diff --git a/Meta-Docs b/Meta-Docs
index d31369a..eedcf07 160000
--- a/Meta-Docs
+++ b/Meta-Docs
@@ -1 +1 @@
-Subproject commit d31369ab4517a5fcbb4b5d3ec81b3178bca502ca
+Subproject commit eedcf074cd71fbe018a7902352dd25cce55f9e66
diff --git a/alpine-router b/alpine-router
index fdf7cbd..996fdb1 100755
Binary files a/alpine-router and b/alpine-router differ
diff --git a/handlers/api.go b/handlers/api.go
index 29edb14..af21326 100644
--- a/handlers/api.go
+++ b/handlers/api.go
@@ -45,9 +45,12 @@ func HandleInterfaces(w http.ResponseWriter, r *http.Request) {
 
 	type iface struct {
 		*network.InterfaceStats
-		Pending bool `json:"pending"`
+		Pending bool   `json:"pending"`
+		Label   string `json:"label,omitempty"`
 	}
 
+	appCfg, _ := config.Load()
+
 	result := make([]iface, 0, len(names))
 	existingNames := map[string]bool{}
 	for _, name := range names {
@@ -59,8 +62,14 @@ func HandleInterfaces(w http.ResponseWriter, r *http.Request) {
 		if cfg, ok := fileCfg[name]; ok {
 			s.Mode = cfg.Mode
 		}
-		_, hasPending := network.GetPendingConfig(name), network.GetPendingConfig(name) != nil
-		result = append(result, iface{s, hasPending})
+		hasPending := network.GetPendingConfig(name) != nil
+		label := ""
+		if appCfg != nil && appCfg.Interfaces != nil {
+			if ic, ok := appCfg.Interfaces[name]; ok {
+				label = ic.Label
+			}
+		}
+		result = append(result, iface{s, hasPending, label})
 	}
 
 	// Also include pending VLAN configs not yet present in the system.
@@ -79,7 +88,13 @@ func HandleInterfaces(w http.ResponseWriter, r *http.Request) {
 			s.IPv4Mask = cfg.Netmask
 			s.Gateway = cfg.Gateway
 		}
-		result = append(result, iface{s, true})
+		label := cfg.Label
+		if label == "" && appCfg != nil && appCfg.Interfaces != nil {
+			if ic, ok := appCfg.Interfaces[name]; ok {
+				label = ic.Label
+			}
+		}
+		result = append(result, iface{s, true, label})
 	}
 
 	ok(w, result)
@@ -149,8 +164,18 @@ func HandleConfig(w http.ResponseWriter, r *http.Request) {
 
 	switch r.Method {
 	case http.MethodGet:
+		appCfg, _ := config.Load()
+		label := ""
+		if appCfg != nil && appCfg.Interfaces != nil {
+			if ic, ok2 := appCfg.Interfaces[name]; ok2 {
+				label = ic.Label
+			}
+		}
 		if cfg := network.GetPendingConfig(name); cfg != nil {
-			ok(w, map[string]interface{}{"config": cfg, "pending": true})
+			if cfg.Label != "" {
+				label = cfg.Label
+			}
+			ok(w, map[string]interface{}{"config": cfg, "pending": true, "label": label})
 			return
 		}
 		fileCfg, err := network.ParseConfig()
@@ -159,11 +184,12 @@ func HandleConfig(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 		if cfg, exists := fileCfg[name]; exists {
-			ok(w, map[string]interface{}{"config": cfg, "pending": false})
+			ok(w, map[string]interface{}{"config": cfg, "pending": false, "label": label})
 		} else {
 			ok(w, map[string]interface{}{
 				"config":  &network.InterfaceConfig{Name: name, Auto: true, Mode: "dhcp", Extra: map[string]string{}},
 				"pending": false,
+				"label":   label,
 			})
 		}
 
@@ -188,6 +214,7 @@ func HandleConfig(w http.ResponseWriter, r *http.Request) {
 			appCfg.Interfaces = map[string]*config.InterfaceConfig{}
 		}
 		appCfg.Interfaces[name] = &config.InterfaceConfig{
+			Label:   cfg.Label,
 			Auto:    cfg.Auto,
 			Mode:    cfg.Mode,
 			Address: cfg.Address,
diff --git a/handlers/mihomo_proxy.go b/handlers/mihomo_proxy.go
new file mode 100644
index 0000000..8a76bd8
--- /dev/null
+++ b/handlers/mihomo_proxy.go
@@ -0,0 +1,217 @@
+package handlers
+
+import (
+	"io"
+	"log"
+	"net"
+	"net/http"
+	"net/url"
+	"strings"
+
+	"alpine-router/mihomo"
+)
+
+func getMihomoAPIBase() string {
+	cfg, err := mihomo.LoadConfig()
+	if err != nil {
+		return "http://127.0.0.1:9090"
+	}
+	ec, _ := cfg["external-controller"].(string)
+	if ec == "" {
+		ec = "0.0.0.0:9090"
+	}
+	if strings.HasPrefix(ec, "0.0.0.0:") || strings.HasPrefix(ec, ":") {
+		ec = "127.0.0.1" + strings.TrimPrefix(ec, "0.0.0.0")
+	}
+	if !strings.HasPrefix(ec, "http") {
+		ec = "http://" + ec
+	}
+	return ec
+}
+
+func getMihomoSecret() string {
+	cfg, err := mihomo.LoadConfig()
+	if err != nil {
+		return ""
+	}
+	s, _ := cfg["secret"].(string)
+	return s
+}
+
+func getMihomoHostPort() (string, string) {
+	u, err := url.Parse(getMihomoAPIBase())
+	if err != nil {
+		return "127.0.0.1", "9090"
+	}
+	host := u.Hostname()
+	if host == "0.0.0.0" || host == "" {
+		host = "127.0.0.1"
+	}
+	port := u.Port()
+	if port == "" {
+		if u.Scheme == "https" {
+			port = "443"
+		} else {
+			port = "80"
+		}
+	}
+	return host, port
+}
+
+func HandleMihomoAPIProxy(w http.ResponseWriter, r *http.Request) {
+	base := getMihomoAPIBase()
+	secret := getMihomoSecret()
+
+	suffix := strings.TrimPrefix(r.URL.Path, "/api/mihomo/api/")
+	target, err := url.Parse(base + "/" + suffix)
+	if err != nil {
+		fail(w, http.StatusInternalServerError, "parse mihomo url: "+err.Error())
+		return
+	}
+
+	q := r.URL.Query()
+	if r.Method == http.MethodGet {
+		q.Set("nonce", "1")
+	}
+	target.RawQuery = q.Encode()
+
+	proxyReq, err := http.NewRequest(r.Method, target.String(), r.Body)
+	if err != nil {
+		fail(w, http.StatusInternalServerError, "create proxy request: "+err.Error())
+		return
+	}
+
+	for k, vv := range r.Header {
+		if strings.EqualFold(k, "Authorization") {
+			continue
+		}
+		for _, v := range vv {
+			proxyReq.Header.Add(k, v)
+		}
+	}
+	if secret != "" {
+		proxyReq.Header.Set("Authorization", "Bearer "+secret)
+	}
+
+	client := &http.Client{}
+	resp, err := client.Do(proxyReq)
+	if err != nil {
+		fail(w, http.StatusBadGateway, "mihomo api unreachable: "+err.Error())
+		return
+	}
+	defer resp.Body.Close()
+
+	for k, vv := range resp.Header {
+		if strings.EqualFold(k, "Content-Length") {
+			continue
+		}
+		for _, v := range vv {
+			w.Header().Add(k, v)
+		}
+	}
+
+	w.WriteHeader(resp.StatusCode)
+	_, err = io.Copy(w, resp.Body)
+	if err != nil {
+		log.Printf("proxy copy error: %v", err)
+	}
+}
+
+func HandleMihomoWSProxy(w http.ResponseWriter, r *http.Request) {
+	secret := getMihomoSecret()
+	host, port := getMihomoHostPort()
+
+	suffix := strings.TrimPrefix(r.URL.Path, "/api/mihomo/ws/")
+	path := "/" + suffix
+	if r.URL.RawQuery != "" {
+		path += "?" + r.URL.RawQuery
+	}
+
+	hj, ok := w.(http.Hijacker)
+	if !ok {
+		fail(w, http.StatusInternalServerError, "websocket hijack not supported")
+		return
+	}
+
+	clientConn, _, err := hj.Hijack()
+	if err != nil {
+		fail(w, http.StatusInternalServerError, "hijack failed: "+err.Error())
+		return
+	}
+
+	remoteConn, err := net.Dial("tcp", net.JoinHostPort(host, port))
+	if err != nil {
+		fail(w, http.StatusBadGateway, "mihomo ws connect failed: "+err.Error())
+		clientConn.Close()
+		return
+	}
+
+	upgradeReq := "GET " + path + " HTTP/1.1\r\n"
+	upgradeReq += "Host: " + host + ":" + port + "\r\n"
+	upgradeReq += "Upgrade: websocket\r\n"
+	upgradeReq += "Connection: Upgrade\r\n"
+	upgradeReq += "Sec-WebSocket-Key: dGhlIHNhbXBsZSBub25jZQ==\r\n"
+	upgradeReq += "Sec-WebSocket-Version: 13\r\n"
+	if secret != "" {
+		upgradeReq += "Authorization: Bearer " + secret + "\r\n"
+	}
+	for k, vv := range r.Header {
+		if strings.EqualFold(k, "Upgrade") || strings.EqualFold(k, "Connection") ||
+			strings.EqualFold(k, "Sec-Websocket-Key") || strings.EqualFold(k, "Sec-Websocket-Version") ||
+			strings.EqualFold(k, "Sec-Websocket-Extensions") || strings.EqualFold(k, "Sec-Websocket-Protocol") ||
+			strings.EqualFold(k, "Authorization") {
+			continue
+		}
+		for _, v := range vv {
+			upgradeReq += k + ": " + v + "\r\n"
+		}
+	}
+	for k, v := range r.Header {
+		if strings.EqualFold(k, "Sec-WebSocket-Protocol") {
+			upgradeReq += "Sec-WebSocket-Protocol: " + strings.Join(v, ", ") + "\r\n"
+		}
+		if strings.EqualFold(k, "Sec-WebSocket-Extensions") {
+			upgradeReq += "Sec-WebSocket-Extensions: " + strings.Join(v, ", ") + "\r\n"
+		}
+	}
+	upgradeReq += "\r\n"
+
+	_, err = remoteConn.Write([]byte(upgradeReq))
+	if err != nil {
+		clientConn.Close()
+		remoteConn.Close()
+		return
+	}
+
+	buf := make([]byte, 4096)
+	n, err := remoteConn.Read(buf)
+	if err != nil {
+		clientConn.Close()
+		remoteConn.Close()
+		return
+	}
+
+	respStr := string(buf[:n])
+	if !strings.Contains(respStr, "101") {
+		clientConn.Write(buf[:n])
+		clientConn.Close()
+		remoteConn.Close()
+		return
+	}
+
+	headerEnd := strings.Index(respStr, "\r\n\r\n")
+	if headerEnd >= 0 {
+		clientConn.Write(buf[:n])
+	} else {
+		clientConn.Write(buf[:n])
+	}
+
+	go func() {
+		io.Copy(remoteConn, clientConn)
+		remoteConn.Close()
+	}()
+	go func() {
+		io.Copy(clientConn, remoteConn)
+		clientConn.Close()
+	}()
+}
\ No newline at end of file
diff --git a/main.go b/main.go
index aac88c7..a64feee 100644
--- a/main.go
+++ b/main.go
@@ -104,6 +104,8 @@ func main() {
 	mux.HandleFunc("/api/mihomo/config.yaml", handlers.HandleMihomoConfigYAML)
 	mux.HandleFunc("/api/mihomo/logs", handlers.HandleMihomoLogs)
 	mux.HandleFunc("/api/mihomo/upload-core", handlers.HandleMihomoUploadCore)
+	mux.HandleFunc("/api/mihomo/api/", handlers.HandleMihomoAPIProxy)
+	mux.HandleFunc("/api/mihomo/ws/", handlers.HandleMihomoWSProxy)
 
 	sub, err := fs.Sub(publicFS, "public")
 	if err != nil {
diff --git a/public/app.js b/public/app.js
index e2de8d3..5408864 100644
--- a/public/app.js
+++ b/public/app.js
@@ -64,6 +64,25 @@ function modeLabel(m) {
   return { dhcp: 'DHCP', static: 'Static', loopback: 'Loopback', manual: 'Manual' }[m] || (m || '?');
 }
 
+// ── SVG icons ────────────────────────────────────────────────────────────────
+
+const ICON = {
+  pencil: `<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="15" height="15">
+    <path d="M11 4H4a2 2 0 0 0-2 2v14a2 2 0 0 0 2 2h14a2 2 0 0 0 2-2v-7"/>
+    <path d="M18.5 2.5a2.121 2.121 0 0 1 3 3L12 15l-4 1 1-4 9.5-9.5z"/>
+  </svg>`,
+  restart: `<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="15" height="15">
+    <path d="M3 12a9 9 0 1 0 9-9 9.75 9.75 0 0 0-6.74 2.74L3 8"/>
+    <path d="M3 3v5h5"/>
+  </svg>`,
+  trash: `<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="14" height="14">
+    <path d="M3 6h18M8 6V4h8v2M19 6l-1 14H6L5 6"/>
+  </svg>`,
+  plus: `<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="13" height="13">
+    <path d="M12 5v14M5 12h14"/>
+  </svg>`,
+};
+
 // ── Render ───────────────────────────────────────────────────────────────────
 
 function renderAll() {
@@ -99,6 +118,8 @@ function buildCard(iface, vlans) {
   const hasPending = state.pending.includes(iface.name);
   const sc = stateClass(iface.state);
   const isLo = iface.name === 'lo' || iface.mode === 'loopback';
+  const isUp = iface.state === 'up';
+  const label = iface.label || '';
 
   const card = document.createElement('div');
   card.className = 'iface-card' + (hasPending ? ' has-pending' : '');
@@ -108,23 +129,24 @@ function buildCard(iface, vlans) {
     `<div class="info-row"><span class="info-label">IPv6</span><span class="info-val">${a}</span></div>`
   ).join('');
 
+  const nameBlock = label
+    ? `<div class="card-name-stack">
+        <span class="card-label-text">${label}</span>
+        <span class="card-iface-sub">${iface.name}</span>
+       </div>`
+    : `<span class="card-iface-name">${iface.name}</span>`;
+
   card.innerHTML = `
     <div class="card-header">
       <div class="card-name">
         <span class="state-dot ${sc}"></span>
-        <span>${iface.name}</span>
+        ${nameBlock}
         ${hasPending ? '<span class="pending-badge">несохранено</span>' : ''}
       </div>
-      <div style="display:flex;gap:6px;align-items:center">
-        <span class="mode-badge ${iface.mode || 'unknown'}">${modeLabel(iface.mode)}</span>
-      </div>
+      <span class="mode-badge ${iface.mode || 'unknown'}">${modeLabel(iface.mode)}</span>
     </div>
 
     <div class="card-info">
-      <div class="info-row">
-        <span class="info-label">Статус</span>
-        <span class="info-val">${iface.state || 'unknown'}</span>
-      </div>
       <div class="info-row">
         <span class="info-label">IPv4</span>
         <span class="info-val">${iface.ipv4
@@ -136,14 +158,13 @@ function buildCard(iface, vlans) {
         <span class="info-label">Шлюз</span>
         <span class="info-val">${iface.gateway || '<span class="none">&mdash;</span>'}</span>
       </div>
-
       <div class="traffic-row">
         <div class="traffic-item">
-          <span class="traffic-label">RX</span>
+          <span class="traffic-label">↓ RX</span>
           <span class="traffic-val">${fmtBytes(iface.rx_bytes)}</span>
         </div>
         <div class="traffic-item">
-          <span class="traffic-label">TX</span>
+          <span class="traffic-label">↑ TX</span>
           <span class="traffic-val">${fmtBytes(iface.tx_bytes)}</span>
         </div>
         <div class="traffic-item">
@@ -154,10 +175,15 @@ function buildCard(iface, vlans) {
     </div>
 
     <div class="card-actions">
-      <button class="btn btn-success btn-sm" data-action="up"      data-iface="${iface.name}">ON</button>
-      <button class="btn btn-danger  btn-sm" data-action="down"    data-iface="${iface.name}">OFF</button>
-      <button class="btn btn-ghost   btn-sm" data-action="restart" data-iface="${iface.name}">RESTART</button>
-      <button class="btn btn-primary btn-sm" data-action="config"  data-iface="${iface.name}" style="margin-left:auto">CONFIG</button>
+      ${!isLo ? `
+      <label class="toggle-label iface-power-toggle" title="${isUp ? 'Выключить интерфейс' : 'Включить интерфейс'}">
+        <input type="checkbox" ${isUp ? 'checked' : ''} data-action="toggle" data-iface="${iface.name}">
+        <span class="toggle-slider"></span>
+        <span class="iface-toggle-label">${isUp ? 'Вкл' : 'Выкл'}</span>
+      </label>
+      <button class="btn-icon" data-action="restart" data-iface="${iface.name}" title="Перезапустить">${ICON.restart}</button>
+      ` : ''}
+      <button class="btn-icon btn-icon-accent" data-action="config" data-iface="${iface.name}" title="Настроить" style="margin-left:auto">${ICON.pencil}</button>
     </div>
 
     ${!isLo ? buildVLANSection(iface.name, vlans) : ''}
@@ -170,6 +196,8 @@ function buildVLANSection(parentName, vlans) {
   const rows = vlans.map(v => {
     const sc = stateClass(v.state);
     const hasPending = state.pending.includes(v.name);
+    const isUp = v.state === 'up';
+    const label = v.label || '';
     const ip = v.ipv4
       ? v.ipv4 + (v.ipv4_mask ? ' / ' + v.ipv4_mask : '')
       : '<span class="none">&mdash;</span>';
@@ -177,17 +205,21 @@ function buildVLANSection(parentName, vlans) {
       <div class="vlan-row" data-name="${v.name}">
         <div class="vlan-row-left">
           <span class="state-dot ${sc}" style="width:8px;height:8px"></span>
-          <span class="vlan-iface-name">${v.name}</span>
+          ${label
+            ? `<div class="vlan-name-stack"><span class="vlan-label-text">${label}</span><span class="vlan-iface-name">${v.name}</span></div>`
+            : `<span class="vlan-iface-name">${v.name}</span>`}
           <span class="vlan-id-tag">VLAN ${vlanId(v.name)}</span>
           <span class="mode-badge ${v.mode || 'unknown'}">${modeLabel(v.mode)}</span>
           ${hasPending ? '<span class="pending-badge">несохранено</span>' : ''}
         </div>
         <div class="vlan-row-info">${ip}</div>
         <div class="vlan-row-actions">
-          <button class="btn btn-success btn-xs" data-action="up"     data-iface="${v.name}">ON</button>
-          <button class="btn btn-danger  btn-xs" data-action="down"   data-iface="${v.name}">OFF</button>
-          <button class="btn btn-primary btn-xs" data-action="config" data-iface="${v.name}">CONFIG</button>
-          <button class="btn btn-danger  btn-xs" data-action="delete" data-iface="${v.name}" title="Удалить VLAN">✕</button>
+          <label class="toggle-label" title="${isUp ? 'Выключить' : 'Включить'}">
+            <input type="checkbox" ${isUp ? 'checked' : ''} data-action="toggle" data-iface="${v.name}">
+            <span class="toggle-slider toggle-sm"></span>
+          </label>
+          <button class="btn-icon" data-action="config" data-iface="${v.name}" title="Настроить">${ICON.pencil}</button>
+          <button class="btn-icon btn-icon-danger" data-action="delete" data-iface="${v.name}" title="Удалить VLAN">${ICON.trash}</button>
         </div>
       </div>`;
   }).join('');
@@ -199,8 +231,8 @@ function buildVLANSection(parentName, vlans) {
   return `
     <div class="vlan-section">
       <div class="vlan-header">
-        <span class="vlan-title">Теговые VLAN</span>
-        <button class="btn btn-ghost btn-xs" data-action="addvlan" data-iface="${parentName}">+ Добавить</button>
+        <span class="vlan-title">VLAN</span>
+        <button class="btn btn-ghost btn-xs" data-action="addvlan" data-iface="${parentName}">${ICON.plus} Добавить</button>
       </div>
       <div class="vlan-list">
         ${rows}
@@ -251,17 +283,13 @@ async function doAction(name, action) {
     return;
   }
 
-  const btn = document.querySelector(`[data-action="${action}"][data-iface="${name}"]`);
-  if (btn) { btn.disabled = true; btn.textContent = '...'; }
-
   try {
     await post(`/api/interfaces/${name}/${action}`);
     showToast(`${name}: ${action} выполнено`, 'success');
     await loadAll();
   } catch (e) {
     showToast(`${name} ${action}: ${e.message}`, 'error');
-  } finally {
-    if (btn) btn.disabled = false;
+    await loadAll(); // refresh to restore correct toggle state
   }
 }
 
@@ -285,12 +313,12 @@ async function openConfig(name) {
   }
 
   try {
-    const [{ config, pending }, natData] = await Promise.all([
+    const [configData, natData] = await Promise.all([
       get(`/api/config/${name}`),
       get('/api/nat').catch(() => null),
     ]);
     if (natData) state.nat = natData;
-    fillForm(config, pending, name);
+    fillForm(configData.config, configData.pending, name, configData.label || '');
     document.getElementById('modal').classList.remove('hidden');
   } catch (e) {
     showToast('Ошибка загрузки конфига: ' + e.message, 'error');
@@ -313,11 +341,12 @@ async function openNewVLAN(parentName) {
     if (natData) state.nat = natData;
   } catch (_) {}
 
-  fillForm({ auto: true, mode: 'static' }, false, '');
+  fillForm({ auto: true, mode: 'static' }, false, '', '');
   document.getElementById('modal').classList.remove('hidden');
 }
 
-function fillForm(cfg, pending, name) {
+function fillForm(cfg, pending, name, label = '') {
+  document.getElementById('cfgLabel').value   = label;
   document.getElementById('cfgAuto').checked    = !!cfg.auto;
   document.getElementById('cfgAddress').value   = cfg.address || '';
   document.getElementById('cfgNetmask').value   = cfg.netmask || '';
@@ -327,7 +356,6 @@ function fillForm(cfg, pending, name) {
   const mode = cfg.mode === 'static' ? 'static' : 'dhcp';
   setMode(mode);
 
-  // Mark pending visually
   if (pending && name) {
     document.getElementById('modalTitle').textContent = `Настройка: ${name} (несохранённые изменения)`;
   }
@@ -390,6 +418,7 @@ async function saveConfig() {
   const mode = currentMode();
   const cfg = {
     name,
+    label:   document.getElementById('cfgLabel').value.trim(),
     auto:    document.getElementById('cfgAuto').checked,
     mode,
     address: document.getElementById('cfgAddress').value.trim(),
@@ -451,7 +480,6 @@ async function discardAll() {
   }
   state.pending = [];
   renderPendingBanner();
-  renderAll();
   showToast('Изменения отменены', 'info');
   await loadAll();
 }
@@ -471,15 +499,17 @@ function showToast(msg, type = 'info') {
 // ── Event wiring ──────────────────────────────────────────────────────────────
 
 document.getElementById('refreshBtn').addEventListener('click', loadAll);
-
 document.getElementById('applyBtn').addEventListener('click', applyAll);
 document.getElementById('discardAllBtn').addEventListener('click', discardAll);
 
-// Card action buttons (delegated)
+// Card button clicks (delegated)
 document.getElementById('ifaceGrid').addEventListener('click', e => {
   const btn = e.target.closest('[data-action]');
   if (!btn) return;
+  // Don't handle toggle inputs here (handled by 'change' below)
+  if (btn.tagName === 'INPUT' && btn.type === 'checkbox') return;
   const { action, iface } = btn.dataset;
+  if (!action || !iface) return;
   if (action === 'config') {
     openConfig(iface);
   } else if (action === 'addvlan') {
@@ -489,6 +519,13 @@ document.getElementById('ifaceGrid').addEventListener('click', e => {
   }
 });
 
+// Toggle switch (on/off) — delegated change event
+document.getElementById('ifaceGrid').addEventListener('change', e => {
+  const input = e.target.closest('input[data-action="toggle"]');
+  if (!input) return;
+  doAction(input.dataset.iface, input.checked ? 'up' : 'down');
+});
+
 // Modal close
 document.getElementById('closeModal').addEventListener('click', closeModal);
 document.getElementById('cancelConfigBtn').addEventListener('click', closeModal);
diff --git a/public/index.html b/public/index.html
index b43983f..f70a894 100644
--- a/public/index.html
+++ b/public/index.html
@@ -106,6 +106,11 @@
         <div class="form-divider"></div>
       </div>
 
+      <div class="form-row">
+        <label for="cfgLabel">Название (метка)</label>
+        <input type="text" id="cfgLabel" placeholder="Например: WAN, LAN, Гости…" style="font-family:inherit">
+      </div>
+
       <div class="form-row">
         <label class="checkbox-label">
           <input type="checkbox" id="cfgAuto">
diff --git a/public/proxy.html b/public/proxy.html
index b614774..c947d94 100644
--- a/public/proxy.html
+++ b/public/proxy.html
@@ -66,36 +66,124 @@
     <span>Загрузка...</span>
   </div>
 
-  <!-- Status Bar -->
   <div id="statusBar" class="dhcp-status-bar hidden">
     <div class="status-info">
       <span class="status-label">Mihomo</span>
       <span id="statusText" class="svc-badge stopped">Остановлен</span>
     </div>
     <div class="status-actions">
-      <button class="btn btn-success btn-sm" id="startBtn">Запустить</button>
-      <button class="btn btn-danger btn-sm" id="stopBtn" disabled>Остановить</button>
-      <button class="btn btn-ghost btn-sm" id="restartBtn" disabled>Перезапуск</button>
+      <label class="toggle-label" id="serviceToggleWrap" title="Запустить / Остановить">
+        <input type="checkbox" id="serviceActive">
+        <span class="toggle-slider"></span>
+        <span id="serviceToggleText">Остановлен</span>
+      </label>
+      <button class="btn-icon" id="restartBtn" disabled title="Перезапустить">
+        <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="16" height="16">
+          <path d="M3 12a9 9 0 1 0 9-9 9.75 9.75 0 0 0-6.74 2.74L3 8"/>
+          <path d="M3 3v5h5"/>
+        </svg>
+      </button>
     </div>
   </div>
 
-  <!-- Core Info -->
   <div id="coreInfo" class="alert alert-error hidden" style="margin-top:16px">
     <span id="coreInfoMsg">Ядро Mihomo не найдено. Загрузите бинарный файл в раздел «Ядро».</span>
   </div>
 
-  <!-- Tabs inside proxy page -->
   <div class="proxy-tabs">
-    <button class="ptab active" data-tab="proxies">Прокси</button>
+    <button class="ptab active" data-tab="dashboard">Дашборд</button>
+    <button class="ptab" data-tab="proxies">Прокси</button>
     <button class="ptab" data-tab="groups">Группы</button>
     <button class="ptab" data-tab="rules">Правила</button>
+    <button class="ptab" data-tab="providers">Провайдеры</button>
     <button class="ptab" data-tab="settings">Настройки</button>
     <button class="ptab" data-tab="logs">Логи</button>
     <button class="ptab" data-tab="core">Ядро</button>
   </div>
 
