems(items)
 	m.list.ResetFilter()
 	m.list.Select(0)
 	m.list.SetSize(m.popupInnerWidth(), m.listHeight())
 }
 func (m *Model) SetSize(w, h int) {
 	m.width = w
 	m.height = h
 	m.list.SetSize(m.popupInnerWidth(), m.listHeight())
 }
 func (m Model) popupInnerWidth() int {
 	w := popupW
 	if m.width > 0 && m.width-4 < w {
 		w = m.width - 4
 	}
 	return w
 }
 func (m Model) popupHeight() int {
 	h := popupH
 	if m.height > 0 && m.height-4 < h {
 		h = m.height - 4
 	}
 	if h < 6 {
 		h = 6
 	}
 	return h
 }
 func (m Model) listHeight() int {
 	return style.PanelContentH(m.popupHeight()) - 1
 }
 func (m Model) extract(id string) string {
 	raw := m.rawRequest
 	lines := strings.Split(strings.ReplaceAll(raw, "\r\n", "\n"), "\n")
 	switch id {
 	case "raw":
 		return raw
 	case "headers":
 		var sb strings.Builder
 		for _, l := range lines[1:] {
 			if l == "" {
 				break
 			}
 			sb.WriteString(l + "\n")
 		}
 		return strings.TrimRight(sb.String(), "\n")
 	case "body":
 		for i, l := range lines {
 			if l == "" && i > 0 {
 				return strings.TrimRight(strings.Join(lines[i+1:], "\n"), "\n")
 			}
 		}
 		return ""
 	case "url":
 		scheme := m.scheme
 		if scheme == "" {
 			scheme = "https"
 		}
 		var host, path string
 		if len(lines) > 0 {
 			parts := strings.SplitN(lines[0], " ", 3)
 			if len(parts) >= 2 {
 				path = parts[1]
 			}
 		}
 		for _, l := range lines[1:] {
 			if l == "" {
 				break
 			}
 			if kv := strings.SplitN(l, ": ", 2); len(kv) == 2 && strings.EqualFold(kv[0], "host") {
 				host = strings.TrimSpace(kv[1])
 			}
 		}
 		return scheme + "://" + host + path
 	}
 	return raw
 }
@@ -0,0 +1,40 @@
 package copy
 import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	notificationsUI "github.com/anotherhadi/spilltea/internal/ui/components/notifications"
 )
 func (m Model) Update(msg tea.Msg) (Model, tea.Cmd) {
 	if kp, ok := msg.(tea.KeyPressMsg); ok {
 		switch {
 		case kp.String() == "enter":
 			m.open = false
 			if item, ok := m.list.SelectedItem().(copyItem); ok {
 				return m, tea.Batch(
 					tea.SetClipboard(m.extract(item.id)),
 					func() tea.Msg {
 						return notificationsUI.NotificationMsg{
 							Title: "Copied",
 							Body:  "Request copied to clipboard",
 							Kind:  notificationsUI.KindSuccess,
 						}
 					},
 				)
 			}
 			return m, nil
 		case key.Matches(kp, keys.Keys.Global.Escape):
 			if m.list.SettingFilter() {
 				break
 			}
 			m.open = false
 			return m, nil
 		}
 	}
 	var cmd tea.Cmd
 	m.list, cmd = m.list.Update(msg)
 	return m, cmd
 }
@@ -0,0 +1,28 @@
 package copy
 import (
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/style"
 	copyasUI "github.com/anotherhadi/spilltea/internal/ui/components/copyas"
 )
 func (m *Model) View(background string) string {
 	s := style.S
 	hint := lipgloss.NewStyle().Foreground(s.Subtle).
 		Render("  enter: copy  •  /: filter  •  esc: cancel")
 	inner := lipgloss.JoinVertical(lipgloss.Left,
 		m.list.View(),
 		hint,
 	)
 	border := lipgloss.NewStyle().
 		Border(lipgloss.RoundedBorder()).
 		BorderForeground(s.Primary)
 	popupH := m.popupHeight()
 	popup := style.RenderWithTitle(border, "Copy", inner, m.popupInnerWidth()+2, popupH)
 	return copyasUI.OverlayCenter(background, popup, m.width, m.height)
 }
@@ -1,8 +1,12 @@
 package copyas
 import (
 	"encoding/json"
 	"fmt"
 	"net/url"
 	"strings"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 type header struct{ key, value string }
@@ -12,46 +16,22 @@ type parsedRequest struct {
 	path    string
 	host    string
 	scheme  string
-	headers []header
+	headers []header // garder header{key, value} pour compat locale
 	body    string
 }
 func parseRaw(raw, scheme string) parsedRequest {
-	lines := strings.Split(strings.ReplaceAll(raw, "\r\n", "\n"), "\n")
+	r := util.ParseRawRequest(raw)
-	pr := parsedRequest{scheme: scheme}
+	pr := parsedRequest{
-	if len(lines) == 0 {
+		method: r.Method,
-		return pr
+		path:   r.Path,
 		host:   r.Host,
 		scheme: scheme,
 	}
-
+	for _, h := range r.Headers {
-	parts := strings.SplitN(lines[0], " ", 3)
+		pr.headers = append(pr.headers, header{h.Key, h.Value})
 	if len(parts) >= 1 {
 		pr.method = strings.TrimSpace(parts[0])
 	}
 	if len(parts) >= 2 {
 		pr.path = strings.TrimSpace(parts[1])
 	}
 	i := 1
 	for i < len(lines) {
 		line := strings.TrimRight(lines[i], "\r")
 		if line == "" {
 			i++
 			break
 		}
 		if kv := strings.SplitN(line, ": ", 2); len(kv) == 2 {
 			k := strings.TrimSpace(kv[0])
 			v := strings.TrimSpace(kv[1])
 			pr.headers = append(pr.headers, header{k, v})
 			if strings.EqualFold(k, "host") {
 				pr.host = v
 			}
 		}
 		i++
 	}
 	if i < len(lines) {
 		pr.body = strings.TrimRight(strings.Join(lines[i:], "\n"), "\n")
 	}
 	pr.body = r.Body
 	return pr
 }
@@ -66,6 +46,8 @@ func (pr parsedRequest) fullURL() string {
 func formatAs(id, raw, scheme string) string {
 	pr := parseRaw(raw, scheme)
 	switch id {
 	case "raw":
 		return raw
 	case "curl":
 		return toCurl(pr)
 	case "python":
@@ -76,10 +58,31 @@ func formatAs(id, raw, scheme string) string {
 		return toFFUF(pr)
 	case "markdown":
 		return toMarkdown(pr)
 	case "har":
 		return toHAR(pr)
 	case "httpie":
 		return toHTTPie(pr)
 	}
 	return raw
 }
 func toHTTPie(pr parsedRequest) string {
 	var sb strings.Builder
 	method := strings.ToUpper(pr.method)
 	fmt.Fprintf(&sb, "http %s '%s'", method, pr.fullURL())
 	for _, h := range pr.headers {
 		if strings.EqualFold(h.key, "content-length") {
 			continue
 		}
 		fmt.Fprintf(&sb, " \\\n  '%s:%s'", h.key, h.value)
 	}
 	if pr.body != "" {
 		// Pass body via stdin hint
 		fmt.Fprintf(&sb, " \\\n  <<< %q", pr.body)
 	}
 	return sb.String()
 }
 func toMarkdown(pr parsedRequest) string {
 	var sb strings.Builder
 	fmt.Fprintf(&sb, "### %s %s\n\n", pr.method, pr.fullURL())
@@ -198,3 +201,104 @@ func toFFUF(pr parsedRequest) string {
 	}
 	return sb.String()
 }
 func toHAR(pr parsedRequest) string {
 	type harNameValue struct {
 		Name  string `json:"name"`
 		Value string `json:"value"`
 	}
 	type harPostData struct {
 		MimeType string `json:"mimeType"`
 		Text     string `json:"text"`
 	}
 	type harRequest struct {
 		Method      string         `json:"method"`
 		URL         string         `json:"url"`
 		HTTPVersion string         `json:"httpVersion"`
 		Headers     []harNameValue `json:"headers"`
 		QueryString []harNameValue `json:"queryString"`
 		Cookies     []harNameValue `json:"cookies"`
 		HeadersSize int            `json:"headersSize"`
 		BodySize    int            `json:"bodySize"`
 		PostData    *harPostData   `json:"postData,omitempty"`
 	}
 	type harEntry struct {
 		StartedDateTime string     `json:"startedDateTime"`
 		Time            int        `json:"time"`
 		Request         harRequest `json:"request"`
 		Cache           struct{}   `json:"cache"`
 		Timings         struct {
 			Send    int `json:"send"`
 			Wait    int `json:"wait"`
 			Receive int `json:"receive"`
 		} `json:"timings"`
 	}
 	type harLog struct {
 		Version string `json:"version"`
 		Creator struct {
 			Name    string `json:"name"`
 			Version string `json:"version"`
 		} `json:"creator"`
 		Entries []harEntry `json:"entries"`
 	}
 	type harRoot struct {
 		Log harLog `json:"log"`
 	}
 	headers := make([]harNameValue, 0, len(pr.headers))
 	for _, h := range pr.headers {
 		headers = append(headers, harNameValue{h.key, h.value})
 	}
 	var qs []harNameValue
 	if idx := strings.Index(pr.path, "?"); idx != -1 {
 		vals, err := url.ParseQuery(pr.path[idx+1:])
 		if err == nil {
 			for k, vs := range vals {
 				for _, v := range vs {
 					qs = append(qs, harNameValue{k, v})
 				}
 			}
 		}
 	}
 	if qs == nil {
 		qs = []harNameValue{}
 	}
 	req := harRequest{
 		Method:      pr.method,
 		URL:         pr.fullURL(),
 		HTTPVersion: "HTTP/1.1",
 		Headers:     headers,
 		QueryString: qs,
 		Cookies:     []harNameValue{},
 		HeadersSize: -1,
 		BodySize:    len(pr.body),
 	}
 	if pr.body != "" {
 		mimeType := "application/octet-stream"
 		for _, h := range pr.headers {
 			if strings.EqualFold(h.key, "content-type") {
 				mimeType = h.value
 				break
 			}
 		}
 		req.PostData = &harPostData{MimeType: mimeType, Text: pr.body}
 	}
 	root := harRoot{Log: harLog{
 		Version: "1.2",
 		Entries: []harEntry{{
 			StartedDateTime: "1970-01-01T00:00:00.000Z",
 			Time:            -1,
 			Request:         req,
 		}},
 	}}
 	root.Log.Creator.Name = "spilltea"
 	b, err := json.MarshalIndent(root, "", "  ")
 	if err != nil {
 		return ""
 	}
 	return string(b)
 }
@@ -1,24 +1,16 @@
 package copyas
 import (
 	"encoding/base64"
 	"fmt"
 	"os"
 	"charm.land/bubbles/v2/list"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/style"
 )
-const popupInnerW = 46
+const (
-
+	popupW = 61
-// writeClipboard uses the OSC 52 terminal escape sequence to set the clipboard.
+	popupH = 20
-// Supported by most modern terminals (foot, kitty, wezterm, alacritty, xterm…).
+)
 func writeClipboard(text string) {
 	encoded := base64.StdEncoding.EncodeToString([]byte(text))
 	fmt.Fprintf(os.Stderr, "\033]52;c;%s\a", encoded)
 }
 type OpenMsg struct {
 	RawRequest string
@@ -36,11 +28,14 @@ func (f formatItem) Description() string { return f.desc }
 func (f formatItem) FilterValue() string { return f.title }
 var allFormats = []list.Item{
 	formatItem{"raw", "Raw", "raw HTTP request"},
 	formatItem{"curl", "cURL", "command line HTTP request"},
 	formatItem{"python", "Python", "requests library"},
 	formatItem{"go", "Go", "net/http package"},
 	formatItem{"ffuf", "FFUF", "web fuzzer: FUZZ in query string"},
 	formatItem{"markdown", "Markdown", "formatted for documentation"},
 	formatItem{"har", "HAR", "HTTP Archive (JSON)"},
 	formatItem{"httpie", "HTTPie", "HTTPie command line client"},
 }
 type Model struct {
@@ -68,7 +63,7 @@ func New() Model {
 		BorderForeground(s.Primary).
 		Foreground(s.MutedFg).PaddingLeft(1)
-	l := list.New(allFormats, delegate, popupInnerW, 8)
+	l := list.New(allFormats, delegate, popupW, 8)
 	l.SetShowTitle(false)
 	l.SetShowStatusBar(false)
 	l.SetShowHelp(false)
@@ -91,17 +86,25 @@ func (m *Model) Open(msg OpenMsg) {
 	m.open = true
 	m.list.ResetFilter()
 	m.list.Select(0)
-	m.list.SetSize(popupInnerW, m.listHeight())
+	m.list.SetSize(m.popupInnerWidth(), m.listHeight())
 }
 func (m *Model) SetSize(w, h int) {
 	m.width = w
 	m.height = h
-	m.list.SetSize(popupInnerW, m.listHeight())
+	m.list.SetSize(m.popupInnerWidth(), m.listHeight())
 }
 func (m Model) popupInnerWidth() int {
 	w := popupW
 	if m.width > 0 && m.width-4 < w {
 		w = m.width - 4
 	}
 	return w
 }
 func (m Model) popupHeight() int {
-	h := 14
+	h := popupH
 	if m.height > 0 && m.height-4 < h {
 		h = m.height - 4
 	}
@@ -4,16 +4,26 @@ import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	notificationsUI "github.com/anotherhadi/spilltea/internal/ui/components/notifications"
 )
 func (m Model) Update(msg tea.Msg) (Model, tea.Cmd) {
 	if kp, ok := msg.(tea.KeyPressMsg); ok {
 		switch {
 		case kp.String() == "enter":
 			if item, ok := m.list.SelectedItem().(formatItem); ok {
 				writeClipboard(formatAs(item.id, m.rawRequest, m.scheme))
 			}
 			m.open = false
 			if item, ok := m.list.SelectedItem().(formatItem); ok {
 				return m, tea.Batch(
 					tea.SetClipboard(formatAs(item.id, m.rawRequest, m.scheme)),
 					func() tea.Msg {
 						return notificationsUI.NotificationMsg{
 							Title: "Copied",
 							Body:  "Request copied to clipboard",
 							Kind:  notificationsUI.KindSuccess,
 						}
 					},
 				)
 			}
 			return m, nil
 		case key.Matches(kp, keys.Keys.Global.Escape):
 			if m.list.SettingFilter() {
@@ -24,12 +24,12 @@ func (m *Model) View(background string) string {
 		BorderForeground(s.Primary)
 	popupH := m.popupHeight()
-	popup := style.RenderWithTitle(border, "Copy as", inner, popupInnerW+2, popupH)
+	popup := style.RenderWithTitle(border, "Copy as", inner, m.popupInnerWidth()+2, popupH)
-	return overlayCenter(background, popup, m.width, m.height)
+	return OverlayCenter(background, popup, m.width, m.height)
 }
-func overlayCenter(bg, popup string, w, h int) string {
+func OverlayCenter(bg, popup string, w, h int) string {
 	s := style.S
 	stripped := ansi.Strip(bg)
@@ -10,8 +10,159 @@ import (
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 // isWordChar reports whether c belongs to a "word" token (letter, digit, underscore).
 func isWordChar(c byte) bool {
 	return (c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') || c == '_'
 }
 // tokenize splits s into runs of word characters and individual non-word bytes.
 func tokenize(s string) []string {
 	var out []string
 	i := 0
 	for i < len(s) {
 		if isWordChar(s[i]) {
 			j := i
 			for j < len(s) && isWordChar(s[j]) {
 				j++
 			}
 			out = append(out, s[i:j])
 			i = j
 		} else {
 			out = append(out, s[i:i+1])
 			i++
 		}
 	}
 	return out
 }
 // wordDiff computes a token-level diff between leftLine and rightLine and
 // returns the two rendered strings with changed tokens highlighted.
 func wordDiff(leftLine, rightLine string) (leftRendered, rightRendered string) {
 	lToks := tokenize(leftLine)
 	rToks := tokenize(rightLine)
 	n, m := len(lToks), len(rToks)
 	dp := make([][]int, n+1)
 	for i := range dp {
 		dp[i] = make([]int, m+1)
 	}
 	for i := 1; i <= n; i++ {
 		for j := 1; j <= m; j++ {
 			if lToks[i-1] == rToks[j-1] {
 				dp[i][j] = dp[i-1][j-1] + 1
 			} else if dp[i-1][j] >= dp[i][j-1] {
 				dp[i][j] = dp[i-1][j]
 			} else {
 				dp[i][j] = dp[i][j-1]
 			}
 		}
 	}
 	type segment struct {
 		kind int // 0=same, 1=left-only, 2=right-only
 		tok  string
 	}
 	segs := make([]segment, 0, n+m)
 	i, j := n, m
 	for i > 0 || j > 0 {
 		switch {
 		case i > 0 && j > 0 && lToks[i-1] == rToks[j-1]:
 			segs = append(segs, segment{0, lToks[i-1]})
 			i--
 			j--
 		case j > 0 && (i == 0 || dp[i][j-1] >= dp[i-1][j]):
 			segs = append(segs, segment{2, rToks[j-1]})
 			j--
 		default:
 			segs = append(segs, segment{1, lToks[i-1]})
 			i--
 		}
 	}
 	for lo, hi := 0, len(segs)-1; lo < hi; lo, hi = lo+1, hi-1 {
 		segs[lo], segs[hi] = segs[hi], segs[lo]
 	}
 	s := style.S
 	boldErr := lipgloss.NewStyle().Foreground(s.Error).Bold(true)
 	boldOk := lipgloss.NewStyle().Foreground(s.Success).Bold(true)
 	dim := lipgloss.NewStyle().Foreground(s.Subtle)
 	var lb, rb strings.Builder
 	for _, seg := range segs {
 		switch seg.kind {
 		case 0:
 			lb.WriteString(dim.Render(seg.tok))
 			rb.WriteString(dim.Render(seg.tok))
 		case 1:
 			lb.WriteString(boldErr.Render(seg.tok))
 		case 2:
 			rb.WriteString(boldOk.Render(seg.tok))
 		}
 	}
 	return lb.String(), rb.String()
 }
 // pairAndHighlight collapses adjacent removed/added blocks onto the same rows
 // (eliminating the interleaved padding lines) and applies word-level diff
 // highlighting to each paired line. Unpaired excess removals/additions keep
 // their original single-sided padding row.
