Replaces string-based exposed address handling with URL-based InstanceURL() (type url.URL) across relay/server and relay/healthcheck; adds SchemeREL/SchemeRELS constants; updates getInstanceURL to return *url.URL with scheme and TLS validation; adjusts WS dialing and health-check logic to use URL fields.
Adds a new NotifyOSLifecycle RPC and server handler to centralize OS sleep/wake handling, introduces Server.sleepTriggeredDown for coordination, updates client UI to call the new RPC, and adjusts the internal sleep event enum zero-value semantics.
* Add OAuth select_account prompt support to PKCE flow
Extends LoginFlag enum with select_account options to enable
multi-account selection during authentication. This allows users
to choose which account to use when multiple accounts have active
sessions with the identity provider.
The new flags are backward compatible - existing LoginFlag values
(0=prompt login, 1=max_age=0) retain their original behavior.
* fix(relay): use exposed address for healthcheck TLS validation
Healthcheck was using listen address (0.0.0.0) instead of exposed address
(domain name) for certificate validation, causing validation to always fail.
Now correctly uses the exposed address where the TLS certificate is valid,
matching real client connection behavior.
* - store exposedAddress directly in Relay struct instead of parsing on every call
- remove unused parseHostPort() function
- remove unused ListenAddress() method from ServiceChecker interface
- improve error logging with address context
* [relay/healthcheck] Remove QUIC health check logic, update WebSocket validation flow
Refactored health check logic by removing QUIC-specific connection validation and simplifying logic for WebSocket protocol. Adjusted certificate validation flow and improved handling of exposed addresses.
* [relay/healthcheck] Fix certificate validation status during health check
---------
Co-authored-by: Maycon Santos <mlsmaycon@gmail.com>
A macOS-specific sleep detection mechanism using IOKit and CoreFoundation via cgo is introduced, with a fallback implementation for unsupported platforms. A public Service wrapper provides an event-driven API translating system sleep/wake events into gRPC calls. The UI client integrates sleep detection to manage connectivity state based on system sleep status.
Two new boolean flags, SearchDomainDisabled and SkipPTRProcess, are added to CustomZone and its protobuf; they are propagated through the engine to DNS host logic. Host matching now uses SearchDomainDisabled directly, and PTR collection skips zones with SkipPTRProcess; reverse zones are initialized with SearchDomainDisabled: true.
Upgrade Go toolchain and golang.org/x/* deps to 1.24.10, standardize GitHub Actions to derive Go version from go.mod and adjust checkout ordering, raise WASM size limit to 55 MB, update FreeBSD tarball and gomobile refs, fix a few format-string/logging calls, treat usernames ending with $ as system accounts, and add Windows tests.
Implements feature-aware firewall rule expansion: derives peer-supported features (native SSH, portRanges) from peer version, prefers explicit Ports over PortRanges when expanding, conditionally appends a native SSH (22022) rule when policy and peer support allow, and adds helpers plus tests for SSH expansion behavior.
* Open quick settings window if netbird-ui is already running
* [client-ui] fix connection status comparison
* [client-ui] modularize quick actions code
* [client-ui] add netbird-disconnected logo
* [client-ui] change quickactions UI
It now displays the NetBird logo and a single button
with a round icon
* [client-ui] add hint message to quick actions screen
This also updates fyne to v2.7.0
* [client-ui] remove unnecessary default clause
* [client-ui] remove commented code
* [client-ui] remove unused dependency
* [client-ui] close quick actions on connection change
* [client-ui] add function to get image from embed resources
* [client] Return error when calling sendShowWindowSignal from Windows
* [client-ui] Add commentary on empty OnTapped function for toggleConnectionButton
* [client-ui] Fix tests
* [client-ui] Add context to menuUpClick call
* [client-ui] Pass serviceClient app as parameter
To use its clipboard rather than the window's when showing
the upload success dialog
* [client-ui] Replace for select with for range chan
* [client-ui] Replace settings change listener channel
Settings now accept a function callback
* [client-ui] Add missing iconAboutDisconnected to icons_windows.go
* [client] Add quick actions signal handler for Windows with named events
* [client] Run go mod tidy
* [client] Remove line break
* [client] Log unexpected status in separate function
* [client-ui] Refactor quick actions window
To address racing conditions, it also replaces
usage of pause and resume channels with an
atomic bool.
* [client-ui] use derived context from ServiceClient
* [client] Update signal_windows log message
Also, format error when trying to set event on
sendShowWindowSignal
* go mod tidy
* [client-ui] Add struct to pass fewer parameters
to applyQuickActionsUiState function
* [client] Add missing import
---------
Co-authored-by: Viktor Liu <viktor@netbird.io>