+  <!-- Dashboard Tab -->
+  <div id="tab-dashboard" class="ptab-content">
+    <div id="dashOffline" class="alert alert-error" style="margin-bottom:16px">
+      Mihomo не запущен — дашборд недоступен. Запустите ядро для просмотра статуса прокси в реальном времени.
+    </div>
+    <div id="dashOnline" class="hidden">
+      <div class="dash-grid">
+        <div class="dash-card dash-traffic-card">
+          <h3 class="dash-card-title">Трафик</h3>
+          <div class="dash-traffic-row">
+            <div class="dash-traffic-item">
+              <span class="dash-traffic-label">↑ Загрузка</span>
+              <span class="dash-traffic-val" id="dashUp">0 B/s</span>
+            </div>
+            <div class="dash-traffic-item">
+              <span class="dash-traffic-label">↓ Отдача</span>
+              <span class="dash-traffic-val" id="dashDown">0 B/s</span>
+            </div>
+          </div>
+          <div class="dash-traffic-row">
+            <div class="dash-traffic-item">
+              <span class="dash-traffic-label">↑ Всего</span>
+              <span class="dash-traffic-val dash-traffic-total" id="dashUpTotal">0 B</span>
+            </div>
+            <div class="dash-traffic-item">
+              <span class="dash-traffic-label">↓ Всего</span>
+              <span class="dash-traffic-val dash-traffic-total" id="dashDownTotal">0 B</span>
+            </div>
+          </div>
+          <div class="dash-mem-row">
+            <span class="dash-traffic-label">Память</span>
+            <span class="dash-traffic-val" id="dashMem">0 B</span>
+          </div>
+        </div>
+        <div class="dash-card">
+          <h3 class="dash-card-title">Режим</h3>
+          <div class="dash-mode-switch" id="dashModeSwitch">
+            <button class="seg-btn" data-mode="rule">Правила</button>
+            <button class="seg-btn" data-mode="global">Глобальный</button>
+            <button class="seg-btn" data-mode="direct">Прямой</button>
+          </div>
+          <div class="dash-info-row" style="margin-top:12px">
+            <span class="info-label">Версия</span>
+            <span class="info-val mono" id="dashVersion">—</span>
+          </div>
+        </div>
+      </div>
+
+      <div class="dash-section">
+        <div class="dash-section-header">
+          <h3>Группы прокси</h3>
+          <button class="btn btn-ghost btn-sm" id="dashPingAllBtn">Пинг всех</button>
+        </div>
+        <div id="dashGroupList" class="dash-group-list"></div>
+      </div>
+
+      <div class="dash-section">
+        <div class="dash-section-header">
+          <h3>Активные соединения</h3>
+          <span class="dash-conn-count" id="dashConnCount">0</span>
+          <button class="btn btn-danger btn-sm" id="dashCloseAllConnsBtn" style="margin-left:auto">Закрыть все</button>
+        </div>
+        <div class="dash-conn-table-wrap">
+          <table class="dash-conn-table">
+            <thead>
+              <tr>
+                <th>Хост</th>
+                <th>Тип</th>
+                <th>Цепочка</th>
+                <th>↑</th>
+                <th>↓</th>
+                <th></th>
+              </tr>
+            </thead>
+            <tbody id="dashConnBody"></tbody>
+          </table>
+        </div>
+      </div>
+    </div>
+  </div>
+
   <!-- Proxies Tab -->
-  <div id="tab-proxies" class="ptab-content">
+  <div id="tab-proxies" class="ptab-content hidden">
     <div class="section-header" style="margin-bottom:16px">
       <div style="display:flex;align-items:center;justify-content:space-between">
         <div>
@@ -128,7 +216,7 @@
   <div id="tab-rules" class="ptab-content hidden">
     <div class="section-header" style="margin-bottom:16px">
       <h2>Правила маршрутизации</h2>
-      <div class="section-desc">Определите, какой трафик куда направляется. Правила apply сверху вниз.</div>
+      <div class="section-desc">Определите, какой трафик куда направляется. Правила применяются сверху вниз.</div>
     </div>
     <div class="form-row" style="margin-bottom:12px">
       <button class="btn btn-primary btn-sm" id="addRuleBtn">+ Добавить правило</button>
@@ -137,12 +225,43 @@
     <div id="rulesList" class="rules-list"></div>
   </div>
 
+  <!-- Providers Tab -->
+  <div id="tab-providers" class="ptab-content hidden">
+    <div class="section-header" style="margin-bottom:16px">
+      <div style="display:flex;align-items:center;justify-content:space-between">
+        <div>
+          <h2>Провайдеры прокси</h2>
+          <div class="section-desc">Внешние источники прокси-нод (proxy-providers)</div>
+        </div>
+        <button class="btn btn-primary btn-sm" id="addProxyProviderBtn">+ Добавить</button>
+      </div>
+    </div>
+    <div id="proxyProviderList" class="proxy-list"></div>
+    <div id="proxyProviderEmpty" class="empty-state">Нет провайдеров прокси.</div>
+
+    <div class="form-divider" style="margin:24px 0"></div>
+
+    <div class="section-header" style="margin-bottom:16px">
+      <div style="display:flex;align-items:center;justify-content:space-between">
+        <div>
+          <h2>Провайдеры правил</h2>
+          <div class="section-desc">Внешние наборы правил маршрутизации (rule-providers)</div>
+        </div>
+        <button class="btn btn-primary btn-sm" id="addRuleProviderBtn">+ Добавить</button>
+      </div>
+    </div>
+    <div id="ruleProviderList" class="proxy-list"></div>
+    <div id="ruleProviderEmpty" class="empty-state">Нет провайдеров правил.</div>
+  </div>
+
   <!-- Settings Tab -->
   <div id="tab-settings" class="ptab-content hidden">
     <div class="section-header" style="margin-bottom:16px">
       <h2>Настройки Mihomo</h2>
     </div>
     <form id="settingsForm" class="proxy-form">
+
+      <h3 class="settings-section-title">Основные</h3>
       <div class="form-row">
         <label>Режим</label>
         <div class="segmented" id="modeSwitch">
@@ -152,8 +271,14 @@
         </div>
       </div>
       <div class="form-row">
-        <label for="mixedPort">Mixed Port (HTTP+SOCKS)</label>
-        <input type="number" id="mixedPort" value="7890">
+        <label>Уровень логов</label>
+        <div class="segmented" id="logLevelSwitch">
+          <button type="button" class="seg-btn" data-mode="silent">silent</button>
+          <button type="button" class="seg-btn" data-mode="error">error</button>
+          <button type="button" class="seg-btn" data-mode="warning">warning</button>
+          <button type="button" class="seg-btn active" data-mode="info">info</button>
+          <button type="button" class="seg-btn" data-mode="debug">debug</button>
+        </div>
       </div>
       <div class="form-row">
         <label class="checkbox-label">
@@ -161,6 +286,10 @@
           <span>Разрешить LAN</span>
         </label>
       </div>
+      <div class="form-row">
+        <label for="bindAddress">Адрес привязки</label>
+        <input type="text" id="bindAddress" value="*" placeholder="* или конкретный IP">
+      </div>
       <div class="form-row">
         <label class="checkbox-label">
           <input type="checkbox" id="ipv6" checked>
@@ -173,8 +302,54 @@
           <span>TCP Concurrency</span>
         </label>
       </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="unifiedDelay">
+          <span>Unified Delay</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label>Поиск процессов</label>
+        <div class="segmented" id="findProcessSwitch">
+          <button type="button" class="seg-btn" data-mode="always">always</button>
+          <button type="button" class="seg-btn" data-mode="strict">strict</button>
+          <button type="button" class="seg-btn active" data-mode="off">off</button>
+        </div>
+      </div>
+      <div class="form-row">
+        <label for="globalUA">Global UA</label>
+        <input type="text" id="globalUA" placeholder="clash.meta">
+      </div>
+      <div class="form-row">
+        <label for="keepAliveInterval">Keep-Alive Interval (сек)</label>
+        <input type="number" id="keepAliveInterval" placeholder="15">
+      </div>
+      <div class="form-row">
+        <label for="keepAliveIdle">Keep-Alive Idle (сек)</label>
+        <input type="number" id="keepAliveIdle" placeholder="15">
+      </div>
+
       <div class="form-divider"></div>
-      <h3 style="color:var(--text);font-size:.95rem;margin-bottom:12px">TProxy (прозрачный прокси)</h3>
+      <h3 class="settings-section-title">Порты</h3>
+      <div class="form-row">
+        <label for="mixedPort">Mixed Port (HTTP+SOCKS)</label>
+        <input type="number" id="mixedPort" value="7890">
+      </div>
+      <div class="form-row">
+        <label for="httpPort">HTTP Port</label>
+        <input type="number" id="httpPort" placeholder="0 (отключён)">
+      </div>
+      <div class="form-row">
+        <label for="socksPort">SOCKS5 Port</label>
+        <input type="number" id="socksPort" placeholder="0 (отключён)">
+      </div>
+      <div class="form-row">
+        <label for="redirPort">Redir Port</label>
+        <input type="number" id="redirPort" placeholder="0 (отключён)">
+      </div>
+
+      <div class="form-divider"></div>
+      <h3 class="settings-section-title">TProxy (прозрачный прокси)</h3>
       <div class="form-row">
         <label class="checkbox-label">
           <input type="checkbox" id="tproxyEnabled">
@@ -185,8 +360,9 @@
         <label for="tproxyPort">TProxy порт</label>
         <input type="number" id="tproxyPort" value="7894">
       </div>
+
       <div class="form-divider"></div>
-      <h3 style="color:var(--text);font-size:.95rem;margin-bottom:12px">DNS</h3>
+      <h3 class="settings-section-title">DNS</h3>
       <div class="form-row">
         <label class="checkbox-label">
           <input type="checkbox" id="dnsEnabled" checked>
@@ -198,7 +374,7 @@
         <input type="text" id="dnsListen" value="0.0.0.0:1053">
       </div>
       <div class="form-row">
-        <label for="dnsMode">DNS режим</label>
+        <label>DNS режим</label>
         <div class="segmented" id="dnsModeSwitch">
           <button type="button" class="seg-btn active" data-mode="redir-host">redir-host</button>
           <button type="button" class="seg-btn" data-mode="fake-ip">fake-ip</button>
@@ -206,15 +382,94 @@
       </div>
       <div class="form-row">
         <label for="dnsNameserver">DNS серверы (по строке)</label>
-        <textarea id="dnsNameserver" rows="3" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.85rem;font-family:'JetBrains Mono','Fira Code',monospace;width:100%;resize:vertical">https://doh.pub/dns-query
+        <textarea id="dnsNameserver" rows="3" class="mono-ta">https://doh.pub/dns-query
 https://dns.alidns.com/dns-query</textarea>
       </div>
       <div class="form-row">
         <label for="dnsFallback">Fallback DNS (по строке)</label>
-        <textarea id="dnsFallback" rows="2" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.85rem;font-family:'JetBrains Mono','Fira Code',monospace;width:100%;resize:vertical">tls://8.8.8.8:853
+        <textarea id="dnsFallback" rows="2" class="mono-ta">tls://8.8.8.8:853
 tls://1.1.1.1:853</textarea>
       </div>
+      <div class="form-row">
+        <label for="dnsDefaultNS">Default Nameserver (по строке)</label>
+        <textarea id="dnsDefaultNS" rows="2" class="mono-ta">223.5.5.5
+119.29.29.29</textarea>
+      </div>
+      <div class="form-row">
+        <label for="dnsProxyNS">Proxy Server Nameserver (по строке)</label>
+        <textarea id="dnsProxyNS" rows="2" class="mono-ta"></textarea>
+      </div>
+      <div class="form-row">
+        <label for="dnsFakeIPRange">Fake-IP Range</label>
+        <input type="text" id="dnsFakeIPRange" value="198.18.0.1/16">
+      </div>
+      <div class="form-row">
+        <label for="dnsFakeIPFilter">Fake-IP Filter (по строке)</label>
+        <textarea id="dnsFakeIPFilter" rows="3" class="mono-ta">*.lan
+*.local
++.market.xiaomi.com</textarea>
+      </div>
+      <div class="form-row">
+        <label for="dnsNameserverPolicy">Nameserver Policy (YAML)</label>
+        <textarea id="dnsNameserverPolicy" rows="3" class="mono-ta" placeholder="geosite:cn: https://doh.pub/dns-query"></textarea>
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="dnsUseHosts" checked>
+          <span>Использовать hosts</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="dnsUseSystemHosts" checked>
+          <span>Использовать системные hosts</span>
+        </label>
+      </div>
+
       <div class="form-divider"></div>
+      <h3 class="settings-section-title">GEO данные</h3>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="geodataMode">
+          <span>Geodata Mode (dat)</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label>Geodata Loader</label>
+        <div class="segmented" id="geodataLoaderSwitch">
+          <button type="button" class="seg-btn active" data-mode="memconservative">memconservative</button>
+          <button type="button" class="seg-btn" data-mode="standard">standard</button>
+        </div>
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="geoAutoUpdate">
+          <span>Авто-обновление GEO</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label for="geoUpdateInterval">Интервал обновления GEO (часы)</label>
+        <input type="number" id="geoUpdateInterval" value="24">
+      </div>
+      <div class="form-row">
+        <label for="geoxGeoIP">GeoIP URL</label>
+        <input type="text" id="geoxGeoIP" placeholder="https://...geoip.dat">
+      </div>
+      <div class="form-row">
+        <label for="geoxGeoSite">GeoSite URL</label>
+        <input type="text" id="geoxGeoSite" placeholder="https://...geosite.dat">
+      </div>
+      <div class="form-row">
+        <label for="geoxMMDB">MMDB URL</label>
+        <input type="text" id="geoxMMDB" placeholder="https://...country.mmdb">
+      </div>
+      <div class="form-row">
+        <label for="geoxASN">ASN URL</label>
+        <input type="text" id="geoxASN" placeholder="https://...GeoLite2-ASN.mmdb">
+      </div>
+
+      <div class="form-divider"></div>
+      <h3 class="settings-section-title">External Controller</h3>
       <div class="form-row">
         <label for="externalController">External Controller</label>
         <input type="text" id="externalController" value="0.0.0.0:9090">
@@ -223,6 +478,34 @@ tls://1.1.1.1:853</textarea>
         <label for="secret">Secret (API ключ)</label>
         <input type="text" id="secret" placeholder="опционально">
       </div>
+      <div class="form-row">
+        <label for="externalUI">External UI путь</label>
+        <input type="text" id="externalUI" placeholder="/path/to/ui">
+      </div>
+      <div class="form-row">
+        <label for="externalUIName">External UI Name</label>
+        <input type="text" id="externalUIName" placeholder="xd">
+      </div>
+      <div class="form-row">
+        <label for="externalUIURL">External UI URL (для скачивания)</label>
+        <input type="text" id="externalUIURL" placeholder="https://...">
+      </div>
+
+      <div class="form-divider"></div>
+      <h3 class="settings-section-title">Профиль</h3>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="profileStoreSelected" checked>
+          <span>Сохранять выбор группы (store-selected)</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="profileStoreFakeIP" checked>
+          <span>Сохранять fake-ip таблицу (store-fake-ip)</span>
+        </label>
+      </div>
+
       <div style="margin-top:16px;display:flex;gap:8px">
         <button type="submit" class="btn btn-primary">Сохранить настройки</button>
         <button type="button" class="btn btn-ghost" id="saveAndRestartBtn">Сохранить и перезапустить</button>
@@ -232,7 +515,7 @@ tls://1.1.1.1:853</textarea>
     <h3 style="color:var(--text);font-size:.95rem;margin-bottom:8px">config.yaml (только чтение)</h3>
     <div class="section-desc" style="margin-bottom:8px">Текущий конфиг mihomo. Обновляется автоматически после сохранения настроек.</div>
     <div class="form-row">
-      <textarea id="yamlPreview" rows="18" readonly style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text-muted);padding:9px 12px;font-size:.8rem;font-family:'JetBrains Mono','Fira Code',monospace;width:100%;resize:vertical;opacity:.85"></textarea>
+      <textarea id="yamlPreview" rows="18" readonly class="mono-ta" style="opacity:.85"></textarea>
     </div>
   </div>
 
@@ -276,7 +559,7 @@ tls://1.1.1.1:853</textarea>
     <h3 style="color:var(--text);font-size:.95rem;margin-bottom:12px">Ручная конфигурация (config.yaml)</h3>
     <div class="section-desc" style="margin-bottom:8px">Редактировать конфигурационный файл напрямую</div>
     <div class="form-row">
-      <textarea id="yamlEditor" rows="20" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.8rem;font-family:'JetBrains Mono','Fira Code',monospace;width:100%;resize:vertical"></textarea>
+      <textarea id="yamlEditor" rows="20" class="mono-ta"></textarea>
     </div>
     <div style="margin-top:8px;display:flex;gap:8px">
       <button class="btn btn-primary btn-sm" id="yamlLoadBtn">Загрузить</button>
@@ -285,33 +568,47 @@ tls://1.1.1.1:853</textarea>
   </div>
 </div>
 