 func pairAndHighlight(left, right []diffLine) ([]diffLine, []diffLine) {
 	newLeft := make([]diffLine, 0, len(left))
 	newRight := make([]diffLine, 0, len(right))
 	i := 0
 	for i < len(left) {
 		if left[i].kind != lineRemoved {
 			newLeft = append(newLeft, left[i])
 			newRight = append(newRight, right[i])
 			i++
 			continue
 		}
 		rStart := i
 		for i < len(left) && left[i].kind == lineRemoved {
 			i++
 		}
 		rEnd := i
 		aStart := i
 		for i < len(left) && left[i].kind == lineAdded {
 			i++
 		}
 		aEnd := i
 		nRemoved := rEnd - rStart
 		nAdded := aEnd - aStart
 		pairs := nRemoved
 		if nAdded < pairs {
 			pairs = nAdded
 		}
 		for k := 0; k < pairs; k++ {
 			lLine := left[rStart+k]
 			rLine := right[aStart+k]
 			lLine.text, rLine.text = wordDiff(lLine.plainText, rLine.plainText)
 			newLeft = append(newLeft, lLine)
 			newRight = append(newRight, rLine)
 		}
 		for k := pairs; k < nRemoved; k++ {
 			newLeft = append(newLeft, left[rStart+k])
 			newRight = append(newRight, diffLine{kind: lineRemoved})
 		}
 		for k := pairs; k < nAdded; k++ {
 			newLeft = append(newLeft, diffLine{kind: lineAdded})
 			newRight = append(newRight, right[aStart+k])
 		}
 	}
 	return newLeft, newRight
 }
 type slot struct {
 	label string
 	raw   string
@@ -38,7 +189,8 @@ const (
 )
 type diffLine struct {
-	text string
+	text      string // displayed text (highlighted, possibly word-diff decorated)
 	plainText string // plain text for word-diff pairing (empty for padding lines)
 	kind      lineKind
 }
@@ -126,6 +278,7 @@ func (m *Model) computeDiff() {
 	leftHL := hlLines(leftNorm)
 	rightHL := hlLines(rightNorm)
 	m.leftLines, m.rightLines = lcsAlignedDiff(leftPlain, rightPlain, leftHL, rightHL)
 	m.leftLines, m.rightLines = pairAndHighlight(m.leftLines, m.rightLines)
 }
 func normRaw(s string) string {
@@ -149,7 +302,7 @@ func (m *Model) refreshViewports() {
 		placeholder := lipgloss.Place(
 			m.leftViewport.Width(), m.leftViewport.Height(),
 			lipgloss.Center, lipgloss.Center,
-			s.Faint.Render("             <(^_^)>\nsend two entries here to compare"),
+			s.Faint.Render(util.CenterLines("<(^_^)>", "send two entries here to compare")),
 		)
 		m.leftViewport.SetContent(placeholder)
 		m.rightViewport.SetContent("")
@@ -161,7 +314,7 @@ func (m *Model) refreshViewports() {
 		placeholder := lipgloss.Place(
 			m.rightViewport.Width(), m.rightViewport.Height(),
 			lipgloss.Center, lipgloss.Center,
-			s.Faint.Render("          (・3・)\nwaiting for second entry…"),
+			s.Faint.Render(util.CenterLines("(・3・)", "waiting for second entry…")),
 		)
 		m.rightViewport.SetContent(placeholder)
 		return
@@ -227,10 +380,10 @@ func lcsAlignedDiff(a, b, aHL, bHL []string) (left, right []diffLine) {
 			j--
 		case j > 0 && (i == 0 || dp[i][j-1] >= dp[i-1][j]):
 			left = append(left, diffLine{kind: lineAdded})
-			right = append(right, diffLine{text: hlB(j-1), kind: lineAdded})
+			right = append(right, diffLine{text: hlB(j - 1), plainText: b[j-1], kind: lineAdded})
 			j--
 		default:
-			left = append(left, diffLine{text: hlA(i-1), kind: lineRemoved})
+			left = append(left, diffLine{text: hlA(i - 1), plainText: a[i-1], kind: lineRemoved})
 			right = append(right, diffLine{kind: lineRemoved})
 			i--
 		}
@@ -243,14 +396,6 @@ func lcsAlignedDiff(a, b, aHL, bHL []string) (left, right []diffLine) {
 	return left, right
 }
 func diffBindings() []key.Binding {
 	g := keys.Keys.Global
 	return []key.Binding{
 		g.Up, g.Down, g.ScrollUp, g.ScrollDown,
 		g.CycleFocus, keys.Keys.Diff.Clear,
 	}
 }
 type diffKeyMap struct{ width int }
 func (diffKeyMap) ShortHelp() []key.Binding {
@@ -259,6 +404,9 @@ func (diffKeyMap) ShortHelp() []key.Binding {
 }
 func (m diffKeyMap) FullHelp() [][]key.Binding {
-	all := append(diffBindings(), keys.Keys.Global.Bindings()...)
+	g := keys.Keys.Global
 	pageGlobals := []key.Binding{g.Up, g.Down, g.CycleFocus, g.ScrollUp, g.ScrollDown, g.Left, g.Right}
 	all := append(keys.Keys.Diff.Bindings(), pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, m.width)
 }
@@ -7,6 +7,7 @@ import (
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/charmbracelet/x/ansi"
 )
 func (m Model) View() tea.View {
@@ -38,6 +39,12 @@ func (m *Model) renderPanels(panelH int) string {
 	if m.right.label != "" {
 		rightTitle = icons.I.Diff + "Second: " + m.right.label
 	}
 	if maxW := leftW - 4; maxW > 0 {
 		leftTitle = ansi.Truncate(leftTitle, maxW, "…")
 	}
 	if maxW := rightW - 4; maxW > 0 {
 		rightTitle = ansi.Truncate(rightTitle, maxW, "…")
 	}
 	leftBorder := s.Panel
 	rightBorder := s.Panel
@@ -1,37 +1,288 @@
 package docs
 import (
 	"regexp"
 	"sort"
 	"strings"
 	"unicode/utf8"
 	spilltea "github.com/anotherhadi/spilltea"
 	"charm.land/bubbles/v2/help"
 	"charm.land/bubbles/v2/key"
 	"charm.land/bubbles/v2/textinput"
 	"charm.land/bubbles/v2/viewport"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 )
 func readDoc(name string) string {
-	b, _ := spilltea.DocsFS.ReadFile(".github/docs/" + name)
+	b, _ := spilltea.DocsFS.ReadFile("docs/" + name)
 	return string(b)
 }
 var contentMarkdown = strings.Join([]string{
 	readDoc("main.md"),
 	readDoc("legal-disclaimer.md"),
 	readDoc("basics.md"),
 	readDoc("proxy.md"),
 	readDoc("certificate.md"),
 	readDoc("history.md"),
 	readDoc("scopes.md"),
 }, "\n")
 type matchEntry struct {
 	line  int
 	start int
 	end   int
 }
 type Model struct {
 	viewport    viewport.Model
 	help        help.Model
 	searchInput textinput.Model
 	searching   bool
 	matches    []matchEntry
 	matchIndex int
 	renderedLines []string
 	strippedLines []string
 	width  int
 	height int
 }
 func New() Model {
 	ti := textinput.New()
 	ti.Prompt = "/"
 	s := ti.Styles()
 	s.Focused.Prompt = lipgloss.NewStyle().Foreground(style.S.Primary)
 	ti.SetStyles(s)
 	return Model{
 		viewport:    viewport.New(),
 		help:        style.NewHelp(),
 		searchInput: ti,
 	}
 }
 func (e Model) Init() tea.Cmd {
 	return nil
 }
 func (m Model) IsEditing() bool { return m.searching }
 func (m *Model) SetSize(w, h int) {
 	m.width = w
 	m.height = h
 	m.help.SetWidth(w - 2)
 	m.searchInput.SetWidth(w - 4)
 	statusH := strings.Count(m.renderStatusBar(), "\n") + 1
 	frameW := windowStyle().GetHorizontalFrameSize()
 	frameH := windowStyle().GetVerticalFrameSize()
 	m.viewport.SetWidth(w - frameW)
 	m.viewport.SetHeight(h - frameH - statusH)
 	m.renderMarkdown()
 }
 func (m *Model) applySearch() {
 	query := m.searchInput.Value()
 	m.matches = nil
 	m.matchIndex = 0
 	if query != "" {
 		re, err := regexp.Compile("(?i)" + regexp.QuoteMeta(query))
 		if err == nil {
 			for lineIdx, stripped := range m.strippedLines {
 				for _, match := range re.FindAllStringIndex(stripped, -1) {
 					m.matches = append(m.matches, matchEntry{
 						line:  lineIdx,
 						start: match[0],
 						end:   match[1],
 					})
 				}
 			}
 		}
 	}
 	m.rebuildViewportContent()
 	if len(m.matches) > 0 {
 		m.viewport.SetYOffset(m.matches[0].line)
 	}
 }
 func (m *Model) searchNext() {
 	if len(m.matches) == 0 {
 		return
 	}
 	m.matchIndex = (m.matchIndex + 1) % len(m.matches)
 	m.rebuildViewportContent()
 	m.viewport.SetYOffset(m.matches[m.matchIndex].line)
 }
 func (m *Model) searchPrev() {
 	if len(m.matches) == 0 {
 		return
 	}
 	m.matchIndex = (m.matchIndex - 1 + len(m.matches)) % len(m.matches)
 	m.rebuildViewportContent()
 	m.viewport.SetYOffset(m.matches[m.matchIndex].line)
 }
 func (m *Model) rebuildViewportContent() {
 	if len(m.matches) == 0 || m.searchInput.Value() == "" {
 		m.viewport.SetContent(strings.Join(m.renderedLines, "\n"))
 		return
 	}
 	type lineInfo struct {
 		intervals  [][]int
 		currentIdx int
 	}
 	byLine := make(map[int]*lineInfo)
 	for i, match := range m.matches {
 		li := byLine[match.line]
 		if li == nil {
 			li = &lineInfo{currentIdx: -1}
 			byLine[match.line] = li
 		}
 		li.intervals = append(li.intervals, []int{match.start, match.end})
 		if i == m.matchIndex {
 			li.currentIdx = len(li.intervals) - 1
 		}
 	}
 	lines := make([]string, len(m.renderedLines))
 	for i, ansiLine := range m.renderedLines {
 		if li, ok := byLine[i]; ok {
 			lines[i] = injectHighlightsInLine(ansiLine, li.intervals, li.currentIdx)
 		} else {
 			lines[i] = ansiLine
 		}
 	}
 	m.viewport.SetContent(strings.Join(lines, "\n"))
 }
 func lipglossAnsiCodes(s lipgloss.Style) (open, close string) {
 	const sentinel = "X"
 	rendered := s.Render(sentinel)
 	idx := strings.Index(rendered, sentinel)
 	if idx < 0 {
 		return "", ""
 	}
 	return rendered[:idx], rendered[idx+len(sentinel):]
 }
 func injectHighlightsInLine(ansiLine string, intervals [][]int, currentIdx int) string {
 	if len(intervals) == 0 {
 		return ansiLine
 	}
 	normalOpen, normalClose := lipglossAnsiCodes(lipgloss.NewStyle().Background(style.S.SubtleBg))
 	currentOpen, currentClose := lipglossAnsiCodes(lipgloss.NewStyle().Background(style.S.Primary).Foreground(style.S.Text))
 	type injection struct {
 		visPos   int
 		code     string
 		priority int // 0 = close (emit before opens at same pos), 1 = open
 	}
 	var injections []injection
 	for i, iv := range intervals {
 		open, close := normalOpen, normalClose
 		if i == currentIdx {
 			open, close = currentOpen, currentClose
 		}
 		injections = append(injections, injection{visPos: iv[0], code: open, priority: 1})
 		injections = append(injections, injection{visPos: iv[1], code: close, priority: 0})
 	}
 	sort.SliceStable(injections, func(a, b int) bool {
 		if injections[a].visPos != injections[b].visPos {
 			return injections[a].visPos < injections[b].visPos
 		}
 		return injections[a].priority < injections[b].priority
 	})
 	var sb strings.Builder
 	visPos := 0
 	injIdx := 0
 	i := 0
 	for i < len(ansiLine) {
 		for injIdx < len(injections) && injections[injIdx].visPos == visPos {
 			sb.WriteString(injections[injIdx].code)
 			injIdx++
 		}
 		if ansiLine[i] == '\x1b' {
 			j := i + 1
 			if j < len(ansiLine) {
 				switch ansiLine[j] {
 				case '[':
 					j++
 					for j < len(ansiLine) && (ansiLine[j] < '@' || ansiLine[j] > '~') {
 						j++
 					}
 					if j < len(ansiLine) {
 						j++
 					}
 				case ']':
 					j++
 					for j < len(ansiLine) {
 						if ansiLine[j] == '\a' {
 							j++
 							break
 						}
 						if ansiLine[j] == '\x1b' && j+1 < len(ansiLine) && ansiLine[j+1] == '\\' {
 							j += 2
 							break
 						}
 						j++
 					}
 				default:
 					j++
 				}
 			}
 			sb.WriteString(ansiLine[i:j])
 			i = j
 		} else {
 			_, size := utf8.DecodeRuneInString(ansiLine[i:])
 			if size == 0 {
 				size = 1
 			}
 			sb.WriteString(ansiLine[i : i+size])
 			i += size
 			visPos += size
 		}
 	}
 	for injIdx < len(injections) {
 		sb.WriteString(injections[injIdx].code)
 		injIdx++
 	}
 	return sb.String()
 }
 func (m *Model) renderStatusBar() string {
 	if m.searching {
 		return lipgloss.NewStyle().Padding(0, 1).Render(m.searchInput.View())
 	}
 	return lipgloss.NewStyle().Padding(0, 1).Render(m.help.View(docsKeyMap{width: m.width}))
 }
 type docsKeyMap struct{ width int }
 func (docsKeyMap) ShortHelp() []key.Binding {
 	g := keys.Keys.Global
 	d := keys.Keys.Docs
 	return []key.Binding{g.Up, g.Down, d.Search, g.Help}
 }
 func (m docsKeyMap) FullHelp() [][]key.Binding {
 	g := keys.Keys.Global
 	d := keys.Keys.Docs
 	pageGlobals := []key.Binding{g.Up, g.Down, g.ScrollUp, g.ScrollDown}
 	all := append(d.Bindings(), pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, m.width)
 }
@@ -4,47 +4,66 @@ import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (e Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	g := keys.Keys.Global
 	d := keys.Keys.Docs
 	switch msg := msg.(type) {
 	case tea.MouseWheelMsg:
-		switch msg.Button {
+		util.HandleMouseWheel(msg, &e.viewport)
 		case tea.MouseWheelUp:
 			e.viewport.SetYOffset(e.viewport.YOffset() - 1)
 		case tea.MouseWheelDown:
 			e.viewport.SetYOffset(e.viewport.YOffset() + 1)
 		}
 	case tea.KeyPressMsg:
 		if e.searching {
 			switch {
 			case key.Matches(msg, d.SearchReset):
 				e.searching = false
 				e.searchInput.Blur()
 				e.searchInput.SetValue("")
 				e.matches = nil
 				e.matchIndex = 0
 				e.SetSize(e.width, e.height)
 			case msg.String() == "enter":
 				e.searching = false
 				e.searchInput.Blur()
 				e.SetSize(e.width, e.height)
 			default:
 				var cmd tea.Cmd
 				e.searchInput, cmd = e.searchInput.Update(msg)
 				e.applySearch()
 				return e, cmd
 			}
 			return e, nil
 		}
 		switch {
 		case key.Matches(msg, d.Search):
 			e.searching = true
 			e.searchInput.SetValue("")
 			e.searchInput.Focus()
 			e.SetSize(e.width, e.height)
 		case key.Matches(msg, d.SearchReset):
 			e.matches = nil
 			e.matchIndex = 0
 			e.rebuildViewportContent()
 		case key.Matches(msg, d.SearchNext):
 			e.searchNext()
 		case key.Matches(msg, d.SearchPrev):
 			e.searchPrev()
 		case key.Matches(msg, g.Up):
 			e.viewport.SetYOffset(e.viewport.YOffset() - 1)
 		case key.Matches(msg, g.Down):
 			e.viewport.SetYOffset(e.viewport.YOffset() + 1)
 		case key.Matches(msg, g.ScrollUp):
-			step := e.viewport.Height() / 2
+			util.ScrollViewport(&e.viewport, -1)
 			if step < 1 {
 				step = 1
 			}
 			e.viewport.SetYOffset(e.viewport.YOffset() - step)
 		case key.Matches(msg, g.ScrollDown):
-			step := e.viewport.Height() / 2
+			util.ScrollViewport(&e.viewport, 1)
-			if step < 1 {
+		case key.Matches(msg, g.Help):
-				step = 1
+			e.help.ShowAll = !e.help.ShowAll
-			}
+			e.SetSize(e.width, e.height)
 			e.viewport.SetYOffset(e.viewport.YOffset() + step)
 		}
 	}
 	return e, nil
 }
 func (m *Model) SetSize(w, h int) {
 	frameW := windowStyle().GetHorizontalFrameSize()
 	frameH := windowStyle().GetVerticalFrameSize()
 	m.viewport.SetWidth(w - frameW)
 	m.viewport.SetHeight(h - frameH)
 	m.renderMarkdown()
 }
@@ -2,7 +2,8 @@ package docs
 import (
 	"bytes"
-	_ "embed"
+	"fmt"
 	"strings"
 	"text/template"
 	tea "charm.land/bubbletea/v2"
@@ -10,6 +11,7 @@ import (
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/config"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/charmbracelet/x/ansi"
 )
 func windowStyle() lipgloss.Style {
@@ -20,7 +22,23 @@ func windowStyle() lipgloss.Style {
 }
 func (e Model) View() tea.View {
-	return tea.NewView(windowStyle().Render(e.viewport.View()))
+	statusBar := e.renderStatusBar()
 	if len(e.matches) > 0 {
 		var countText string
 		if e.searching {
 			countText = fmt.Sprintf("%d matches", len(e.matches))
 		} else {
 			countText = fmt.Sprintf("%d/%d", e.matchIndex+1, len(e.matches))
 		}
 		count := lipgloss.NewStyle().Padding(0, 1).
 			Foreground(style.S.MutedFg).
 			Render(countText)
 		statusBar = lipgloss.JoinHorizontal(lipgloss.Top, statusBar, count)
 	}
 	return tea.NewView(lipgloss.JoinVertical(lipgloss.Left,
 		windowStyle().Render(e.viewport.View()),
 		statusBar,
 	))
 }
 func (m *Model) renderMarkdown() {
@@ -48,5 +66,10 @@ func (m *Model) renderMarkdown() {
 	)
 	str, _ := renderer.Render(processed.String())
-	m.viewport.SetContent(str)
+	m.renderedLines = strings.Split(str, "\n")
 	m.strippedLines = make([]string, len(m.renderedLines))
 	for i, l := range m.renderedLines {
 		m.strippedLines[i] = ansi.Strip(l)
 	}
 	m.applySearch()
 }
@@ -15,6 +15,7 @@ import (
 	"github.com/anotherhadi/spilltea/internal/db"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 type Model struct {
@@ -27,6 +28,9 @@ type Model struct {
 	pager        paginator.Model
 	help         help.Model
 	renderer      *glamour.TermRenderer
 	rendererWidth int
 	width  int
 	height int
 }
@@ -42,6 +46,14 @@ func New() Model {
 func (m Model) Init() tea.Cmd { return nil }
 func (m *Model) CurrentMarkdown() string {
 	if len(m.findings) == 0 {
 		return ""
 	}
 	f := m.findings[m.cursor]
 	return "# " + f.Title + "\n\n" + f.Description
 }
 func (m *Model) SetDB(d *db.DB) {
 	m.database = d
 }
@@ -76,12 +88,17 @@ func (m *Model) recalcSizes() {
 	m.bodyViewport.SetWidth(inner)
 	m.bodyViewport.SetHeight(bodyVH)
 	if m.rendererWidth != inner {
 		m.renderer = nil
 		m.rendererWidth = 0
 	}
 	m.refreshListViewport()
 	m.refreshBody()
 }
 func (m *Model) renderStatusBar() string {
-	return lipgloss.NewStyle().Padding(0, 1).Render(m.help.View(findingsKeyMap{}))
+	return lipgloss.NewStyle().Padding(0, 1).Render(m.help.View(findingsKeyMap{width: m.width}))
 }
 // RefreshCmd loads findings from the database.
@@ -104,19 +121,29 @@ type FindingsLoadedMsg struct {
 }
 func (m *Model) refreshBody() {
 	m.refreshBodyScroll(true)
 }
 func (m *Model) refreshBodyKeepScroll() {
 	m.refreshBodyScroll(false)
 }
 func (m *Model) refreshBodyScroll(reset bool) {
 	if len(m.findings) == 0 {
 		m.bodyViewport.SetContent("")
 		return
 	}
 	f := m.findings[m.cursor]
-	rendered := renderMarkdown(f.Description, m.bodyViewport.Width())
+	rendered := m.renderMarkdownCached(f.Description, m.bodyViewport.Width())
 	m.bodyViewport.SetContent(rendered)
 	if reset {
 		m.bodyViewport.GotoTop()
 	}
 }
-func renderMarkdown(src string, width int) string {
+func (m *Model) renderMarkdownCached(src string, width int) string {
 	if src == "" {
-		return style.S.Faint.Render(" (ㆆ _ ㆆ)\nno description")
+		return style.S.Faint.Render(util.CenterLines("(ㆆ _ ㆆ)", "no description"))
 	}
 	tmpl, err := template.New("").Parse(src)
 	if err != nil {
@@ -129,28 +156,39 @@ func renderMarkdown(src string, width int) string {
 	if width < 10 {
 		width = 80
 	}
 	// Rebuild renderer if width changed or not yet built.
 	if m.renderer == nil || m.rendererWidth != width {
 		r, err := glamour.NewTermRenderer(
 			glamour.WithStyles(style.GlamourStyleConfig(config.Global)),
 			glamour.WithWordWrap(width),
 		)
-	if err != nil {
+		if err == nil {
 			m.renderer = r
 			m.rendererWidth = width
 		}
 	}
 	if m.renderer == nil {
 		return buf.String()
 	}
-	out, err := r.Render(buf.String())
+	out, err := m.renderer.Render(buf.String())
 	if err != nil {
 		return buf.String()
 	}
 	return out
 }
-type findingsKeyMap struct{}
+type findingsKeyMap struct{ width int }
 func (findingsKeyMap) ShortHelp() []key.Binding {
 	g := keys.Keys.Global
 	f := keys.Keys.Findings
-	return []key.Binding{g.Up, g.Down, f.Dismiss}
+	return []key.Binding{g.Up, g.Down, f.Dismiss, g.Copy, g.Help}
 }
-func (findingsKeyMap) FullHelp() [][]key.Binding {
+func (m findingsKeyMap) FullHelp() [][]key.Binding {
-	return [][]key.Binding{findingsKeyMap{}.ShortHelp()}
+	g := keys.Keys.Global
 	pageGlobals := []key.Binding{g.Up, g.Down, g.ScrollUp, g.ScrollDown, g.Copy}
 	all := append(keys.Keys.Findings.Bindings(), pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, m.width)
 }
@@ -6,6 +6,7 @@ import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
@@ -15,22 +16,34 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 			log.Printf("findings load error: %v", msg.Err)
 			return m, nil
 		}
 		var prevID int64
 		if len(m.findings) > 0 && m.cursor < len(m.findings) {
 			prevID = m.findings[m.cursor].ID
 		}
 		m.findings = msg.Findings
 		if m.cursor >= len(m.findings) {
 			m.cursor = max(0, len(m.findings)-1)
 		}
 		if len(m.findings) == 0 {
 			m.pager.Page = 0
 			m.pager.TotalPages = 0
 		} else {
 			m.pager.SetTotalPages(len(m.findings))
 		}
 		m.refreshListViewport()
 		var newID int64
 		if len(m.findings) > 0 && m.cursor < len(m.findings) {
 			newID = m.findings[m.cursor].ID
 		}
 		if newID != prevID {
 			m.refreshBody()
 		} else {
 			m.refreshBodyKeepScroll()
 		}
 		return m, nil
 	case tea.MouseWheelMsg:
-		switch msg.Button {
+		util.HandleMouseWheel(msg, &m.bodyViewport)
 		case tea.MouseWheelUp:
 			m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() - 1)
 		case tea.MouseWheelDown:
 			m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() + 1)
 		}
 		return m, nil
 	case tea.KeyPressMsg:
@@ -65,17 +78,36 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				return m, RefreshCmd(m.database)
 			}
 		case key.Matches(msg, g.ScrollUp):
-			step := m.bodyViewport.Height() / 2
+			util.ScrollViewport(&m.bodyViewport, -1)
 			if step < 1 {
 				step = 1
 			}
 			m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() - step)
 		case key.Matches(msg, g.ScrollDown):
-			step := m.bodyViewport.Height() / 2
+			util.ScrollViewport(&m.bodyViewport, 1)
-			if step < 1 {
+		case key.Matches(msg, g.GotoTop):
-				step = 1
+			m.cursor = 0
-			}
+			m.pager.Page = 0
-			m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() + step)
+			m.refreshListViewport()
 			m.refreshBody()
 		case key.Matches(msg, g.GotoBottom):
 			m.cursor = util.CursorGotoBottom(len(m.findings))
 			m.pager.Page = util.CursorGotoBottom(m.pager.TotalPages)
 			m.refreshListViewport()
 			m.refreshBody()
 		case key.Matches(msg, g.PrevPage):
 			m.cursor = util.CursorMovePage(m.cursor, len(m.findings), m.pager.PerPage, false)
 			m.pager.Page = m.cursor / m.pager.PerPage
 			m.refreshListViewport()
 			m.refreshBody()
 		case key.Matches(msg, g.NextPage):
 			m.cursor = util.CursorMovePage(m.cursor, len(m.findings), m.pager.PerPage, true)
 			m.pager.Page = m.cursor / m.pager.PerPage
 			m.refreshListViewport()
 			m.refreshBody()
 		case key.Matches(msg, g.Help):
 			m.help.ShowAll = !m.help.ShowAll
 			m.recalcSizes()
 		}
 	}
 	return m, nil
@@ -28,7 +28,10 @@ func (m Model) View() tea.View {
 func (m *Model) renderListPanel(w, h int) string {
 	s := style.S
-	dots := s.Faint.Render(m.pager.View())
+	var dots string
 	if len(m.findings) > 0 {
 		dots = s.Faint.Render(m.pager.View())
 	}
 	inner := lipgloss.JoinVertical(lipgloss.Left,
 		m.listViewport.View(),
 		lipgloss.PlaceHorizontal(m.listViewport.Width(), lipgloss.Center, dots),
@@ -51,7 +54,7 @@ func (m *Model) renderList() string {
 		return lipgloss.Place(
 			m.listViewport.Width(), m.listViewport.Height(),
 			lipgloss.Center, lipgloss.Center,
-			s.Faint.Render("  (҂◡_◡) ᕤ\nno findings"),
+			s.Faint.Render(util.CenterLines("(҂◡_◡) ᕤ", "no findings")),
 		)
 	}
@@ -10,6 +10,7 @@ import (
 	"github.com/anotherhadi/spilltea/internal/db"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 type panel int
@@ -55,6 +56,27 @@ func (m Model) IsEditing() bool {
 	return m.searchKind != searchKindOff && !m.searchAccepted
 }
 func (m Model) CurrentRaw() string {
 	if len(m.entries) == 0 || m.cursor >= len(m.entries) {
 		return ""
 	}
 	if m.focusedPanel == panelResponse {
 		return m.entries[m.cursor].ResponseRaw
 	}
 	return m.entries[m.cursor].RequestRaw
 }
 func (m Model) IsResponseFocused() bool {
 	return m.focusedPanel == panelResponse
 }
 func (m Model) CurrentScheme() string {
 	if len(m.entries) == 0 || m.cursor >= len(m.entries) {
 		return "https"
 	}
 	return util.InferScheme(m.entries[m.cursor].Host)
 }
 // RefreshCmd returns the appropriate load command given the current search state.
 // The app model should call this instead of LoadEntriesCmd directly so that
 // background refreshes re-run the active search rather than resetting it.
@@ -136,14 +158,16 @@ func (historyKeyMap) ShortHelp() []key.Binding {
 	return []key.Binding{
 		g.Up, g.Down, g.CycleFocus,
 		h.DeleteEntry, h.DeleteAll,
 		h.Filter, h.SqlQuery,
 		g.Help,
 	}
 }
 func (m historyKeyMap) FullHelp() [][]key.Binding {
 	h := keys.Keys.History
-	all := []key.Binding{h.DeleteEntry, h.DeleteAll, h.Filter, h.SqlQuery}
+	g := keys.Keys.Global
-	all = append(all, keys.Keys.Global.Bindings()...)
+	pageGlobals := []key.Binding{g.Up, g.Down, g.CycleFocus, g.ScrollUp, g.ScrollDown, g.Left, g.Right, g.Escape, g.SendToReplay, g.SendToDiff, g.Copy, g.CopyAs}
 	all := []key.Binding{h.Flag, h.DeleteEntry, h.DeleteAll, h.Filter, h.SqlQuery}
 	all = append(all, pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, m.width)
 }
@@ -6,6 +6,7 @@ import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/db"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
@@ -35,18 +36,36 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		if m.searchKind != searchKindOff && (m.searchAccepted || m.searchInput.Value() != "") {
 			return m, nil
 		}
-		prevCursor := m.cursor
+		// Remember the selected entry's ID so we can re-anchor after the list is
 		// reloaded (new entries are prepended; a pure index-based cursor would
 		// silently jump to a different entry).
 		var selectedID int64
 		if m.cursor >= 0 && m.cursor < len(m.entries) {
 			selectedID = m.entries[m.cursor].ID
 		}
 		m.entries = msg.Entries
 		entryChanged := true
 		if selectedID != 0 {
 			for i, e := range m.entries {
 				if e.ID == selectedID {
 					m.cursor = i
 					entryChanged = false
 					break
 				}
 			}
 		}
 		if m.cursor >= len(m.entries) {
 			m.cursor = len(m.entries) - 1
 			entryChanged = true
 		}
 		if m.cursor < 0 {
 			m.cursor = 0
 			entryChanged = true
 		}
 		m.pager.SetTotalPages(len(m.entries))
 		m.refreshListViewport()
 		m.refreshBody()
-		if m.cursor != prevCursor {
+		if entryChanged {
 			m.bodyViewport.SetYOffset(0)
 			m.bodyViewport.SetXOffset(0)
 		}
@@ -74,24 +93,7 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		m.bodyViewport.SetXOffset(0)
 	case tea.MouseWheelMsg:
-		switch msg.Button {
+		util.HandleMouseWheel(msg, &m.bodyViewport)
 		case tea.MouseWheelUp:
 			if msg.Mod.Contains(tea.ModShift) {
 				m.bodyViewport.ScrollLeft(6)
 			} else {
 				m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() - 1)
 			}
 		case tea.MouseWheelDown:
 			if msg.Mod.Contains(tea.ModShift) {
 				m.bodyViewport.ScrollRight(6)
 			} else {
 				m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() + 1)
 			}
 		case tea.MouseWheelLeft:
 			m.bodyViewport.ScrollLeft(6)
 		case tea.MouseWheelRight:
 			m.bodyViewport.ScrollRight(6)
 		}
 	case tea.KeyPressMsg:
 		h := keys.Keys.History
@@ -229,6 +231,12 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 				}
 			}
 		case key.Matches(msg, h.Flag):
 			if len(m.entries) > 0 && m.database != nil {
 				m.database.ToggleFlag(m.entries[m.cursor].ID)
 				return m, m.RefreshCmd()
 			}
 		case key.Matches(msg, h.DeleteEntry):
 			if len(m.entries) > 0 {
 				id := m.entries[m.cursor].ID
@@ -251,18 +259,10 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 			return m, m.clearSearch()
 		case key.Matches(msg, g.ScrollUp):
-			step := m.bodyViewport.Height() / 2
+			util.ScrollViewport(&m.bodyViewport, -1)
 			if step < 1 {
 				step = 1
 			}
 			m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() - step)
 		case key.Matches(msg, g.ScrollDown):
-			step := m.bodyViewport.Height() / 2
+			util.ScrollViewport(&m.bodyViewport, 1)
 			if step < 1 {
 				step = 1
 			}
 			m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() + step)
 		case key.Matches(msg, g.Left):
 			m.bodyViewport.ScrollLeft(6)
@@ -270,6 +270,35 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		case key.Matches(msg, g.Right):
 			m.bodyViewport.ScrollRight(6)
 		case key.Matches(msg, g.GotoTop):
 			m.cursor = 0
 			m.pager.Page = 0
 			m.refreshListViewport()
 			m.refreshBody()
 			m.bodyViewport.SetYOffset(0)
 			m.bodyViewport.SetXOffset(0)
 		case key.Matches(msg, g.GotoBottom):
 			m.cursor = util.CursorGotoBottom(len(m.entries))
 			m.refreshListViewport()
 			m.refreshBody()
 			m.bodyViewport.SetYOffset(0)
 			m.bodyViewport.SetXOffset(0)
 		case key.Matches(msg, g.PrevPage):
 			m.cursor = util.CursorMovePage(m.cursor, len(m.entries), m.pager.PerPage, false)
 			m.refreshListViewport()
 			m.refreshBody()
 			m.bodyViewport.SetYOffset(0)
 			m.bodyViewport.SetXOffset(0)
 		case key.Matches(msg, g.NextPage):
 			m.cursor = util.CursorMovePage(m.cursor, len(m.entries), m.pager.PerPage, true)
 			m.refreshListViewport()
 			m.refreshBody()
 			m.bodyViewport.SetYOffset(0)
 			m.bodyViewport.SetXOffset(0)
 		case key.Matches(msg, keys.Keys.Global.Help):
 			m.help.ShowAll = !m.help.ShowAll
 			m.recalcSizes()
@@ -281,9 +310,14 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 func (m *Model) refreshListViewport() {
 	if m.pager.PerPage > 0 {
 		if len(m.entries) == 0 {
 			m.pager.Page = 0
 			m.pager.TotalPages = 0
 		} else {
 			m.pager.Page = m.cursor / m.pager.PerPage
 			m.pager.SetTotalPages(len(m.entries))
 		}
 	}
 	m.listViewport.SetContent(m.renderList())
 }
@@ -299,5 +333,10 @@ func (m *Model) refreshBody() {
 	} else {
 		raw = e.RequestRaw
 	}
 	if raw == "" {
 		w, h := m.bodyViewport.Width(), m.bodyViewport.Height()
 		m.bodyViewport.SetContent(lipgloss.Place(w, h, lipgloss.Center, lipgloss.Center, style.S.Faint.Render(util.CenterLines("(˘･_･˘)", "no response stored"))))
 		return
 	}
 	m.bodyViewport.SetContent(style.HighlightHTTP(raw))
 }
@@ -9,6 +9,7 @@ import (
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (m Model) View() tea.View {
@@ -28,7 +29,10 @@ func (m Model) View() tea.View {
 func (m *Model) renderListPanel(w, h int) string {
 	s := style.S
-	dots := s.Faint.Render(m.pager.View())
+	var dots string
 	if len(m.entries) > 0 {
 		dots = s.Faint.Render(m.pager.View())
 	}
 	inner := lipgloss.JoinVertical(lipgloss.Left,
 		m.listViewport.View(),
 		lipgloss.PlaceHorizontal(m.listViewport.Width(), lipgloss.Center, dots),
@@ -81,9 +85,9 @@ func (m *Model) renderList() string {
 		)
 	}
 	if len(m.entries) == 0 {
-		msg := "    (⌐■_■)\nno history yet"
+		msg := util.CenterLines("(⌐■_■)", "no history yet")
 		if m.searchKind != searchKindOff {
-			msg = "ʕノ•ᴥ•ʔノ ︵ ┻━┻\n   no results"
+			msg = util.CenterLines("ʕノ•ᴥ•ʔノ ︵ ┻━┻", "no results")
 		}
 		return lipgloss.Place(
 			m.listViewport.Width(), m.listViewport.Height(),
@@ -109,7 +113,7 @@ func (m *Model) renderList() string {
 		w := m.listViewport.Width()
 		statusStr := fmt.Sprintf("%3d", e.StatusCode)
-		const fixedW = 2 + 7 + 1 + 3 + 1 + 10 + 1
+		const fixedW = 2 + 2 + 7 + 1 + 3 + 1 + 10 + 1
 		hostPathW := w - fixedW
 		if hostPathW < 0 {
 			hostPathW = 0
@@ -117,12 +121,21 @@ func (m *Model) renderList() string {
 		ts := e.Timestamp.Format("15:04:05")
 		statusSt := style.StatusStyle(e.StatusCode, 3)
 		flagSt := lipgloss.NewStyle().Foreground(s.Primary)
 		var line string
 		if selected {
 			bg := lipgloss.NewStyle().Background(selBg)
 			flagStr := "  "
 			if e.Flagged {
 				flagStr = icons.I.Flag + " "
 				if icons.I.Flag == "" {
 					flagStr = "★ "
 				}
 			}
 			line = lipgloss.JoinHorizontal(lipgloss.Top,
 				bg.Bold(true).Foreground(s.Primary).Width(2).Render(">"),
 				bg.Foreground(s.Primary).Width(2).Render(flagStr),
 				s.Method(e.Method).Background(selBg).Render(e.Method),
 				bg.Width(1).Render(""),
 				statusSt.Background(selBg).Render(statusStr),
@@ -132,8 +145,16 @@ func (m *Model) renderList() string {
 				bg.Bold(true).Width(hostPathW).Render(e.Host+e.Path),
 			)
 		} else {
 			flagStr := "  "
 			if e.Flagged {
 				flagStr = icons.I.Flag + " "
 				if icons.I.Flag == "" {
 					flagStr = "★ "
 				}
 			}
 			line = lipgloss.JoinHorizontal(lipgloss.Top,
 				"  ",
 				flagSt.Width(2).Render(flagStr),
 				s.Method(e.Method).Render(e.Method),
 				" ",
 				statusSt.Render(statusStr),
@@ -142,6 +142,11 @@ type Project struct {
 	ModTime time.Time
 }
 // ProjectSelectedMsg is emitted when the user picks a project from the home screen.