-<!-- Proxy Modal -->
+<!-- ===================== PROXY MODAL ===================== -->
 <div id="proxyModal" class="modal hidden" role="dialog" aria-modal="true">
   <div class="modal-backdrop" id="proxyModalBackdrop"></div>
-  <div class="modal-box" style="width:min(560px,calc(100vw - 40px))">
+  <div class="modal-box" style="width:min(640px,calc(100vw - 40px))">
     <div class="modal-header">
       <h2 id="proxyModalTitle">Добавить прокси</h2>
       <button class="btn-icon" id="closeProxyModal" title="Закрыть">✕</button>
     </div>
-    <form id="proxyForm" autocomplete="off" style="max-height:60vh;overflow-y:auto">
+    <form id="proxyForm" autocomplete="off" style="max-height:65vh;overflow-y:auto;padding-right:4px">
+
+      <!-- Type -->
       <div class="form-row">
         <label for="proxyType">Тип</label>
-        <select id="proxyType" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
+        <select id="proxyType" class="field-select">
           <option value="ss">Shadowsocks</option>
+          <option value="ssr">ShadowsocksR</option>
           <option value="vmess">VMess</option>
           <option value="vless">VLESS</option>
           <option value="trojan">Trojan</option>
+          <option value="hysteria">Hysteria v1</option>
           <option value="hysteria2">Hysteria2</option>
+          <option value="tuic">TUIC</option>
+          <option value="wireguard">WireGuard</option>
+          <option value="snell">Snell</option>
+          <option value="ssh">SSH</option>
+          <option value="anytls">AnyTLS</option>
+          <option value="mieru">Mieru</option>
           <option value="http">HTTP</option>
           <option value="socks5">SOCKS5</option>
           <option value="direct">DIRECT</option>
         </select>
       </div>
+
+      <!-- Name -->
       <div class="form-row">
         <label for="proxyName">Имя</label>
         <input type="text" id="proxyName" placeholder="my-proxy">
       </div>
-      <div id="proxyServerFields">
+
+      <!-- Server / Port (hidden for direct) -->
+      <div id="pf-server-section">
         <div class="form-row">
           <label for="proxyServer">Сервер</label>
           <input type="text" id="proxyServer" placeholder="example.com">
@@ -321,91 +618,764 @@ tls://1.1.1.1:853</textarea>
           <input type="number" id="proxyPort" placeholder="443">
         </div>
       </div>
-      <div id="proxyAuthFields" class="hidden">
+
+      <!-- ===== SS ===== -->
+      <div id="pf-ss" class="hidden">
         <div class="form-row">
-          <label for="proxyUsername">Имя пользователя</label>
-          <input type="text" id="proxyUsername" placeholder="username">
+          <label>Шифр (cipher)</label>
+          <select id="ssCipher" class="field-select">
+            <option value="auto">auto</option>
+            <optgroup label="AES-GCM">
+              <option value="aes-128-gcm">aes-128-gcm</option>
+              <option value="aes-192-gcm">aes-192-gcm</option>
+              <option value="aes-256-gcm">aes-256-gcm</option>
+              <option value="aes-128-gcm-siv">aes-128-gcm-siv</option>
+              <option value="aes-256-gcm-siv">aes-256-gcm-siv</option>
+            </optgroup>
+            <optgroup label="AES-CTR">
+              <option value="aes-128-ctr">aes-128-ctr</option>
+              <option value="aes-192-ctr">aes-192-ctr</option>
+              <option value="aes-256-ctr">aes-256-ctr</option>
+            </optgroup>
+            <optgroup label="AES-CFB">
+              <option value="aes-128-cfb">aes-128-cfb</option>
+              <option value="aes-192-cfb">aes-192-cfb</option>
+              <option value="aes-256-cfb">aes-256-cfb</option>
+            </optgroup>
+            <optgroup label="ChaCha20">
+              <option value="chacha20-ietf-poly1305">chacha20-ietf-poly1305</option>
+              <option value="xchacha20-ietf-poly1305">xchacha20-ietf-poly1305</option>
+              <option value="chacha20-ietf">chacha20-ietf</option>
+              <option value="chacha20">chacha20</option>
+            </optgroup>
+            <optgroup label="2022-Blake3">
+              <option value="2022-blake3-aes-128-gcm">2022-blake3-aes-128-gcm</option>
+              <option value="2022-blake3-aes-256-gcm">2022-blake3-aes-256-gcm</option>
+              <option value="2022-blake3-chacha20-poly1305">2022-blake3-chacha20-poly1305</option>
+            </optgroup>
+            <optgroup label="Прочие">
+              <option value="none">none</option>
+              <option value="rc4-md5">rc4-md5</option>
+              <option value="aegis-128l">aegis-128l</option>
+              <option value="aegis-256">aegis-256</option>
+            </optgroup>
+          </select>
         </div>
         <div class="form-row">
-          <label for="proxyPassword">Пароль</label>
-          <input type="text" id="proxyPassword" placeholder="password">
+          <label>Пароль</label>
+          <input type="text" id="ssPassword" placeholder="password">
+        </div>
+        <div class="form-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="ssUOT">
+            <span>UDP over TCP</span>
+          </label>
+        </div>
+        <div class="form-row" id="pf-ss-uot-ver">
+          <label>UDP over TCP версия</label>
+          <div class="segmented" id="ssUOTVersionSwitch">
+            <button type="button" class="seg-btn active" data-mode="1">1</button>
+            <button type="button" class="seg-btn" data-mode="2">2</button>
+          </div>
+        </div>
+        <div class="form-row">
+          <label>Plugin</label>
+          <select id="ssPlugin" class="field-select">
+            <option value="">Нет</option>
+            <option value="obfs">obfs</option>
+            <option value="v2ray-plugin">v2ray-plugin</option>
+            <option value="gost-plugin">gost-plugin</option>
+            <option value="shadow-tls">shadow-tls</option>
+            <option value="restls">restls</option>
+            <option value="kcptun">kcptun</option>
+          </select>
+        </div>
+        <div id="pf-ss-obfs" class="hidden">
+          <div class="form-row">
+            <label>Obfs Mode</label>
+            <select id="ssObfsMode" class="field-select">
+              <option value="tls">tls</option>
+              <option value="http">http</option>
+            </select>
+          </div>
+          <div class="form-row">
+            <label>Obfs Host</label>
+            <input type="text" id="ssObfsHost" placeholder="bing.com">
+          </div>
+        </div>
+        <div id="pf-ss-plugin-opts" class="hidden">
+          <div class="form-row">
+            <label>Plugin-Opts (YAML)</label>
+            <textarea id="ssPluginOpts" rows="4" class="mono-ta" placeholder="mode: websocket&#10;tls: true&#10;host: example.com&#10;path: /"></textarea>
+          </div>
         </div>
       </div>
-      <div id="proxyCipherField" class="hidden">
+
+      <!-- ===== SSR ===== -->
+      <div id="pf-ssr" class="hidden">
         <div class="form-row">
-          <label for="proxyCipher">Шифр</label>
-          <select id="proxyCipher" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
+          <label>Шифр (cipher)</label>
+          <select id="ssrCipher" class="field-select">
+            <option value="none">none</option>
+            <option value="aes-128-cfb">aes-128-cfb</option>
+            <option value="aes-192-cfb">aes-192-cfb</option>
+            <option value="aes-256-cfb">aes-256-cfb</option>
+            <option value="aes-128-ctr">aes-128-ctr</option>
+            <option value="aes-192-ctr">aes-192-ctr</option>
+            <option value="aes-256-ctr">aes-256-ctr</option>
+            <option value="chacha20-ietf">chacha20-ietf</option>
+            <option value="chacha20">chacha20</option>
+            <option value="rc4-md5">rc4-md5</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Пароль</label>
+          <input type="text" id="ssrPassword" placeholder="password">
+        </div>
+        <div class="form-row">
+          <label>Protocol</label>
+          <select id="ssrProtocol" class="field-select">
+            <option value="origin">origin</option>
+            <option value="auth_sha1_v4">auth_sha1_v4</option>
+            <option value="auth_aes128_md5">auth_aes128_md5</option>
+            <option value="auth_aes128_sha1">auth_aes128_sha1</option>
+            <option value="auth_chain_a">auth_chain_a</option>
+            <option value="auth_chain_b">auth_chain_b</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Protocol Param</label>
+          <input type="text" id="ssrProtocolParam" placeholder="#">
+        </div>
+        <div class="form-row">
+          <label>Obfs</label>
+          <select id="ssrObfs" class="field-select">
+            <option value="plain">plain</option>
+            <option value="http_simple">http_simple</option>
+            <option value="http_post">http_post</option>
+            <option value="random_head">random_head</option>
+            <option value="tls1.2_ticket_auth">tls1.2_ticket_auth</option>
+            <option value="tls1.2_ticket_fastauth">tls1.2_ticket_fastauth</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Obfs Param</label>
+          <input type="text" id="ssrObfsParam" placeholder="domain.tld">
+        </div>
+      </div>
+
+      <!-- ===== VMess ===== -->
+      <div id="pf-vmess" class="hidden">
+        <div class="form-row">
+          <label>UUID</label>
+          <input type="text" id="vmessUUID" placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">
+        </div>
+        <div class="form-row">
+          <label>Alter ID</label>
+          <input type="number" id="vmessAlterID" value="0" min="0">
+        </div>
+        <div class="form-row">
+          <label>Cipher</label>
+          <select id="vmessCipher" class="field-select">
             <option value="auto">auto</option>
+            <option value="none">none</option>
+            <option value="zero">zero</option>
             <option value="aes-128-gcm">aes-128-gcm</option>
-            <option value="aes-256-gcm">aes-256-gcm</option>
-            <option value="chacha20-ietf-poly1305">chacha20-ietf-poly1305</option>
+            <option value="chacha20-poly1305">chacha20-poly1305</option>
+          </select>
+        </div>
+      </div>
+
+      <!-- ===== VLESS ===== -->
+      <div id="pf-vless" class="hidden">
+        <div class="form-row">
+          <label>UUID</label>
+          <input type="text" id="vlessUUID" placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">
+        </div>
+        <div class="form-row">
+          <label>Flow</label>
+          <select id="vlessFlow" class="field-select">
+            <option value="">Нет</option>
+            <option value="xtls-rprx-vision">xtls-rprx-vision</option>
+            <option value="xtls-rprx-vision-udp443">xtls-rprx-vision-udp443</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Encryption</label>
+          <select id="vlessEncryption" class="field-select">
             <option value="none">none</option>
           </select>
         </div>
       </div>
-      <div id="proxyUUIDField" class="hidden">
+
+      <!-- ===== Trojan ===== -->
+      <div id="pf-trojan" class="hidden">
         <div class="form-row">
-          <label for="proxyUUID">UUID</label>
-          <input type="text" id="proxyUUID" placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">
+          <label>Пароль</label>
+          <input type="text" id="trojanPassword" placeholder="password">
         </div>
       </div>
-      <div id="proxyTrojanPassField" class="hidden">
+
+      <!-- ===== Hysteria v1 ===== -->
+      <div id="pf-hysteria" class="hidden">
         <div class="form-row">
-          <label for="proxyTrojanPass">Пароль (Trojan)</label>
-          <input type="text" id="proxyTrojanPass" placeholder="password">
-        </div>
-      </div>
-      <div id="proxyHysteria2Fields" class="hidden">
-        <div class="form-row">
-          <label for="proxyObfs">Obfs тип</label>
-          <input type="text" id="proxyObfs" placeholder="salamander или пусто">
+          <label>Auth (строка)</label>
+          <input type="text" id="hyAuthStr" placeholder="yourpassword">
         </div>
         <div class="form-row">
-          <label for="proxyObfsPass">Obfs пароль</label>
-          <input type="text" id="proxyObfsPass" placeholder="obfs password">
-        </div>
-      </div>
-      <div id="proxyTLSField" class="hidden">
-        <div class="form-row">
-          <label class="checkbox-label">
-            <input type="checkbox" id="proxyTLS">
-            <span>TLS</span>
-          </label>
+          <label>Protocol</label>
+          <select id="hyProtocol" class="field-select">
+            <option value="udp">udp</option>
+            <option value="wechat-video">wechat-video</option>
+            <option value="faketcp">faketcp</option>
+          </select>
         </div>
         <div class="form-row">
-          <label for="proxySNI">SNI (ServerName)</label>
-          <input type="text" id="proxySNI" placeholder="example.com">
+          <label>Up (напр. 30 Mbps)</label>
+          <input type="text" id="hyUp" placeholder="30 Mbps">
+        </div>
+        <div class="form-row">
+          <label>Down (напр. 200 Mbps)</label>
+          <input type="text" id="hyDown" placeholder="200 Mbps">
+        </div>
+        <div class="form-row">
+          <label>Obfs</label>
+          <input type="text" id="hyObfs" placeholder="obfs строка (опционально)">
+        </div>
+        <div class="form-row">
+          <label>Ports (port hopping)</label>
+          <input type="text" id="hyPorts" placeholder="1000,2000-3000,4000">
         </div>
         <div class="form-row">
           <label class="checkbox-label">
-            <input type="checkbox" id="proxySkipCertVerify">
-            <span>Пропустить проверку сертификата</span>
+            <input type="checkbox" id="hyFastOpen">
+            <span>Fast Open</span>
           </label>
         </div>
       </div>
-      <div id="proxyVlessFlowField" class="hidden">
+
+      <!-- ===== Hysteria2 ===== -->
+      <div id="pf-hysteria2" class="hidden">
         <div class="form-row">
-          <label for="proxyFlow">Flow</label>
-          <input type="text" id="proxyFlow" placeholder="xtls-rprx-vision (опционально)">
+          <label>Пароль</label>
+          <input type="text" id="hy2Password" placeholder="yourpassword">
+        </div>
+        <div class="form-row">
+          <label>Up (напр. 30 Mbps)</label>
+          <input type="text" id="hy2Up" placeholder="30 Mbps">
+        </div>
+        <div class="form-row">
+          <label>Down (напр. 200 Mbps)</label>
+          <input type="text" id="hy2Down" placeholder="200 Mbps">
+        </div>
+        <div class="form-row">
+          <label>Obfs тип</label>
+          <select id="hy2ObfsType" class="field-select">
+            <option value="">Нет</option>
+            <option value="salamander">salamander</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Obfs пароль</label>
+          <input type="text" id="hy2ObfsPassword" placeholder="obfs password">
+        </div>
+        <div class="form-row">
+          <label>Ports (port hopping)</label>
+          <input type="text" id="hy2Ports" placeholder="443-8443">
+        </div>
+        <div class="form-row">
+          <label>Hop Interval (сек)</label>
+          <input type="number" id="hy2HopInterval" placeholder="30">
         </div>
       </div>
-      <div id="proxyNetworkField" class="hidden">
+
+      <!-- ===== TUIC ===== -->
+      <div id="pf-tuic" class="hidden">
         <div class="form-row">
-          <label for="proxyNetwork">Транспорт</label>
-          <select id="proxyNetwork" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
-            <option value="">tcp (по умолчанию)</option>
-            <option value="ws">WebSocket</option>
-            <option value="grpc">gRPC</option>
-            <option value="h2">HTTP/2</option>
+          <label>Версия</label>
+          <div class="segmented" id="tuicVersionSwitch">
+            <button type="button" class="seg-btn" data-mode="4">v4</button>
+            <button type="button" class="seg-btn active" data-mode="5">v5</button>
+          </div>
+        </div>
+        <div class="form-row" id="pf-tuic-token">
+          <label>Token (v4)</label>
+          <input type="text" id="tuicToken" placeholder="TOKEN">
+        </div>
+        <div id="pf-tuic-v5-auth">
+          <div class="form-row">
+            <label>UUID (v5)</label>
+            <input type="text" id="tuicUUID" placeholder="xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx">
+          </div>
+          <div class="form-row">
+            <label>Пароль (v5)</label>
+            <input type="text" id="tuicPassword" placeholder="PASSWORD">
+          </div>
+        </div>
+        <div class="form-row">
+          <label>IP (переопределить DNS)</label>
+          <input type="text" id="tuicIP" placeholder="127.0.0.1 (опционально)">
+        </div>
+        <div class="form-row">
+          <label>Heartbeat Interval (мс)</label>
+          <input type="number" id="tuicHeartbeat" placeholder="10000">
+        </div>
+        <div class="form-row">
+          <label>UDP Relay Mode</label>
+          <select id="tuicUDPMode" class="field-select">
+            <option value="native">native</option>
+            <option value="quic">quic</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Congestion Controller</label>
+          <select id="tuicCongestion" class="field-select">
+            <option value="">по умолчанию</option>
+            <option value="cubic">cubic</option>
+            <option value="new_reno">new_reno</option>
+            <option value="bbr">bbr</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Max UDP Relay Packet Size</label>
+          <input type="number" id="tuicMaxUDP" placeholder="1500">
+        </div>
+        <div class="form-row">
+          <label>Request Timeout (мс)</label>
+          <input type="number" id="tuicReqTimeout" placeholder="8000">
+        </div>
+        <div class="form-row">
+          <label>Max Open Streams</label>
+          <input type="number" id="tuicMaxStreams" placeholder="20">
+        </div>
+        <div class="form-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="tuicDisableSNI">
+            <span>Disable SNI</span>
+          </label>
+        </div>
+        <div class="form-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="tuicReduceRTT">
+            <span>Reduce RTT (0-RTT)</span>
+          </label>
+        </div>
+        <div class="form-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="tuicFastOpen">
+            <span>Fast Open</span>
+          </label>
+        </div>
+      </div>
+
+      <!-- ===== WireGuard ===== -->
+      <div id="pf-wireguard" class="hidden">
+        <div class="form-row">
+          <label>Private Key (base64)</label>
+          <input type="text" id="wgPrivateKey" placeholder="eCtXsJZ27+4PbhDk...">
+        </div>
+        <div class="form-row">
+          <label>Local IP (IPv4)</label>
+          <input type="text" id="wgIP" placeholder="172.16.0.2">
+        </div>
+        <div class="form-row">
+          <label>Local IPv6 (опционально)</label>
+          <input type="text" id="wgIPv6" placeholder="fd01:5ca1:ab1e::1">
+        </div>
+        <div class="form-row">
+          <label>Public Key (сервер)</label>
+          <input type="text" id="wgPublicKey" placeholder="Cr8hWlKvtDt7nrvf...">
+        </div>
+        <div class="form-row">
+          <label>Allowed IPs</label>
+          <input type="text" id="wgAllowedIPs" value="0.0.0.0/0" placeholder="0.0.0.0/0, ::/0">
+        </div>
+        <div class="form-row">
+          <label>Pre-Shared Key (опционально)</label>
+          <input type="text" id="wgPreSharedKey" placeholder="">
+        </div>
+        <div class="form-row">
+          <label>Reserved (опционально)</label>
+          <input type="text" id="wgReserved" placeholder="209,98,59 или U4An">
+        </div>
+        <div class="form-row">
+          <label>MTU (опционально)</label>
+          <input type="number" id="wgMTU" placeholder="1408">
+        </div>
+        <div class="form-row">
+          <label>Persistent Keepalive (сек)</label>
+          <input type="number" id="wgKeepalive" placeholder="0">
+        </div>
+        <div class="form-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="wgRemoteDNS">
+            <span>Remote DNS Resolve</span>
+          </label>
+        </div>
+        <div class="form-row">
+          <label>DNS (через запятую)</label>
+          <input type="text" id="wgDNS" placeholder="1.1.1.1, 8.8.8.8">
+        </div>
+        <div class="form-row">
+          <label>Dialer Proxy</label>
+          <input type="text" id="wgDialerProxy" placeholder="имя прокси (опционально)">
+        </div>
+      </div>
+
+      <!-- ===== Snell ===== -->
+      <div id="pf-snell" class="hidden">
+        <div class="form-row">
+          <label>PSK (pre-shared key)</label>
+          <input type="text" id="snellPSK" placeholder="yourpsk">
+        </div>
+        <div class="form-row">
+          <label>Версия</label>
+          <select id="snellVersion" class="field-select">
+            <option value="1">1</option>
+            <option value="2">2</option>
+            <option value="3" selected>3</option>
+            <option value="4">4</option>
+          </select>
+        </div>
+        <div class="form-row">
+          <label>Obfs Mode</label>
+          <select id="snellObfsMode" class="field-select">
+            <option value="">Нет</option>
+            <option value="http">http</option>
+            <option value="tls">tls</option>
+          </select>
+        </div>
+        <div class="form-row" id="pf-snell-obfs-host">
+          <label>Obfs Host</label>
+          <input type="text" id="snellObfsHost" placeholder="bing.com">
+        </div>
+      </div>
+
+      <!-- ===== SSH ===== -->
+      <div id="pf-ssh" class="hidden">
+        <div class="form-row">
+          <label>Username</label>
+          <input type="text" id="sshUsername" placeholder="root">
+        </div>
+        <div class="form-row">
+          <label>Пароль</label>
+          <input type="text" id="sshPassword" placeholder="password (опционально)">
+        </div>
+        <div class="form-row">
+          <label>Private Key (PEM или путь)</label>
+          <textarea id="sshPrivateKey" rows="3" class="mono-ta" placeholder="-----BEGIN OPENSSH PRIVATE KEY-----&#10;...&#10;или путь к файлу"></textarea>
+        </div>
+        <div class="form-row">
+          <label>Private Key Passphrase</label>
+          <input type="text" id="sshPrivateKeyPass" placeholder="passphrase (опционально)">
+        </div>
+        <div class="form-row">
+          <label>Host Key (по строке)</label>
+          <textarea id="sshHostKey" rows="2" class="mono-ta" placeholder="ssh-rsa AAAAB3NzaC1yc2EAA... (пусто = принимать все)"></textarea>
+        </div>
+        <div class="form-row">
+          <label>Host Key Algorithms (по строке)</label>
+          <textarea id="sshHostKeyAlgos" rows="2" class="mono-ta" placeholder="rsa&#10;ecdsa"></textarea>
+        </div>
+      </div>
+
+      <!-- ===== AnyTLS ===== -->
+      <div id="pf-anytls" class="hidden">
+        <div class="form-row">
+          <label>Пароль</label>
+          <input type="text" id="anytlsPassword" placeholder="password">
+        </div>
+      </div>
+
+      <!-- ===== Mieru ===== -->
+      <div id="pf-mieru" class="hidden">
+        <div class="form-row">
+          <label>Username</label>
+          <input type="text" id="mieruUsername" placeholder="username">
+        </div>
+        <div class="form-row">
+          <label>Пароль</label>
+          <input type="text" id="mieruPassword" placeholder="password">
+        </div>
+        <div class="form-row">
+          <label>Transport</label>
+          <select id="mieruTransport" class="field-select">
+            <option value="TCP">TCP</option>
+            <option value="UDP">UDP</option>
           </select>
         </div>
       </div>
-      <div class="form-row">
+
+      <!-- ===== HTTP / SOCKS5 ===== -->
+      <div id="pf-http-auth" class="hidden">
+        <div class="form-row">
+          <label>Username (опционально)</label>
+          <input type="text" id="httpUsername" placeholder="username">
+        </div>
+        <div class="form-row">
+          <label>Пароль (опционально)</label>
+          <input type="text" id="httpPassword" placeholder="password">
+        </div>
+        <div class="form-row" id="pf-http-headers-row">
+          <label>Headers (key: value, по строке)</label>
+          <textarea id="httpHeaders" rows="2" class="mono-ta" placeholder="X-Custom: value"></textarea>
+        </div>
+      </div>
+
+      <!-- ===== TRANSPORT SECTION ===== -->
+      <div id="pf-transport-section" class="hidden">
+        <div class="form-divider"></div>
+        <div class="pf-section-title">Транспорт</div>
+        <div class="form-row">
+          <label>Network</label>
+          <select id="proxyNetwork" class="field-select">
+            <option value="">tcp (по умолчанию)</option>
+            <option value="ws">WebSocket (ws)</option>
+            <option value="h2">HTTP/2 (h2)</option>
+            <option value="grpc">gRPC</option>
+            <option value="http">HTTP</option>
+            <option value="xhttp">XHTTP (только VLESS)</option>
+          </select>
+        </div>
+
+        <!-- WS opts -->
+        <div id="pf-ws-opts" class="hidden">
+          <div class="form-row">
+            <label>WS Path</label>
+            <input type="text" id="wsPath" placeholder="/path">
+          </div>
+          <div class="form-row">
+            <label>WS Host (заголовок)</label>
+            <input type="text" id="wsHost" placeholder="example.com">
+          </div>
+          <div class="form-row">
+            <label>Max Early Data</label>
+            <input type="number" id="wsMaxEarlyData" placeholder="0">
+          </div>
+          <div class="form-row">
+            <label>Early Data Header Name</label>
+            <input type="text" id="wsEarlyDataHeader" placeholder="">
+          </div>
+          <div class="form-row">
+            <label class="checkbox-label">
+              <input type="checkbox" id="wsV2rayUpgrade">
+              <span>v2ray-http-upgrade</span>
+            </label>
+          </div>
+          <div class="form-row">
+            <label class="checkbox-label">
+              <input type="checkbox" id="wsV2rayUpgradeFO">
+              <span>v2ray-http-upgrade-fast-open</span>
+            </label>
+          </div>
+        </div>
+
+        <!-- H2 opts -->
+        <div id="pf-h2-opts" class="hidden">
+          <div class="form-row">
+            <label>H2 Host (по строке)</label>
+            <textarea id="h2Host" rows="2" class="mono-ta" placeholder="example.com"></textarea>
+          </div>
+          <div class="form-row">
+            <label>H2 Path</label>
+            <input type="text" id="h2Path" placeholder="/">
+          </div>
+        </div>
+
+        <!-- gRPC opts -->
+        <div id="pf-grpc-opts" class="hidden">
+          <div class="form-row">
+            <label>gRPC Service Name</label>
+            <input type="text" id="grpcServiceName" placeholder="example">
+          </div>
+          <div class="form-row">
+            <label>gRPC User-Agent</label>
+            <input type="text" id="grpcUserAgent" placeholder="">
+          </div>
+        </div>
+
+        <!-- HTTP transport opts -->
+        <div id="pf-http-transport-opts" class="hidden">
+          <div class="form-row">
+            <label>HTTP Method</label>
+            <select id="httpTransportMethod" class="field-select">
+              <option value="GET">GET</option>
+              <option value="POST">POST</option>
+              <option value="PUT">PUT</option>
+            </select>
+          </div>
+          <div class="form-row">
+            <label>HTTP Path (по строке)</label>
+            <textarea id="httpTransportPath" rows="2" class="mono-ta" placeholder="/&#10;/video"></textarea>
+          </div>
+        </div>
+
+        <!-- XHTTP opts -->
+        <div id="pf-xhttp-opts" class="hidden">
+          <div class="form-row">
+            <label>XHTTP Path</label>
+            <input type="text" id="xhttpPath" placeholder="/">
+          </div>
+          <div class="form-row">
+            <label>XHTTP Host</label>
+            <input type="text" id="xhttpHost" placeholder="example.com">
+          </div>
+          <div class="form-row">
+            <label>XHTTP Mode</label>
+            <select id="xhttpMode" class="field-select">
+              <option value="">auto</option>
+              <option value="stream-one">stream-one</option>
+              <option value="stream-up">stream-up</option>
+              <option value="packet-up">packet-up</option>
+            </select>
+          </div>
+          <div class="form-row">
+            <label class="checkbox-label">
+              <input type="checkbox" id="xhttpNoGRPC">
+              <span>No gRPC Header</span>
+            </label>
+          </div>
+          <div class="form-row">
+            <label>X-Padding-Bytes</label>
+            <input type="text" id="xhttpPaddingBytes" placeholder="100-1000">
+          </div>
+        </div>
+      </div>
+
+      <!-- ===== TLS SECTION ===== -->
+      <div id="pf-tls-section" class="hidden">
+        <div class="form-divider"></div>
+        <div class="pf-section-title">TLS</div>
+
+        <div class="form-row" id="pf-tls-toggle-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="proxyTLS">
+            <span>Включить TLS</span>
+          </label>
+        </div>
+
+        <div id="pf-tls-fields" class="hidden">
+          <div class="form-row">
+            <label>SNI / Servername</label>
+            <input type="text" id="proxySNI" placeholder="example.com">
+          </div>
+          <div class="form-row">
+            <label>Fingerprint (SHA256)</label>
+            <input type="text" id="proxyFingerprint" placeholder="xx:xx:xx:... (опционально)">
+          </div>
+          <div class="form-row">
+            <label>ALPN (по строке)</label>
+            <textarea id="proxyALPN" rows="2" class="mono-ta" placeholder="h2&#10;http/1.1"></textarea>
+          </div>
+          <div class="form-row">
+            <label class="checkbox-label">
+              <input type="checkbox" id="proxySkipCertVerify">
+              <span>Skip Cert Verify</span>
+            </label>
+          </div>
+          <div class="form-row" id="pf-client-fp-row">
+            <label>Client Fingerprint</label>
+            <select id="proxyClientFP" class="field-select">
+              <option value="">Нет</option>
+              <option value="chrome">chrome</option>
+              <option value="firefox">firefox</option>
+              <option value="safari">safari</option>
+              <option value="ios">ios</option>
+              <option value="android">android</option>
+              <option value="edge">edge</option>
+              <option value="360">360</option>
+              <option value="qq">qq</option>
+              <option value="random">random</option>
+            </select>
+          </div>
+
+          <!-- Reality -->
+          <div id="pf-reality-section">
+            <div class="form-divider" style="margin:10px 0"></div>
+            <div class="pf-subsection-title">Reality (опционально)</div>
+            <div class="form-row">
+              <label>Public Key</label>
+              <input type="text" id="realityPublicKey" placeholder="base64 публичный ключ">
+            </div>
+            <div class="form-row">
+              <label>Short ID</label>
+              <input type="text" id="realityShortID" placeholder="short_id">
+            </div>
+            <div class="form-row">
+              <label class="checkbox-label">
+                <input type="checkbox" id="realityX25519mlkem">
+                <span>Support X25519-MLKEM768</span>
+              </label>
+            </div>
+          </div>
+
+          <!-- ECH -->
+          <div id="pf-ech-section">
+            <div class="form-divider" style="margin:10px 0"></div>
+            <div class="pf-subsection-title">ECH (опционально)</div>
+            <div class="form-row">
+              <label class="checkbox-label">
+                <input type="checkbox" id="echEnable">
+                <span>Включить ECH</span>
+              </label>
+            </div>
+            <div class="form-row">
+              <label>ECH Config (base64)</label>
+              <textarea id="echConfig" rows="2" class="mono-ta" placeholder="AEn+DQBFKwAgACA..."></textarea>
+            </div>
+            <div class="form-row">
+              <label>ECH Query Server Name</label>
+              <input type="text" id="echQuerySNI" placeholder="опционально">
+            </div>
+          </div>
+        </div>
+      </div>
+
+      <!-- ===== ADVANCED / COMMON ===== -->
+      <div class="form-divider"></div>
+      <div class="pf-section-title">Дополнительно</div>
+
+      <div class="form-row" id="pf-udp-row">
         <label class="checkbox-label">
           <input type="checkbox" id="proxyUDP" checked>
           <span>UDP</span>
         </label>
       </div>
+      <div class="form-row">
+        <label>IP Version</label>
+        <select id="proxyIPVersion" class="field-select">
+          <option value="">dual (по умолчанию)</option>
+          <option value="ipv4">ipv4</option>
+          <option value="ipv6">ipv6</option>
+          <option value="ipv4-prefer">ipv4-prefer</option>
+          <option value="ipv6-prefer">ipv6-prefer</option>
+        </select>
+      </div>
+      <div class="form-row">
+        <label>Interface Name</label>
+        <input type="text" id="proxyInterface" placeholder="eth0 (опционально)">
+      </div>
+      <div class="form-row">
+        <label>Routing Mark</label>
+        <input type="number" id="proxyRoutingMark" placeholder="опционально">
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="proxyTFO">
+          <span>TCP Fast Open (TFO)</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="proxyMPTCP">
+          <span>MPTCP</span>
+        </label>
+      </div>
+      <div class="form-row" id="pf-dialer-proxy-row">
+        <label>Dialer Proxy</label>
+        <input type="text" id="proxyDialerProxy" placeholder="имя прокси или группы">
+      </div>
+
       <input type="hidden" id="proxyEditName" value="">
     </form>
     <div class="modal-footer">
@@ -415,65 +1385,98 @@ tls://1.1.1.1:853</textarea>
   </div>
 </div>
 
-<!-- Group Modal -->
+<!-- ===================== GROUP MODAL ===================== -->
 <div id="groupModal" class="modal hidden" role="dialog" aria-modal="true">
   <div class="modal-backdrop" id="groupModalBackdrop"></div>
-  <div class="modal-box" style="width:min(560px,calc(100vw - 40px))">
+  <div class="modal-box" style="width:min(580px,calc(100vw - 40px))">
     <div class="modal-header">
       <h2 id="groupModalTitle">Добавить группу</h2>
       <button class="btn-icon" id="closeGroupModal" title="Закрыть">✕</button>
     </div>
-    <form id="groupForm" autocomplete="off">
+    <form id="groupForm" autocomplete="off" style="max-height:65vh;overflow-y:auto;padding-right:4px">
       <div class="form-row">
         <label for="groupName">Имя группы</label>
         <input type="text" id="groupName" placeholder="proxy">
       </div>
       <div class="form-row">
         <label for="groupType">Тип</label>
-        <select id="groupType" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
+        <select id="groupType" class="field-select">
           <option value="select">Select (ручной выбор)</option>
           <option value="url-test">URL-test (автовыбор по задержке)</option>
           <option value="fallback">Fallback (резервный)</option>
           <option value="load-balance">Load Balance (балансировка)</option>
+          <option value="relay">Relay (цепочка)</option>
         </select>
       </div>
       <div id="groupURLField" class="hidden">
         <div class="form-row">
           <label for="groupURL">URL тестирования</label>
-          <input type="text" id="groupURL" value="https://www.gstatic.com/generate_204" placeholder="https://www.gstatic.com/generate_204">
+          <input type="text" id="groupURL" value="https://www.gstatic.com/generate_204">
         </div>
         <div class="form-row">
           <label for="groupInterval">Интервал тестирования (сек)</label>
           <input type="number" id="groupInterval" value="300">
         </div>
         <div class="form-row">
-          <label for="groupTolerance">Допуск (мс)</label>
+          <label for="groupTimeout">Timeout (мс)</label>
+          <input type="number" id="groupTimeout" value="5000" placeholder="5000">
+        </div>
+        <div class="form-row">
+          <label for="groupTolerance">Допуск (мс, для url-test)</label>
           <input type="number" id="groupTolerance" value="50" placeholder="50">
         </div>
+        <div class="form-row">
+          <label for="groupMaxFailed">Max Failed Times</label>
+          <input type="number" id="groupMaxFailed" value="5" placeholder="5">
+        </div>
+        <div class="form-row">
+          <label class="checkbox-label">
+            <input type="checkbox" id="groupLazy" checked>
+            <span>Lazy (не тестировать без использования)</span>
+          </label>
+        </div>
       </div>
-      <div id="groupLBStrategy" class="hidden">
+      <div id="groupLBStrategyDiv" class="hidden">
         <div class="form-row">
           <label>Стратегия балансировки</label>
-          <select id="groupLBStrategy" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
+          <select id="groupLBStrategy" class="field-select">
             <option value="round-robin">Round Robin</option>
             <option value="consistent-hashing">Consistent Hashing</option>
             <option value="sticky-sessions">Sticky Sessions</option>
           </select>
         </div>
       </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="groupDisableUDP">
+          <span>Disable UDP</span>
+        </label>
+      </div>
       <div class="form-row">
         <label>Прокси-ноды в группе</label>
-        <div id="groupProxyCheckboxes" style="max-height:200px;overflow-y:auto;background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);padding:8px"></div>
+        <div id="groupProxyCheckboxes" style="max-height:180px;overflow-y:auto;background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);padding:8px"></div>
       </div>
       <div class="form-row">
         <label class="checkbox-label">
           <input type="checkbox" id="groupIncludeAll">
-          <span>Включить все прокси автоматически</span>
+          <span>Включить все прокси автоматически (include-all)</span>
         </label>
       </div>
       <div class="form-row">
         <label for="groupFilter">Фильтр (regex)</label>
-        <input type="text" id="groupFilter" placeholder="напр. (?i)hk|hongkong">
+        <input type="text" id="groupFilter" placeholder="(?i)hk|hongkong">
+      </div>
+      <div class="form-row">
+        <label for="groupExcludeFilter">Exclude Filter (regex)</label>
+        <input type="text" id="groupExcludeFilter" placeholder="">
+      </div>
+      <div class="form-row">
+        <label for="groupExcludeType">Exclude Type (через |)</label>
+        <input type="text" id="groupExcludeType" placeholder="ss|vmess">
+      </div>
+      <div class="form-row">
+        <label for="groupExpectedStatus">Expected Status</label>
+        <input type="text" id="groupExpectedStatus" placeholder="204 или 200/204">
       </div>
       <input type="hidden" id="groupEditName" value="">
     </form>
@@ -484,7 +1487,7 @@ tls://1.1.1.1:853</textarea>
   </div>
 </div>
 