 type ProjectSelectedMsg struct {
 	Project *Project
 }
 type inputMode int
 const (
@@ -161,16 +166,11 @@ type Model struct {
 	list        list.Model
 	projectDir  string
 	nameInput   textinput.Model
 	selected    *Project
 	width       int
 	height      int
 	teapotFrame int
 }
 // Selected returns the project chosen by the user, or nil if the program was
 // quit without making a selection.
 func (m Model) Selected() *Project { return m.selected }
 func New(projectDir string) Model {
 	projects := loadProjects(projectDir)
@@ -332,7 +332,7 @@ func (m Model) renderHelpLine() string {
 		}
 		parts = append(parts, binding(k.Open))
 		parts = append(parts, binding(k.Delete))
-		parts = append(parts, item("q", "quit"))
+		parts = append(parts, item(keys.Keys.Global.Quit.Help().Key, "quit"))
 	}
 	return strings.Join(parts, sep)
@@ -76,11 +76,11 @@ func (m Model) handleSelection() (tea.Model, tea.Cmd) {
 			return m, nil
 		}
 		initProjectFiles(dir)
-		m.selected = &Project{Name: "temporary", Path: filepath.Join(dir, "data.db")}
+		p := &Project{Name: "temporary", Path: filepath.Join(dir, "data.db")}
-		return m, tea.Quit
+		return m, func() tea.Msg { return ProjectSelectedMsg{Project: p} }
 	default:
-		m.selected = &Project{Name: item.name, Path: item.path}
+		p := &Project{Name: item.name, Path: item.path}
-		return m, tea.Quit
+		return m, func() tea.Msg { return ProjectSelectedMsg{Project: p} }
 	}
 }
@@ -117,8 +117,8 @@ func (m Model) updateNaming(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 			return m, nil
 		}
 		initProjectFiles(dir)
-		m.selected = &Project{Name: name, Path: filepath.Join(dir, "data.db")}
+		p := &Project{Name: name, Path: filepath.Join(dir, "data.db")}
-		return m, tea.Quit
+		return m, func() tea.Msg { return ProjectSelectedMsg{Project: p} }
 	default:
 		var cmd tea.Cmd
 		m.nameInput, cmd = m.nameInput.Update(msg)
@@ -4,114 +4,39 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
 	"sort"
 	"strconv"
 	"strings"
 	"github.com/anotherhadi/spilltea/internal/intercept"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func formatRawRequest(req *intercept.PendingRequest) string {
 	r := req.Flow.Request
 	var sb strings.Builder
 	fmt.Fprintf(&sb, "%s %s %s\n", r.Method, r.URL.RequestURI(), r.Proto)
 	keys := make([]string, 0, len(r.Header))
 	for k := range r.Header {
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	for _, k := range keys {
 		for _, v := range r.Header[k] {
 			fmt.Fprintf(&sb, "%s: %s\n", k, v)
 		}
 	}
 	sb.WriteString("\n")
 	if len(r.Body) > 0 {
 		sb.Write(r.Body)
 	}
 	return sb.String()
 }
 func formatRawResponse(resp *intercept.PendingResponse) string {
 	r := resp.Flow.Response
 	if r == nil {
 		return "(no response)"
 	}
 	var sb strings.Builder
 	proto := resp.Flow.Request.Proto
 	if proto == "" {
 		proto = "HTTP/1.1"
 	}
 	fmt.Fprintf(&sb, "%s %d %s\n", proto, r.StatusCode, http.StatusText(r.StatusCode))
 	keys := make([]string, 0, len(r.Header))
 	for k := range r.Header {
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	for _, k := range keys {
 		for _, v := range r.Header[k] {
 			fmt.Fprintf(&sb, "%s: %s\n", k, v)
 		}
 	}
 	sb.WriteString("\n")
 	if len(r.Body) > 0 {
 		sb.Write(r.Body)
 	}
 	return sb.String()
 }
 func parseRawRequest(content string, req *intercept.PendingRequest) {
 	parsed := util.ParseRawRequest(content)
 	r := req.Flow.Request
-	lines := strings.Split(strings.ReplaceAll(content, "\r\n", "\n"), "\n")
+	if parsed.Method != "" {
-	if len(lines) == 0 {
+		r.Method = parsed.Method
 		return
 	}
-
+	if parsed.Path != "" {
-	parts := strings.SplitN(lines[0], " ", 3)
+		if u, err := url.ParseRequestURI(parsed.Path); err == nil {
 	if len(parts) >= 1 {
 		r.Method = strings.TrimSpace(parts[0])
 	}
 	if len(parts) >= 2 {
 		if u, err := url.ParseRequestURI(strings.TrimSpace(parts[1])); err == nil {
 			r.URL.Path = u.Path
 			r.URL.RawQuery = u.RawQuery
 		}
 	}
-	if len(parts) >= 3 {
+	if parsed.Proto != "" {
-		r.Proto = strings.TrimSpace(parts[2])
+		r.Proto = parsed.Proto
 	}
 	r.Header = make(http.Header)
-	i := 1
+	for _, h := range parsed.Headers {
-	for i < len(lines) {
+		r.Header.Set(h.Key, h.Value)
 		line := strings.TrimRight(lines[i], "\r")
 		if line == "" {
 			i++
 			break
 	}
-		if kv := strings.SplitN(line, ": ", 2); len(kv) == 2 {
+	if parsed.Body != "" {
-			r.Header.Set(strings.TrimSpace(kv[0]), strings.TrimSpace(kv[1]))
+		r.Body = []byte(parsed.Body)
 		}
 		i++
 	}
 	if i < len(lines) {
 		body := strings.Join(lines[i:], "\n")
 		body = strings.TrimRight(body, "\n")
 		if body != "" {
 			r.Body = []byte(body)
 	} else {
 		r.Body = nil
 	}
 }
 }
 func parseRawResponse(content string, resp *intercept.PendingResponse) {
 	r := resp.Flow.Response
@@ -295,17 +220,27 @@ func (m *Model) recalcSizes() {
 func (m *Model) refreshListViewport() {
 	if m.pager.PerPage > 0 {
 		if len(m.queue) == 0 {
 			m.pager.Page = 0
 			m.pager.TotalPages = 0
 		} else {
 			m.pager.Page = m.cursor / m.pager.PerPage
 			m.pager.SetTotalPages(len(m.queue))
 		}
 	}
 	m.listViewport.SetContent(m.renderList())
 }
 func (m *Model) refreshResponseListViewport() {
 	if m.responsePager.PerPage > 0 {
 		if len(m.responseQueue) == 0 {
 			m.responsePager.Page = 0
 			m.responsePager.TotalPages = 0
 		} else {
 			m.responsePager.Page = m.responseCursor / m.responsePager.PerPage
 			m.responsePager.SetTotalPages(len(m.responseQueue))
 		}
 	}
 	m.responseViewport.SetContent(m.renderResponseList())
 }
@@ -333,7 +268,7 @@ func (m *Model) loadIntoTextarea() {
 		if edited, ok := m.pendingResponseEdits[resp]; ok {
 			m.textarea.SetValue(edited)
 		} else {
-			m.textarea.SetValue(formatRawResponse(resp))
+			m.textarea.SetValue(intercept.FormatRawResponse(resp.Flow))
 		}
 	} else {
 		if len(m.queue) == 0 {
@@ -343,7 +278,7 @@ func (m *Model) loadIntoTextarea() {
 		if edited, ok := m.pendingEdits[req]; ok {
 			m.textarea.SetValue(edited)
 		} else {
-			m.textarea.SetValue(formatRawRequest(req))
+			m.textarea.SetValue(intercept.FormatRawRequest(req.Flow))
 		}
 	}
 }
@@ -360,7 +295,7 @@ func (m *Model) refreshBody() {
 		if edited, ok := m.pendingResponseEdits[resp]; ok {
 			raw = edited
 		} else {
-			raw = formatRawResponse(resp)
+			raw = intercept.FormatRawResponse(resp.Flow)
 		}
 	} else {
 		if len(m.queue) == 0 {
@@ -371,7 +306,7 @@ func (m *Model) refreshBody() {
 		if edited, ok := m.pendingEdits[req]; ok {
 			raw = edited
 		} else {
-			raw = formatRawRequest(req)
+			raw = intercept.FormatRawRequest(req.Flow)
 		}
 	}
 	m.bodyViewport.SetContent(style.HighlightHTTP(raw))
@@ -29,6 +29,9 @@ func (interceptKeyMap) ShortHelp() []key.Binding {
 }
 func (m interceptKeyMap) FullHelp() [][]key.Binding {
-	all := append(keys.Keys.Intercept.Bindings(), keys.Keys.Global.Bindings()...)
+	g := keys.Keys.Global
 	pageGlobals := []key.Binding{g.Up, g.Down, g.CycleFocus, g.ScrollUp, g.ScrollDown, g.Left, g.Right, g.Escape, g.SendToReplay, g.SendToDiff, g.Copy, g.CopyAs}
 	all := append(keys.Keys.Intercept.Bindings(), pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, m.width)
 }
@@ -29,7 +29,7 @@ type Model struct {
 	responseCursor  int
 	editing              bool
-	autoForward         bool
+	interceptEnabled     bool
 	pendingEdits         map[*intercept.PendingRequest]string
 	pendingResponseEdits map[*intercept.PendingResponse]string
@@ -60,7 +60,7 @@ func New(broker *intercept.Broker) Model {
 	return Model{
 		broker:               broker,
-		autoForward:     cfg.Intercept.DefaultAutoForward,
+		interceptEnabled:     cfg.Intercept.DefaultInterceptEnabled,
 		captureResponse:      cfg.Intercept.DefaultCaptureResponse,
 		listViewport:         lv,
 		responseViewport:     rv,
@@ -78,6 +78,10 @@ func (m Model) Init() tea.Cmd { return nil }
 func (m Model) IsEditing() bool { return m.editing }
 func (m Model) IsResponseFocused() bool {
 	return m.captureResponse && m.focusedPanel == panelResponses
 }
 func (m Model) CurrentScheme() string {
 	if len(m.queue) == 0 {
 		return "https"
@@ -98,7 +102,7 @@ func (m Model) CurrentRaw() string {
 		if edited, ok := m.pendingResponseEdits[resp]; ok {
 			return edited
 		}
-		return formatRawResponse(resp)
+		return intercept.FormatRawResponse(resp.Flow)
 	}
 	if len(m.queue) == 0 {
 		return ""
@@ -107,7 +111,7 @@ func (m Model) CurrentRaw() string {
 	if edited, ok := m.pendingEdits[req]; ok {
 		return edited
 	}
-	return formatRawRequest(req)
+	return intercept.FormatRawRequest(req.Flow)
 }
 func (m *Model) SetSize(w, h int) {
@@ -115,4 +119,3 @@ func (m *Model) SetSize(w, h int) {
 	m.height = h
 	m.recalcSizes()
 }
@@ -5,17 +5,27 @@ import (
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/intercept"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/util"
 	diffUI "github.com/anotherhadi/spilltea/internal/ui/diff"
 	replayUI "github.com/anotherhadi/spilltea/internal/ui/replay"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	var cmds []tea.Cmd
 	// Route non-key messages to textarea when editing so internal
 	// textarea messages (e.g. clipboard paste) are handled correctly.
 	if m.editing {
 		if _, ok := msg.(tea.KeyPressMsg); !ok {
 			var taCmd tea.Cmd
 			m.textarea, taCmd = m.textarea.Update(msg)
 			cmds = append(cmds, taCmd)
 		}
 	}
 	switch msg := msg.(type) {
 	case intercept.RequestArrivedMsg:
-		if m.autoForward {
+		if !m.interceptEnabled {
 			m.broker.Decide(msg.Req, intercept.Forward)
 			break
 		}
@@ -42,24 +52,7 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	case tea.MouseWheelMsg:
 		if !m.editing {
-			switch msg.Button {
+			util.HandleMouseWheel(msg, &m.bodyViewport)
 			case tea.MouseWheelUp:
 				if msg.Mod.Contains(tea.ModShift) {
 					m.bodyViewport.ScrollLeft(6)
 				} else {
 					m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() - 1)
 				}
 			case tea.MouseWheelDown:
 				if msg.Mod.Contains(tea.ModShift) {
 					m.bodyViewport.ScrollRight(6)
 				} else {
 					m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() + 1)
 				}
 			case tea.MouseWheelLeft:
 				m.bodyViewport.ScrollLeft(6)
 			case tea.MouseWheelRight:
 				m.bodyViewport.ScrollRight(6)
 			}
 		}
 	case tea.KeyPressMsg:
@@ -117,18 +110,10 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg, cmds *[]tea.Cmd) (tea.Model
 		}
 	case key.Matches(msg, keys.Keys.Global.ScrollUp):
-		step := m.bodyViewport.Height() / 2
+		util.ScrollViewport(&m.bodyViewport, -1)
 		if step < 1 {
 			step = 1
 		}
 		m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() - step)
 	case key.Matches(msg, keys.Keys.Global.ScrollDown):
-		step := m.bodyViewport.Height() / 2
+		util.ScrollViewport(&m.bodyViewport, 1)
 		if step < 1 {
 			step = 1
 		}
 		m.bodyViewport.SetYOffset(m.bodyViewport.YOffset() + step)
 	case key.Matches(msg, keys.Keys.Global.Left):
 		m.bodyViewport.ScrollLeft(6)
@@ -136,9 +121,6 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg, cmds *[]tea.Cmd) (tea.Model
 	case key.Matches(msg, keys.Keys.Global.Right):
 		m.bodyViewport.ScrollRight(6)
 	case key.Matches(msg, keys.Keys.Global.Quit):
 		return m, tea.Quit
 	case key.Matches(msg, keys.Keys.Intercept.UndoEdits):
 		if onResponses {
 			if len(m.responseQueue) > 0 {
@@ -152,9 +134,9 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg, cmds *[]tea.Cmd) (tea.Model
 			}
 		}
-	case key.Matches(msg, keys.Keys.Intercept.AutoForward):
+	case key.Matches(msg, keys.Keys.Intercept.ToggleIntercept):
-		m.autoForward = !m.autoForward
+		m.interceptEnabled = !m.interceptEnabled
-		if m.autoForward {
+		if !m.interceptEnabled {
 			for len(m.queue) > 0 {
 				m.applyAndDecide(intercept.Forward)
 			}
@@ -227,10 +209,10 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg, cmds *[]tea.Cmd) (tea.Model
 	case key.Matches(msg, keys.Keys.Intercept.EditExternal):
 		if !onResponses && len(m.queue) > 0 {
-			return m, util.OpenExternalEditor(formatRawRequest(m.queue[m.cursor]))
+			return m, util.OpenExternalEditor(intercept.FormatRawRequest(m.queue[m.cursor].Flow))
 		}
 		if onResponses && len(m.responseQueue) > 0 {
-			return m, util.OpenExternalEditor(formatRawResponse(m.responseQueue[m.responseCursor]))
+			return m, util.OpenExternalEditor(intercept.FormatRawResponse(m.responseQueue[m.responseCursor].Flow))
 		}
 	case key.Matches(msg, keys.Keys.Global.SendToReplay):
@@ -258,6 +240,46 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg, cmds *[]tea.Cmd) (tea.Model
 				return diffUI.SendToDiffMsg{Label: label, Raw: raw}
 			}
 		}
 	case key.Matches(msg, keys.Keys.Global.GotoTop):
 		if onResponses {
 			m.responseCursor = 0
 		} else {
 			m.cursor = 0
 		}
 		m.refreshListViewport()
 		m.refreshResponseListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.GotoBottom):
 		if onResponses {
 			m.responseCursor = util.CursorGotoBottom(len(m.responseQueue))
 		} else {
 			m.cursor = util.CursorGotoBottom(len(m.queue))
 		}
 		m.refreshListViewport()
 		m.refreshResponseListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.PrevPage):
 		if onResponses {
 			m.responseCursor = util.CursorMovePage(m.responseCursor, len(m.responseQueue), m.responsePager.PerPage, false)
 		} else {
 			m.cursor = util.CursorMovePage(m.cursor, len(m.queue), m.pager.PerPage, false)
 		}
 		m.refreshListViewport()
 		m.refreshResponseListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.NextPage):
 		if onResponses {
 			m.responseCursor = util.CursorMovePage(m.responseCursor, len(m.responseQueue), m.responsePager.PerPage, true)
 		} else {
 			m.cursor = util.CursorMovePage(m.cursor, len(m.queue), m.pager.PerPage, true)
 		}
 		m.refreshListViewport()
 		m.refreshResponseListViewport()
 		m.refreshBody()
 	}
 	return m, tea.Batch(*cmds...)
@@ -277,12 +299,12 @@ func (m Model) updateEditMode(msg tea.KeyPressMsg, cmds *[]tea.Cmd) (tea.Model,
 		if onResponses {
 			if len(m.responseQueue) > 0 {
 				delete(m.pendingResponseEdits, m.responseQueue[m.responseCursor])
-				m.textarea.SetValue(formatRawResponse(m.responseQueue[m.responseCursor]))
+				m.textarea.SetValue(intercept.FormatRawResponse(m.responseQueue[m.responseCursor].Flow))
 			}
 		} else {
 			if len(m.queue) > 0 {
 				delete(m.pendingEdits, m.queue[m.cursor])
-				m.textarea.SetValue(formatRawRequest(m.queue[m.cursor]))
+				m.textarea.SetValue(intercept.FormatRawRequest(m.queue[m.cursor].Flow))
 			}
 		}
@@ -8,6 +8,7 @@ import (
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (m Model) View() tea.View {
@@ -45,15 +46,18 @@ func (m *Model) renderListPanel(w, h int) string {
 		border = s.PanelFocused
 	}
-	dots := s.Faint.Render(m.pager.View())
+	var dots string
 	if len(m.queue) > 0 {
 		dots = s.Faint.Render(m.pager.View())
 	}
 	inner := lipgloss.JoinVertical(lipgloss.Left,
 		m.listViewport.View(),
 		lipgloss.PlaceHorizontal(m.listViewport.Width(), lipgloss.Center, dots),
 	)
 	title := icons.I.Request + "Requests"
-	if m.autoForward {
+	if !m.interceptEnabled {
-		title += " [auto forward]"
+		title += " " + lipgloss.NewStyle().Foreground(style.S.Error).Render("[intercept off]")
 	}
 	return style.RenderWithTitle(border, title, inner, w, h)
 }
@@ -101,7 +105,7 @@ func (m *Model) renderStatusBar() string {
 func (m *Model) renderList() string {
 	if len(m.queue) == 0 {
-		return lipgloss.Place(m.listViewport.Width(), m.listViewport.Height(), lipgloss.Center, lipgloss.Center, style.S.Faint.Render("       (｡◕‿‿◕｡)\nwaiting for a request"))
+		return lipgloss.Place(m.listViewport.Width(), m.listViewport.Height(), lipgloss.Center, lipgloss.Center, style.S.Faint.Render(util.CenterLines("(｡◕‿‿◕｡)", "waiting for a request")))
 	}
 	s := style.S
@@ -157,7 +161,7 @@ func (m *Model) renderList() string {
 func (m *Model) renderResponseList() string {
 	if len(m.responseQueue) == 0 {
-		return lipgloss.Place(m.responseViewport.Width(), m.responseViewport.Height(), lipgloss.Center, lipgloss.Center, style.S.Faint.Render("     (҂◡_◡)\nno response yet"))
+		return lipgloss.Place(m.responseViewport.Width(), m.responseViewport.Height(), lipgloss.Center, lipgloss.Center, style.S.Faint.Render(util.CenterLines("(҂◡_◡)", "no response yet")))
 	}
 	s := style.S
@@ -1,7 +1,6 @@
 package plugins
 import (
 	"os"
 	"strings"
 	"charm.land/bubbles/v2/help"
@@ -25,6 +24,7 @@ type Model struct {
 	filtered []plugins.Info
 	listViewport   viewport.Model
 	detailViewport viewport.Model
 	textarea       textarea.Model
 	filterInput    textinput.Model
 	filtering      bool
@@ -36,7 +36,7 @@ type Model struct {
 }
 func New(mgr *plugins.Manager) Model {
-	ta := style.NewTextarea(false)
+	ta := style.NewTextarea(true)
 	ta.Placeholder = "plugin configuration..."
 	ta.Blur()
@@ -46,6 +46,7 @@ func New(mgr *plugins.Manager) Model {
 	return Model{
 		manager:        mgr,
 		listViewport:   style.NewViewport(),
 		detailViewport: style.NewViewport(),
 		textarea:       ta,
 		filterInput:    fi,
 		pager:          style.NewPaginator(),
@@ -88,13 +89,29 @@ func (m *Model) recalcSizes() {
 	}
 	m.filterInput.SetWidth(inner - 2)
 	detailContentH := style.PanelContentH(detailH)
 	const headerH = 2
 	const configFixedH = 2 // blank line + label line
 	textareaH := max(3, detailContentH/3)
 	if textareaH > 12 {
 		textareaH = 12
 	}
 	configTotalH := 0
 	if m.hasConfig() {
 		configTotalH = configFixedH + textareaH
 	}
 	descVH := max(1, detailContentH-headerH-configTotalH)
 	m.detailViewport.SetWidth(inner)
 	m.detailViewport.SetHeight(descVH)
 	m.textarea.SetWidth(max(1, inner-2))
-	m.textarea.SetHeight(max(3, detailH-6))
+	m.textarea.SetHeight(max(3, textareaH))
 	m.refreshListViewport()
 	m.syncDetailViewport()
 }
 // Refresh reloads the plugin list from the manager.
 func (m *Model) Refresh() {
 	if m.manager == nil {
 		return
@@ -126,6 +143,7 @@ func (m *Model) applyFilter() {
 	}
 	m.refreshListViewport()
 	m.syncTextarea()
 	m.syncDetailViewport()
 }
 func (m *Model) selected() (plugins.Info, bool) {
@@ -135,6 +153,15 @@ func (m *Model) selected() (plugins.Info, bool) {
 	return m.filtered[m.cursor], true
 }
 func (m *Model) hasConfig() bool {
 	info, ok := m.selected()
 	if !ok {
 		return false
 	}
 	_, has := info.Hooks["on_config"]
 	return has
 }
 func (m *Model) syncTextarea() {
 	if m.editing {
 		return
@@ -147,23 +174,34 @@ func (m *Model) syncTextarea() {
 	m.textarea.SetValue(info.ConfigText)
 }
 func (m *Model) syncDetailViewport() {
 	info, ok := m.selected()
 	if !ok || info.Description == "" {
 		m.detailViewport.SetContent("")
 		return
 	}
 	desc := renderPluginDescription(info.Description, m.width-6)
 	m.detailViewport.SetContent(desc)
 }
 func (m *Model) refreshListViewport() {
 	if m.pager.PerPage > 0 {
 		if len(m.filtered) == 0 {
 			m.pager.Page = 0
 			m.pager.TotalPages = 0
 		} else {
 			m.pager.Page = m.cursor / m.pager.PerPage
 			m.pager.SetTotalPages(len(m.filtered))
 		}
 	}
 	m.listViewport.SetContent(m.renderList())
 }
-func shortenPath(p string) string {
+type pluginsKeyMap struct {
-	home := os.Getenv("HOME")
+	editing   bool
-	if home != "" && strings.HasPrefix(p, home) {
+	hasConfig bool
-		return "~" + p[len(home):]
+	width     int
 }
 	return p
 }
 type pluginsKeyMap struct{ editing bool }
 func (k pluginsKeyMap) ShortHelp() []key.Binding {
 	pk := keys.Keys.Plugins
@@ -172,9 +210,25 @@ func (k pluginsKeyMap) ShortHelp() []key.Binding {
 		esc := key.NewBinding(key.WithKeys(g.Escape.Keys()...), key.WithHelp(g.Escape.Help().Key, "save & exit"))
 		return []key.Binding{esc}
 	}
-	return []key.Binding{pk.Toggle, pk.EditConfig, pk.Filter}
+	scrollHint := key.NewBinding(
 		key.WithKeys(g.ScrollUp.Keys()...),
 		key.WithHelp(g.ScrollUp.Help().Key+"/"+g.ScrollDown.Help().Key, "scroll detail"),
 	)
 	if k.hasConfig {
 		return []key.Binding{pk.Toggle, pk.EditConfig, scrollHint, g.Help}
 	}
 	return []key.Binding{pk.Toggle, scrollHint, g.Help}
 }
 func (k pluginsKeyMap) FullHelp() [][]key.Binding {
 	g := keys.Keys.Global
 	if k.editing {
 		return [][]key.Binding{k.ShortHelp()}
 	}
 	pk := keys.Keys.Plugins
 	pageGlobals := []key.Binding{g.Up, g.Down, g.ScrollUp, g.ScrollDown, g.Escape}
 	all := []key.Binding{pk.Toggle, pk.EditConfig, pk.Filter}
 	all = append(all, pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, k.width)
 }
@@ -4,24 +4,26 @@ import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 // PluginsChangedMsg is sent when the plugin list should be refreshed.
 type PluginsChangedMsg struct{}
 // RefreshCmd returns a command that triggers a list refresh.
 func RefreshCmd() tea.Cmd {
 	return func() tea.Msg { return PluginsChangedMsg{} }
 }
 func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
-	switch msg.(type) {
+	// Route non-key messages to textarea when editing so internal
-	case PluginsChangedMsg:
+	// textarea messages (e.g. clipboard paste) are handled correctly.
-		m.Refresh()
+	if m.editing {
-		return m, nil
+		if _, ok := msg.(tea.KeyPressMsg); !ok {
 			var cmd tea.Cmd
 			m.textarea, cmd = m.textarea.Update(msg)
 			return m, cmd
 		}
 	}
 	switch msg := msg.(type) {
 	case tea.MouseWheelMsg:
 		if !m.editing {
 			util.HandleMouseWheel(msg, &m.detailViewport)
 		}
 	case tea.KeyPressMsg:
 		pk := keys.Keys.Plugins
 		g := keys.Keys.Global
@@ -90,15 +92,17 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		case key.Matches(msg, g.Up):
 			if m.cursor > 0 {
 				m.cursor--
-				m.refreshListViewport()
+				m.recalcSizes()
 				m.syncTextarea()
 				m.detailViewport.GotoTop()
 			}
 		case key.Matches(msg, g.Down):
 			if m.cursor < len(m.filtered)-1 {
 				m.cursor++
-				m.refreshListViewport()
+				m.recalcSizes()
 				m.syncTextarea()
 				m.detailViewport.GotoTop()
 			}
 		case key.Matches(msg, pk.Toggle):
@@ -115,11 +119,29 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 			}
 		case key.Matches(msg, pk.EditConfig):
-			if _, ok := m.selected(); ok {
+			if _, ok := m.selected(); ok && m.hasConfig() {
 				m.editing = true
 				m.textarea.Focus()
 			}
 		case key.Matches(msg, g.PrevPage):
 			m.cursor = util.CursorMovePage(m.cursor, len(m.filtered), m.pager.PerPage, false)
 			m.recalcSizes()
 			m.syncTextarea()
 			m.detailViewport.GotoTop()
 		case key.Matches(msg, g.NextPage):
 			m.cursor = util.CursorMovePage(m.cursor, len(m.filtered), m.pager.PerPage, true)
 			m.recalcSizes()
 			m.syncTextarea()
 			m.detailViewport.GotoTop()
 		case key.Matches(msg, g.ScrollUp):
 			util.ScrollViewport(&m.detailViewport, -1)
 		case key.Matches(msg, g.ScrollDown):
 			util.ScrollViewport(&m.detailViewport, 1)
 		case key.Matches(msg, g.Help):
 			m.help.ShowAll = !m.help.ShowAll
 			m.recalcSizes()
@@ -1,18 +1,22 @@
 package plugins
 import (
 	"path/filepath"
 	"strings"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/glamour/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/config"
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (m Model) View() tea.View {
 	if m.width == 0 || m.manager == nil {
-		return tea.NewView(style.S.Faint.Render("\nno plugins loaded"))
+		return tea.NewView(lipgloss.Place(m.width, m.height, lipgloss.Center, lipgloss.Center, style.S.Faint.Render(util.CenterLines("(._.)~*.'", "no plugins loaded"))))
 	}
 	listH, detailH := style.SplitH(m.height, m.renderStatusBar(), 0.4)
@@ -27,23 +31,32 @@ func (m Model) View() tea.View {
 func (m *Model) renderListPanel(w, h int) string {
 	s := style.S
-	dots := s.Faint.Render(m.pager.View())
+	panelStyle := s.PanelFocused
 	if m.editing {
 		panelStyle = s.Panel
 	}
 	var dots string
 	if len(m.filtered) > 0 {
 		dots = s.Faint.Render(m.pager.View())
 	}
 	inner := lipgloss.JoinVertical(lipgloss.Left,
 		m.listViewport.View(),
 		lipgloss.PlaceHorizontal(m.listViewport.Width(), lipgloss.Center, dots),
 	)
-	return style.RenderWithTitle(s.PanelFocused, icons.I.Plugin+"Plugins", inner, w, h)
+	return style.RenderWithTitle(panelStyle, icons.I.Plugin+"Plugins", inner, w, h)
 }
 func (m *Model) renderDetailPanel(h int) string {
 	s := style.S
 	panelStyle := s.Panel
 	if m.editing {
 		panelStyle = s.PanelFocused
 	}
 	info, ok := m.selected()
 	if !ok {
-		return style.RenderWithTitle(s.Panel, "Config", "", m.width, h)
+		return style.RenderWithTitle(panelStyle, icons.I.Detail+"Detail", "", m.width, h)
 	}
 	var sb strings.Builder
 	statusSt := lipgloss.NewStyle().Foreground(s.Error)
 	if info.Enabled {
 		statusSt = lipgloss.NewStyle().Foreground(s.Success)
@@ -52,22 +65,52 @@ func (m *Model) renderDetailPanel(h int) string {
 	if info.Enabled {
 		status = "enabled"
 	}
 	sb.WriteString(s.Bold.Render(info.Name) + "  " + statusSt.Render(status) + "\n")
 	sb.WriteString(s.Faint.Render(shortenPath(info.FilePath)) + "\n\n")
 	pad := lipgloss.NewStyle().Padding(0, 1)
 	header := pad.Render(
 		s.Bold.Render(info.Name) + "  " + statusSt.Render(status) + "\n" +
 			s.Faint.Render(filepath.Base(info.FilePath)),
 	)
 	parts := []string{header, m.detailViewport.View()}
 	if m.hasConfig() {
 		var configLabel string
 		if m.editing {
 			escKey := keys.Keys.Global.Escape.Help().Key
-		sb.WriteString(s.Faint.Render("editing config (" + escKey + " to save):"))
+			configLabel = pad.Render(s.Faint.Render("editing config (" + escKey + " to save):"))
 		} else {
 			editKey := keys.Keys.Plugins.EditConfig.Help().Key
-		sb.WriteString(s.Faint.Render("config (" + editKey + " to edit):"))
+			configLabel = pad.Render(s.Faint.Render("config (" + editKey + " to edit):"))
 		}
 		parts = append(parts, "", configLabel, pad.Render(m.textarea.View()))
 	}
-	inner := lipgloss.JoinVertical(lipgloss.Left,
+	inner := lipgloss.JoinVertical(lipgloss.Left, parts...)
-		lipgloss.NewStyle().Padding(0, 1).Render(sb.String()),
+	return style.RenderWithTitle(panelStyle, icons.I.Detail+"Detail", inner, m.width, h)
-		lipgloss.NewStyle().Padding(0, 1).Render(m.textarea.View()),
+}
 func renderPluginDescription(desc string, width int) string {
 	desc = strings.TrimSpace(desc)
 	lines := strings.Split(desc, "\n")
 	for i, l := range lines {
 		lines[i] = strings.TrimLeft(l, " \t")
 	}
 	desc = strings.Join(lines, "\n")
 	r, err := glamour.NewTermRenderer(
 		glamour.WithStyles(style.GlamourStyleConfig(config.Global)),
 		glamour.WithWordWrap(width),
 	)
-	return style.RenderWithTitle(s.Panel, "Detail", inner, m.width, h)
+	if err != nil {
 		return desc
 	}
 	out, err := r.Render(desc)
 	if err != nil {
 		return desc
 	}
 	return strings.Trim(out, "\n")
 }
 func (m *Model) renderStatusBar() string {
@@ -81,17 +124,17 @@ func (m *Model) renderStatusBar() string {
 		escKey := keys.Keys.Global.Escape.Help().Key
 		accent := lipgloss.NewStyle().Foreground(s.Primary)
 		filterLine := pad.Render(accent.Render(filterKey) + " " + s.Bold.Render(m.filter) + s.Faint.Render("  "+escKey+" to clear"))
-		return lipgloss.JoinVertical(lipgloss.Left, filterLine, pad.Render(m.help.View(pluginsKeyMap{editing: m.editing})))
+		return lipgloss.JoinVertical(lipgloss.Left, filterLine, pad.Render(m.help.View(pluginsKeyMap{editing: m.editing, hasConfig: m.hasConfig(), width: m.width})))
 	}
-	return pad.Render(m.help.View(pluginsKeyMap{editing: m.editing}))
+	return pad.Render(m.help.View(pluginsKeyMap{editing: m.editing, hasConfig: m.hasConfig(), width: m.width}))
 }
 func (m *Model) renderList() string {
 	s := style.S
 	if len(m.filtered) == 0 {
-		msg := " (ง •̀_•́)ง\nno plugins"
+		msg := util.CenterLines("(ง •̀_•́)ง", "no plugins", "", "spilltea --add-default-plugins")
 		if m.filter != "" {
-			msg = "   = _ =\nno results"
+			msg = util.CenterLines("= _ =", "no results")
 		}
 		return lipgloss.Place(
 			m.listViewport.Width(), m.listViewport.Height(),
@@ -34,10 +34,19 @@ type Entry struct {
 	Err         error
 }
 type panel int
 const (
 	panelList panel = iota
 	panelRequest
 	panelResponse
 )
 type Model struct {
 	entries      []Entry
 	cursor       int
 	editing      bool
 	focusedPanel panel
 	database     *db.DB
 	listViewport     viewport.Model
@@ -68,6 +77,30 @@ func (m Model) Init() tea.Cmd { return nil }
 func (m Model) IsEditing() bool { return m.editing }
 func (m Model) IsResponseFocused() bool {
 	return m.focusedPanel == panelResponse
 }
 func (m Model) CurrentRaw() string {
 	if len(m.entries) == 0 || m.cursor >= len(m.entries) {
 		return ""
 	}
 	if m.focusedPanel == panelResponse {
 		return m.entries[m.cursor].ResponseRaw
 	}
 	return m.entries[m.cursor].RequestRaw
 }
 func (m Model) CurrentScheme() string {
 	if len(m.entries) == 0 || m.cursor >= len(m.entries) {
 		return "https"
 	}
 	if s := m.entries[m.cursor].Scheme; s != "" {
 		return s
 	}
 	return "https"
 }
 func (m *Model) SetDB(d *db.DB) {
 	m.database = d
 	if d == nil {
@@ -166,10 +199,13 @@ type replayKeyMap struct{ width int }
 func (replayKeyMap) ShortHelp() []key.Binding {
 	g := keys.Keys.Global
 	r := keys.Keys.Replay
-	return []key.Binding{g.Up, g.Down, r.Send, r.Edit, g.Help}
+	return []key.Binding{g.Up, g.Down, g.CycleFocus, r.Send, r.Edit, g.Help}
 }
 func (m replayKeyMap) FullHelp() [][]key.Binding {
-	all := append(keys.Keys.Replay.Bindings(), keys.Keys.Global.Bindings()...)