-<!-- Rule Modal -->
+<!-- ===================== RULE MODAL ===================== -->
 <div id="ruleModal" class="modal hidden" role="dialog" aria-modal="true">
   <div class="modal-backdrop" id="ruleModalBackdrop"></div>
   <div class="modal-box" style="width:min(520px,calc(100vw - 40px))">
@@ -495,18 +1498,48 @@ tls://1.1.1.1:853</textarea>
     <form id="ruleForm" autocomplete="off">
       <div class="form-row">
         <label for="ruleType">Тип правила</label>
-        <select id="ruleType" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
-          <option value="DOMAIN">DOMAIN (точный домен)</option>
-          <option value="DOMAIN-SUFFIX">DOMAIN-SUFFIX (домен суффикс)</option>
-          <option value="DOMAIN-KEYWORD">DOMAIN-KEYWORD (ключевое слово)</option>
-          <option value="GEOSITE">GEOSITE (геосайт)</option>
-          <option value="GEOIP">GEOIP (гео IP)</option>
-          <option value="IP-CIDR">IP-CIDR (подсеть)</option>
-          <option value="SRC-IP-CIDR">SRC-IP-CIDR (источник подсеть)</option>
-          <option value="DST-PORT">DST-PORT (порт назначения)</option>
-          <option value="SRC-PORT">SRC-PORT (порт источника)</option>
-          <option value="MATCH">MATCH (всё)</option>
-          <option value="RULE-SET">RULE-SET (набор правил)</option>
+        <select id="ruleType" class="field-select">
+          <optgroup label="Домен">
+            <option value="DOMAIN">DOMAIN</option>
+            <option value="DOMAIN-SUFFIX">DOMAIN-SUFFIX</option>
+            <option value="DOMAIN-KEYWORD">DOMAIN-KEYWORD</option>
+            <option value="DOMAIN-WILDCARD">DOMAIN-WILDCARD</option>
+            <option value="DOMAIN-REGEX">DOMAIN-REGEX</option>
+            <option value="GEOSITE">GEOSITE</option>
+          </optgroup>
+          <optgroup label="IP">
+            <option value="IP-CIDR">IP-CIDR</option>
+            <option value="IP-CIDR6">IP-CIDR6</option>
+            <option value="IP-SUFFIX">IP-SUFFIX</option>
+            <option value="IP-ASN">IP-ASN</option>
+            <option value="GEOIP">GEOIP</option>
+          </optgroup>
+          <optgroup label="Источник">
+            <option value="SRC-IP-CIDR">SRC-IP-CIDR</option>
+            <option value="SRC-IP-SUFFIX">SRC-IP-SUFFIX</option>
+            <option value="SRC-IP-ASN">SRC-IP-ASN</option>
+            <option value="SRC-GEOIP">SRC-GEOIP</option>
+            <option value="SRC-PORT">SRC-PORT</option>
+          </optgroup>
+          <optgroup label="Порт / Сеть">
+            <option value="DST-PORT">DST-PORT</option>
+            <option value="IN-PORT">IN-PORT</option>
+            <option value="NETWORK">NETWORK</option>
+            <option value="DSCP">DSCP</option>
+          </optgroup>
+          <optgroup label="Процесс">
+            <option value="PROCESS-NAME">PROCESS-NAME</option>
+            <option value="PROCESS-PATH">PROCESS-PATH</option>
+          </optgroup>
+          <optgroup label="Входящее соединение">
+            <option value="IN-TYPE">IN-TYPE</option>
+          </optgroup>
+          <optgroup label="Наборы правил">
+            <option value="RULE-SET">RULE-SET</option>
+          </optgroup>
+          <optgroup label="Прочие">
+            <option value="MATCH">MATCH (всё)</option>
+          </optgroup>
         </select>
       </div>
       <div id="ruleValueField" class="form-row">
@@ -515,9 +1548,10 @@ tls://1.1.1.1:853</textarea>
       </div>
       <div class="form-row">
         <label for="ruleProxy">Прокси / Группа</label>
-        <select id="ruleProxy" style="background:var(--bg-deep);border:1px solid var(--border);border-radius:var(--radius-sm);color:var(--text);padding:9px 12px;font-size:.9rem;width:100%">
+        <select id="ruleProxy" class="field-select">
           <option value="DIRECT">DIRECT</option>
           <option value="REJECT">REJECT</option>
+          <option value="REJECT-DROP">REJECT-DROP</option>
         </select>
       </div>
       <div id="ruleNoResolveDiv" class="form-row">
@@ -534,9 +1568,188 @@ tls://1.1.1.1:853</textarea>
   </div>
 </div>
 
-<!-- Notification toast -->
+<!-- ===================== PROXY PROVIDER MODAL ===================== -->
+<div id="proxyProviderModal" class="modal hidden" role="dialog" aria-modal="true">
+  <div class="modal-backdrop" id="ppModalBackdrop"></div>
+  <div class="modal-box" style="width:min(580px,calc(100vw - 40px))">
+    <div class="modal-header">
+      <h2 id="ppModalTitle">Добавить провайдер прокси</h2>
+      <button class="btn-icon" id="closePPModal">✕</button>
+    </div>
+    <form id="ppForm" autocomplete="off" style="max-height:65vh;overflow-y:auto;padding-right:4px">
+      <div class="form-row">
+        <label>Имя</label>
+        <input type="text" id="ppName" placeholder="provider1">
+      </div>
+      <div class="form-row">
+        <label>Тип</label>
+        <select id="ppType" class="field-select">
+          <option value="http">http (по URL)</option>
+          <option value="file">file (локальный файл)</option>
+          <option value="inline">inline (встроенный)</option>
+        </select>
+      </div>
+      <div class="form-row" id="pp-url-row">
+        <label>URL</label>
+        <input type="text" id="ppURL" placeholder="http://example.com/proxies.yaml">
+      </div>
+      <div class="form-row">
+        <label>Path (локальный путь)</label>
+        <input type="text" id="ppPath" placeholder="./proxy_providers/provider1.yaml">
+      </div>
+      <div class="form-row" id="pp-interval-row">
+        <label>Интервал обновления (сек)</label>
+        <input type="number" id="ppInterval" value="3600">
+      </div>
+      <div class="form-row">
+        <label>Proxy для скачивания</label>
+        <input type="text" id="ppProxy" placeholder="DIRECT">
+      </div>
+      <div class="form-divider"></div>
+      <div class="pf-subsection-title">Health Check</div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="ppHCEnable" checked>
+          <span>Включить Health Check</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label>Health Check URL</label>
+        <input type="text" id="ppHCURL" value="https://www.gstatic.com/generate_204">
+      </div>
+      <div class="form-row">
+        <label>HC Интервал (сек)</label>
+        <input type="number" id="ppHCInterval" value="300">
+      </div>
+      <div class="form-row">
+        <label>HC Timeout (мс)</label>
+        <input type="number" id="ppHCTimeout" value="5000">
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="ppHCLazy" checked>
+          <span>Lazy (не проверять без использования)</span>
+        </label>
+      </div>
+      <div class="form-divider"></div>
+      <div class="pf-subsection-title">Фильтрация</div>
+      <div class="form-row">
+        <label>Filter (regex)</label>
+        <input type="text" id="ppFilter" placeholder="(?i)hk|hongkong">
+      </div>
+      <div class="form-row">
+        <label>Exclude Filter (regex)</label>
+        <input type="text" id="ppExcludeFilter" placeholder="">
+      </div>
+      <div class="form-row">
+        <label>Exclude Type (через |)</label>
+        <input type="text" id="ppExcludeType" placeholder="ss|vmess">
+      </div>
+      <div class="form-divider"></div>
+      <div class="pf-subsection-title">Override (переопределение полей нод)</div>
+      <div class="form-row">
+        <label>Additional Prefix</label>
+        <input type="text" id="ppOverridePrefix" placeholder="">
+      </div>
+      <div class="form-row">
+        <label>Additional Suffix</label>
+        <input type="text" id="ppOverrideSuffix" placeholder="">
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="ppOverrideSkipCert">
+          <span>skip-cert-verify</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label class="checkbox-label">
+          <input type="checkbox" id="ppOverrideUDP">
+          <span>udp: true</span>
+        </label>
+      </div>
+      <div class="form-row">
+        <label>IP Version override</label>
+        <select id="ppOverrideIPVersion" class="field-select">
+          <option value="">Не переопределять</option>
+          <option value="ipv4">ipv4</option>
+          <option value="ipv6">ipv6</option>
+          <option value="ipv4-prefer">ipv4-prefer</option>
+          <option value="ipv6-prefer">ipv6-prefer</option>
+        </select>
+      </div>
+      <input type="hidden" id="ppEditName" value="">
+    </form>
+    <div class="modal-footer">
+      <button class="btn btn-ghost" id="cancelPPBtn">Отмена</button>
+      <button class="btn btn-primary" id="savePPBtn">Сохранить</button>
+    </div>
+  </div>
+</div>
+
+<!-- ===================== RULE PROVIDER MODAL ===================== -->
+<div id="ruleProviderModal" class="modal hidden" role="dialog" aria-modal="true">
+  <div class="modal-backdrop" id="rpModalBackdrop"></div>
+  <div class="modal-box" style="width:min(540px,calc(100vw - 40px))">
+    <div class="modal-header">
+      <h2 id="rpModalTitle">Добавить провайдер правил</h2>
+      <button class="btn-icon" id="closeRPModal">✕</button>
+    </div>
+    <form id="rpForm" autocomplete="off">
+      <div class="form-row">
+        <label>Имя</label>
+        <input type="text" id="rpName" placeholder="google">
+      </div>
+      <div class="form-row">
+        <label>Тип</label>
+        <select id="rpType" class="field-select">
+          <option value="http">http (по URL)</option>
+          <option value="file">file (локальный файл)</option>
+          <option value="inline">inline (встроенный)</option>
+        </select>
+      </div>
+      <div class="form-row">
+        <label>Behavior</label>
+        <select id="rpBehavior" class="field-select">
+          <option value="domain">domain</option>
+          <option value="ipcidr">ipcidr</option>
+          <option value="classical">classical</option>
+        </select>
+      </div>
+      <div class="form-row">
+        <label>Format</label>
+        <select id="rpFormat" class="field-select">
+          <option value="yaml">yaml</option>
+          <option value="text">text</option>
+          <option value="mrs">mrs</option>
+        </select>
+      </div>
+      <div class="form-row" id="rp-url-row">
+        <label>URL</label>
+        <input type="text" id="rpURL" placeholder="https://raw.githubusercontent.com/.../Google.yaml">
+      </div>
+      <div class="form-row">
+        <label>Path (локальный путь)</label>
+        <input type="text" id="rpPath" placeholder="./rule1.yaml">
+      </div>
+      <div class="form-row" id="rp-interval-row">
+        <label>Интервал обновления (сек)</label>
+        <input type="number" id="rpInterval" value="600">
+      </div>
+      <div class="form-row">
+        <label>Proxy для скачивания</label>
+        <input type="text" id="rpProxy" placeholder="DIRECT">
+      </div>
+      <input type="hidden" id="rpEditName" value="">
+    </form>
+    <div class="modal-footer">
+      <button class="btn btn-ghost" id="cancelRPBtn">Отмена</button>
+      <button class="btn btn-primary" id="saveRPBtn">Сохранить</button>
+    </div>
+  </div>
+</div>
+
 <div id="toast" class="toast hidden"></div>
 
 <script src="proxy.js"></script>
 </body>
-</html>
\ No newline at end of file
+</html>
diff --git a/public/proxy.js b/public/proxy.js
index 0e08af7..9ba150f 100644
--- a/public/proxy.js
+++ b/public/proxy.js
@@ -5,6 +5,7 @@ const PS = {
   config: null,
 };
 
+// ─── API helpers ───
 async function api(method, path, body) {
   const opts = {
     method,
@@ -36,23 +37,63 @@ function showToast(msg, type = 'info') {
   t._timer = setTimeout(() => t.classList.add('hidden'), 3500);
 }
 
-function typeLabel(t) {
-  const m = { ss: 'Shadowsocks', vmess: 'VMess', vless: 'VLESS', trojan: 'Trojan', hysteria2: 'Hysteria2', http: 'HTTP', socks5: 'SOCKS5', direct: 'DIRECT' };
-  return m[t] || t;
+function esc(s) {
+  if (s == null) return '';
+  const d = document.createElement('div');
+  d.textContent = String(s);
+  return d.innerHTML;
 }
 
-function groupTypeLabel(t) {
-  const m = { select: 'Выбор', 'url-test': 'Автотест', fallback: 'Резерв', 'load-balance': 'Балансировка' };
-  return m[t] || t;
+// ─── Segmented buttons ───
+function setSegBtn(id, mode) {
+  document.querySelectorAll(`#${id} .seg-btn`).forEach(b => {
+    b.classList.toggle('active', b.dataset.mode === mode);
+  });
 }
 
+function getSegBtn(id) {
+  const active = document.querySelector(`#${id} .seg-btn.active`);
+  return active ? active.dataset.mode : '';
+}
+
+// Generic seg btn click handler
+document.querySelectorAll('.segmented').forEach(seg => {
+  seg.addEventListener('click', e => {
+    const btn = e.target.closest('.seg-btn');
+    if (!btn || !seg.id) return;
+    seg.querySelectorAll('.seg-btn').forEach(b => b.classList.remove('active'));
+    btn.classList.add('active');
+  });
+});
+
+// ─── Config accessors ───
 function getProxies() { return PS.config && Array.isArray(PS.config.proxies) ? PS.config.proxies : []; }
 function getGroups() { return PS.config && Array.isArray(PS.config['proxy-groups']) ? PS.config['proxy-groups'] : []; }
 function getRules() { return PS.config && Array.isArray(PS.config.rules) ? PS.config.rules : []; }
-function getGeneral() { return PS.config && PS.config.general ? PS.config.general : {}; }
-function getTProxy() { return PS.config && PS.config.tproxy ? PS.config.tproxy : {}; }
-function getDNS() { return PS.config && PS.config.dns ? PS.config.dns : {}; }
+function getProxyProviders() {
+  const pp = PS.config && PS.config['proxy-providers'];
+  if (!pp || typeof pp !== 'object') return [];
+  return Object.entries(pp).map(([name, val]) => ({ name, ...val }));
+}
+function getRuleProviders() {
+  const rp = PS.config && PS.config['rule-providers'];
+  if (!rp || typeof rp !== 'object') return [];
+  return Object.entries(rp).map(([name, val]) => ({ name, ...val }));
+}
 
+// ─── Type labels ───
+const PROTO_LABELS = {
+  ss: 'Shadowsocks', ssr: 'ShadowsocksR', vmess: 'VMess', vless: 'VLESS',
+  trojan: 'Trojan', hysteria: 'Hysteria', hysteria2: 'Hysteria2', tuic: 'TUIC',
+  wireguard: 'WireGuard', snell: 'Snell', ssh: 'SSH', anytls: 'AnyTLS',
+  mieru: 'Mieru', http: 'HTTP', socks5: 'SOCKS5', direct: 'DIRECT',
+};
+function typeLabel(t) { return PROTO_LABELS[t] || t; }
+
+const GROUP_LABELS = { select: 'Выбор', 'url-test': 'Автотест', fallback: 'Резерв', 'load-balance': 'Балансировка', relay: 'Relay' };
+function groupTypeLabel(t) { return GROUP_LABELS[t] || t; }
+
+// ─── Load / Save ───
 async function loadStatus() {
   try {
     PS.status = await get('/api/mihomo/status');
@@ -98,46 +139,42 @@ async function refreshYAMLPreview() {
   try {
     const res = await fetch('/api/mihomo/config.yaml');
     if (res.ok) {
-      document.getElementById('yamlPreview').value = await res.text();
+      const el = document.getElementById('yamlPreview');
+      if (el) el.value = await res.text();
     }
   } catch (e) { /* ignore */ }
 }
 
+// ─── Status rendering ───
 function renderStatus() {
   const s = PS.status;
   if (!s) return;
   const text = document.getElementById('statusText');
   const headerBadge = document.getElementById('statusBadge');
-  const startBtn = document.getElementById('startBtn');
-  const stopBtn = document.getElementById('stopBtn');
+  const toggle = document.getElementById('serviceActive');
+  const toggleText = document.getElementById('serviceToggleText');
   const restartBtn = document.getElementById('restartBtn');
   const coreInfo = document.getElementById('coreInfo');
 
   if (s.running) {
-    text.className = 'svc-badge running';
-    text.textContent = 'Запущен (PID ' + (s.pid || '?') + ')';
-    headerBadge.className = 'svc-badge running';
-    headerBadge.textContent = 'Запущен';
-    startBtn.disabled = true;
-    stopBtn.disabled = false;
-    restartBtn.disabled = false;
+    text.className = 'svc-badge running'; text.textContent = 'Запущен (PID ' + (s.pid || '?') + ')';
+    headerBadge.className = 'svc-badge running'; headerBadge.textContent = 'Запущен';
+    toggle.checked = true; toggleText.textContent = 'Запущен'; restartBtn.disabled = false;
   } else {
-    text.className = 'svc-badge stopped';
-    text.textContent = 'Остановлен';
-    headerBadge.className = 'svc-badge stopped';
-    headerBadge.textContent = 'Остановлен';
-    startBtn.disabled = false;
-    stopBtn.disabled = true;
-    restartBtn.disabled = true;
+    text.className = 'svc-badge stopped'; text.textContent = 'Остановлен';
+    headerBadge.className = 'svc-badge stopped'; headerBadge.textContent = 'Остановлен';
+    toggle.checked = false; toggleText.textContent = 'Остановлен'; restartBtn.disabled = true;
   }
 
-  document.getElementById('corePath').textContent = s.core_path || '—';
-  document.getElementById('coreExists').textContent = s.core_exists ? 'Да' : 'Нет';
-  document.getElementById('corePid').textContent = s.running && s.pid ? s.pid : '—';
+  const corePath = document.getElementById('corePath');
+  const coreExists = document.getElementById('coreExists');
+  const corePid = document.getElementById('corePid');
+  if (corePath) corePath.textContent = s.core_path || '—';
+  if (coreExists) coreExists.textContent = s.core_exists ? 'Да' : 'Нет';
+  if (corePid) corePid.textContent = s.running && s.pid ? s.pid : '—';
 
   if (!s.core_exists) {
     coreInfo.classList.remove('hidden');
-    document.getElementById('coreInfoMsg').textContent = 'Ядро Mihomo не найдено. Загрузите бинарный файл в раздел «Ядро».';
   } else {
     coreInfo.classList.add('hidden');
   }
@@ -146,27 +183,37 @@ function renderStatus() {
   document.getElementById('loading').classList.add('hidden');
 }
 
+// ─── Render all ───
 function renderAll() {
   renderProxies();
   renderGroups();
   renderRules();
+  renderProxyProviders();
+  renderRuleProviders();
   fillSettings();
   refreshYAMLPreview();
 }
 
+// ─── Render proxies ───
 function renderProxies() {
   const list = document.getElementById('proxyList');
   const empty = document.getElementById('proxyEmpty');
   const proxies = getProxies();
   list.innerHTML = '';
-  if (proxies.length === 0) {
-    empty.classList.remove('hidden');
-    return;
-  }
+  if (proxies.length === 0) { empty.classList.remove('hidden'); return; }
   empty.classList.add('hidden');
   proxies.forEach(p => {
     const card = document.createElement('div');
     card.className = 'proxy-card';
+    const server = p.type === 'direct' ? '' :
+      p.type === 'wireguard' ? (p.ip || '—') :
+      `<div class="info-row"><span class="info-label">Сервер</span><span class="info-val mono">${esc(p.server || '—')}</span></div>
+      <div class="info-row"><span class="info-label">Порт</span><span class="info-val mono">${p.port || '—'}</span></div>`;
+    const tags = [
+      p.udp ? '<span class="tag-active">UDP</span>' : '',
+      p.tls ? '<span class="tag-active">TLS</span>' : '',
+      p.network ? `<span class="tag-active">${esc(p.network)}</span>` : '',
+    ].filter(Boolean).join('');
     card.innerHTML = `
       <div class="proxy-card-header">
         <div style="display:flex;align-items:center;gap:8px">
@@ -178,31 +225,23 @@ function renderProxies() {
           <button class="btn btn-danger btn-sm" data-delete-proxy="${esc(p.name)}">Удалить</button>
         </div>
       </div>
-      <div class="proxy-card-info">
-        ${p.type !== 'direct' ? `<div class="info-row"><span class="info-label">Сервер</span><span class="info-val mono">${esc(p.server || '—')}</span></div>
-        <div class="info-row"><span class="info-label">Порт</span><span class="info-val mono">${p.port || '—'}</span></div>` : ''}
-        ${p.udp ? '<span class="tag-active" style="margin-left:0">UDP</span>' : ''}
-        ${p.tls ? '<span class="tag-active" style="margin-left:4px">TLS</span>' : ''}
-      </div>
-    `;
+      <div class="proxy-card-info">${server}${tags ? `<div style="display:flex;gap:4px;flex-wrap:wrap;margin-top:4px">${tags}</div>` : ''}</div>`;
     list.appendChild(card);
   });
 }
 
+// ─── Render groups ───
 function renderGroups() {
   const list = document.getElementById('groupList');
   const empty = document.getElementById('groupEmpty');
   const groups = getGroups();
   list.innerHTML = '';
-  if (groups.length === 0) {
-    empty.classList.remove('hidden');
-    return;
-  }
+  if (groups.length === 0) { empty.classList.remove('hidden'); return; }
   empty.classList.add('hidden');
   groups.forEach(g => {
     const card = document.createElement('div');
     card.className = 'proxy-card';
-    const proxyList = (g.proxies || []).slice(0, 5).map(p => esc(p)).join(', ');
+    const pl = (g.proxies || []).slice(0, 5).map(p => esc(p)).join(', ');
     const more = (g.proxies || []).length > 5 ? ` +${(g.proxies || []).length - 5}` : '';
     card.innerHTML = `
       <div class="proxy-card-header">
@@ -217,30 +256,26 @@ function renderGroups() {
         </div>
       </div>
       <div class="proxy-card-info">
-        <div class="info-row"><span class="info-label">Узлы</span><span class="info-val">${proxyList}${more || '—'}</span></div>
+        <div class="info-row"><span class="info-label">Узлы</span><span class="info-val">${pl || '—'}${more}</span></div>
         ${g.url ? `<div class="info-row"><span class="info-label">URL</span><span class="info-val mono" style="font-size:.75rem">${esc(g.url)}</span></div>` : ''}
         ${g.interval ? `<div class="info-row"><span class="info-label">Интервал</span><span class="info-val">${g.interval}с</span></div>` : ''}
-      </div>
-    `;
+      </div>`;
     list.appendChild(card);
   });
 }
 
+// ─── Render rules ───
 function renderRules() {
   const list = document.getElementById('rulesList');
   const rules = getRules();
   list.innerHTML = '';
-  if (rules.length === 0) {
-    list.innerHTML = '<div class="empty-state">Нет правил маршрутизации</div>';
-    return;
-  }
+  if (rules.length === 0) { list.innerHTML = '<div class="empty-state">Нет правил маршрутизации</div>'; return; }
   rules.forEach((rule, i) => {
     const parts = rule.split(',');
     const type = parts[0] || '';
     const value = parts[1] || '';
     const target = parts[2] || '';
     const flags = parts.slice(3).join(',');
-
     const el = document.createElement('div');
     el.className = 'rule-item';
     el.innerHTML = `
@@ -252,56 +287,255 @@ function renderRules() {
       </div>
       <div style="display:flex;gap:4px">
         <button class="btn btn-danger btn-sm" data-delete-rule="${i}">✕</button>
-      </div>
-    `;
+      </div>`;
     list.appendChild(el);
   });
 }
 
-function fillSettings() {
-  if (!PS.config) {
-    document.getElementById('loading').classList.add('hidden');
-    return;
-  }
-  const g = getGeneral();
-  const tp = getTProxy();
-  const dns = getDNS();
-
-  document.getElementById('mixedPort').value = g['mixed-port'] || 7890;
-  document.getElementById('allowLan').checked = g['allow-lan'] !== false;
-  document.getElementById('ipv6').checked = g.ipv6 !== false;
-  document.getElementById('tcpConcurrent').checked = g['tcp-concurrent'] !== false;
-  document.getElementById('externalController').value = g['external-controller'] || '0.0.0.0:9090';
-  document.getElementById('secret').value = g.secret || '';
-
-  setSegBtn('modeSwitch', g.mode || 'rule');
-
-  document.getElementById('tproxyEnabled').checked = tp.enabled || false;
-  document.getElementById('tproxyPort').value = tp.port || 7894;
-
-  document.getElementById('dnsEnabled').checked = dns.enable !== false;
-  document.getElementById('dnsListen').value = dns.listen || '0.0.0.0:1053';
-  setSegBtn('dnsModeSwitch', dns['enhanced-mode'] || 'redir-host');
-  document.getElementById('dnsNameserver').value = (dns.nameserver || []).join('\n');
-  document.getElementById('dnsFallback').value = (dns.fallback || []).join('\n');
-}
-
-function setSegBtn(id, mode) {
-  document.querySelectorAll(`#${id} .seg-btn`).forEach(b => {
-    b.classList.toggle('active', b.dataset.mode === mode);
+// ─── Render proxy providers ───
+function renderProxyProviders() {
+  const list = document.getElementById('proxyProviderList');
+  const empty = document.getElementById('proxyProviderEmpty');
+  const providers = getProxyProviders();
+  list.innerHTML = '';
+  if (providers.length === 0) { empty.style.display = ''; return; }
+  empty.style.display = 'none';
+  providers.forEach(p => {
+    const card = document.createElement('div');
+    card.className = 'proxy-card';
+    card.innerHTML = `
+      <div class="proxy-card-header">
+        <div style="display:flex;align-items:center;gap:8px">
+          <span class="proxy-name">${esc(p.name)}</span>
+          <span class="tag-active">${esc(p.type || 'http')}</span>
+        </div>
+        <div style="display:flex;gap:6px">
+          <button class="btn btn-ghost btn-sm" data-edit-pp="${esc(p.name)}">Изменить</button>
+          <button class="btn btn-danger btn-sm" data-delete-pp="${esc(p.name)}">Удалить</button>
+        </div>
+      </div>
+      <div class="proxy-card-info">
+        ${p.url ? `<div class="info-row"><span class="info-label">URL</span><span class="info-val mono" style="font-size:.75rem">${esc(p.url)}</span></div>` : ''}
+        ${p.interval ? `<div class="info-row"><span class="info-label">Интервал</span><span class="info-val">${p.interval}с</span></div>` : ''}
+        ${p.filter ? `<div class="info-row"><span class="info-label">Filter</span><span class="info-val mono">${esc(p.filter)}</span></div>` : ''}
+      </div>`;
+    list.appendChild(card);
   });
 }
 
-function getSegBtn(id) {
-  const active = document.querySelector(`#${id} .seg-btn.active`);
-  return active ? active.dataset.mode : '';
+// ─── Render rule providers ───
+function renderRuleProviders() {
+  const list = document.getElementById('ruleProviderList');
+  const empty = document.getElementById('ruleProviderEmpty');
+  const providers = getRuleProviders();
+  list.innerHTML = '';
+  if (providers.length === 0) { empty.style.display = ''; return; }
+  empty.style.display = 'none';
+  providers.forEach(p => {
+    const card = document.createElement('div');
+    card.className = 'proxy-card';
+    card.innerHTML = `
+      <div class="proxy-card-header">
+        <div style="display:flex;align-items:center;gap:8px">
+          <span class="proxy-name">${esc(p.name)}</span>
+          <span class="tag-active">${esc(p.type || 'http')}</span>
+          <span class="tag-gw">${esc(p.behavior || 'classical')}</span>
+        </div>
+        <div style="display:flex;gap:6px">
+          <button class="btn btn-ghost btn-sm" data-edit-rp="${esc(p.name)}">Изменить</button>
+          <button class="btn btn-danger btn-sm" data-delete-rp="${esc(p.name)}">Удалить</button>
+        </div>
+      </div>
+      <div class="proxy-card-info">
+        ${p.url ? `<div class="info-row"><span class="info-label">URL</span><span class="info-val mono" style="font-size:.75rem">${esc(p.url)}</span></div>` : ''}
+        ${p.format ? `<div class="info-row"><span class="info-label">Format</span><span class="info-val">${esc(p.format)}</span></div>` : ''}
+      </div>`;
+    list.appendChild(card);
+  });
 }
 