+	g := keys.Keys.Global
 	pageGlobals := []key.Binding{g.Up, g.Down, g.CycleFocus, g.ScrollUp, g.ScrollDown, g.Left, g.Right, g.Escape, g.Copy, g.CopyAs, g.SendToDiff}
 	all := append(keys.Keys.Replay.Bindings(), pageGlobals...)
 	all = append(all, g.CommonBindings()...)
 	return keys.ChunkByWidth(all, m.width)
 }
@@ -2,20 +2,27 @@ package replay
 import (
 	"bytes"
 	"compress/gzip"
 	"compress/zlib"
 	"crypto/tls"
 	"fmt"
 	"io"
 	"net/http"
 	"sort"
 	"strings"
 	"time"
 	"charm.land/bubbles/v2/key"
 	"charm.land/bubbles/v2/viewport"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/andybalholm/brotli"
 	"github.com/anotherhadi/spilltea/internal/config"
 	"github.com/anotherhadi/spilltea/internal/db"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 	diffUI "github.com/anotherhadi/spilltea/internal/ui/diff"
 	"github.com/anotherhadi/spilltea/internal/util"
 	"github.com/klauspost/compress/zstd"
 )
 type sentMsg struct {
@@ -33,6 +40,18 @@ func sendCmd(entry Entry, index int) tea.Cmd {
 }
 func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	var cmds []tea.Cmd
 	// Route non-key messages to textarea when editing so internal
 	// textarea messages (e.g. clipboard paste) are handled correctly.
 	if m.editing {
 		if _, ok := msg.(tea.KeyPressMsg); !ok {
 			var taCmd tea.Cmd
 			m.textarea, taCmd = m.textarea.Update(msg)
 			cmds = append(cmds, taCmd)
 		}
 	}
 	switch msg := msg.(type) {
 	case SendToReplayMsg:
 		entry := entryFromMsg(msg)
@@ -79,14 +98,14 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 					m.requestViewport.ScrollLeft(6)
 					m.responseViewport.ScrollLeft(6)
 				} else {
-					m.responseViewport.SetYOffset(m.responseViewport.YOffset() - 1)
+					m.scrollFocusedViewportVertical(-1)
 				}
 			case tea.MouseWheelDown:
 				if msg.Mod.Contains(tea.ModShift) {
 					m.requestViewport.ScrollRight(6)
 					m.responseViewport.ScrollRight(6)
 				} else {
-					m.responseViewport.SetYOffset(m.responseViewport.YOffset() + 1)
+					m.scrollFocusedViewportVertical(1)
 				}
 			case tea.MouseWheelLeft:
 				m.requestViewport.ScrollLeft(6)
@@ -104,7 +123,7 @@ func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 		return m.updateNormalMode(msg)
 	}
-	return m, nil
+	return m, tea.Batch(cmds...)
 }
 func (m Model) updateNormalMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
@@ -112,18 +131,36 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 	r := keys.Keys.Replay
 	switch {
 	case key.Matches(msg, g.Up):
 		if m.focusedPanel == panelList {
 			if m.cursor > 0 {
 				m.cursor--
 				m.refreshListViewport()
 				m.refreshBody()
 			}
 		} else {
 			m.scrollFocusedViewportVertical(-1)
 		}
 	case key.Matches(msg, g.Down):
 		if m.focusedPanel == panelList {
 			if m.cursor < len(m.entries)-1 {
 				m.cursor++
 				m.refreshListViewport()
 				m.refreshBody()
 			}
 		} else {
 			m.scrollFocusedViewportVertical(1)
 		}
 	case key.Matches(msg, g.CycleFocus):
 		switch m.focusedPanel {
 		case panelList:
 			m.focusedPanel = panelRequest
 		case panelRequest:
 			m.focusedPanel = panelResponse
 		default:
 			m.focusedPanel = panelList
 		}
 	case key.Matches(msg, r.Send):
 		if len(m.entries) > 0 && !m.entries[m.cursor].Sending {
@@ -154,18 +191,14 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 		}
 	case key.Matches(msg, g.ScrollUp):
-		step := m.responseViewport.Height() / 2
+		vp := m.focusedViewport()
-		if step < 1 {
+		util.ScrollViewport(&vp, -1)
-			step = 1
+		m.setFocusedViewport(vp)
 		}
 		m.responseViewport.SetYOffset(m.responseViewport.YOffset() - step)
 	case key.Matches(msg, g.ScrollDown):
-		step := m.responseViewport.Height() / 2
+		vp := m.focusedViewport()
-		if step < 1 {
+		util.ScrollViewport(&vp, 1)
-			step = 1
+		m.setFocusedViewport(vp)
 		}
 		m.responseViewport.SetYOffset(m.responseViewport.YOffset() + step)
 	case key.Matches(msg, g.Left):
 		m.requestViewport.ScrollLeft(6)
@@ -200,6 +233,45 @@ func (m Model) updateNormalMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 		m.refreshListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.GotoTop):
 		m.cursor = 0
 		m.pager.Page = 0
 		m.refreshListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.GotoBottom):
 		m.cursor = util.CursorGotoBottom(len(m.entries))
 		m.refreshListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.PrevPage):
 		m.cursor = util.CursorMovePage(m.cursor, len(m.entries), m.pager.PerPage, false)
 		m.refreshListViewport()
 		m.refreshBody()
 	case key.Matches(msg, keys.Keys.Global.NextPage):
 		m.cursor = util.CursorMovePage(m.cursor, len(m.entries), m.pager.PerPage, true)
 		m.refreshListViewport()
 		m.refreshBody()
 	case key.Matches(msg, g.SendToDiff):
 		if len(m.entries) > 0 {
 			e := m.entries[m.cursor]
 			var raw, label string
 			if m.focusedPanel == panelResponse {
 				raw = e.ResponseRaw
 				label = fmt.Sprintf("%d %s", e.StatusCode, http.StatusText(e.StatusCode))
 			} else {
 				raw = e.RequestRaw
 				label = e.Method + " " + e.Host + e.Path
 			}
 			if raw != "" {
 				return m, func() tea.Msg {
 					return diffUI.SendToDiffMsg{Label: label, Raw: raw}
 				}
 			}
 		}
 	case key.Matches(msg, g.Help):
 		m.help.ShowAll = !m.help.ShowAll
 		m.recalcSizes()
@@ -227,11 +299,39 @@ func (m Model) updateEditMode(msg tea.KeyPressMsg) (tea.Model, tea.Cmd) {
 	return m, nil
 }
 // focusedViewport returns the viewport that should receive scroll events.
 // When the list is focused, scroll targets the request panel.
 func (m *Model) focusedViewport() viewport.Model {
 	if m.focusedPanel == panelResponse {
 		return m.responseViewport
 	}
 	return m.requestViewport
 }
 func (m *Model) setFocusedViewport(vp viewport.Model) {
 	if m.focusedPanel == panelResponse {
 		m.responseViewport = vp
 	} else {
 		m.requestViewport = vp
 	}
 }
 func (m *Model) scrollFocusedViewportVertical(delta int) {
 	vp := m.focusedViewport()
 	vp.SetYOffset(vp.YOffset() + delta)
 	m.setFocusedViewport(vp)
 }
 func (m *Model) refreshListViewport() {
 	if m.pager.PerPage > 0 {
 		if len(m.entries) == 0 {
 			m.pager.Page = 0
 			m.pager.TotalPages = 0
 		} else {
 			m.pager.Page = m.cursor / m.pager.PerPage
 			m.pager.SetTotalPages(len(m.entries))
 		}
 	}
 	m.listViewport.SetContent(m.renderList())
 }
@@ -247,69 +347,46 @@ func (m *Model) refreshBody() {
 	m.requestViewport.SetXOffset(0)
 	if e.Sending {
-		m.responseViewport.SetContent(style.HighlightHTTP("Sending..."))
+		m.responseViewport.SetContent(lipgloss.Place(m.responseViewport.Width(), m.responseViewport.Height(), lipgloss.Center, lipgloss.Center, style.S.Faint.Render(util.CenterLines("(ﾉ◕ヮ◕)ﾉ*:･ﾟ", "sending..."))))
 	} else if e.ResponseRaw != "" {
 		m.responseViewport.SetContent(style.HighlightHTTP(e.ResponseRaw))
 	} else {
-		m.responseViewport.SetContent("")
+		m.responseViewport.SetContent(lipgloss.Place(m.responseViewport.Width(), m.responseViewport.Height(), lipgloss.Center, lipgloss.Center, style.S.Faint.Render(util.CenterLines("( •_•)>⌐■", "press send to fire"))))
 	}
 	m.responseViewport.SetYOffset(0)
 	m.responseViewport.SetXOffset(0)
 }
 func doSend(entry Entry) (responseRaw string, statusCode int, err error) {
-	lines := strings.Split(strings.ReplaceAll(entry.RequestRaw, "\r\n", "\n"), "\n")
+	parsed := util.ParseRawRequest(entry.RequestRaw)
-	if len(lines) == 0 {
+	if parsed.Method == "" {
 		return "", 0, fmt.Errorf("empty request")
 	}
-	parts := strings.SplitN(lines[0], " ", 3)
+	host := parsed.Host
-	if len(parts) < 2 {
+	if host == "" {
-		return "", 0, fmt.Errorf("invalid request line")
+		host = entry.Host
 	}
 	method := strings.TrimSpace(parts[0])
 	path := strings.TrimSpace(parts[1])
 	headers := make(http.Header)
-	host := entry.Host
+	for _, h := range parsed.Headers {
-	i := 1
+		if strings.EqualFold(h.Key, "host") {
-	for i < len(lines) {
+			continue
 		line := strings.TrimRight(lines[i], "\r")
 		if line == "" {
 			i++
 			break
 		}
-		if kv := strings.SplitN(line, ": ", 2); len(kv) == 2 {
+		headers.Add(h.Key, h.Value)
 			k := strings.TrimSpace(kv[0])
 			v := strings.TrimSpace(kv[1])
 			if strings.ToLower(k) == "host" {
 				host = v
 			} else {
 				headers.Add(k, v)
 			}
 		}
 		i++
 	}
 	var bodyBytes []byte
 	if i < len(lines) {
 		b := strings.Join(lines[i:], "\n")
 		b = strings.TrimRight(b, "\n")
 		bodyBytes = []byte(b)
 	}
 	scheme := entry.Scheme
 	if scheme == "" {
 		scheme = "https"
 	}
-	urlStr := scheme + "://" + host + path
+	urlStr := scheme + "://" + host + parsed.Path
 	var bodyReader io.Reader
-	if len(bodyBytes) > 0 {
+	if parsed.Body != "" {
-		bodyReader = bytes.NewReader(bodyBytes)
+		bodyReader = strings.NewReader(parsed.Body)
 	}
-	req, err := http.NewRequest(method, urlStr, bodyReader)
+	req, err := http.NewRequest(parsed.Method, urlStr, bodyReader)
 	if err != nil {
 		return "", 0, err
 	}
@@ -331,19 +408,21 @@ func doSend(entry Entry) (responseRaw string, statusCode int, err error) {
 	}
 	defer resp.Body.Close()
-	respBody, _ := io.ReadAll(resp.Body)
+	limit := int64(config.Global.App.MaxBodySizeMB) * 1024 * 1024
 	respBody, _ := io.ReadAll(io.LimitReader(resp.Body, limit))
 	if enc := resp.Header.Get("Content-Encoding"); enc != "" {
 		if decoded, decErr := decodeBody(enc, respBody); decErr == nil {
 			respBody = decoded
 			resp.Header.Del("Content-Encoding")
 			resp.Header.Del("Content-Length")
 		}
 	}
 	var sb strings.Builder
 	fmt.Fprintf(&sb, "%s %d %s\n", resp.Proto, resp.StatusCode, http.StatusText(resp.StatusCode))
-	sortedKeys := make([]string, 0, len(resp.Header))
+	for _, line := range util.SortedHeaderLines(resp.Header) {
-	for k := range resp.Header {
+		sb.WriteString(line)
 		sortedKeys = append(sortedKeys, k)
 	}
 	sort.Strings(sortedKeys)
 	for _, k := range sortedKeys {
 		for _, v := range resp.Header[k] {
 			fmt.Fprintf(&sb, "%s: %s\n", k, v)
 		}
 	}
 	sb.WriteString("\n")
 	sb.Write(respBody)
@@ -351,6 +430,35 @@ func doSend(entry Entry) (responseRaw string, statusCode int, err error) {
 	return sb.String(), resp.StatusCode, nil
 }
 func decodeBody(encoding string, body []byte) ([]byte, error) {
 	switch strings.ToLower(strings.TrimSpace(encoding)) {
 	case "gzip":
 		r, err := gzip.NewReader(bytes.NewReader(body))
 		if err != nil {
 			return nil, err
 		}
 		defer r.Close()
 		return io.ReadAll(r)
 	case "br":
 		return io.ReadAll(brotli.NewReader(bytes.NewReader(body)))
 	case "deflate":
 		r, err := zlib.NewReader(bytes.NewReader(body))
 		if err != nil {
 			return nil, err
 		}
 		defer r.Close()
 		return io.ReadAll(r)
 	case "zstd":
 		r, err := zstd.NewReader(bytes.NewReader(body))
 		if err != nil {
 			return nil, err
 		}
 		defer r.Close()
 		return io.ReadAll(r)
 	}
 	return nil, fmt.Errorf("unsupported encoding: %s", encoding)
 }
 func entryToDB(e Entry) db.ReplayEntry {
 	errMsg := ""
 	if e.Err != nil {
@@ -372,7 +480,11 @@ func entryToDB(e Entry) db.ReplayEntry {
 }
 func entryFromMsg(msg SendToReplayMsg) Entry {
-	method, host, path := parseFirstLine(msg.RequestRaw, msg.Host)
+	parsed := util.ParseRawRequest(msg.RequestRaw)
 	host := parsed.Host
 	if host == "" {
 		host = msg.Host
 	}
 	scheme := msg.Scheme
 	if scheme == "" {
 		scheme = util.InferScheme(host)
@@ -380,34 +492,9 @@ func entryFromMsg(msg SendToReplayMsg) Entry {
 	return Entry{
 		Scheme:      scheme,
 		Host:        host,
-		Path:        path,
+		Path:        parsed.Path,
-		Method:      method,
+		Method:      parsed.Method,
 		OriginalRaw: msg.RequestRaw,
 		RequestRaw:  msg.RequestRaw,
 	}
 }
 func parseFirstLine(raw, fallbackHost string) (method, host, path string) {
 	host = fallbackHost
 	path = "/"
 	lines := strings.SplitN(raw, "\n", 2)
 	if len(lines) == 0 {
 		return
 	}
 	parts := strings.Fields(lines[0])
 	if len(parts) >= 1 {
 		method = parts[0]
 	}
 	if len(parts) >= 2 {
 		path = parts[1]
 	}
 	if len(lines) > 1 {
 		for _, line := range strings.Split(lines[1], "\n") {
 			if strings.HasPrefix(strings.ToLower(line), "host:") {
 				host = strings.TrimSpace(line[5:])
 				break
 			}
 		}
 	}
 	return
 }
@@ -8,6 +8,7 @@ import (
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/style"
 	"github.com/anotherhadi/spilltea/internal/util"
 )
 func (m Model) View() tea.View {
@@ -33,12 +34,19 @@ func (m Model) View() tea.View {
 func (m *Model) renderListPanel(w, h int) string {
 	s := style.S
-	dots := s.Faint.Render(m.pager.View())
+	panelStyle := s.Panel
 	if !m.editing && m.focusedPanel == panelList {
 		panelStyle = s.PanelFocused
 	}
 	var dots string
 	if len(m.entries) > 0 {
 		dots = s.Faint.Render(m.pager.View())
 	}
 	inner := lipgloss.JoinVertical(lipgloss.Left,
 		m.listViewport.View(),
 		lipgloss.PlaceHorizontal(m.listViewport.Width(), lipgloss.Center, dots),
 	)
-	return style.RenderWithTitle(s.PanelFocused, icons.I.Replay+"Replay", inner, w, h)
+	return style.RenderWithTitle(panelStyle, icons.I.Replay+"Replay", inner, w, h)
 }
 func (m *Model) renderRequestPanel(w, h int) string {
@@ -50,13 +58,20 @@ func (m *Model) renderRequestPanel(w, h int) string {
 		border = s.PanelFocused
 	} else {
 		body = m.requestViewport.View()
 		if m.focusedPanel == panelRequest {
 			border = s.PanelFocused
 		}
 	}
 	return style.RenderWithTitle(border, icons.I.Request+"Request", body, w, h)
 }
 func (m *Model) renderResponsePanel(w, h int) string {
 	s := style.S
-	return style.RenderWithTitle(s.Panel, icons.I.Response+"Response", m.responseViewport.View(), w, h)
+	border := s.Panel
 	if !m.editing && m.focusedPanel == panelResponse {
 		border = s.PanelFocused
 	}
 	return style.RenderWithTitle(border, icons.I.Response+"Response", m.responseViewport.View(), w, h)
 }
 func (m *Model) renderStatusBar() string {
@@ -68,7 +83,7 @@ func (m *Model) renderList() string {
 		return lipgloss.Place(
 			m.listViewport.Width(), m.listViewport.Height(),
 			lipgloss.Center, lipgloss.Center,
-			style.S.Faint.Render("                  (╥﹏╥)\nsend a request from History or Intercept"),
+			style.S.Faint.Render(util.CenterLines("(╥﹏╥)", "send a request from History or Intercept")),
 		)
 	}
@@ -1,150 +0,0 @@
 package scope
 import (
 	"strings"
 	"charm.land/bubbles/v2/help"
 	"charm.land/bubbles/v2/key"
 	"charm.land/bubbles/v2/textarea"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 	"github.com/anotherhadi/spilltea/internal/style"
 )
 const (
 	fieldNone      = -1
 	fieldWhitelist = 0
 	fieldBlacklist = 1
 )
 const (
 	minTaH = 3
 	maxTaH = 12
 	fixedH = 8 // (blank + label + desc + blank) x2
 )
 type ScopeChangedMsg struct {
 	Whitelist []string
 	Blacklist []string
 }
 type Model struct {
 	focusIdx int
 	wlTextarea textarea.Model
 	blTextarea textarea.Model
 	innerH int
 	width  int
 	height int
 	help help.Model
 }
 func New(name, path string) Model {
 	wl := style.NewTextarea(true)
 	wl.Placeholder = "one pattern per line..."
 	bl := style.NewTextarea(true)
 	bl.Placeholder = "one pattern per line..."