-function esc(s) {
-  if (!s) return '';
-  const d = document.createElement('div');
-  d.textContent = s;
-  return d.innerHTML;
+// ─── Fill settings ───
+function fillSettings() {
+  if (!PS.config) return;
+  const c = PS.config;
+  const dns = c.dns || {};
+  const geo = c['geox-url'] || {};
+  const profile = c.profile || {};
+
+  // Basic
+  setSegBtn('modeSwitch', c.mode || 'rule');
+  setSegBtn('logLevelSwitch', c['log-level'] || 'info');
+  setVal('allowLan', c['allow-lan'] !== false, true);
+  setVal('bindAddress', c['bind-address'] || '*');
+  setVal('ipv6', c.ipv6 !== false, true);
+  setVal('tcpConcurrent', c['tcp-concurrent'] !== false, true);
+  setVal('unifiedDelay', !!c['unified-delay'], true);
+  setSegBtn('findProcessSwitch', c['find-process-mode'] || 'off');
+  setVal('globalUA', c['global-ua'] || '');
+  setVal('keepAliveInterval', c['keep-alive-interval'] || '');
+  setVal('keepAliveIdle', c['keep-alive-idle'] || '');
+
+  // Ports
+  setVal('mixedPort', c['mixed-port'] || 7890);
+  setVal('httpPort', c.port || '');
+  setVal('socksPort', c['socks-port'] || '');
+  setVal('redirPort', c['redir-port'] || '');
+
+  // TProxy
+  setVal('tproxyEnabled', !!c['tproxy-port'], true);
+  setVal('tproxyPort', c['tproxy-port'] || 7894);
+
+  // DNS
+  setVal('dnsEnabled', dns.enable !== false, true);
+  setVal('dnsListen', dns.listen || '0.0.0.0:1053');
+  setSegBtn('dnsModeSwitch', dns['enhanced-mode'] || 'redir-host');
+  setVal('dnsNameserver', (dns.nameserver || []).join('\n'));
+  setVal('dnsFallback', (dns.fallback || []).join('\n'));
+  setVal('dnsDefaultNS', (dns['default-nameserver'] || []).join('\n'));
+  setVal('dnsProxyNS', (dns['proxy-server-nameserver'] || []).join('\n'));
+  setVal('dnsFakeIPRange', dns['fake-ip-range'] || '198.18.0.1/16');
+  setVal('dnsFakeIPFilter', (dns['fake-ip-filter'] || []).join('\n'));
+  const nsp = dns['nameserver-policy'];
+  setVal('dnsNameserverPolicy', nsp && typeof nsp === 'object' ?
+    Object.entries(nsp).map(([k, v]) => `${k}: ${v}`).join('\n') : '');
+  setVal('dnsUseHosts', dns['use-hosts'] !== false, true);
+  setVal('dnsUseSystemHosts', dns['use-system-hosts'] !== false, true);
+
+  // GEO
+  setVal('geodataMode', !!c['geodata-mode'], true);
+  setSegBtn('geodataLoaderSwitch', c['geodata-loader'] || 'memconservative');
+  setVal('geoAutoUpdate', !!c['geo-auto-update'], true);
+  setVal('geoUpdateInterval', c['geo-update-interval'] || 24);
+  setVal('geoxGeoIP', geo.geoip || '');
+  setVal('geoxGeoSite', geo.geosite || '');
+  setVal('geoxMMDB', geo.mmdb || '');
+  setVal('geoxASN', geo.asn || '');
+
+  // External controller
+  setVal('externalController', c['external-controller'] || '0.0.0.0:9090');
+  setVal('secret', c.secret || '');
+  setVal('externalUI', c['external-ui'] || '');
+  setVal('externalUIName', c['external-ui-name'] || '');
+  setVal('externalUIURL', c['external-ui-url'] || '');
+
+  // Profile
+  setVal('profileStoreSelected', profile['store-selected'] !== false, true);
+  setVal('profileStoreFakeIP', !!profile['store-fake-ip'], true);
+}
+
+function setVal(id, val, isCheck) {
+  const el = document.getElementById(id);
+  if (!el) return;
+  if (isCheck) el.checked = !!val;
+  else el.value = val == null ? '' : val;
+}
+
+function gVal(id) {
+  const el = document.getElementById(id);
+  return el ? el.value : '';
+}
+function gCheck(id) {
+  const el = document.getElementById(id);
+  return el ? el.checked : false;
+}
+function gNum(id, def) {
+  const v = parseInt(gVal(id));
+  return isNaN(v) ? (def || 0) : v;
+}
+function gLines(id) {
+  return gVal(id).split('\n').map(s => s.trim()).filter(Boolean);
+}
+
+// ─── Apply settings to config ───
+function applySettingsToConfig() {
+  if (!PS.config) PS.config = {};
+  const c = PS.config;
+
+  c.mode = getSegBtn('modeSwitch');
+  c['log-level'] = getSegBtn('logLevelSwitch');
+  c['allow-lan'] = gCheck('allowLan');
+  c['bind-address'] = gVal('bindAddress') || '*';
+  c.ipv6 = gCheck('ipv6');
+  c['tcp-concurrent'] = gCheck('tcpConcurrent');
+  c['unified-delay'] = gCheck('unifiedDelay');
+  c['find-process-mode'] = getSegBtn('findProcessSwitch');
+  const ua = gVal('globalUA');
+  if (ua) c['global-ua'] = ua; else delete c['global-ua'];
+  const kai = gNum('keepAliveInterval', 0);
+  if (kai) c['keep-alive-interval'] = kai; else delete c['keep-alive-interval'];
+  const kaIdle = gNum('keepAliveIdle', 0);
+  if (kaIdle) c['keep-alive-idle'] = kaIdle; else delete c['keep-alive-idle'];
+
+  // Ports
+  c['mixed-port'] = gNum('mixedPort', 7890);
+  const hp = gNum('httpPort', 0);
+  if (hp) c.port = hp; else delete c.port;
+  const sp = gNum('socksPort', 0);
+  if (sp) c['socks-port'] = sp; else delete c['socks-port'];
+  const rp = gNum('redirPort', 0);
+  if (rp) c['redir-port'] = rp; else delete c['redir-port'];
+
+  // TProxy
+  if (gCheck('tproxyEnabled')) {
+    c['tproxy-port'] = gNum('tproxyPort', 7894);
+  } else {
+    delete c['tproxy-port'];
+  }
+
+  // DNS
+  const nspRaw = gVal('dnsNameserverPolicy').trim();
+  let nsp = null;
+  if (nspRaw) {
+    nsp = {};
+    nspRaw.split('\n').forEach(line => {
+      const idx = line.indexOf(':');
+      if (idx > 0) { nsp[line.slice(0, idx).trim()] = line.slice(idx + 1).trim(); }
+    });
+  }
+  c.dns = {
+    enable: gCheck('dnsEnabled'),
+    ipv6: gCheck('ipv6'),
+    listen: gVal('dnsListen'),
+    'enhanced-mode': getSegBtn('dnsModeSwitch'),
+    'fake-ip-range': gVal('dnsFakeIPRange') || '198.18.0.1/16',
+    'fake-ip-filter': gLines('dnsFakeIPFilter'),
+    'default-nameserver': gLines('dnsDefaultNS'),
+    nameserver: gLines('dnsNameserver'),
+    fallback: gLines('dnsFallback'),
+    'use-hosts': gCheck('dnsUseHosts'),
+    'use-system-hosts': gCheck('dnsUseSystemHosts'),
+  };
+  const proxyNS = gLines('dnsProxyNS');
+  if (proxyNS.length) c.dns['proxy-server-nameserver'] = proxyNS;
+  if (nsp) c.dns['nameserver-policy'] = nsp;
+
+  // GEO
+  c['geodata-mode'] = gCheck('geodataMode');
+  c['geodata-loader'] = getSegBtn('geodataLoaderSwitch');
+  c['geo-auto-update'] = gCheck('geoAutoUpdate');
+  c['geo-update-interval'] = gNum('geoUpdateInterval', 24);
+  const geox = {};
+  ['geoip', 'geosite', 'mmdb', 'asn'].forEach(k => {
+    const el = document.getElementById(`geox${k.charAt(0).toUpperCase() + k.slice(1)}`);
+    if (el && el.value.trim()) geox[k] = el.value.trim();
+  });
+  if (Object.keys(geox).length) c['geox-url'] = geox; else delete c['geox-url'];
+
+  // External controller
+  c['external-controller'] = gVal('externalController');
+  c.secret = gVal('secret') || '';
+  const extUI = gVal('externalUI');
+  if (extUI) c['external-ui'] = extUI; else delete c['external-ui'];
+  const extUIName = gVal('externalUIName');
+  if (extUIName) c['external-ui-name'] = extUIName; else delete c['external-ui-name'];
+  const extUIURL = gVal('externalUIURL');
+  if (extUIURL) c['external-ui-url'] = extUIURL; else delete c['external-ui-url'];
+
+  // Profile
+  c.profile = {
+    'store-selected': gCheck('profileStoreSelected'),
+    'store-fake-ip': gCheck('profileStoreFakeIP'),
+  };
 }
 
 // ─── Tab switching ───
@@ -311,27 +545,33 @@ document.querySelectorAll('.ptab').forEach(btn => {
     document.querySelectorAll('.ptab-content').forEach(c => c.classList.add('hidden'));
     btn.classList.add('active');
     document.getElementById('tab-' + btn.dataset.tab).classList.remove('hidden');
+    if (btn.dataset.tab === 'dashboard') {
+      updateDashVisibility();
+      if (PS.status && PS.status.running) startDashPolling();
+    } else {
+      stopDashPolling();
+    }
   });
 });
 
 // ─── Core control ───
-document.getElementById('startBtn').addEventListener('click', async () => {
+document.getElementById('serviceActive').addEventListener('change', async (e) => {
+  const action = e.target.checked ? 'start' : 'stop';
   try {
-    await post('/api/mihomo/start', null);
-    showToast('Mihomo запущен', 'success');
+    await post('/api/mihomo/' + action, null);
+    showToast('Mihomo ' + (action === 'start' ? 'запущен' : 'остановлен'), 'success');
     await loadStatus();
-  } catch (e) {
-    showToast('Ошибка: ' + e.message, 'error');
-  }
-});
-
-document.getElementById('stopBtn').addEventListener('click', async () => {
-  try {
-    await post('/api/mihomo/stop', null);
-    showToast('Mihomo остановлен', 'success');
+    updateDashVisibility();
+    if (action === 'start') {
+      const dashTab = document.querySelector('.ptab[data-tab="dashboard"]');
+      if (dashTab && dashTab.classList.contains('active')) startDashPolling();
+    } else {
+      stopDashPolling();
+    }
+  } catch (err) {
+    showToast('Ошибка: ' + err.message, 'error');
     await loadStatus();
-  } catch (e) {
-    showToast('Ошибка: ' + e.message, 'error');
+    updateDashVisibility();
   }
 });
 
@@ -345,52 +585,7 @@ document.getElementById('restartBtn').addEventListener('click', async () => {
   }
 });
 
-// ─── Config mode switches ───
-document.getElementById('modeSwitch').addEventListener('click', e => {
-  const btn = e.target.closest('.seg-btn');
-  if (btn) setSegBtn('modeSwitch', btn.dataset.mode);
-});
-document.getElementById('dnsModeSwitch').addEventListener('click', e => {
-  const btn = e.target.closest('.seg-btn');
-  if (btn) setSegBtn('dnsModeSwitch', btn.dataset.mode);
-});
-
-// ─── Settings save ───
-function applySettingsToConfig() {
-  if (!PS.config) PS.config = {};
-  PS.config['mixed-port'] = parseInt(document.getElementById('mixedPort').value) || 7890;
-  PS.config['allow-lan'] = document.getElementById('allowLan').checked;
-  PS.config['bind-address'] = '*';
-  PS.config.mode = getSegBtn('modeSwitch');
-  PS.config['log-level'] = 'info';
-  PS.config.ipv6 = document.getElementById('ipv6').checked;
-  PS.config['external-controller'] = document.getElementById('externalController').value;
-  PS.config.secret = document.getElementById('secret').value || '';
-  PS.config['tcp-concurrent'] = document.getElementById('tcpConcurrent').checked;
-  PS.config['find-process-mode'] = 'off';
-
-  const tpEnabled = document.getElementById('tproxyEnabled').checked;
-  if (tpEnabled) {
-    PS.config['tproxy-port'] = parseInt(document.getElementById('tproxyPort').value) || 7894;
-  } else {
-    delete PS.config['tproxy-port'];
-  }
-
-  PS.config.dns = {
-    enable: document.getElementById('dnsEnabled').checked,
-    ipv6: document.getElementById('ipv6').checked,
-    listen: document.getElementById('dnsListen').value,
-    'enhanced-mode': getSegBtn('dnsModeSwitch'),
-    'fake-ip-range': '198.18.0.1/16',
-    'fake-ip-filter': ['*.lan', '*.local', '+.market.xiaomi.com'],
-    'default-nameserver': ['223.5.5.5', '119.29.29.29'],
-    nameserver: document.getElementById('dnsNameserver').value.split('\n').map(s => s.trim()).filter(Boolean),
-    fallback: document.getElementById('dnsFallback').value.split('\n').map(s => s.trim()).filter(Boolean),
-  };
-
-  PS.config.profile = { 'store-selected': true, 'store-fake-ip': true };
-}
-
+// ─── Settings ───
 document.getElementById('settingsForm').addEventListener('submit', e => {
   e.preventDefault();
   applySettingsToConfig();
@@ -401,103 +596,400 @@ document.getElementById('saveAndRestartBtn').addEventListener('click', () => {
   saveFullConfig(true);
 });
 
-// ─── Proxy Modal ───
+// ════════════════════════════════════════════════════════════
+// PROXY MODAL
+// ════════════════════════════════════════════════════════════
+
+// Protocols needing transport
+const TRANSPORT_PROTOS = ['vmess', 'vless', 'trojan'];
+// Protocols needing TLS section (always shown)
+const TLS_PROTOS = ['ss', 'vmess', 'vless', 'trojan', 'hysteria', 'hysteria2', 'tuic', 'snell', 'anytls', 'http', 'socks5'];
+// TLS always on (no toggle)
+const TLS_ALWAYS = ['trojan', 'hysteria', 'hysteria2', 'tuic'];
+// Protocols with client-fingerprint
+const CLIENT_FP_PROTOS = ['vmess', 'vless', 'trojan', 'anytls'];
+// Protocols with Reality support (shows Reality section inside TLS)
+const REALITY_PROTOS = ['vless', 'vmess'];
+
+// All proto-specific section IDs
+const PROTO_SECTIONS = ['pf-ss', 'pf-ssr', 'pf-vmess', 'pf-vless', 'pf-trojan',
+  'pf-hysteria', 'pf-hysteria2', 'pf-tuic', 'pf-wireguard', 'pf-snell',
+  'pf-ssh', 'pf-anytls', 'pf-mieru', 'pf-http-auth'];
+
+function showEl(id) { const e = document.getElementById(id); if (e) e.classList.remove('hidden'); }
+function hideEl(id) { const e = document.getElementById(id); if (e) e.classList.add('hidden'); }
+
 function updateProxyFields() {
   const type = document.getElementById('proxyType').value;
-  const serverFields = document.getElementById('proxyServerFields');
-  const authFields = document.getElementById('proxyAuthFields');
-  const cipherField = document.getElementById('proxyCipherField');
-  const uuidField = document.getElementById('proxyUUIDField');
-  const trojanPassField = document.getElementById('proxyTrojanPassField');
-  const hysteria2Fields = document.getElementById('proxyHysteria2Fields');
-  const tlsField = document.getElementById('proxyTLSField');
-  const vlessFlowField = document.getElementById('proxyVlessFlowField');
-  const networkField = document.getElementById('proxyNetworkField');
 
-  serverFields.classList.remove('hidden');
-  authFields.classList.add('hidden');
-  cipherField.classList.add('hidden');
-  uuidField.classList.add('hidden');
-  trojanPassField.classList.add('hidden');
-  hysteria2Fields.classList.add('hidden');
-  tlsField.classList.add('hidden');
-  vlessFlowField.classList.add('hidden');
-  networkField.classList.add('hidden');
+  // Hide all proto sections
+  PROTO_SECTIONS.forEach(hideEl);
 
+  // Server/port visibility
+  if (type === 'direct') {
+    hideEl('pf-server-section');
+  } else {
+    showEl('pf-server-section');
+  }
+
+  // UDP row visibility
+  const noUDP = ['wireguard']; // WireGuard has its own udp field
+  // actually WireGuard does have udp field in common but let's keep it
+
+  // Show the appropriate proto section
   switch (type) {
-    case 'ss':
-      cipherField.classList.remove('hidden');
-      tlsField.classList.remove('hidden');
-      document.querySelector('#proxyPassword').closest('.form-row').classList.remove('hidden');
-      break;
-    case 'vmess':
-      uuidField.classList.remove('hidden');
-      cipherField.classList.remove('hidden');
-      tlsField.classList.remove('hidden');
-      networkField.classList.remove('hidden');
-      document.getElementById('proxyCipher').innerHTML = '<option value="auto">auto</option><option value="none">none</option><option value="zero">zero</option><option value="aes-128-gcm">aes-128-gcm</option><option value="chacha20-poly1305">chacha20-poly1305</option>';
-      break;
-    case 'vless':
-      uuidField.classList.remove('hidden');
-      tlsField.classList.remove('hidden');
-      vlessFlowField.classList.remove('hidden');
-      networkField.classList.remove('hidden');
-      break;
-    case 'trojan':
-      trojanPassField.classList.remove('hidden');
-      tlsField.classList.remove('hidden');
-      networkField.classList.remove('hidden');
-      break;
-    case 'hysteria2':
-      hysteria2Fields.classList.remove('hidden');
-      tlsField.classList.add('hidden');
-      document.querySelector('#proxyPassword').closest('.form-row').classList.remove('hidden');
-      serverFields.classList.remove('hidden');
-      break;
+    case 'ss':      showEl('pf-ss'); break;
+    case 'ssr':     showEl('pf-ssr'); break;
+    case 'vmess':   showEl('pf-vmess'); break;
+    case 'vless':   showEl('pf-vless'); break;
+    case 'trojan':  showEl('pf-trojan'); break;
+    case 'hysteria': showEl('pf-hysteria'); break;
+    case 'hysteria2': showEl('pf-hysteria2'); break;
+    case 'tuic':    showEl('pf-tuic'); break;
+    case 'wireguard': showEl('pf-wireguard'); break;
+    case 'snell':   showEl('pf-snell'); break;
+    case 'ssh':     showEl('pf-ssh'); break;
+    case 'anytls':  showEl('pf-anytls'); break;
+    case 'mieru':   showEl('pf-mieru'); break;
     case 'http':
-      authFields.classList.remove('hidden');
-      tlsField.classList.remove('hidden');
-      break;
     case 'socks5':
-      authFields.classList.remove('hidden');
-      tlsField.classList.remove('hidden');
-      break;
-    case 'direct':
-      serverFields.classList.add('hidden');
+      showEl('pf-http-auth');
+      // headers only for http
+      const hrow = document.getElementById('pf-http-headers-row');
+      if (hrow) hrow.classList.toggle('hidden', type !== 'http');
       break;
   }
+
+  // Transport section
+  if (TRANSPORT_PROTOS.includes(type)) {
+    showEl('pf-transport-section');
+    updateTransportOpts(); // show/hide transport sub-opts
+    // XHTTP only for VLESS
+    const xopt = document.getElementById('pf-xhttp-opts');
+    if (xopt) {
+      const net = document.getElementById('proxyNetwork').value;
+      if (type === 'vless' && net === 'xhttp') xopt.classList.remove('hidden');
+      else xopt.classList.add('hidden');
+    }
+  } else {
+    hideEl('pf-transport-section');
+  }
+
+  // TLS section
+  if (TLS_PROTOS.includes(type)) {
+    showEl('pf-tls-section');
+    const toggleRow = document.getElementById('pf-tls-toggle-row');
+    if (TLS_ALWAYS.includes(type)) {
+      // Always on — hide toggle, show fields
+      if (toggleRow) toggleRow.classList.add('hidden');
+      showEl('pf-tls-fields');
+    } else {
+      if (toggleRow) toggleRow.classList.remove('hidden');
+      const tlsOn = document.getElementById('proxyTLS') && document.getElementById('proxyTLS').checked;
+      if (tlsOn) showEl('pf-tls-fields'); else hideEl('pf-tls-fields');
+    }
+    // Client fingerprint
+    const cfpRow = document.getElementById('pf-client-fp-row');
+    if (cfpRow) cfpRow.classList.toggle('hidden', !CLIENT_FP_PROTOS.includes(type));
+    // Reality section
+    const realSec = document.getElementById('pf-reality-section');
+    if (realSec) realSec.classList.toggle('hidden', !REALITY_PROTOS.includes(type));
+  } else {
+    hideEl('pf-tls-section');
+  }
+}
+
+function updateTransportOpts() {
+  const net = document.getElementById('proxyNetwork').value;
+  const type = document.getElementById('proxyType').value;
+  hideEl('pf-ws-opts'); hideEl('pf-h2-opts'); hideEl('pf-grpc-opts');
+  hideEl('pf-http-transport-opts'); hideEl('pf-xhttp-opts');
+  switch (net) {
+    case 'ws':    showEl('pf-ws-opts'); break;
+    case 'h2':    showEl('pf-h2-opts'); break;
+    case 'grpc':  showEl('pf-grpc-opts'); break;
+    case 'http':  showEl('pf-http-transport-opts'); break;
+    case 'xhttp': if (type === 'vless') showEl('pf-xhttp-opts'); break;
+  }
 }
 
 document.getElementById('proxyType').addEventListener('change', updateProxyFields);
+document.getElementById('proxyNetwork').addEventListener('change', updateTransportOpts);
 
+document.getElementById('proxyTLS').addEventListener('change', () => {
+  const on = document.getElementById('proxyTLS').checked;
+  if (on) showEl('pf-tls-fields'); else hideEl('pf-tls-fields');
+});
+
+document.getElementById('ssPlugin').addEventListener('change', () => {
+  const plugin = document.getElementById('ssPlugin').value;
+  if (!plugin) {
+    hideEl('pf-ss-obfs'); hideEl('pf-ss-plugin-opts');
+  } else if (plugin === 'obfs') {
+    showEl('pf-ss-obfs'); hideEl('pf-ss-plugin-opts');
+  } else {
+    hideEl('pf-ss-obfs'); showEl('pf-ss-plugin-opts');
+    // Set placeholder for plugin opts
+    const ta = document.getElementById('ssPluginOpts');
+    if (plugin === 'v2ray-plugin' || plugin === 'gost-plugin') {
+      ta.placeholder = 'mode: websocket\ntls: true\nhost: example.com\npath: /';
+    } else if (plugin === 'shadow-tls') {
+      ta.placeholder = 'host: cloud.tencent.com\npassword: shadow_tls_password\nversion: 3';
+    } else if (plugin === 'restls') {
+      ta.placeholder = 'host: www.microsoft.com\npassword: your_password\nversion-hint: tls13';
+    } else if (plugin === 'kcptun') {
+      ta.placeholder = 'key: secret\ncrypt: aes\nmode: fast';
+    }
+  }
+});
+
+document.getElementById('snellObfsMode').addEventListener('change', () => {
+  const mode = document.getElementById('snellObfsMode').value;
+  const row = document.getElementById('pf-snell-obfs-host');
+  if (row) row.classList.toggle('hidden', !mode);
+});
+
+// TUIC version switch — visibility handled after generic seg handler
+document.getElementById('tuicVersionSwitch').addEventListener('click', e => {
+  const btn = e.target.closest('.seg-btn');
+  if (!btn) return;
+  // Let the generic handler set active class, then update visibility
+  setTimeout(() => {
+    const v = getSegBtn('tuicVersionSwitch') || '5';
+    const tokenRow = document.getElementById('pf-tuic-token');
+    const v5auth = document.getElementById('pf-tuic-v5-auth');
+    if (v === '4') { if (tokenRow) tokenRow.classList.remove('hidden'); if (v5auth) v5auth.classList.add('hidden'); }
+    else { if (tokenRow) tokenRow.classList.add('hidden'); if (v5auth) v5auth.classList.remove('hidden'); }
+  }, 0);
+});
+
+// ─── Open proxy modal ───
 let editProxyName = null;
 
 function openProxyModal(proxy) {
   editProxyName = proxy ? proxy.name : null;
   document.getElementById('proxyModalTitle').textContent = proxy ? 'Редактировать прокси' : 'Добавить прокси';
   document.getElementById('proxyEditName').value = proxy ? proxy.name : '';
-  document.getElementById('proxyName').value = proxy ? proxy.name : '';
-  document.getElementById('proxyType').value = proxy ? proxy.type : 'ss';
-  document.getElementById('proxyServer').value = proxy ? (proxy.server || '') : '';
-  document.getElementById('proxyPort').value = proxy ? (proxy.port || '') : '';
-  document.getElementById('proxyUDP').checked = proxy ? (proxy.udp !== false) : true;
-  document.getElementById('proxyUsername').value = proxy ? (proxy.username || '') : '';
-  document.getElementById('proxyPassword').value = proxy ? (proxy.password || '') : '';
-  document.getElementById('proxyTLS').checked = proxy ? (proxy.tls || false) : false;
-  document.getElementById('proxySNI').value = proxy ? (proxy.servername || '') : '';
-  document.getElementById('proxySkipCertVerify').checked = proxy ? (proxy['skip-cert-verify'] || false) : false;
-  document.getElementById('proxyUUID').value = proxy ? (proxy.uuid || '') : '';
-  document.getElementById('proxyCipher').value = proxy ? (proxy.cipher || 'auto') : 'auto';
-  document.getElementById('proxyFlow').value = proxy ? (proxy.flow || '') : '';
-  document.getElementById('proxyNetwork').value = proxy ? (proxy.network || '') : '';
-  document.getElementById('proxyTrojanPass').value = proxy ? (proxy.password || '') : '';
-  document.getElementById('proxyObfs').value = proxy ? (proxy.obfs || '') : '';
-  document.getElementById('proxyObfsPass').value = proxy ? (proxy['obfs-password'] || '') : '';
+
+  const p = proxy || {};
+  const type = p.type || 'ss';
+  document.getElementById('proxyType').value = type;
+  document.getElementById('proxyName').value = p.name || '';
+  document.getElementById('proxyServer').value = p.server || '';
+  document.getElementById('proxyPort').value = p.port || '';
+
+  // Common advanced
+  document.getElementById('proxyUDP').checked = p.udp !== false;
+  document.getElementById('proxyIPVersion').value = p['ip-version'] || '';
+  document.getElementById('proxyInterface').value = p['interface-name'] || '';
+  document.getElementById('proxyRoutingMark').value = p['routing-mark'] || '';
+  document.getElementById('proxyTFO').checked = !!p.tfo;
+  document.getElementById('proxyMPTCP').checked = !!p.mptcp;
+  document.getElementById('proxyDialerProxy').value = p['dialer-proxy'] || '';
+
+  // TLS
+  document.getElementById('proxyTLS').checked = !!p.tls;
+  document.getElementById('proxySNI').value = p.servername || p.sni || '';
+  document.getElementById('proxyFingerprint').value = p.fingerprint || '';
+  document.getElementById('proxyALPN').value = Array.isArray(p.alpn) ? p.alpn.join('\n') : (p.alpn || '');
+  document.getElementById('proxySkipCertVerify').checked = !!p['skip-cert-verify'];
+  document.getElementById('proxyClientFP').value = p['client-fingerprint'] || '';
+
+  // Reality
+  const ro = p['reality-opts'] || {};
+  document.getElementById('realityPublicKey').value = ro['public-key'] || '';
+  document.getElementById('realityShortID').value = ro['short-id'] || '';
+  document.getElementById('realityX25519mlkem').checked = !!ro['support-x25519mlkem768'];
+
+  // ECH
+  const ech = p['ech-opts'] || {};
+  document.getElementById('echEnable').checked = !!ech.enable;
+  document.getElementById('echConfig').value = ech.config || '';
+  document.getElementById('echQuerySNI').value = ech['query-server-name'] || '';
+
+  // Transport
+  document.getElementById('proxyNetwork').value = p.network || '';
+  const ws = p['ws-opts'] || {};
+  document.getElementById('wsPath').value = ws.path || '';
+  document.getElementById('wsHost').value = (ws.headers && ws.headers.Host) || '';
+  document.getElementById('wsMaxEarlyData').value = ws['max-early-data'] || '';
+  document.getElementById('wsEarlyDataHeader').value = ws['early-data-header-name'] || '';
+  document.getElementById('wsV2rayUpgrade').checked = !!ws['v2ray-http-upgrade'];
+  document.getElementById('wsV2rayUpgradeFO').checked = !!ws['v2ray-http-upgrade-fast-open'];
+
+  const h2 = p['h2-opts'] || {};
+  document.getElementById('h2Host').value = Array.isArray(h2.host) ? h2.host.join('\n') : (h2.host || '');
+  document.getElementById('h2Path').value = h2.path || '';
+
+  const grpc = p['grpc-opts'] || {};
+  document.getElementById('grpcServiceName').value = grpc['grpc-service-name'] || '';
+  document.getElementById('grpcUserAgent').value = grpc['grpc-user-agent'] || '';
+
+  const http = p['http-opts'] || {};
+  document.getElementById('httpTransportMethod').value = http.method || 'GET';
+  document.getElementById('httpTransportPath').value = Array.isArray(http.path) ? http.path.join('\n') : (http.path || '');
+
+  const xhttp = p['xhttp-opts'] || {};
+  document.getElementById('xhttpPath').value = xhttp.path || '';
+  document.getElementById('xhttpHost').value = xhttp.host || '';
+  document.getElementById('xhttpMode').value = xhttp.mode || '';
+  document.getElementById('xhttpNoGRPC').checked = !!xhttp['no-grpc-header'];
+  document.getElementById('xhttpPaddingBytes').value = xhttp['x-padding-bytes'] || '';
+
+  // ── Protocol fields ──
+  // SS
+  document.getElementById('ssCipher').value = p.cipher || 'auto';
+  document.getElementById('ssPassword').value = p.password || '';
+  document.getElementById('ssUOT').checked = !!p['udp-over-tcp'];
+  setSegBtn('ssUOTVersionSwitch', String(p['udp-over-tcp-version'] || '1'));
+  document.getElementById('ssPlugin').value = p.plugin || '';
+  if (p.plugin === 'obfs') {
+    document.getElementById('ssObfsMode').value = (p['plugin-opts'] || {}).mode || 'tls';
+    document.getElementById('ssObfsHost').value = (p['plugin-opts'] || {}).host || '';
+  } else if (p.plugin && p['plugin-opts']) {
+    // Serialize plugin-opts to YAML-like text
+    document.getElementById('ssPluginOpts').value = objToYAML(p['plugin-opts']);
+  }
+
+  // SSR
+  document.getElementById('ssrCipher').value = p.cipher || 'none';
+  document.getElementById('ssrPassword').value = p.password || '';
+  document.getElementById('ssrProtocol').value = p.protocol || 'origin';
+  document.getElementById('ssrProtocolParam').value = p['protocol-param'] || '';
+  document.getElementById('ssrObfs').value = p.obfs || 'plain';
+  document.getElementById('ssrObfsParam').value = p['obfs-param'] || '';
+
+  // VMess
+  document.getElementById('vmessUUID').value = p.uuid || '';
+  document.getElementById('vmessAlterID').value = p.alterId != null ? p.alterId : 0;
+  document.getElementById('vmessCipher').value = p.cipher || 'auto';
+
+  // VLESS
+  document.getElementById('vlessUUID').value = p.uuid || '';
+  document.getElementById('vlessFlow').value = p.flow || '';
+  document.getElementById('vlessEncryption').value = p.encryption || 'none';
+
+  // Trojan
+  document.getElementById('trojanPassword').value = p.password || '';
+
+  // Hysteria v1
+  document.getElementById('hyAuthStr').value = p['auth-str'] || '';
+  document.getElementById('hyProtocol').value = p.protocol || 'udp';
+  document.getElementById('hyUp').value = p.up || '';
+  document.getElementById('hyDown').value = p.down || '';
+  document.getElementById('hyObfs').value = p.obfs || '';
+  document.getElementById('hyPorts').value = p.ports || '';
+  document.getElementById('hyFastOpen').checked = !!p['fast-open'];
+
+  // Hysteria2
+  document.getElementById('hy2Password').value = p.password || '';
+  document.getElementById('hy2Up').value = p.up || '';
+  document.getElementById('hy2Down').value = p.down || '';
+  document.getElementById('hy2ObfsType').value = p.obfs || '';
+  document.getElementById('hy2ObfsPassword').value = p['obfs-password'] || '';
+  document.getElementById('hy2Ports').value = p.ports || '';
+  document.getElementById('hy2HopInterval').value = p['hop-interval'] || '';
+
+  // TUIC
+  const tuicV = p.token ? '4' : '5';
+  setSegBtn('tuicVersionSwitch', tuicV);
+  document.getElementById('pf-tuic-token').classList.toggle('hidden', tuicV !== '4');
+  document.getElementById('pf-tuic-v5-auth').classList.toggle('hidden', tuicV !== '5');
+  document.getElementById('tuicToken').value = p.token || '';
+  document.getElementById('tuicUUID').value = p.uuid || '';
+  document.getElementById('tuicPassword').value = p.password || '';
+  document.getElementById('tuicIP').value = p.ip || '';
+  document.getElementById('tuicHeartbeat').value = p['heartbeat-interval'] || '';
+  document.getElementById('tuicUDPMode').value = p['udp-relay-mode'] || 'native';
+  document.getElementById('tuicCongestion').value = p['congestion-controller'] || '';
+  document.getElementById('tuicMaxUDP').value = p['max-udp-relay-packet-size'] || '';
+  document.getElementById('tuicReqTimeout').value = p['request-timeout'] || '';
+  document.getElementById('tuicMaxStreams').value = p['max-open-streams'] || '';
+  document.getElementById('tuicDisableSNI').checked = !!p['disable-sni'];
+  document.getElementById('tuicReduceRTT').checked = !!p['reduce-rtt'];
+  document.getElementById('tuicFastOpen').checked = !!p['fast-open'];
+
+  // WireGuard
+  document.getElementById('wgPrivateKey').value = p['private-key'] || '';
+  document.getElementById('wgIP').value = p.ip || '';
+  document.getElementById('wgIPv6').value = p.ipv6 || '';
+  // In simple mode, use top-level server/port/public-key
+  document.getElementById('wgPublicKey').value = p['public-key'] || '';
+  document.getElementById('wgAllowedIPs').value = Array.isArray(p['allowed-ips']) ? p['allowed-ips'].join(', ') : (p['allowed-ips'] || '0.0.0.0/0');
+  document.getElementById('wgPreSharedKey').value = p['pre-shared-key'] || '';
+  document.getElementById('wgReserved').value = Array.isArray(p.reserved) ? p.reserved.join(',') : (p.reserved || '');
+  document.getElementById('wgMTU').value = p.mtu || '';
+  document.getElementById('wgKeepalive').value = p['persistent-keepalive'] || '';
+  document.getElementById('wgRemoteDNS').checked = !!p['remote-dns-resolve'];
+  document.getElementById('wgDNS').value = Array.isArray(p.dns) ? p.dns.join(', ') : (p.dns || '');
+  document.getElementById('wgDialerProxy').value = p['dialer-proxy'] || '';
+
+  // Snell
+  document.getElementById('snellPSK').value = p.psk || '';
+  document.getElementById('snellVersion').value = p.version || '3';
+  const snellObfsMode = (p['obfs-opts'] || {}).mode || '';
+  document.getElementById('snellObfsMode').value = snellObfsMode;
+  document.getElementById('snellObfsHost').value = (p['obfs-opts'] || {}).host || '';
+  const snellHostRow = document.getElementById('pf-snell-obfs-host');
+  if (snellHostRow) snellHostRow.classList.toggle('hidden', !snellObfsMode);
+
+  // SSH
+  document.getElementById('sshUsername').value = p.username || '';
+  document.getElementById('sshPassword').value = p.password || '';
+  document.getElementById('sshPrivateKey').value = p['private-key'] || '';
+  document.getElementById('sshPrivateKeyPass').value = p['private-key-passphrase'] || '';
+  document.getElementById('sshHostKey').value = Array.isArray(p['host-key']) ? p['host-key'].join('\n') : '';
+  document.getElementById('sshHostKeyAlgos').value = Array.isArray(p['host-key-algorithms']) ? p['host-key-algorithms'].join('\n') : '';
+
+  // AnyTLS
+  document.getElementById('anytlsPassword').value = p.password || '';
+
+  // Mieru
+  document.getElementById('mieruUsername').value = p.username || '';
+  document.getElementById('mieruPassword').value = p.password || '';
+  if (p.transport) document.getElementById('mieruTransport').value = p.transport;
+
+  // HTTP/SOCKS5
+  document.getElementById('httpUsername').value = p.username || '';
+  document.getElementById('httpPassword').value = p.password || '';
+  if (p.headers && typeof p.headers === 'object') {
+    document.getElementById('httpHeaders').value = Object.entries(p.headers)
+      .map(([k, v]) => `${k}: ${Array.isArray(v) ? v.join(', ') : v}`).join('\n');
+  } else {
+    document.getElementById('httpHeaders').value = '';
+  }
 
   updateProxyFields();
+  // Trigger plugin-related visibility
+  document.getElementById('ssPlugin').dispatchEvent(new Event('change'));
   document.getElementById('proxyModal').classList.remove('hidden');
 }
 
+function objToYAML(obj, indent) {
+  if (!obj || typeof obj !== 'object') return String(obj || '');
+  indent = indent || '';
+  return Object.entries(obj).map(([k, v]) => {
+    if (v && typeof v === 'object') {
+      return `${indent}${k}:\n${objToYAML(v, indent + '  ')}`;
+    }
+    return `${indent}${k}: ${v}`;
+  }).join('\n');
+}
+
+function parseYAMLToObj(text) {
+  const result = {};
+  if (!text) return result;
+  text.split('\n').forEach(line => {
+    const idx = line.indexOf(':');
+    if (idx > 0) {
+      const k = line.slice(0, idx).trim();
+      const v = line.slice(idx + 1).trim();
+      if (k) result[k] = v;
+    }
+  });
+  return result;
+}
+
 function closeProxyModal() {
   document.getElementById('proxyModal').classList.add('hidden');
 }
@@ -509,44 +1001,342 @@ document.getElementById('proxyModalBackdrop').addEventListener('click', closePro
 
 document.getElementById('saveProxyBtn').addEventListener('click', () => {
   const type = document.getElementById('proxyType').value;
-  const proxy = {
-    name: document.getElementById('proxyName').value.trim(),
-    type: type,
-    server: document.getElementById('proxyServer').value.trim(),
-    port: parseInt(document.getElementById('proxyPort').value) || 443,
-    udp: document.getElementById('proxyUDP').checked,
-    tls: document.getElementById('proxyTLS').checked,
-    servername: document.getElementById('proxySNI').value.trim(),
-    'skip-cert-verify': document.getElementById('proxySkipCertVerify').checked,
-    network: document.getElementById('proxyNetwork').value || '',
-  };
+  const name = document.getElementById('proxyName').value.trim();
 
-  if (type === 'ss') {
-    proxy.cipher = document.getElementById('proxyCipher').value;
-    proxy.password = document.getElementById('proxyPassword').value;
-  } else if (type === 'vmess' || type === 'vless') {
-    proxy.uuid = document.getElementById('proxyUUID').value.trim();
-    if (type === 'vless') proxy.flow = document.getElementById('proxyFlow').value.trim();
-    proxy.cipher = document.getElementById('proxyCipher').value;
-  } else if (type === 'trojan') {
-    proxy.password = document.getElementById('proxyTrojanPass').value;
-  } else if (type === 'hysteria2') {
-    proxy.password = document.getElementById('proxyPassword').value;
-    proxy.obfs = document.getElementById('proxyObfs').value.trim();
-    proxy['obfs-password'] = document.getElementById('proxyObfsPass').value.trim();
-  } else if (type === 'http' || type === 'socks5') {
-    proxy.username = document.getElementById('proxyUsername').value.trim();
-    proxy.password = document.getElementById('proxyPassword').value;
-  } else if (type === 'direct') {
-    delete proxy.server;
-    delete proxy.port;
+  if (!name) { showToast('Имя прокси обязательно', 'error'); return; }
+
+  const proxy = { name, type };
+
+  // Server/port
+  if (type !== 'direct') {
+    proxy.server = gVal('proxyServer').trim();
+    const port = parseInt(gVal('proxyPort'));
+    if (port) proxy.port = port;
   }
 
-  if (!proxy.name) {
-    showToast('Имя прокси обязательно', 'error');
-    return;
+  // Common advanced
+  proxy.udp = gCheck('proxyUDP');
+  const ipVer = gVal('proxyIPVersion');
+  if (ipVer) proxy['ip-version'] = ipVer;
+  const iface = gVal('proxyInterface').trim();
+  if (iface) proxy['interface-name'] = iface;
+  const mark = parseInt(gVal('proxyRoutingMark'));
+  if (mark) proxy['routing-mark'] = mark;
+  if (gCheck('proxyTFO')) proxy.tfo = true;
+  if (gCheck('proxyMPTCP')) proxy.mptcp = true;
+  const dialerProxy = gVal('proxyDialerProxy').trim();
+  if (dialerProxy) proxy['dialer-proxy'] = dialerProxy;
+
+  // TLS
+  const hasTLS = TLS_PROTOS.includes(type);
+  const tlsAlways = TLS_ALWAYS.includes(type);
+  const tlsEnabled = tlsAlways || (hasTLS && gCheck('proxyTLS'));
+
+  if (hasTLS) {
+    if (!tlsAlways) proxy.tls = gCheck('proxyTLS');
+    if (tlsEnabled) {
+      const sni = gVal('proxySNI').trim();
+      if (sni) {
+        if (type === 'vmess' || type === 'vless') proxy.servername = sni;
+        else proxy.sni = sni;
+      }
+      const fp = gVal('proxyFingerprint').trim();
+      if (fp) proxy.fingerprint = fp;
+      const alpn = gLines('proxyALPN');
+      if (alpn.length) proxy.alpn = alpn;
+      if (gCheck('proxySkipCertVerify')) proxy['skip-cert-verify'] = true;
+      if (CLIENT_FP_PROTOS.includes(type)) {
+        const cfp = gVal('proxyClientFP');
+        if (cfp) proxy['client-fingerprint'] = cfp;
+      }
+      // Reality
+      if (REALITY_PROTOS.includes(type)) {
+        const rPubKey = gVal('realityPublicKey').trim();
+        const rShortID = gVal('realityShortID').trim();
+        if (rPubKey || rShortID) {
+          proxy['reality-opts'] = {};
+          if (rPubKey) proxy['reality-opts']['public-key'] = rPubKey;
+          if (rShortID) proxy['reality-opts']['short-id'] = rShortID;
+          if (gCheck('realityX25519mlkem')) proxy['reality-opts']['support-x25519mlkem768'] = true;
+        }
+      }
+      // ECH
+      if (gCheck('echEnable')) {
+        proxy['ech-opts'] = { enable: true };
+        const echCfg = gVal('echConfig').trim();
+        if (echCfg) proxy['ech-opts'].config = echCfg;
+        const echQ = gVal('echQuerySNI').trim();
+        if (echQ) proxy['ech-opts']['query-server-name'] = echQ;
+      }
+    }
   }
 
+  // Transport
+  if (TRANSPORT_PROTOS.includes(type)) {
+    const net = gVal('proxyNetwork');
+    if (net) {
+      proxy.network = net;
+      switch (net) {
+        case 'ws': {
+          const wsOpts = {};
+          const wsPath = gVal('wsPath').trim();
+          if (wsPath) wsOpts.path = wsPath;
+          const wsHost = gVal('wsHost').trim();
+          if (wsHost) wsOpts.headers = { Host: wsHost };
+          const wsMaxED = parseInt(gVal('wsMaxEarlyData'));
+          if (wsMaxED) wsOpts['max-early-data'] = wsMaxED;
+          const wsEDH = gVal('wsEarlyDataHeader').trim();
+          if (wsEDH) wsOpts['early-data-header-name'] = wsEDH;
+          if (gCheck('wsV2rayUpgrade')) wsOpts['v2ray-http-upgrade'] = true;
+          if (gCheck('wsV2rayUpgradeFO')) wsOpts['v2ray-http-upgrade-fast-open'] = true;
+          if (Object.keys(wsOpts).length) proxy['ws-opts'] = wsOpts;
+          break;
+        }
+        case 'h2': {
+          const h2Opts = {};
+          const h2host = gLines('h2Host');
+          if (h2host.length) h2Opts.host = h2host;
+          const h2path = gVal('h2Path').trim();
+          if (h2path) h2Opts.path = h2path;
+          if (Object.keys(h2Opts).length) proxy['h2-opts'] = h2Opts;
+          break;
+        }
+        case 'grpc': {
+          const grpcOpts = {};
+          const gsn = gVal('grpcServiceName').trim();
+          if (gsn) grpcOpts['grpc-service-name'] = gsn;
+          const gua = gVal('grpcUserAgent').trim();
+          if (gua) grpcOpts['grpc-user-agent'] = gua;
+          if (Object.keys(grpcOpts).length) proxy['grpc-opts'] = grpcOpts;
+          break;
+        }
+        case 'http': {
+          const httpOpts = {};
+          const method = gVal('httpTransportMethod');
+          if (method) httpOpts.method = method;
+          const paths = gLines('httpTransportPath');
+          if (paths.length) httpOpts.path = paths;
+          if (Object.keys(httpOpts).length) proxy['http-opts'] = httpOpts;
+          break;
+        }
+        case 'xhttp': {
+          if (type === 'vless') {
+            const xopts = {};
+            const xp = gVal('xhttpPath').trim();
+            if (xp) xopts.path = xp;
+            const xh = gVal('xhttpHost').trim();
+            if (xh) xopts.host = xh;
+            const xm = gVal('xhttpMode');
+            if (xm) xopts.mode = xm;
+            if (gCheck('xhttpNoGRPC')) xopts['no-grpc-header'] = true;
+            const xpad = gVal('xhttpPaddingBytes').trim();
+            if (xpad) xopts['x-padding-bytes'] = xpad;
+            if (Object.keys(xopts).length) proxy['xhttp-opts'] = xopts;
+          }
+          break;
+        }
+      }
+    }
+  }
+
+  // ── Protocol-specific ──
+  switch (type) {
+    case 'ss': {
+      proxy.cipher = gVal('ssCipher');
+      proxy.password = gVal('ssPassword');
+      if (gCheck('ssUOT')) {
+        proxy['udp-over-tcp'] = true;
+        const uotVer = parseInt(getSegBtn('ssUOTVersionSwitch') || '1');
+        if (uotVer === 2) proxy['udp-over-tcp-version'] = 2;
+      }
+      const plugin = gVal('ssPlugin');
+      if (plugin) {
+        proxy.plugin = plugin;
+        if (plugin === 'obfs') {
+          proxy['plugin-opts'] = { mode: gVal('ssObfsMode') || 'tls' };
+          const oh = gVal('ssObfsHost').trim();
+          if (oh) proxy['plugin-opts'].host = oh;
+        } else {
+          const optsText = gVal('ssPluginOpts').trim();
+          if (optsText) proxy['plugin-opts'] = parseYAMLToObj(optsText);
+        }
+      }
+      break;
+    }
+    case 'ssr': {
+      proxy.cipher = gVal('ssrCipher');
+      proxy.password = gVal('ssrPassword');
+      proxy.protocol = gVal('ssrProtocol');
+      const pp = gVal('ssrProtocolParam').trim();
+      if (pp) proxy['protocol-param'] = pp;
+      proxy.obfs = gVal('ssrObfs');
+      const op = gVal('ssrObfsParam').trim();
+      if (op) proxy['obfs-param'] = op;
+      break;
+    }
+    case 'vmess': {
+      proxy.uuid = gVal('vmessUUID').trim();
+      proxy.alterId = gNum('vmessAlterID', 0);
+      proxy.cipher = gVal('vmessCipher');
+      break;
+    }
+    case 'vless': {
+      proxy.uuid = gVal('vlessUUID').trim();
+      const flow = gVal('vlessFlow');
+      if (flow) proxy.flow = flow;
+      proxy.encryption = gVal('vlessEncryption') || 'none';
+      break;
+    }
+    case 'trojan': {
+      proxy.password = gVal('trojanPassword');
+      break;
+    }
+    case 'hysteria': {
+      proxy['auth-str'] = gVal('hyAuthStr');
+      proxy.protocol = gVal('hyProtocol') || 'udp';
+      const up = gVal('hyUp').trim();
+      if (up) proxy.up = up;
+      const down = gVal('hyDown').trim();
+      if (down) proxy.down = down;
+      const obfs = gVal('hyObfs').trim();
+      if (obfs) proxy.obfs = obfs;
+      const ports = gVal('hyPorts').trim();
+      if (ports) proxy.ports = ports;
+      if (gCheck('hyFastOpen')) proxy['fast-open'] = true;
+      break;
+    }
+    case 'hysteria2': {
+      proxy.password = gVal('hy2Password');
+      const up2 = gVal('hy2Up').trim();
+      if (up2) proxy.up = up2;
+      const down2 = gVal('hy2Down').trim();
+      if (down2) proxy.down = down2;
+      const obfsType = gVal('hy2ObfsType');
+      if (obfsType) {
+        proxy.obfs = obfsType;
+        const obfsPass = gVal('hy2ObfsPassword').trim();
+        if (obfsPass) proxy['obfs-password'] = obfsPass;
+      }
+      const ports2 = gVal('hy2Ports').trim();
+      if (ports2) proxy.ports = ports2;
+      const hopInt = parseInt(gVal('hy2HopInterval'));
+      if (hopInt) proxy['hop-interval'] = hopInt;
+      break;
+    }
+    case 'tuic': {
+      const tuicV = getSegBtn('tuicVersionSwitch') || '5';
+      if (tuicV === '4') {
+        proxy.token = gVal('tuicToken').trim();
+      } else {
+        proxy.uuid = gVal('tuicUUID').trim();
+        proxy.password = gVal('tuicPassword');
+      }
+      const tip = gVal('tuicIP').trim();
+      if (tip) proxy.ip = tip;
+      const hb = parseInt(gVal('tuicHeartbeat'));
+      if (hb) proxy['heartbeat-interval'] = hb;
+      proxy['udp-relay-mode'] = gVal('tuicUDPMode') || 'native';
+      const cong = gVal('tuicCongestion');
+      if (cong) proxy['congestion-controller'] = cong;
+      const maxUDP = parseInt(gVal('tuicMaxUDP'));
+      if (maxUDP) proxy['max-udp-relay-packet-size'] = maxUDP;
+      const reqTOut = parseInt(gVal('tuicReqTimeout'));
+      if (reqTOut) proxy['request-timeout'] = reqTOut;
+      const maxStr = parseInt(gVal('tuicMaxStreams'));
+      if (maxStr) proxy['max-open-streams'] = maxStr;
+      if (gCheck('tuicDisableSNI')) proxy['disable-sni'] = true;
+      if (gCheck('tuicReduceRTT')) proxy['reduce-rtt'] = true;
+      if (gCheck('tuicFastOpen')) proxy['fast-open'] = true;
+      break;
+    }
+    case 'wireguard': {
+      proxy['private-key'] = gVal('wgPrivateKey').trim();
+      const wip = gVal('wgIP').trim();
+      if (wip) proxy.ip = wip;
+      const wipv6 = gVal('wgIPv6').trim();
+      if (wipv6) proxy.ipv6 = wipv6;
+      proxy['public-key'] = gVal('wgPublicKey').trim();
+      const allowedIPs = gVal('wgAllowedIPs').split(',').map(s => s.trim()).filter(Boolean);
+      proxy['allowed-ips'] = allowedIPs.length ? allowedIPs : ['0.0.0.0/0'];
+      const psk = gVal('wgPreSharedKey').trim();
+      if (psk) proxy['pre-shared-key'] = psk;
+      const wgRes = gVal('wgReserved').trim();
+      if (wgRes) proxy.reserved = wgRes;
+      const wgMTU = parseInt(gVal('wgMTU'));
+      if (wgMTU) proxy.mtu = wgMTU;
+      const wgKA = parseInt(gVal('wgKeepalive'));
+      if (wgKA) proxy['persistent-keepalive'] = wgKA;
+      if (gCheck('wgRemoteDNS')) {
+        proxy['remote-dns-resolve'] = true;
+        const wgDNS = gVal('wgDNS').split(',').map(s => s.trim()).filter(Boolean);
+        if (wgDNS.length) proxy.dns = wgDNS;
+      }
+      const wgDP = gVal('wgDialerProxy').trim();
+      if (wgDP) proxy['dialer-proxy'] = wgDP;
+      break;
+    }
+    case 'snell': {
+      proxy.psk = gVal('snellPSK');
+      proxy.version = parseInt(gVal('snellVersion')) || 3;
+      const snellMode = gVal('snellObfsMode');
+      if (snellMode) {
+        proxy['obfs-opts'] = { mode: snellMode };
+        const sh = gVal('snellObfsHost').trim();
+        if (sh) proxy['obfs-opts'].host = sh;
+      }
+      break;
+    }
+    case 'ssh': {
+      proxy.username = gVal('sshUsername').trim();
+      const sshPass = gVal('sshPassword');
+      if (sshPass) proxy.password = sshPass;
+      const sshPK = gVal('sshPrivateKey').trim();
+      if (sshPK) proxy['private-key'] = sshPK;
+      const sshPKP = gVal('sshPrivateKeyPass').trim();
+      if (sshPKP) proxy['private-key-passphrase'] = sshPKP;
+      const sshHK = gLines('sshHostKey');
+      if (sshHK.length) proxy['host-key'] = sshHK;
+      const sshHKA = gLines('sshHostKeyAlgos');
+      if (sshHKA.length) proxy['host-key-algorithms'] = sshHKA;
+      break;
+    }
+    case 'anytls': {
+      proxy.password = gVal('anytlsPassword');
+      break;
+    }
+    case 'mieru': {
+      proxy.username = gVal('mieruUsername').trim();
+      proxy.password = gVal('mieruPassword');
+      proxy.transport = gVal('mieruTransport');
+      break;
+    }
+    case 'http':
+    case 'socks5': {
+      const uname = gVal('httpUsername').trim();
+      if (uname) proxy.username = uname;
+      const upass = gVal('httpPassword');
+      if (upass) proxy.password = upass;
+      if (type === 'http') {
+        const hdrText = gVal('httpHeaders').trim();
+        if (hdrText) {
+          const hdrs = {};
+          hdrText.split('\n').forEach(line => {
+            const idx = line.indexOf(':');
+            if (idx > 0) {
+              hdrs[line.slice(0, idx).trim()] = [line.slice(idx + 1).trim()];
+            }
+          });
+          if (Object.keys(hdrs).length) proxy.headers = hdrs;
+        }
+      }
+      break;
+    }
+    case 'direct':
+      // nothing extra needed
+      break;
+  }
+
+  // Save to config
   const proxies = getProxies();
   if (editProxyName) {
     const idx = proxies.findIndex(p => p.name === editProxyName);
@@ -555,9 +1345,7 @@ document.getElementById('saveProxyBtn').addEventListener('click', () => {
       proxies[idx] = proxy;
       if (proxy.name !== oldName) {
         getGroups().forEach(g => {
-          if (g.proxies) {
-            g.proxies = g.proxies.map(pn => pn === oldName ? proxy.name : pn);
-          }
+          if (g.proxies) g.proxies = g.proxies.map(pn => pn === oldName ? proxy.name : pn);
         });
       }
     }
@@ -569,7 +1357,6 @@ document.getElementById('saveProxyBtn').addEventListener('click', () => {
     proxies.push(proxy);
   }
   PS.config.proxies = proxies;
-
   closeProxyModal();
   renderAll();
   saveFullConfig(false);
@@ -580,44 +1367,29 @@ document.getElementById('proxyList').addEventListener('click', e => {
   const editBtn = e.target.closest('[data-edit-proxy]');
   const delBtn = e.target.closest('[data-delete-proxy]');
   if (editBtn) {
-    const name = editBtn.dataset.editProxy;
-    const proxy = getProxies().find(p => p.name === name);
+    const proxy = getProxies().find(p => p.name === editBtn.dataset.editProxy);
     if (proxy) openProxyModal(proxy);
   } else if (delBtn) {
     const name = delBtn.dataset.deleteProxy;
     if (confirm(`Удалить прокси "${name}"?`)) {
-      const proxies = getProxies();
-      const idx = proxies.findIndex(p => p.name === name);
-      if (idx >= 0) {
-        proxies.splice(idx, 1);
-        PS.config.proxies = proxies;
-        getGroups().forEach(g => {
-          if (g.proxies) {
-            g.proxies = g.proxies.filter(pn => pn !== name);
-          }
-        });
-        renderAll();
-        saveFullConfig(false);
-      }
+      PS.config.proxies = getProxies().filter(p => p.name !== name);
+      getGroups().forEach(g => { if (g.proxies) g.proxies = g.proxies.filter(pn => pn !== name); });
+      renderAll(); saveFullConfig(false);
     }
   }
 });
 