 	bl.Blur()
 	return Model{
 		focusIdx:   fieldNone,
 		wlTextarea: wl,
 		blTextarea: bl,
 		help:       style.NewHelp(),
 	}
 }
 func (m Model) Init() tea.Cmd { return nil }
 func (m *Model) SetScope(whitelist, blacklist []string) {
 	m.wlTextarea.SetValue(strings.Join(whitelist, "\n"))
 	m.blTextarea.SetValue(strings.Join(blacklist, "\n"))
 }
 func (m *Model) SetSize(w, h int) {
 	m.width = w
 	m.height = h
 	m.syncLayout()
 }
 func (m *Model) syncLayout() {
 	if m.width == 0 {
 		return
 	}
 	m.help.SetWidth(m.width - 2)
 	statusH := strings.Count(m.renderStatusBar(), "\n") + 1
 	panelH := m.height - statusH
 	m.innerH = max(1, style.PanelContentH(panelH))
 	taH := (m.innerH - fixedH) / 2
 	if taH < minTaH {
 		taH = minTaH
 	}
 	if taH > maxTaH {
 		taH = maxTaH
 	}
 	// width - 2 (panel border) - 1 (leading space in view) - 3 (right margin + cursor)
 	taW := max(1, m.width-6)
 	m.wlTextarea.SetWidth(taW)
 	m.wlTextarea.SetHeight(taH)
 	m.blTextarea.SetWidth(taW)
 	m.blTextarea.SetHeight(taH)
 }
 func (m Model) IsEditing() bool {
 	return m.focusIdx == fieldWhitelist || m.focusIdx == fieldBlacklist
 }
 func (m *Model) scopeChangedCmd() tea.Cmd {
 	wl := parseLines(m.wlTextarea.Value())
 	bl := parseLines(m.blTextarea.Value())
 	return func() tea.Msg {
 		return ScopeChangedMsg{Whitelist: wl, Blacklist: bl}
 	}
 }
 func parseLines(s string) []string {
 	var out []string
 	for _, line := range strings.Split(s, "\n") {
 		if t := strings.TrimSpace(line); t != "" {
 			out = append(out, t)
 		}
 	}
 	return out
 }
 func (m Model) renderStatusBar() string {
 	return lipgloss.NewStyle().Padding(0, 1).Render(
 		m.help.View(formKeyMap{focusIdx: m.focusIdx}),
 	)
 }
 type formKeyMap struct {
 	focusIdx int
 }
 func (k formKeyMap) ShortHelp() []key.Binding {
 	cycle := keys.Keys.Global.CycleFocus
 	hlp := keys.Keys.Global.Help
 	switch k.focusIdx {
 	case fieldWhitelist, fieldBlacklist:
 		esc := keys.Keys.Global.Escape
 		escBinding := key.NewBinding(key.WithKeys(esc.Keys()...), key.WithHelp(esc.Help().Key, "unfocus"))
 		return []key.Binding{
 			key.NewBinding(key.WithKeys("enter"), key.WithHelp("enter", "new line")),
 			escBinding,
 			cycle,
 		}
 	}
 	return []key.Binding{cycle, hlp}
 }
 func (k formKeyMap) FullHelp() [][]key.Binding {
 	return [][]key.Binding{k.ShortHelp()}
 }
@@ -1,70 +0,0 @@
 package scope
 import (
 	"charm.land/bubbles/v2/key"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/keys"
 )
 func (m Model) Update(msg tea.Msg) (tea.Model, tea.Cmd) {
 	kp, isKey := msg.(tea.KeyPressMsg)
 	if !isKey {
 		return m, nil
 	}
 	if key.Matches(kp, keys.Keys.Global.CycleFocus) {
 		return m.cycleFocus()
 	}
 	if key.Matches(kp, keys.Keys.Global.Help) && !m.IsEditing() {
 		m.help.ShowAll = !m.help.ShowAll
 		return m, nil
 	}
 	switch m.focusIdx {
 	case fieldWhitelist:
 		if key.Matches(kp, keys.Keys.Global.Escape) {
 			return m.blurAll()
 		}
 		var cmd tea.Cmd
 		m.wlTextarea, cmd = m.wlTextarea.Update(kp)
 		return m, cmd
 	case fieldBlacklist:
 		if key.Matches(kp, keys.Keys.Global.Escape) {
 			return m.blurAll()
 		}
 		var cmd tea.Cmd
 		m.blTextarea, cmd = m.blTextarea.Update(kp)
 		return m, cmd
 	}
 	return m, nil
 }
 func (m Model) blurAll() (tea.Model, tea.Cmd) {
 	m.wlTextarea.Blur()
 	m.blTextarea.Blur()
 	m.focusIdx = fieldNone
 	m.syncLayout()
 	return m, m.scopeChangedCmd()
 }
 func (m Model) cycleFocus() (tea.Model, tea.Cmd) {
 	scopeCmd := m.scopeChangedCmd()
 	var focusCmd tea.Cmd
 	switch m.focusIdx {
 	case fieldNone, fieldBlacklist:
 		m.blTextarea.Blur()
 		m.focusIdx = fieldWhitelist
 		focusCmd = m.wlTextarea.Focus()
 	case fieldWhitelist:
 		m.wlTextarea.Blur()
 		m.focusIdx = fieldBlacklist
 		focusCmd = m.blTextarea.Focus()
 	}
 	m.syncLayout()
 	return m, tea.Batch(focusCmd, scopeCmd)
 }
@@ -1,84 +0,0 @@
 package scope
 import (
 	"strings"
 	tea "charm.land/bubbletea/v2"
 	"charm.land/lipgloss/v2"
 	"github.com/anotherhadi/spilltea/internal/icons"
 	"github.com/anotherhadi/spilltea/internal/style"
 )
 func (m Model) View() tea.View {
 	if m.width == 0 {
 		return tea.NewView("")
 	}
 	s := style.S
 	statusBar := m.renderStatusBar()
 	statusH := strings.Count(statusBar, "\n") + 1
 	panelH := m.height - statusH
 	innerH := max(1, style.PanelContentH(panelH))
 	taH := (innerH - fixedH) / 2
 	if taH < minTaH {
 		taH = minTaH
 	}
 	if taH > maxTaH {
 		taH = maxTaH
 	}
 	var lines []string
 	add := func(l string) { lines = append(lines, l) }
 	add("")
 	add(fieldLabel("Whitelist", m.focusIdx == fieldWhitelist))
 	add(" " + s.Faint.Render("If non-empty, only matching requests are intercepted."))
 	add("")
 	wlContentLines := strings.Count(m.wlTextarea.Value(), "\n") + 1
 	for _, l := range taLines(m.wlTextarea.View(), taH, wlContentLines) {
 		add(" " + l)
 	}
 	add("")
 	add(fieldLabel("Blacklist", m.focusIdx == fieldBlacklist))
 	add(" " + s.Faint.Render("Matching requests are always excluded from history."))
 	add("")
 	blContentLines := strings.Count(m.blTextarea.Value(), "\n") + 1
 	for _, l := range taLines(m.blTextarea.View(), taH, blContentLines) {
 		add(" " + l)
 	}
 	for len(lines) < innerH {
 		lines = append(lines, "")
 	}
 	content := strings.Join(lines[:innerH], "\n")
 	panel := style.RenderWithTitle(s.PanelFocused, icons.I.Scope+"Scopes", content, m.width, panelH)
 	return tea.NewView(lipgloss.JoinVertical(lipgloss.Left, panel, statusBar))
 }
 func fieldLabel(name string, focused bool) string {
 	s := style.S
 	c := s.MutedFg
 	if focused {
 		c = s.Primary
 	}
 	return "  " + lipgloss.NewStyle().Foreground(c).Bold(focused).Render(name)
 }
 func taLines(view string, h int, contentLines int) []string {
 	raw := strings.Split(strings.TrimRight(view, "\n"), "\n")
 	tilde := style.S.Faint.Render("~")
 	for len(raw) < h {
 		raw = append(raw, tilde)
 	}
 	if len(raw) > h {
 		raw = raw[:h]
 	}
 	for i := contentLines; i < len(raw); i++ {
 		raw[i] = tilde
 	}
 	return raw
 }
@@ -0,0 +1,30 @@
 package util
 // CursorMovePage moves cursor forward or backward by one page (perPage items),
 // clamped to [0, total-1].
 func CursorMovePage(cursor, total, perPage int, forward bool) int {
 	step := perPage
 	if step < 1 {
 		step = 1
 	}
 	if forward {
 		cursor += step
 	} else {
 		cursor -= step
 	}
 	if cursor < 0 || total <= 0 {
 		return 0
 	}
 	if cursor >= total {
 		return total - 1
 	}
 	return cursor
 }
 // CursorGotoBottom returns the last valid cursor index for a list of total items.
 func CursorGotoBottom(total int) int {
 	if total <= 0 {
 		return 0
 	}
 	return total - 1
 }
@@ -5,6 +5,8 @@ import (
 	"os/exec"
 	tea "charm.land/bubbletea/v2"
 	"github.com/anotherhadi/spilltea/internal/config"
 )
 type EditorFinishedMsg struct {
@@ -13,7 +15,10 @@ type EditorFinishedMsg struct {
 }
 func OpenExternalEditor(content string) tea.Cmd {
-	editor := os.Getenv("EDITOR")
+	editor := config.Global.App.ExternalEditor
 	if editor == "" {
 		editor = os.Getenv("EDITOR")
 	}
 	if editor == "" {
 		editor = "vi"
 	}
@@ -0,0 +1,86 @@
 package util
 import (
 	"fmt"
 	"net/http"
 	"sort"
 	"strings"
 )
 // RawRequest holds a parsed raw HTTP request string.
 type RawRequest struct {
 	Method  string
 	Path    string
 	Proto   string
 	Host    string
 	Headers []RawHeader
 	Body    string
 }
 // RawHeader is a single header key/value pair preserving insertion order.
 type RawHeader struct {
 	Key   string
 	Value string
 }
 // ParseRawRequest parses a raw HTTP request string (as produced by
 // FormatRawRequest). The Host header, if present, is extracted into Host
 // but also kept in Headers.
 func ParseRawRequest(raw string) RawRequest {
 	lines := strings.Split(strings.ReplaceAll(raw, "\r\n", "\n"), "\n")
 	var r RawRequest
 	if len(lines) == 0 {
 		return r
 	}
 	parts := strings.SplitN(lines[0], " ", 3)
 	if len(parts) >= 1 {
 		r.Method = strings.TrimSpace(parts[0])
 	}
 	if len(parts) >= 2 {
 		r.Path = strings.TrimSpace(parts[1])
 	}
 	if len(parts) >= 3 {
 		r.Proto = strings.TrimSpace(parts[2])
 	}
 	i := 1
 	for i < len(lines) {
 		line := strings.TrimRight(lines[i], "\r")
 		if line == "" {
 			i++
 			break
 		}
 		if kv := strings.SplitN(line, ": ", 2); len(kv) == 2 {
 			k := strings.TrimSpace(kv[0])
 			v := strings.TrimSpace(kv[1])
 			r.Headers = append(r.Headers, RawHeader{k, v})
 			if strings.EqualFold(k, "host") {
 				r.Host = v
 			}
 		}
 		i++
 	}
 	if i < len(lines) {
 		r.Body = strings.TrimRight(strings.Join(lines[i:], "\n"), "\n")
 	}
 	return r
 }
 // SortedHeaderLines returns header lines sorted by key name, formatted as
 // "Key: Value\n" strings. Useful for deterministic serialisation.
 func SortedHeaderLines(h http.Header) []string {
 	keys := make([]string, 0, len(h))
 	for k := range h {
 		keys = append(keys, k)
 	}
 	sort.Strings(keys)
 	var out []string
 	for _, k := range keys {
 		for _, v := range h[k] {
 			out = append(out, fmt.Sprintf("%s: %s\n", k, v))
 		}
 	}
 	return out
 }
@@ -1,6 +1,10 @@
 package util
-import "strings"
+import (
 	"strings"
 	"charm.land/lipgloss/v2"
 )
 func Truncate(s string, max int) string {
 	if len(s) <= max {
@@ -9,6 +13,21 @@ func Truncate(s string, max int) string {
 	return s[:max-1] + "…"
 }
 // CenterLines centers each line horizontally relative to the longest one.
 func CenterLines(lines ...string) string {
 	maxWidth := 0
 	for _, l := range lines {
 		if w := lipgloss.Width(l); w > maxWidth {
 			maxWidth = w
 		}
 	}
 	centered := make([]string, len(lines))
 	for i, l := range lines {
 		centered[i] = lipgloss.PlaceHorizontal(maxWidth, lipgloss.Center, l)
 	}
 	return strings.Join(centered, "\n")
 }
 // InferScheme returns "http" for port 80, "https" otherwise.
 func InferScheme(host string) string {
 	if strings.HasSuffix(host, ":80") {
@@ -0,0 +1,39 @@
 package util
 import (
 	"charm.land/bubbles/v2/viewport"
 	tea "charm.land/bubbletea/v2"
 )
 // ScrollViewport scrolls vp vertically by half its height.
 // delta should be -1 for up, +1 for down.
 func ScrollViewport(vp *viewport.Model, delta int) {
 	step := vp.Height() / 2
 	if step < 1 {
 		step = 1
 	}
 	vp.SetYOffset(vp.YOffset() + delta*step)
 }
 // HandleMouseWheel applies standard mouse wheel scrolling to vp.
 // Vertical: one line at a time. Shift+vertical or horizontal: scroll 6 columns.
 func HandleMouseWheel(msg tea.MouseWheelMsg, vp *viewport.Model) {
 	switch msg.Button {
 	case tea.MouseWheelUp:
 		if msg.Mod.Contains(tea.ModShift) {
 			vp.ScrollLeft(6)
 		} else {
 			vp.SetYOffset(vp.YOffset() - 1)
 		}
 	case tea.MouseWheelDown:
 		if msg.Mod.Contains(tea.ModShift) {
 			vp.ScrollRight(6)
 		} else {
 			vp.SetYOffset(vp.YOffset() + 1)
 		}
 	case tea.MouseWheelLeft:
 		vp.ScrollLeft(6)
 	case tea.MouseWheelRight:
 		vp.ScrollRight(6)
 	}
 }
@@ -0,0 +1,19 @@
 pre-commit:
  piped: true
  commands:
    check-vendor-hash:
      glob: "{go.mod,go.sum}"
      run: .github/scripts/check-vendor-hash.sh
      stage_fixed: true
    inject-exec-basics:
      glob: "{docs/basics.md,cmd/**}"
      run: python3 .github/scripts/inject-exec.py docs/basics.md
      stage_fixed: true
    inject-exec:
      glob: "{README.md,docs/basics.md,cmd/**}"
      run: python3 .github/scripts/inject-exec.py README.md
      stage_fixed: true
    toc:
      glob: "{README.md,docs/basics.md,cmd/**}"
      run: doctoc --notitle README.md
      stage_fixed: true
@@ -0,0 +1,45 @@
 package spilltea
 import (
 	"embed"
 	"fmt"
 	"io/fs"
 	"os"
 	"path/filepath"
 )
 //go:embed plugins/*.lua
 var PluginsFS embed.FS
 // InstallDefaultPlugins copies embedded default plugins into dir, skipping
 // files that already exist. Returns the number of files written.
 func InstallDefaultPlugins(dir string) (int, error) {
 	if err := os.MkdirAll(dir, 0o755); err != nil {
 		return 0, fmt.Errorf("create plugins dir: %w", err)
 	}
 	entries, err := fs.ReadDir(PluginsFS, "plugins")
 	if err != nil {
 		return 0, err
 	}
 	written := 0
 	for _, e := range entries {
 		if e.IsDir() {
 			continue
 		}
 		dst := filepath.Join(dir, e.Name())
 		if _, err := os.Stat(dst); err == nil {
 			continue
 		}
 		data, err := PluginsFS.ReadFile("plugins/" + e.Name())
 		if err != nil {
 			return written, fmt.Errorf("read embedded %s: %w", e.Name(), err)
 		}
 		if err := os.WriteFile(dst, data, 0o644); err != nil {
 			return written, fmt.Errorf("write %s: %w", dst, err)
 		}
 		written++
 	}
 	return written, nil
 }
@@ -1,26 +1,28 @@
 -- Inject a custom header into every request.
 -- Config format (one per line): Header-Name: value
 Plugin = {
  name        = "Inject Header",
  description = [[
 Inject custom headers into every intercepted request.
 **Config**:
 - one 'Header-Name: value' per line.
  ]],
  on_request  = { sync = true },
 }
 local headers = {}
-function on_start(config_text)
+function on_config(config_text)
  headers = {}
  for line in config_text:gmatch("[^\n]+") do
    local name, value = line:match("^([^:]+):%s*(.+)$")
    if name and value then
      table.insert(headers, { name = name, value = value })
    end
  end
  log("loaded " .. #headers .. " header(s)")
 end
 function on_request(req)
  for _, h in ipairs(headers) do
    req:set_header(h.name, h.value)
  end
  return "forward"
 end
@@ -0,0 +1,70 @@
 Plugin = {
  name        = "IP Filter (Whitelist/Blacklist)",
  description = [[
 Checks that the proxy's outbound IP is in an allowed list on startup.
 **Config**:
 - one IP per line
 - prefix with `!` for a blacklist entry (blocked)
 - prefix with `#` to comment it out (ignored)
 - if no IPs are configured, the check is skipped
  ]],
  on_start = { sync = false },
  disable_by_default = true,
 }
 local whitelist = {}
 local blacklist = {}
 function on_config(config_text)
  whitelist = {}
  blacklist = {}
  for line in config_text:gmatch("[^\n]+") do
    local trimmed = line:match("^%s*(.-)%s*$")
    if trimmed ~= "" and trimmed:sub(1, 1) ~= "#" then
      if trimmed:sub(1, 1) == "!" then
        local ip = trimmed:sub(2):match("^%s*(.-)%s*$")
        if ip ~= "" then
          table.insert(blacklist, ip)
        end
      else
        table.insert(whitelist, trimmed)
      end
    end
  end
 end
 function on_start()
  if #whitelist == 0 and #blacklist == 0 then
    return
  end
  local result, err = shell_pipe("curl -sf https://api.ipify.org 2>/dev/null")
  result = result and result:match("^%s*(.-)%s*$") or nil
  if err or not result or result == "" then
    log("could not determine outbound IP, skipping check")
    notif("IP Filter", "Could not determine outbound IP, skipping check", "warning")
    return
  end
  for _, ip in ipairs(blacklist) do
    if result == ip then
      notif("IP Filter", "Outbound IP " .. result .. " is blacklisted!", "error")
      return
    end
  end
  if #whitelist == 0 then
    return
  end
  for _, ip in ipairs(whitelist) do
    if result == ip then
      return
    end
  end
  notif("IP Filter", "Outbound IP " .. result .. " is not in the whitelist!", "error")
 end
@@ -0,0 +1,104 @@
 Plugin = {
  name        = "Scopes",
  description = [[
 Auto-forward requests and exclude them from history based on patterns.