-// ─── Group Modal ───
+// ════════════════════════════════════════════════════════════
+// GROUP MODAL
+// ════════════════════════════════════════════════════════════
+
 function updateGroupFields() {
   const type = document.getElementById('groupType').value;
   const urlField = document.getElementById('groupURLField');
-  const lbField = document.getElementById('groupLBStrategy');
-  if (type === 'url-test' || type === 'fallback' || type === 'load-balance') {
-    urlField.classList.remove('hidden');
-  } else {
-    urlField.classList.add('hidden');
-  }
-  if (type === 'load-balance') {
-    lbField.classList.remove('hidden');
-  } else {
-    lbField.classList.add('hidden');
-  }
+  const lbField = document.getElementById('groupLBStrategyDiv');
+  const needsURL = ['url-test', 'fallback', 'load-balance'].includes(type);
+  urlField.classList.toggle('hidden', !needsURL);
+  lbField.classList.toggle('hidden', type !== 'load-balance');
 }
 
 document.getElementById('groupType').addEventListener('change', updateGroupFields);
@@ -632,23 +1404,28 @@ function openGroupModal(group) {
   document.getElementById('groupType').value = group ? group.type : 'select';
   document.getElementById('groupURL').value = group ? (group.url || 'https://www.gstatic.com/generate_204') : 'https://www.gstatic.com/generate_204';
   document.getElementById('groupInterval').value = group ? (group.interval || 300) : 300;
+  document.getElementById('groupTimeout').value = group ? (group.timeout || 5000) : 5000;
   document.getElementById('groupTolerance').value = group ? (group.tolerance || 50) : 50;
+  document.getElementById('groupMaxFailed').value = group ? (group['max-failed-times'] || 5) : 5;
+  document.getElementById('groupLazy').checked = group ? (group.lazy !== false) : true;
   document.getElementById('groupIncludeAll').checked = group ? (group['include-all'] || false) : false;
   document.getElementById('groupFilter').value = group ? (group.filter || '') : '';
+  document.getElementById('groupExcludeFilter').value = group ? (group['exclude-filter'] || '') : '';
+  document.getElementById('groupExcludeType').value = group ? (group['exclude-type'] || '') : '';
+  document.getElementById('groupExpectedStatus').value = group ? (group['expected-status'] || '') : '';
   document.getElementById('groupLBStrategy').value = group ? (group.strategy || 'round-robin') : 'round-robin';
+  document.getElementById('groupDisableUDP').checked = group ? (group['disable-udp'] || false) : false;
 
   const checkboxes = document.getElementById('groupProxyCheckboxes');
   checkboxes.innerHTML = '';
-  const builtin = ['DIRECT'];
-  const allProxies = [...builtin, ...getProxies().map(p => p.name)];
   const selected = group ? (group.proxies || []) : [];
-  allProxies.forEach(name => {
+  const allItems = ['DIRECT', 'REJECT', ...getProxies().map(p => p.name), ...getGroups().filter(g => !group || g.name !== group.name).map(g => g.name)];
+  allItems.forEach(name => {
     const label = document.createElement('label');
     label.className = 'checkbox-label';
     label.style.cssText = 'font-size:.85rem;padding:4px 0;display:flex;align-items:center;gap:6px';
     const cb = document.createElement('input');
-    cb.type = 'checkbox';
-    cb.value = name;
+    cb.type = 'checkbox'; cb.value = name;
     if (selected.includes(name)) cb.checked = true;
     label.appendChild(cb);
     label.appendChild(document.createTextNode(name));
@@ -659,9 +1436,7 @@ function openGroupModal(group) {
   document.getElementById('groupModal').classList.remove('hidden');
 }
 
-function closeGroupModal() {
-  document.getElementById('groupModal').classList.add('hidden');
-}
+function closeGroupModal() { document.getElementById('groupModal').classList.add('hidden'); }
 
 document.getElementById('addGroupBtn').addEventListener('click', () => openGroupModal(null));
 document.getElementById('closeGroupModal').addEventListener('click', closeGroupModal);
@@ -670,127 +1445,112 @@ document.getElementById('groupModalBackdrop').addEventListener('click', closeGro
 
 document.getElementById('saveGroupBtn').addEventListener('click', () => {
   const selectedProxies = [];
-  document.querySelectorAll('#groupProxyCheckboxes input[type="checkbox"]:checked').forEach(cb => {
-    selectedProxies.push(cb.value);
-  });
+  document.querySelectorAll('#groupProxyCheckboxes input[type="checkbox"]:checked').forEach(cb => selectedProxies.push(cb.value));
 
+  const type = document.getElementById('groupType').value;
+  const hasURL = ['url-test', 'fallback', 'load-balance'].includes(type);
   const group = {
     name: document.getElementById('groupName').value.trim(),
-    type: document.getElementById('groupType').value,
+    type,
     proxies: selectedProxies,
-    url: document.getElementById('groupURLField').classList.contains('hidden') ? '' : document.getElementById('groupURL').value.trim(),
-    interval: parseInt(document.getElementById('groupInterval').value) || 300,
-    tolerance: parseInt(document.getElementById('groupTolerance').value) || 0,
-    'include-all': document.getElementById('groupIncludeAll').checked,
-    filter: document.getElementById('groupFilter').value.trim(),
+    'include-all': gCheck('groupIncludeAll'),
+    'disable-udp': gCheck('groupDisableUDP'),
   };
 
-  if (group.type === 'load-balance') {
-    group.strategy = document.getElementById('groupLBStrategy').value;
+  if (hasURL) {
+    group.url = gVal('groupURL').trim();
+    group.interval = gNum('groupInterval', 300);
+    group.timeout = gNum('groupTimeout', 5000);
+    group.lazy = gCheck('groupLazy');
+    const maxFailed = gNum('groupMaxFailed', 0);
+    if (maxFailed) group['max-failed-times'] = maxFailed;
   }
+  if (type === 'url-test') {
+    const tol = gNum('groupTolerance', 0);
+    if (tol) group.tolerance = tol;
+  }
+  if (type === 'load-balance') {
+    group.strategy = gVal('groupLBStrategy') || 'round-robin';
+  }
+  const filter = gVal('groupFilter').trim();
+  if (filter) group.filter = filter;
+  const exFilter = gVal('groupExcludeFilter').trim();
+  if (exFilter) group['exclude-filter'] = exFilter;
+  const exType = gVal('groupExcludeType').trim();
+  if (exType) group['exclude-type'] = exType;
+  const expStatus = gVal('groupExpectedStatus').trim();
+  if (expStatus) group['expected-status'] = expStatus;
 
-  if (!group.name) {
-    showToast('Имя группы обязательно', 'error');
-    return;
-  }
+  if (!group.name) { showToast('Имя группы обязательно', 'error'); return; }
 
   const groups = getGroups();
   if (editGroupName) {
     const idx = groups.findIndex(g => g.name === editGroupName);
-    if (idx >= 0) {
-      groups[idx] = group;
-    }
+    if (idx >= 0) groups[idx] = group;
   } else {
-    if (groups.some(g => g.name === group.name)) {
-      showToast('Группа с таким именем уже существует', 'error');
-      return;
-    }
+    if (groups.some(g => g.name === group.name)) { showToast('Группа с таким именем уже существует', 'error'); return; }
     groups.push(group);
   }
   PS.config['proxy-groups'] = groups;
-
-  closeGroupModal();
-  renderAll();
-  saveFullConfig(false);
+  closeGroupModal(); renderAll(); saveFullConfig(false);
 });
 
-// Group list events
 document.getElementById('groupList').addEventListener('click', e => {
   const editBtn = e.target.closest('[data-edit-group]');
   const delBtn = e.target.closest('[data-delete-group]');
   if (editBtn) {
-    const name = editBtn.dataset.editGroup;
-    const group = getGroups().find(g => g.name === name);
+    const group = getGroups().find(g => g.name === editBtn.dataset.editGroup);
     if (group) openGroupModal(group);
   } else if (delBtn) {
     const name = delBtn.dataset.deleteGroup;
     if (confirm(`Удалить группу "${name}"?`)) {
-      const groups = getGroups();
-      const idx = groups.findIndex(g => g.name === name);
-      if (idx >= 0) {
-        groups.splice(idx, 1);
-        PS.config['proxy-groups'] = groups;
-        const rules = getRules();
-        PS.config.rules = rules.map(r => {
-          if (r.endsWith(',' + name)) {
-            return r.replace(',' + name, ',DIRECT');
-          }
-          return r;
-        });
-        renderAll();
-        saveFullConfig(false);
-      }
+      PS.config['proxy-groups'] = getGroups().filter(g => g.name !== name);
+      PS.config.rules = getRules().map(r => r.endsWith(',' + name) ? r.replace(',' + name, ',DIRECT') : r);
+      renderAll(); saveFullConfig(false);
     }
   }
 });
 
-// ─── Rule Modal ───
+// ════════════════════════════════════════════════════════════
+// RULE MODAL
+// ════════════════════════════════════════════════════════════
+
+const NO_RESOLVE_TYPES = ['IP-CIDR', 'IP-CIDR6', 'IP-SUFFIX', 'IP-ASN', 'GEOIP', 'SRC-IP-CIDR', 'SRC-IP-SUFFIX', 'SRC-IP-ASN', 'SRC-GEOIP'];
+
 function updateRuleFields() {
   const type = document.getElementById('ruleType').value;
   const valueDiv = document.getElementById('ruleValueField');
   const noResolveDiv = document.getElementById('ruleNoResolveDiv');
-  valueDiv.classList.remove('hidden');
-  noResolveDiv.classList.add('hidden');
-
-  if (type === 'MATCH') {
-    valueDiv.classList.add('hidden');
-  } else if (type === 'IP-CIDR' || type === 'IP-CIDR6' || type === 'SRC-IP-CIDR' || type === 'GEOIP') {
-    noResolveDiv.classList.remove('hidden');
-  }
+  valueDiv.classList.toggle('hidden', type === 'MATCH');
+  noResolveDiv.classList.toggle('hidden', !NO_RESOLVE_TYPES.includes(type));
 
   const sel = document.getElementById('ruleProxy');
-  sel.innerHTML = '<option value="DIRECT">DIRECT</option><option value="REJECT">REJECT</option>';
+  const cur = sel.value;
+  sel.innerHTML = '<option value="DIRECT">DIRECT</option><option value="REJECT">REJECT</option><option value="REJECT-DROP">REJECT-DROP</option>';
   getGroups().forEach(g => {
     const opt = document.createElement('option');
-    opt.value = g.name;
-    opt.textContent = '📋 ' + g.name;
+    opt.value = g.name; opt.textContent = g.name;
     sel.appendChild(opt);
   });
-  getProxies().forEach(p => {
-    if (p.type !== 'direct') {
-      const opt = document.createElement('option');
-      opt.value = p.name;
-      opt.textContent = '🔗 ' + p.name;
-      sel.appendChild(opt);
-    }
+  getProxies().filter(p => p.type !== 'direct').forEach(p => {
+    const opt = document.createElement('option');
+    opt.value = p.name; opt.textContent = p.name;
+    sel.appendChild(opt);
   });
+  if ([...sel.options].some(o => o.value === cur)) sel.value = cur;
 }
 
 document.getElementById('ruleType').addEventListener('change', updateRuleFields);
 
 function openRuleModal() {
-  document.getElementById('ruleModalTitle').textContent = 'Добавить правило';
   document.getElementById('ruleType').value = 'DOMAIN-SUFFIX';
   document.getElementById('ruleValue').value = '';
-  document.getElementById('ruleProxy').value = 'DIRECT';
   document.getElementById('ruleNoResolve').checked = true;
   updateRuleFields();
   document.getElementById('ruleModal').classList.remove('hidden');
 }
 
-function closeRuleModal() {
-  document.getElementById('ruleModal').classList.add('hidden');
-}
+function closeRuleModal() { document.getElementById('ruleModal').classList.add('hidden'); }
 
 document.getElementById('addRuleBtn').addEventListener('click', openRuleModal);
 document.getElementById('addBlockBtn').addEventListener('click', () => {
@@ -805,65 +1565,254 @@ document.getElementById('ruleModalBackdrop').addEventListener('click', closeRule
 
 document.getElementById('saveRuleBtn').addEventListener('click', () => {
   const type = document.getElementById('ruleType').value;
-  const value = document.getElementById('ruleValue').value.trim();
-  const proxy = document.getElementById('ruleProxy').value;
-  const noResolve = document.getElementById('ruleNoResolve').checked;
+  const value = gVal('ruleValue').trim();
+  const proxy = gVal('ruleProxy');
+  const noResolve = gCheck('ruleNoResolve');
 
-  if (type !== 'MATCH' && !value) {
-    showToast('Введите значение правила', 'error');
-    return;
-  }
+  if (type !== 'MATCH' && !value) { showToast('Введите значение правила', 'error'); return; }
 
   let rule;
   if (type === 'MATCH') {
     rule = `MATCH,${proxy}`;
   } else {
     rule = `${type},${value},${proxy}`;
-    const needsNoResolve = ['IP-CIDR', 'IP-CIDR6', 'SRC-IP-CIDR', 'GEOIP'].includes(type);
-    if (needsNoResolve && noResolve) {
-      rule += ',no-resolve';
-    }
+    if (NO_RESOLVE_TYPES.includes(type) && noResolve) rule += ',no-resolve';
   }
 
   const rules = getRules();
   rules.push(rule);
   PS.config.rules = rules;
-
-  closeRuleModal();
-  renderAll();
-  saveFullConfig(false);
+  closeRuleModal(); renderAll(); saveFullConfig(false);
 });
 
-// Rule delete delegated events
 document.getElementById('rulesList').addEventListener('click', e => {
   const delBtn = e.target.closest('[data-delete-rule]');
   if (delBtn) {
     const idx = parseInt(delBtn.dataset.deleteRule);
-    if (isNaN(idx)) return;
-    const rules = getRules();
-    rules.splice(idx, 1);
-    PS.config.rules = rules;
-    renderAll();
-    saveFullConfig(false);
+    if (!isNaN(idx)) {
+      const rules = getRules();
+      rules.splice(idx, 1);
+      PS.config.rules = rules;
+      renderAll(); saveFullConfig(false);
+    }
   }
 });
 
-// ─── Core upload ───
+// ════════════════════════════════════════════════════════════
+// PROXY PROVIDERS
+// ════════════════════════════════════════════════════════════
+
+let editPPName = null;
+
+function openPPModal(provider) {
+  editPPName = provider ? provider.name : null;
+  document.getElementById('ppModalTitle').textContent = provider ? 'Редактировать провайдер' : 'Добавить провайдер прокси';
+  document.getElementById('ppEditName').value = provider ? provider.name : '';
+  document.getElementById('ppName').value = provider ? provider.name : '';
+  document.getElementById('ppType').value = provider ? (provider.type || 'http') : 'http';
+  document.getElementById('ppURL').value = provider ? (provider.url || '') : '';
+  document.getElementById('ppPath').value = provider ? (provider.path || '') : '';
+  document.getElementById('ppInterval').value = provider ? (provider.interval || 3600) : 3600;
+  document.getElementById('ppProxy').value = provider ? (provider.proxy || '') : '';
+  const hc = (provider && provider['health-check']) || {};
+  document.getElementById('ppHCEnable').checked = hc.enable !== false;
+  document.getElementById('ppHCURL').value = hc.url || 'https://www.gstatic.com/generate_204';
+  document.getElementById('ppHCInterval').value = hc.interval || 300;
+  document.getElementById('ppHCTimeout').value = hc.timeout || 5000;
+  document.getElementById('ppHCLazy').checked = hc.lazy !== false;
+  document.getElementById('ppFilter').value = provider ? (provider.filter || '') : '';
+  document.getElementById('ppExcludeFilter').value = provider ? (provider['exclude-filter'] || '') : '';
+  document.getElementById('ppExcludeType').value = provider ? (provider['exclude-type'] || '') : '';
+  const ov = (provider && provider.override) || {};
+  document.getElementById('ppOverridePrefix').value = ov['additional-prefix'] || '';
+  document.getElementById('ppOverrideSuffix').value = ov['additional-suffix'] || '';
+  document.getElementById('ppOverrideSkipCert').checked = !!ov['skip-cert-verify'];
+  document.getElementById('ppOverrideUDP').checked = !!ov.udp;
+  document.getElementById('ppOverrideIPVersion').value = ov['ip-version'] || '';
+  updatePPTypeFields();
+  document.getElementById('proxyProviderModal').classList.remove('hidden');
+}
+
+function updatePPTypeFields() {
+  const type = document.getElementById('ppType').value;
+  const urlRow = document.getElementById('pp-url-row');
+  const intRow = document.getElementById('pp-interval-row');
+  if (urlRow) urlRow.classList.toggle('hidden', type === 'file' || type === 'inline');
+  if (intRow) intRow.classList.toggle('hidden', type === 'inline');
+}
+
+document.getElementById('ppType').addEventListener('change', updatePPTypeFields);
+
+function closePPModal() { document.getElementById('proxyProviderModal').classList.add('hidden'); }
+
+document.getElementById('addProxyProviderBtn').addEventListener('click', () => openPPModal(null));
+document.getElementById('closePPModal').addEventListener('click', closePPModal);
+document.getElementById('cancelPPBtn').addEventListener('click', closePPModal);
+document.getElementById('ppModalBackdrop').addEventListener('click', closePPModal);
+
+document.getElementById('savePPBtn').addEventListener('click', () => {
+  const name = gVal('ppName').trim();
+  if (!name) { showToast('Имя провайдера обязательно', 'error'); return; }
+
+  const provider = {
+    type: gVal('ppType'),
+  };
+  const url = gVal('ppURL').trim();
+  if (url) provider.url = url;
+  const path = gVal('ppPath').trim();
+  if (path) provider.path = path;
+  const interval = gNum('ppInterval', 0);
+  if (interval) provider.interval = interval;
+  const proxy = gVal('ppProxy').trim();
+  if (proxy) provider.proxy = proxy;
+
+  if (gCheck('ppHCEnable')) {
+    provider['health-check'] = {
+      enable: true,
+      url: gVal('ppHCURL') || 'https://www.gstatic.com/generate_204',
+      interval: gNum('ppHCInterval', 300),
+      timeout: gNum('ppHCTimeout', 5000),
+      lazy: gCheck('ppHCLazy'),
+    };
+  }
+
+  const filter = gVal('ppFilter').trim();
+  if (filter) provider.filter = filter;
+  const exFilter = gVal('ppExcludeFilter').trim();
+  if (exFilter) provider['exclude-filter'] = exFilter;
+  const exType = gVal('ppExcludeType').trim();
+  if (exType) provider['exclude-type'] = exType;
+
+  const override = {};
+  const prefix = gVal('ppOverridePrefix').trim();
+  if (prefix) override['additional-prefix'] = prefix;
+  const suffix = gVal('ppOverrideSuffix').trim();
+  if (suffix) override['additional-suffix'] = suffix;
+  if (gCheck('ppOverrideSkipCert')) override['skip-cert-verify'] = true;
+  if (gCheck('ppOverrideUDP')) override.udp = true;
+  const ipVer = gVal('ppOverrideIPVersion');
+  if (ipVer) override['ip-version'] = ipVer;
+  if (Object.keys(override).length) provider.override = override;
+
+  if (!PS.config['proxy-providers']) PS.config['proxy-providers'] = {};
+  if (editPPName && editPPName !== name) {
+    delete PS.config['proxy-providers'][editPPName];
+  }
+  PS.config['proxy-providers'][name] = provider;
+  closePPModal(); renderAll(); saveFullConfig(false);
+});
+
+document.getElementById('proxyProviderList').addEventListener('click', e => {
+  const editBtn = e.target.closest('[data-edit-pp]');
+  const delBtn = e.target.closest('[data-delete-pp]');
+  if (editBtn) {
+    const name = editBtn.dataset.editPp;
+    const pp = PS.config['proxy-providers'] && PS.config['proxy-providers'][name];
+    if (pp) openPPModal({ name, ...pp });
+  } else if (delBtn) {
+    const name = delBtn.dataset.deletePp;
+    if (confirm(`Удалить провайдер "${name}"?`)) {
+      if (PS.config['proxy-providers']) delete PS.config['proxy-providers'][name];
+      renderAll(); saveFullConfig(false);
+    }
+  }
+});
+
+// ════════════════════════════════════════════════════════════
+// RULE PROVIDERS
+// ════════════════════════════════════════════════════════════
+
+let editRPName = null;
+
+function openRPModal(provider) {
+  editRPName = provider ? provider.name : null;
+  document.getElementById('rpModalTitle').textContent = provider ? 'Редактировать провайдер правил' : 'Добавить провайдер правил';
+  document.getElementById('rpEditName').value = provider ? provider.name : '';
+  document.getElementById('rpName').value = provider ? provider.name : '';
+  document.getElementById('rpType').value = provider ? (provider.type || 'http') : 'http';
+  document.getElementById('rpBehavior').value = provider ? (provider.behavior || 'domain') : 'domain';
+  document.getElementById('rpFormat').value = provider ? (provider.format || 'yaml') : 'yaml';
+  document.getElementById('rpURL').value = provider ? (provider.url || '') : '';
+  document.getElementById('rpPath').value = provider ? (provider.path || '') : '';
+  document.getElementById('rpInterval').value = provider ? (provider.interval || 600) : 600;
+  document.getElementById('rpProxy').value = provider ? (provider.proxy || '') : '';
+  updateRPTypeFields();
+  document.getElementById('ruleProviderModal').classList.remove('hidden');
+}
+
+function updateRPTypeFields() {
+  const type = document.getElementById('rpType').value;
+  const urlRow = document.getElementById('rp-url-row');
+  const intRow = document.getElementById('rp-interval-row');
+  if (urlRow) urlRow.classList.toggle('hidden', type !== 'http');
+  if (intRow) intRow.classList.toggle('hidden', type === 'inline');
+}
+
+document.getElementById('rpType').addEventListener('change', updateRPTypeFields);
+
+function closeRPModal() { document.getElementById('ruleProviderModal').classList.add('hidden'); }
+
+document.getElementById('addRuleProviderBtn').addEventListener('click', () => openRPModal(null));
+document.getElementById('closeRPModal').addEventListener('click', closeRPModal);
+document.getElementById('cancelRPBtn').addEventListener('click', closeRPModal);
+document.getElementById('rpModalBackdrop').addEventListener('click', closeRPModal);
+
+document.getElementById('saveRPBtn').addEventListener('click', () => {
+  const name = gVal('rpName').trim();
+  if (!name) { showToast('Имя провайдера обязательно', 'error'); return; }
+
+  const provider = {
+    type: gVal('rpType'),
+    behavior: gVal('rpBehavior') || 'domain',
+    format: gVal('rpFormat') || 'yaml',
+  };
+  const url = gVal('rpURL').trim();
+  if (url) provider.url = url;
+  const path = gVal('rpPath').trim();
+  if (path) provider.path = path;
+  const interval = gNum('rpInterval', 0);
+  if (interval) provider.interval = interval;
+  const proxy = gVal('rpProxy').trim();
+  if (proxy) provider.proxy = proxy;
+
+  if (!PS.config['rule-providers']) PS.config['rule-providers'] = {};
+  if (editRPName && editRPName !== name) {
+    delete PS.config['rule-providers'][editRPName];
+  }
+  PS.config['rule-providers'][name] = provider;
+  closeRPModal(); renderAll(); saveFullConfig(false);
+});
+
+document.getElementById('ruleProviderList').addEventListener('click', e => {
+  const editBtn = e.target.closest('[data-edit-rp]');
+  const delBtn = e.target.closest('[data-delete-rp]');
+  if (editBtn) {
+    const name = editBtn.dataset.editRp;
+    const rp = PS.config['rule-providers'] && PS.config['rule-providers'][name];
+    if (rp) openRPModal({ name, ...rp });
+  } else if (delBtn) {
+    const name = delBtn.dataset.deleteRp;
+    if (confirm(`Удалить провайдер "${name}"?`)) {
+      if (PS.config['rule-providers']) delete PS.config['rule-providers'][name];
+      renderAll(); saveFullConfig(false);
+    }
+  }
+});
+
+// ════════════════════════════════════════════════════════════
+// CORE UPLOAD
+// ════════════════════════════════════════════════════════════
+
 document.getElementById('uploadCoreForm').addEventListener('submit', async e => {
   e.preventDefault();
   const fileInput = document.getElementById('coreFile');
-  if (!fileInput.files[0]) {
-    showToast('Выберите файл', 'error');
-    return;
-  }
+  if (!fileInput.files[0]) { showToast('Выберите файл', 'error'); return; }
   const fd = new FormData();
   fd.append('core', fileInput.files[0]);
   try {
     const result = await fetch('/api/mihomo/upload-core', { method: 'POST', body: fd });
     const json = await result.json();
-    if (!json.success) {
-      throw new Error(json.error || 'Upload failed');
-    }
+    if (!json.success) throw new Error(json.error || 'Upload failed');
     showToast('Ядро загружено: ' + (json.data.arch || json.data.path), 'success');
     await loadStatus();
   } catch (e) {
@@ -871,40 +1820,36 @@ document.getElementById('uploadCoreForm').addEventListener('submit', async e =>
   }
 });
 