 **Config**:
 - `pattern`    - whitelist: only intercept matching requests/responses and history entries
 - `!pattern`   - blacklist: skip matching requests/responses and history entries
 - `r:pattern`  - whitelist for requests/responses only (history unaffected)
 - `r:!pattern` - blacklist for requests/responses only
 - `h:pattern`  - whitelist for history entries only (requests unaffected)
 - `h:!pattern` - blacklist for history entries only
 - lines starting with `#` are comments
 Example (ignore static assets):
 ```
 !%.css$
 !%.js$
 !%.png$
 ```
 Example (focus on mytarget.com, skip everything else):
 ```
 mytarget%.com/
 ```
 Example (intercept mytarget.com except its static assets):
 ```
 mytarget%.com/
 !%.css$
 !%.js$
 !%.png$
 ```
 Example (disable history: whitelist never matches any real URL):
 ```
 h:^$
 ```
  ]],
  priority         = 100,
  on_request       = { sync = true },
  on_response       = { sync = true },
  on_history_entry = { sync = true },
 }
 local blacklist      = {}
 local whitelist      = {}
 local blacklist_req  = {}
 local whitelist_req  = {}
 local blacklist_hist = {}
 local whitelist_hist = {}
 function on_config(config_text)
  blacklist, whitelist = {}, {}
  blacklist_req, whitelist_req = {}, {}
  blacklist_hist, whitelist_hist = {}, {}
  for line in config_text:gmatch("[^\n]+") do
    local trimmed = line:match("^%s*(.-)%s*$")
    if trimmed ~= "" and trimmed:sub(1, 1) ~= "#" then
      local scope = trimmed:match("^([rh]):")
      local rest  = scope and trimmed:sub(3) or trimmed
      local is_bl = rest:sub(1, 1) == "!"
      local pattern = is_bl and rest:sub(2) or rest
      if scope == "r" then
        table.insert(is_bl and blacklist_req or whitelist_req, pattern)
      elseif scope == "h" then
        table.insert(is_bl and blacklist_hist or whitelist_hist, pattern)
      else
        table.insert(is_bl and blacklist or whitelist, pattern)
      end
    end
  end
 end
 local function check_skip(url, bl_extra, wl_extra)
  for _, p in ipairs(blacklist) do
    if url:match(p) then return true end
  end
  for _, p in ipairs(bl_extra) do
    if url:match(p) then return true end
  end
  local wl = {}
  for _, p in ipairs(whitelist)  do wl[#wl + 1] = p end
  for _, p in ipairs(wl_extra)   do wl[#wl + 1] = p end
  if #wl > 0 then
    for _, p in ipairs(wl) do
      if url:match(p) then return false end
    end
    return true
  end
  return false
 end
 function on_request(req)
  if check_skip(req.url, blacklist_req, whitelist_req) then return "forward" end
 end
 function on_response(req)
  if check_skip(req.url, blacklist_req, whitelist_req) then return "forward" end
 end
 function on_history_entry(entry)
  if check_skip(entry.host .. entry.path, blacklist_hist, whitelist_hist) then return "skip" end
 end
@@ -0,0 +1,166 @@
 Plugin = {
  name        = "Secret Scan",
  description = [[
 Scans HTML, JavaScript and JSON content (requests and responses) for hardcoded
 secrets by matching common secret key names followed by a non-trivial value.
 Uses `grep -E` (available on all Unix systems, no extra dependencies).
  ]],
  on_request  = { sync = false },
  on_response = { sync = false },
  disable_by_default = true,
 }
 local CONTENT_TYPES = {
  "text/html",
  "text/javascript",
  "application/javascript",
  "application/json",
 }
 -- Key name alternation (case-insensitive via grep -i)
 -- Suffixes are required (no bare generic keyword alone).
 local KEYS = {
  "access(_key|_token)", "accessid_secret", "account(_key|_sid)",
  "admin_pass(word)?", "admin_user",
  "(algolia|aws|gcp|azure|heroku|firebase|github|gitlab|slack|datadog|stripe|twilio|vercel|supabase|sendgrid|cloudinary|cloudflare|bitbucket|npm|netlify|auth0|okta|sentry)(_?(api|secret|access)(_?(key|token|id|sid|secret))?|_?(key|token|id|sid|secret))",
  "ansible_vault_password", "aos_key",
  "api(_key|_secret|_token)",
  "app_(id|key|secret)", "application(_key|_id|_secret)",
  "auth(_token|_secret|orization)", "authkey", "authsecret",
  "bearer_?token",
  "bucket(_password|_key)",
  "cert_?pass(word)?", "certificate_password",
  "client(_id|_secret)",
  "codecov_token", "consumer_(key|secret)",
  "connection_?string", "credentials?", "crypt(_key|_secret)",
  "db_(password|passwd|user(name)?)",
  "deploy(_key|_password|_token)",
  "docker_?pass(word)?", "dockerhub_?password",
  "encryption_(key|password)",
  "jwt_secret", "json_web_token",
  "keycloak_secret", "kubernetes_token",
  "ldap_(password|bindpw)", "login(_password|_token)",
  "mail_?password", "mail_smtp_pass",
  "mysql_password", "mongo_password",
  "netlify_token", "npm(_token|_auth_token)",
  "oauth(_token|_secret)",
  "openai_(api_key|secret)",
  "pass(word)?", "passwd",
  "private(_key|_token)",
  "rds_password",
  "s3(_key|_secret|_access_key_id)",
  "secret(_key|_token|_id)", "security_token",
  "sendgrid_api_key",
  "ses_(smtp|access|secret)",
  "service(_account|_key|_token)",
  "smtp_pass(word)?", "smtp_secret",
  "sonar_token",
  "ssh(_key|_private_key|_rsa)",
  "supabase(_anon|_service)?_key",
  "symfony_secret",
  "telegram_bot_token",
  "token",
  "travis_token",
  "vault(_token|_secret)",
  "webhook(_secret|_token)",
  "zapier_webhook_token",
 }
 -- Built once at load time.
 -- Pattern breakdown:
 --   KEY[a-z0-9._-]{0,20}   key name + optional alphanumeric suffix (e.g. _ID in AWS_ACCESS_KEY_ID)
 --   [^=:a-zA-Z0-9_]{0,3}  optional non-identifier chars before separator (e.g. closing " in JSON "key":)
 --   [[:space:]]*[:=]        REQUIRED: actual = or : assignment operator
 --   [[:space:]]*"?          optional whitespace + opening quote
 --   [a-zA-Z0-9+/=_.-]{8,} the secret value, at least 8 chars
 local KEY_PAT  = "(" .. table.concat(KEYS, "|") .. ")"
 local FULL_PAT = KEY_PAT .. '[a-z0-9._-]{0,20}[^=:a-zA-Z0-9_]{0,3}[[:space:]]*[:=][[:space:]]*"?[a-zA-Z0-9+/=_.-]{8,}'
 local GREP_CMD = "grep -Eoni '" .. FULL_PAT .. "'"
 local function is_relevant(ct)
  if not ct or ct == "" then return false end
  ct = ct:lower()
  for _, t in ipairs(CONTENT_TYPES) do
    if ct:find(t, 1, true) then return true end
  end
  return false
 end
 local function build_context(lines, linenum)
  local lo = math.max(1, linenum - 6)
  local hi = math.min(#lines, linenum + 6)
  local before, after = {}, {}
  for i = lo, linenum - 1 do
    local l = lines[i] or ""
    if #l > 120 then l = l:sub(1, 120) .. "..." end
    table.insert(before, l)
  end
  for i = linenum + 1, hi do
    local l = lines[i] or ""
    if #l > 120 then l = l:sub(1, 120) .. "..." end
    table.insert(after, l)
  end
  local matched_line = lines[linenum] or ""
  if #matched_line > 200 then matched_line = matched_line:sub(1, 200) .. "..." end
  local parts = {}
  if #before > 0 then
    table.insert(parts, "```\n" .. table.concat(before, "\n") .. "\n```")
  end
  table.insert(parts, "> **`" .. matched_line .. "`**")
  if #after > 0 then
    table.insert(parts, "```\n" .. table.concat(after, "\n") .. "\n```")
  end
  return table.concat(parts, "\n\n")
 end
 local function scan(label, ct, body, host, path)
  if not is_relevant(ct) then return end
  if not body or body == "" then return end
  local out, err = shell_pipe(GREP_CMD, body)
  if err and err ~= "" then
    log("grep error on " .. label .. " for " .. host .. path .. ": " .. err)
    return
  end
  if not out or out == "" then return end
  local lines = {}
  for line in (body .. "\n"):gmatch("([^\n]*)\n") do
    table.insert(lines, line)
  end
  for entry in out:gmatch("[^\n]+") do
    local linenum_str, matched = entry:match("^(%d+):(.+)$")
    if linenum_str then
      local linenum = tonumber(linenum_str)
      matched = matched:match("^%s*(.-)%s*$")
      if matched ~= "" then
        local display = matched
        if #display > 200 then display = display:sub(1, 200) .. "..." end
        local ctx = build_context(lines, linenum)
        create_finding({
          title       = "Potential secret in " .. label .. " (" .. host .. ")",
          description = "**Host:** `" .. host .. "`  \n**Path:** `" .. path .. "`\n\n**Match:** `" .. display .. "`\n\n" .. ctx,
          key         = host .. "|" .. path .. "|" .. label .. "|" .. matched,
          severity    = "high",
        })
      end
    end
  end
 end
 function on_request(req)
  scan("request", req.headers["Content-Type"] or "", req:get_body(), req.host, req.path)
 end
 function on_response(req, res)
  local ct = ""
  if res.headers then
    ct = res.headers["Content-Type"] or ""
  end
  scan("response", ct, res:get_body(), req.host, req.path)
 end
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Hadi	af872afbe8	gofmt Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:09:00 +02:00
Hadi	2225afd9ee	v0.0.5 Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:08:18 +02:00
Hadi	6dc959de77	add sendtodiff in replay Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:06:26 +02:00
Hadi	0017f37c33	truncate title Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:06:06 +02:00
Hadi	924cb73afb	refactor page/list movement Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:01:04 +02:00
Hadi	746f1afd1b	edit write clipboard Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:00:41 +02:00
Hadi	905013943d	edit keybind Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 23:00:19 +02:00
Hadi	c6bca887cb	Implement prevpage nextpage Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 21:58:26 +02:00
Hadi	dcf9cb4c8e	add a notifications when copied to clipboard Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 21:53:36 +02:00
Hadi	ae372d7283	change default keybinds Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 21:53:13 +02:00
Hadi	e20250f0a0	Init secret scan plugin #2 Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 21:30:35 +02:00
Hadi	3463e51739	Copy func in findings Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 21:29:41 +02:00
Hadi	87fa9448d6	check if trufflehog is installed on_start Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 21:02:35 +02:00
Hadi	4240c4ceb9	fix ip filter Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 20:54:04 +02:00
Hadi	d79c9f91d1	Make on_start run when the plugin is toggled Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 20:52:17 +02:00
Hadi	33e2afe709	Init trufflehog plugin Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 20:26:16 +02:00
Hadi	2c3e19258f	Fix scroll & copy buttons Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 20:25:50 +02:00
Hadi	69d5d0ffec	Add shell exec to plugins Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 20:00:04 +02:00
Hadi	d47f51d2b5	Fix cursor/scroll jump Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 19:59:31 +02:00
Hadi	598455f8d3	Fix SQLite queue Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 15:05:46 +02:00
Hadi	28b070dafc	Add flags to history Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 14:48:15 +02:00
Hadi	6f56e0b26a	ui/home is now in the same app Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 14:34:48 +02:00
Hadi	eaa960e6ab	edit docs Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 14:08:59 +02:00
Hadi	f874a70639	edit diff mode Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 14:01:09 +02:00
Hadi	4643989ab6	Add proxy auth Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 14:00:57 +02:00
Hadi	7bbc00880a	[37mfeat: word-level diff highlighting in diff view[0m [37m- tokenize() splits lines into word-char runs and single non-word bytes[0m [37m- wordDiff() runs LCS on tokens and renders changed tokens with bold colors[0m [37m- applyWordDiff() post-processes equal-size removed/added line blocks[0m [37m- lcsAlignedDiff now stores plainText on removed/added lines for pairing[0m [37m- Unchanged tokens rendered dim; removed tokens bold-red; added tokens bold-green[0m [37mCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>[0m	2026-05-19 13:39:13 +02:00
Hadi	385b6e84e0	[37mfeat: add GotoTop/Bottom/PrevPage/NextPage navigation keys[0m [37m- New global keybindings: GotoTop (Home), GotoBottom (G/End), PrevPage ([), NextPage (])[0m [37m- Wired in history, findings, and intercept update handlers[0m [37m- Removes duplicate tea.Quit case in intercept/update.go[0m [37mCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>[0m	2026-05-19 13:39:01 +02:00
Hadi	6a9935ec27	[37mfeat: add HTTPie export format in copy-as[0m [37m- New toHTTPie() function builds an httpie command from raw request[0m [37m- Added "httpie" case in formatAs() switch[0m [37m- Uses util.ParseRawRequest; model lists httpie as a selectable format[0m [37mCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>[0m	2026-05-19 13:38:50 +02:00
Hadi	b490c7a0ac	[37mfix: use ParseRawRequest and cap response body in replay[0m [37m- replay/update.go uses util.ParseRawRequest instead of inline parsing[0m [37m- Response body capped with io.LimitReader at MaxBodySizeMB[0m [37m- Uses util.SortedHeaderLines for deterministic header order[0m [37m- Adds navigation key handling (GotoTop/Bottom/PrevPage/NextPage)[0m [37mCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>[0m	2026-05-19 13:38:41 +02:00
Hadi	1a1c0cff30	[37mrefactor: centralize raw HTTP parsing and header serialization[0m [37m- Add internal/util/rawhttp.go with ParseRawRequest and SortedHeaderLines[0m [37m- Refactor intercept/format.go and ui/intercept/helpers.go to use them[0m [37m- Eliminates duplicated bufio.Reader + textproto parsing spread across 3+ files[0m [37mCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>[0m	2026-05-19 13:38:30 +02:00
Hadi	172a77e13b	[37mfix: security hardening and code quality[0m [37m- SQL query mode uses read-only SQLite connection with PRAGMA query_only=ON[0m [37m- Lua sandbox removes dofile/loadfile/load after OpenBase to block file access[0m [37m- Plugin manager sorts by priority once at load time; GetPlugins is a plain copy[0m [37m- Proxy appends [body truncated] marker when body hits size limit[0m [37m- App startup exits with os.Exit(1) on DB open failure[0m [37m- tickCmd uses tea.Tick instead of time.Sleep in a goroutine[0m [37m- ErrMsg with non-nil error shows notification then quits[0m [37m- DB stores path for use by read-only query connection[0m [37m- WAL journal mode + NORMAL synchronous set in migrate()[0m [37m- config.go uses errors.Is(err, os.ErrNotExist)[0m [37m- main.go uses os.UserHomeDir() and removes racy port pre-check[0m [37m- findings renderer is cached and rebuilt only on width change[0m [37mCo-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>[0m	2026-05-19 13:38:10 +02:00
Hadi	41c0e489cf	QOC Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 11:51:38 +02:00
Hadi	79128bb865	typo Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 11:51:27 +02:00
Hadi	48de2a8e10	add runtime version Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 11:34:35 +02:00
Hadi	b4a45a23e5	Add "disable_by_default" flag for plugins Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 11:18:16 +02:00
Hadi	b5e2721aa1	Center lines for asciimoji+text Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 11:04:52 +02:00
Hadi	0cfba17d3d	Edit the config "external_editor" to overwrite $EDITOR Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 10:13:36 +02:00
Hadi	a147e8b972	QOL & Security improvement Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 10:09:42 +02:00
Hadi	03260e0947	Init copy as HAR Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 09:39:50 +02:00
Hadi	ed59923b7d	v0.0.4 Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 00:03:37 +02:00
Hadi	aa7b639f82	Add pre-commit hook for vendorHash validation #7 Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-19 00:02:21 +02:00
Hadi	27e0c418e9	Add project name in sidebar Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:52:20 +02:00
Hadi	08757a5d1d	Remove some keybindings in short help Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:51:54 +02:00
Hadi	ffee0978e6	move legal disclaimer	2026-05-18 23:47:00 +02:00
Hadi	4f45a7c061	Add request/history specific regex Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:44:50 +02:00
Hadi	0fafa52c65	Update deps Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:42:29 +02:00
Hadi	366bb682d2	Edit readme Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:33:51 +02:00
Hadi	9fe0c74150	Edit docs Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:33:46 +02:00
Hadi	3b6b58ac2b	Change paginator dots when no entry Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:33:30 +02:00
Hadi	789a513469	add "add-default-config" flag Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:31:49 +02:00
Hadi	615093bd8b	Add the config option "keep responses" Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:12:01 +02:00
Hadi	7e1b7d3b5a	add warning for CA Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 23:05:15 +02:00
Hadi	e3e89582c1	Add commit hook & markdown scripts	2026-05-18 22:59:48 +02:00
Hadi	2705c2882d	Change flag.Usage Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 22:32:12 +02:00
Hadi	6ea692754a	move docs to root Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 21:50:32 +02:00
Hadi	85c2806604	Add search in ui/docs Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 21:22:17 +02:00
Hadi	d451965fa0	Add disclaimer & vim-like nav Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 21:17:35 +02:00
Hadi	d82a220e91	add extra space when icons are not rendered Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 20:40:28 +02:00
Hadi	1ac5eb26e8	Change popup width/height Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 20:34:52 +02:00
Hadi	969febb14c	Change help menus: Only display shortcuts used on the page Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-18 20:23:56 +02:00
Hadi	6aa377acd8	add demo Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 22:31:29 +02:00
Hadi	2f4765bf37	Add asciimoji Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 22:26:26 +02:00
Hadi	fac335a16e	Add Installation instructions Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 20:41:53 +02:00
Hadi	407ca13a33	v0.0.3 Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 18:20:57 +02:00
Hadi	9ab7f12bf4	gofmt Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 18:20:33 +02:00
Hadi	7d4f32549e	update vendor hash Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 18:19:28 +02:00
Hadi	bed122fc99	Merge pull request #1 from anotherhadi/dependabot/go_modules/github.com/sirupsen/logrus-1.8.3 Bump github.com/sirupsen/logrus from 1.8.1 to 1.8.3	2026-05-13 18:17:05 +02:00
Hadi	967aab8363	Edit issue templates: md -> yaml, init plugin_request Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 18:15:42 +02:00
Hadi	a414a51168	Update docs Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 18:11:47 +02:00
Hadi	c7392474b7	CopyRequest -> Copy & CopyAs Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 18:07:23 +02:00
Hadi	de254b4e52	Use local timezone for findings Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 17:36:46 +02:00
Hadi	47d2cf6845	change default config Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 17:04:06 +02:00
Hadi	26994a3a37	upstream proxy Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 17:03:00 +02:00
Hadi	4eb9dd53f5	Change plugins behavior Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-13 16:52:12 +02:00
Hadi	dbea0ab0f2	Add cli flags Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-12 22:54:36 +02:00
dependabot[bot]	4caecaeec4	Bump github.com/sirupsen/logrus from 1.8.1 to 1.8.3 Bumps [github.com/sirupsen/logrus](https://github.com/sirupsen/logrus) from 1.8.1 to 1.8.3. - [Release notes](https://github.com/sirupsen/logrus/releases) - [Changelog](https://github.com/sirupsen/logrus/blob/master/CHANGELOG.md) - [Commits](https://github.com/sirupsen/logrus/compare/v1.8.1...v1.8.3) --- updated-dependencies: - dependency-name: github.com/sirupsen/logrus dependency-version: 1.8.3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>	2026-05-12 20:50:45 +00:00
Hadi	a6bd5c1071	Rename auto-forward -> toggle-intercept Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-12 22:25:10 +02:00
Hadi	7879720d07	Remove scope page Signed-off-by: Hadi <112569860+anotherhadi@users.noreply.github.com>	2026-05-12 22:01:29 +02:00