-// ─── YAML editor ───
+// ════════════════════════════════════════════════════════════
+// YAML EDITOR
+// ════════════════════════════════════════════════════════════
+
 document.getElementById('yamlLoadBtn').addEventListener('click', async () => {
   try {
     const res = await fetch('/api/mihomo/config.yaml');
-    if (res.status === 404) {
-      document.getElementById('yamlEditor').value = '# Config not found.';
-      return;
-    }
-    const text = await res.text();
-    document.getElementById('yamlEditor').value = text;
+    if (res.status === 404) { document.getElementById('yamlEditor').value = '# Config not found.'; return; }
+    document.getElementById('yamlEditor').value = await res.text();
     showToast('Конфиг загружен', 'info');
-  } catch (e) {
-    showToast('Ошибка: ' + e.message, 'error');
-  }
+  } catch (e) { showToast('Ошибка: ' + e.message, 'error'); }
 });
 
 document.getElementById('yamlSaveBtn').addEventListener('click', async () => {
   const content = document.getElementById('yamlEditor').value;
   try {
     const res = await fetch('/api/mihomo/config.yaml', {
-      method: 'PUT',
-      headers: { 'Content-Type': 'text/yaml' },
-      body: content,
+      method: 'PUT', headers: { 'Content-Type': 'text/yaml' }, body: content,
     });
     const json = await res.json();
     if (!json.success) throw new Error(json.error || 'Save failed');
     showToast('Конфиг сохранён', 'success');
     await loadConfig();
-  } catch (e) {
-    showToast('Ошибка: ' + e.message, 'error');
-  }
+  } catch (e) { showToast('Ошибка: ' + e.message, 'error'); }
 });
 
-// ─── Logs polling ───
+// ════════════════════════════════════════════════════════════
+// LOGS
+// ════════════════════════════════════════════════════════════
+
 let logPollTimer = null;
 let lastLogCount = 0;
 
@@ -927,20 +1872,13 @@ function startLogPoll() {
 }
 
 function stopLogPoll() {
-  if (logPollTimer) {
-    clearInterval(logPollTimer);
-    logPollTimer = null;
-  }
+  if (logPollTimer) { clearInterval(logPollTimer); logPollTimer = null; }
 }
 
 document.querySelectorAll('.ptab').forEach(btn => {
   btn.addEventListener('click', () => {
-    if (btn.dataset.tab === 'logs') {
-      lastLogCount = 0;
-      startLogPoll();
-    } else {
-      stopLogPoll();
-    }
+    if (btn.dataset.tab === 'logs') { lastLogCount = 0; startLogPoll(); }
+    else stopLogPoll();
   });
 });
 
@@ -949,9 +1887,362 @@ document.getElementById('clearLogsBtn').addEventListener('click', () => {
   lastLogCount = 0;
 });
 
-// ─── Init ───
+// ════════════════════════════════════════════════════════════
+// DASHBOARD (LIVE MIHOMO API)
+// ════════════════════════════════════════════════════════════
+
+const DA = {
+  ws: null,
+  trafficUp: 0,
+  trafficDown: 0,
+  totalUp: 0,
+  totalDown: 0,
+  memory: 0,
+  connections: [],
+  proxies: {},
+  groups: {},
+  version: '',
+  mode: '',
+  running: false,
+};
+
+function mihomoAPI(path, opts) {
+  return fetch('/api/mihomo/api/' + path.replace(/^\/+/, ''), opts).then(r => {
+    if (!r.ok) throw new Error('HTTP ' + r.status);
+    return r.json();
+  });
+}
+
+function mihomoPut(path, body) {
+  return mihomoAPI(path, {
+    method: 'PUT',
+    headers: { 'Content-Type': 'application/json' },
+    body: JSON.stringify(body),
+  });
+}
+
+function mihomoDel(path) {
+  return mihomoAPI(path, { method: 'DELETE' });
+}
+
+function formatBytes(b) {
+  if (b < 1024) return b.toFixed(0) + ' B';
+  if (b < 1048576) return (b / 1024).toFixed(1) + ' KB';
+  if (b < 1073741824) return (b / 1048576).toFixed(1) + ' MB';
+  return (b / 1073741824).toFixed(2) + ' GB';
+}
+
+function formatBytesPerSec(b) {
+  return formatBytes(b) + '/s';
+}
+
+function closeDashWS() {
+  if (DA.ws) {
+    try { DA.ws.close(); } catch(e) {}
+    DA.ws = null;
+  }
+}
+
+function openDashWS() {
+  closeDashWS();
+  const proto = location.protocol === 'https:' ? 'wss:' : 'ws:';
+  const url = proto + '//' + location.host + '/api/mihomo/ws/traffic';
+  try {
+    const ws = new WebSocket(url);
+    ws.onmessage = (e) => {
+      try {
+        const d = JSON.parse(e.data);
+        DA.trafficUp = d.up || 0;
+        DA.trafficDown = d.down || 0;
+      } catch(err) {}
+    };
+    ws.onerror = () => {};
+    ws.onclose = () => { DA.ws = null; };
+    DA.ws = ws;
+  } catch(e) {}
+}
+
+let dashTrafficInterval = null;
+let dashConnsInterval = null;
+
+async function loadDashInitial() {
+  try {
+    const vdata = await mihomoAPI('version');
+    DA.version = vdata.version || '?';
+  } catch(e) { DA.version = '?'; }
+
+  try {
+    const cfg = await mihomoAPI('configs');
+    DA.mode = cfg.mode || 'rule';
+    renderDashMode();
+  } catch(e) {}
+
+  await loadDashProxies();
+  await loadDashConnections();
+  renderDash();
+}
+
+async function loadDashProxies() {
+  try {
+    const data = await mihomoAPI('proxies');
+    const all = data.proxies || data || {};
+    DA.proxies = {};
+    DA.groups = {};
+    for (const [name, p] of Object.entries(all)) {
+      if ((p.all && p.all.length > 0) || p.type === 'Selector' || p.type === 'URLTest' || p.type === 'Fallback' || p.type === 'LoadBalance' || p.type === 'Relay') {
+        DA.groups[name] = p;
+      } else {
+        DA.proxies[name] = p;
+      }
+    }
+  } catch(e) { console.error('dash proxies load', e); }
+}
+
+async function loadDashConnections() {
+  try {
+    const data = await mihomoAPI('connections');
+    DA.connections = Object.values(data.connections || {});
+    renderDashConnections();
+  } catch(e) { DA.connections = []; }
+}
+
+async function dashPingProxy(name) {
+  try {
+    await mihomoAPI('proxies/' + encodeURIComponent(name) + '/delay?timeout=5000&url=https://www.gstatic.com/generate_204');
+    await loadDashProxies();
+    renderDashGroups();
+  } catch(e) {
+    showToast('Пинг ' + name + ': ошибка', 'error');
+  }
+}
+
+async function dashPingAll() {
+  showToast('Пинг всех прокси...', 'info');
+  const names = Object.keys(DA.proxies);
+  let done = 0;
+  for (const name of names) {
+    mihomoAPI('proxies/' + encodeURIComponent(name) + '/delay?timeout=5000&url=https://www.gstatic.com/generate_204')
+      .then(() => { done++; })
+      .catch(() => { done++; })
+      .finally(() => {
+        if (done === names.length) {
+          loadDashProxies().then(() => renderDashGroups());
+          showToast('Пинг завершён', 'success');
+        }
+      });
+  }
+}
+
+async function dashSwitchProxy(groupName, proxyName) {
+  try {
+    await mihomoPut('proxies/' + encodeURIComponent(groupName), { name: proxyName });
+    await loadDashProxies();
+    renderDashGroups();
+    showToast(groupName + ' → ' + proxyName, 'success');
+  } catch(e) {
+    showToast('Ошибка переключения: ' + e.message, 'error');
+  }
+}
+
+async function dashSetMode(mode) {
+  try {
+    await mihomoPut('configs', { mode });
+    DA.mode = mode;
+    renderDashMode();
+    showToast('Режим: ' + mode, 'success');
+  } catch(e) {
+    showToast('Ошибка смены режима: ' + e.message, 'error');
+  }
+}
+
+async function dashCloseConnection(id) {
+  try {
+    await mihomoDel('connections/' + encodeURIComponent(id));
+    await loadDashConnections();
+  } catch(e) {}
+}
+
+async function dashCloseAllConnections() {
+  try {
+    await mihomoDel('connections');
+    DA.connections = [];
+    renderDashConnections();
+    showToast('Все соединения закрыты', 'success');
+  } catch(e) {}
+}
+
+function renderDashMode() {
+  const seg = document.getElementById('dashModeSwitch');
+  if (!seg) return;
+  seg.querySelectorAll('.seg-btn').forEach(b => {
+    b.classList.toggle('active', b.dataset.mode === DA.mode);
+  });
+}
+
+document.addEventListener('click', (e) => {
+  const btn = e.target.closest('#dashModeSwitch .seg-btn');
+  if (btn) dashSetMode(btn.dataset.mode);
+});
+
+function renderDash() {
+  document.getElementById('dashUp').textContent = formatBytesPerSec(DA.trafficUp);
+  document.getElementById('dashDown').textContent = formatBytesPerSec(DA.trafficDown);
+  document.getElementById('dashUpTotal').textContent = formatBytes(DA.totalUp);
+  document.getElementById('dashDownTotal').textContent = formatBytes(DA.totalDown);
+  document.getElementById('dashMem').textContent = formatBytes(DA.memory);
+  document.getElementById('dashVersion').textContent = DA.version;
+
+  renderDashGroups();
+  renderDashConnections();
+}
+
+function renderDashGroups() {
+  const list = document.getElementById('dashGroupList');
+  if (!list) return;
+  list.innerHTML = '';
+  const groupEntries = Object.entries(DA.groups);
+  if (groupEntries.length === 0) {
+    list.innerHTML = '<div class="empty-state">Нет групп прокси. Добавьте группы во вкладке «Группы».</div>';
+    return;
+  }
+  groupEntries.sort((a, b) => {
+    const order = ['Selector', 'URLTest', 'Fallback', 'LoadBalance', 'Relay'];
+    return (order.indexOf(a[1].type) || 99) - (order.indexOf(b[1].type) || 99);
+  });
+  for (const [name, g] of groupEntries) {
+    const card = document.createElement('div');
+    card.className = 'dash-group-card';
+    const members = (g.all || []).map(m => {
+      const p = DA.proxies[m] || DA.groups[m] || {};
+      const delay = p.history && p.history.length ? p.history[p.history.length - 1].delay : undefined;
+      const dead = delay === undefined || delay === 0;
+      let delayText = '—';
+      let delayClass = 'dash-delay-unknown';
+      if (!dead) {
+        delayText = delay + 'ms';
+        delayClass = delay < 200 ? 'dash-delay-good' : delay < 500 ? 'dash-delay-medium' : 'dash-delay-slow';
+      }
+      const isActive = g.now === m;
+      const type = p.type || '';
+      return `<div class="dash-proxy-item${isActive ? ' dash-proxy-active' : ''}" data-group="${esc(name)}" data-proxy="${esc(m)}">
+        <span class="dash-proxy-name">${esc(m)}</span>
+        <span class="dash-proxy-type">${esc(type)}</span>
+        <span class="dash-delay ${delayClass}">${delayText}</span>
+      </div>`;
+    }).join('');
+    card.innerHTML = `
+      <div class="dash-group-header">
+        <div class="dash-group-title">
+          <span class="dash-group-name">${esc(name)}</span>
+          <span class="tag-gw">${esc(g.type || '')}</span>
+        </div>
+        <button class="btn btn-ghost btn-sm dash-ping-group-btn" data-group="${esc(name)}">Пинг</button>
+      </div>
+      <div class="dash-proxy-list">${members || '<div class="empty-state" style="padding:8px">Нет нод</div>'}</div>`;
+    list.appendChild(card);
+  }
+}
+
+document.addEventListener('click', (e) => {
+  const proxyItem = e.target.closest('.dash-proxy-item');
+  if (proxyItem) {
+    const groupName = proxyItem.dataset.group;
+    const proxyName = proxyItem.dataset.proxy;
+    dashSwitchProxy(groupName, proxyName);
+  }
+  const pingBtn = e.target.closest('.dash-ping-group-btn');
+  if (pingBtn) {
+    const groupName = pingBtn.dataset.group;
+    const group = DA.groups[groupName];
+    if (group && group.all) {
+      for (const name of group.all) {
+        mihomoAPI('proxies/' + encodeURIComponent(name) + '/delay?timeout=5000&url=https://www.gstatic.com/generate_204').catch(() => {});
+      }
+      showToast('Пинг группы ' + groupName + '...', 'info');
+      setTimeout(() => loadDashProxies().then(() => renderDashGroups()), 3000);
+    }
+  }
+  if (e.target.closest('#dashPingAllBtn')) {
+    dashPingAll();
+  }
+  if (e.target.closest('#dashCloseAllConnsBtn')) {
+    dashCloseAllConnections();
+  }
+  const closeConnBtn = e.target.closest('.dash-conn-close');
+  if (closeConnBtn) {
+    dashCloseConnection(closeConnBtn.dataset.id);
+  }
+});
+
+function renderDashConnections() {
+  const tbody = document.getElementById('dashConnBody');
+  const countEl = document.getElementById('dashConnCount');
+  if (!tbody) return;
+  if (countEl) countEl.textContent = DA.connections.length;
+  tbody.innerHTML = '';
+  const conns = DA.connections.slice(0, 100);
+  for (const c of conns) {
+    const meta = c.metadata || {};
+    const host = (meta.host || meta.destinationIP || '') + (meta.destinationPort ? ':' + meta.destinationPort : '');
+    const chain = (c.chains || []).reverse().join(' → ') || '—';
+    const tr = document.createElement('tr');
+    tr.innerHTML = `
+      <td class="dash-conn-host" title="${esc(host)}">${esc(host.length > 40 ? host.slice(0, 40) + '...' : host)}</td>
+      <td>${esc(meta.network || '')}</td>
+      <td class="dash-conn-chain" title="${esc(chain)}">${esc(chain.length > 30 ? chain.slice(0, 30) + '...' : chain)}</td>
+      <td class="dash-conn-traffic">${formatBytes(c.upload || 0)}</td>
+      <td class="dash-conn-traffic">${formatBytes(c.download || 0)}</td>
+      <td><button class="btn-icon dash-conn-close" data-id="${esc(c.id || '')}" title="Закрыть">✕</button></td>`;
+    tbody.appendChild(tr);
+  }
+  if (conns.length === 0) {
+    tbody.innerHTML = '<tr><td colspan="6" class="empty-state" style="padding:12px">Нет активных соединений</td></tr>';
+  }
+}
+
+function startDashPolling() {
+  stopDashPolling();
+  loadDashInitial();
+  openDashWS();
+  dashTrafficInterval = setInterval(() => {
+    DA.totalUp += DA.trafficUp;
+    DA.totalDown += DA.trafficDown;
+    document.getElementById('dashUp').textContent = formatBytesPerSec(DA.trafficUp);
+    document.getElementById('dashDown').textContent = formatBytesPerSec(DA.trafficDown);
+    document.getElementById('dashUpTotal').textContent = formatBytes(DA.totalUp);
+    document.getElementById('dashDownTotal').textContent = formatBytes(DA.totalDown);
+    document.getElementById('dashMem').textContent = formatBytes(DA.memory);
+  }, 1000);
+  dashConnsInterval = setInterval(loadDashConnections, 3000);
+}
+
+function stopDashPolling() {
+  if (dashTrafficInterval) { clearInterval(dashTrafficInterval); dashTrafficInterval = null; }
+  if (dashConnsInterval) { clearInterval(dashConnsInterval); dashConnsInterval = null; }
+  closeDashWS();
+}
+
+function updateDashVisibility() {
+  const online = document.getElementById('dashOnline');
+  const offline = document.getElementById('dashOffline');
+  if (!online || !offline) return;
+  if (PS.status && PS.status.running) {
+    online.classList.remove('hidden');
+    offline.classList.add('hidden');
+  } else {
+    online.classList.add('hidden');
+    offline.classList.remove('hidden');
+    stopDashPolling();
+  }
+}
+
+// ════════════════════════════════════════════════════════════
+// INIT
+// ════════════════════════════════════════════════════════════
+
 (async () => {
-  try { await loadStatus(); } catch(e) { console.error('status', e); }
-  try { await loadConfig(); } catch(e) { console.error('config', e); }
-  document.getElementById('loading').classList.add('hidden');
-})();
\ No newline at end of file
+  try { await loadStatus(); } catch (e) { console.error('status', e); }
+  try { await loadConfig(); } catch (e) { console.error('config', e); }
+  updateDashVisibility();
+  if (PS.status && PS.status.running) startDashPolling();
+})();
diff --git a/public/style.css b/public/style.css
index 25f13cc..c748e51 100644
--- a/public/style.css
+++ b/public/style.css
@@ -1411,6 +1411,133 @@ select {
   .form-grid-2 { grid-template-columns: 1fr; }
 }
 
+/* ── Icon-only action buttons ── */
+.btn-icon-accent {
+  color: var(--accent);
+}
+.btn-icon-accent:hover {
+  color: var(--accent-h);
+  background: rgba(0, 212, 255, 0.1);
+  text-shadow: 0 0 8px var(--accent-glow);
+}
+.btn-icon-danger {
+  color: var(--muted);
+}
+.btn-icon-danger:hover {
+  color: var(--danger);
+  background: rgba(255, 51, 102, 0.1);
+}
+
+/* ── Card power toggle ── */
+.iface-power-toggle {
+  gap: 8px;
+}
+.iface-toggle-label {
+  font-size: .78rem;
+  font-weight: 600;
+  color: var(--text-dim);
+  min-width: 28px;
+}
+
+/* ── Small toggle (VLAN rows) ── */
+.toggle-sm {
+  width: 30px !important;
+  height: 17px !important;
+  border-radius: 9px !important;
+}
+.toggle-sm::after {
+  width: 11px !important;
+  height: 11px !important;
+}
+.toggle-label input:checked + .toggle-sm::after {
+  transform: translateX(13px) !important;
+}
+
+/* ── Card name with label ── */
+.card-name-stack {
+  display: flex;
+  flex-direction: column;
+  gap: 1px;
+}
+.card-label-text {
+  font-size: 1rem;
+  font-weight: 700;
+  color: var(--text);
+}
+.card-iface-sub {
+  font-size: .72rem;
+  color: var(--muted);
+  font-family: "JetBrains Mono", "Fira Code", monospace;
+}
+.card-iface-name {
+  font-size: 1rem;
+  font-weight: 700;
+}
+
+/* ── VLAN label in row ── */
+.vlan-name-stack {
+  display: flex;
+  flex-direction: column;
+  gap: 0;
+}
+.vlan-label-text {
+  font-size: .82rem;
+  font-weight: 700;
+  color: var(--text);
+}
+.vlan-iface-name {
+  font-size: .72rem;
+  color: var(--muted);
+  font-family: "JetBrains Mono", "Fira Code", monospace;
+}
+
+/* ── Proxy form helpers ── */
+.field-select {
+  background: var(--bg-deep);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-sm);
+  color: var(--text);
+  padding: 9px 12px;
+  font-size: .9rem;
+  width: 100%;
+}
+.mono-ta {
+  background: var(--bg-deep);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-sm);
+  color: var(--text);
+  padding: 9px 12px;
+  font-size: .85rem;
+  font-family: 'JetBrains Mono', 'Fira Code', monospace;
+  width: 100%;
+  resize: vertical;
+}
+.settings-section-title {
+  color: var(--accent);
+  font-size: .85rem;
+  font-weight: 700;
+  letter-spacing: .05em;
+  text-transform: uppercase;
+  margin-bottom: 12px;
+}
+.pf-section-title {
+  font-size: .8rem;
+  font-weight: 700;
+  color: var(--accent);
+  letter-spacing: .05em;
+  text-transform: uppercase;
+  margin-bottom: 10px;
+  margin-top: 4px;
+}
+.pf-subsection-title {
+  font-size: .78rem;
+  font-weight: 600;
+  color: var(--text-muted);
+  letter-spacing: .04em;
+  margin-bottom: 8px;
+  margin-top: 2px;
+}
+
 /* ── Scanline overlay (subtle futuristic effect) ── */
 body::after {
   content: '';
@@ -1425,4 +1552,268 @@ body::after {
     rgba(0, 212, 255, 0.008) 2px,
     rgba(0, 212, 255, 0.008) 4px
   );
+}
+
+/* ── Dashboard ── */
+.dash-grid {
+  display: grid;
+  grid-template-columns: 1fr 1fr;
+  gap: 16px;
+  margin-bottom: 20px;
+}
+@media (max-width: 768px) {
+  .dash-grid { grid-template-columns: 1fr; }
+}
+.dash-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  padding: 18px;
+  backdrop-filter: blur(10px);
+}
+.dash-card-title {
+  font-size: .85rem;
+  font-weight: 700;
+  color: var(--accent);
+  letter-spacing: .05em;
+  text-transform: uppercase;
+  margin-bottom: 14px;
+}
+.dash-traffic-card {
+  border-color: rgba(0, 212, 255, 0.15);
+}
+.dash-traffic-row {
+  display: flex;
+  gap: 24px;
+  margin-bottom: 8px;
+}
+.dash-traffic-item {
+  display: flex;
+  flex-direction: column;
+  gap: 2px;
+  flex: 1;
+}
+.dash-traffic-label {
+  font-size: .72rem;
+  color: var(--muted);
+  text-transform: uppercase;
+  letter-spacing: .06em;
+}
+.dash-traffic-val {
+  font-family: 'JetBrains Mono', 'Fira Code', monospace;
+  font-size: 1.1rem;
+  color: var(--accent);
+  text-shadow: 0 0 8px rgba(0, 212, 255, 0.15);
+  font-variant-numeric: tabular-nums;
+}
+.dash-traffic-total {
+  font-size: .95rem;
+  color: var(--text-dim);
+  text-shadow: none;
+}
+.dash-mem-row {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  padding-top: 8px;
+  border-top: 1px solid var(--border);
+  margin-top: 4px;
+}
+.dash-mode-switch {
+  display: flex;
+  background: var(--bg-deep);
+  border: 1px solid var(--border);
+  border-radius: var(--radius-sm);
+  padding: 3px;
+  gap: 2px;
+}
+.dash-mode-switch .seg-btn {
+  flex: 1;
+  padding: 8px 12px;
+  border: none;
+  border-radius: calc(var(--radius-sm) - 2px);
+  background: transparent;
+  color: var(--muted);
+  cursor: pointer;
+  font-size: .85rem;
+  font-weight: 600;
+  transition: all .2s ease;
+}
+.dash-mode-switch .seg-btn.active {
+  background: linear-gradient(135deg, #0090b3, #00d4ff);
+  color: #fff;
+  box-shadow: 0 2px 8px rgba(0, 212, 255, 0.2);
+}
+.dash-mode-switch .seg-btn:not(.active):hover { background: var(--surface-3); color: var(--text); }
+
+.dash-info-row {
+  display: flex;
+  align-items: baseline;
+  gap: 8px;
+}
+.dash-section {
+  margin-bottom: 20px;
+}
+.dash-section-header {
+  display: flex;
+  align-items: center;
+  gap: 12px;
+  margin-bottom: 12px;
+}
+.dash-section-header h3 {
+  font-size: 1rem;
+  font-weight: 700;
+  background: linear-gradient(135deg, var(--text), var(--accent));
+  -webkit-background-clip: text;
+  -webkit-text-fill-color: transparent;
+}
+
+.dash-group-list {
+  display: flex;
+  flex-direction: column;
+  gap: 12px;
+}
+.dash-group-card {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  overflow: hidden;
+  backdrop-filter: blur(10px);
+  transition: all .3s ease;
+}
+.dash-group-card:hover {
+  border-color: var(--border-hi);
+  box-shadow: var(--glow-sm);
+}
+.dash-group-header {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  padding: 12px 16px;
+  border-bottom: 1px solid var(--border);
+}
+.dash-group-title {
+  display: flex;
+  align-items: center;
+  gap: 8px;
+}
+.dash-group-name {
+  font-weight: 700;
+  font-size: .95rem;
+  color: var(--text);
+}
+.dash-proxy-list {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(200px, 1fr));
+  gap: 6px;
+  padding: 10px 14px;
+}
+.dash-proxy-item {
+  display: flex;
+  align-items: center;
+  gap: 6px;
+  padding: 6px 10px;
+  border-radius: var(--radius-sm);
+  background: var(--surface-2);
+  border: 1px solid transparent;
+  cursor: pointer;
+  transition: all .15s ease;
+  font-size: .82rem;
+}
+.dash-proxy-item:hover {
+  border-color: var(--border-hi);
+  background: var(--surface-3);
+  transform: translateY(-1px);
+}
+.dash-proxy-item.dash-proxy-active {
+  border-color: rgba(0, 255, 136, 0.4);
+  background: rgba(0, 255, 136, 0.06);
+}
+.dash-proxy-name {
+  flex: 1;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+  color: var(--text);
+  font-weight: 600;
+}
+.dash-proxy-type {
+  font-size: .68rem;
+  color: var(--muted);
+}
+.dash-delay {
+  font-family: 'JetBrains Mono', 'Fira Code', monospace;
+  font-size: .78rem;
+  font-weight: 600;
+  white-space: nowrap;
+  font-variant-numeric: tabular-nums;
+}
+.dash-delay-good { color: var(--success); }
+.dash-delay-medium { color: var(--warning); }
+.dash-delay-slow { color: var(--danger); }
+.dash-delay-unknown { color: var(--muted); }
+
+.dash-conn-count {
+  font-size: .78rem;
+  font-weight: 700;
+  color: var(--accent);
+  background: rgba(0, 212, 255, 0.1);
+  border: 1px solid rgba(0, 212, 255, 0.3);
+  padding: 2px 8px;
+  border-radius: 12px;
+  font-variant-numeric: tabular-nums;
+}
+.dash-conn-table-wrap {
+  background: var(--surface);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  overflow-x: auto;
+  backdrop-filter: blur(10px);
+}
+.dash-conn-table {
+  width: 100%;
+  border-collapse: collapse;
+  font-size: .82rem;
+}
+.dash-conn-table thead {
+  background: rgba(0, 212, 255, 0.03);
+  border-bottom: 1px solid var(--border);
+}
+.dash-conn-table th {
+  text-align: left;
+  padding: 10px 12px;
+  font-size: .72rem;
+  font-weight: 700;
+  text-transform: uppercase;
+  letter-spacing: .06em;
+  color: var(--muted);
+  white-space: nowrap;
+}
+.dash-conn-table td {
+  padding: 8px 12px;
+  border-bottom: 1px solid rgba(255, 255, 255, 0.03);
+  vertical-align: middle;
+}
+.dash-conn-table tbody tr:hover { background: rgba(0, 212, 255, 0.03); }
+.dash-conn-host {
+  font-family: 'JetBrains Mono', 'Fira Code', monospace;
+  color: var(--text);
+  max-width: 200px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+.dash-conn-chain {
+  color: var(--text-dim);
+  max-width: 220px;
+  overflow: hidden;
+  text-overflow: ellipsis;
+  white-space: nowrap;
+}
+.dash-conn-traffic {
+  font-family: 'JetBrains Mono', 'Fira Code', monospace;
+  color: var(--text-dim);
+  font-size: .78rem;
+  font-variant-numeric: tabular-nums;
+  text-align: right;
 }
\ No newline at end of file
diff --git a/zashboard b/zashboard
new file mode 160000
index 0000000..132970d
--- /dev/null
+++ b/zashboard
@@ -0,0 +1 @@
+Subproject commit 132970daa3d44757d9eccb8521005b4704f6037a