From c6b971f60cf7bbaa1889bf1b089e0463b22c2315 Mon Sep 17 00:00:00 2001
From: bernie-g <bernie.gandin2@gmail.com>
Date: Wed, 6 May 2026 21:07:44 -0400
Subject: [PATCH 1/2] Revert "Merge pull request #203 from
 Infisical/feat/pam-rdp-ad-support"

This reverts commit 37a522447cc090fd2ff801a3305264720cbb312d, reversing
changes made to 82180bb8ac0d230345275b629a5a6e31449f7fff.
---
 packages/api/model.go                         |  1 -
 .../pam/handlers/rdp/bridge_cgo_shared.go     |  1 -
 packages/pam/handlers/rdp/bridge_cgo_unix.go  | 20 +++++--------------
 .../pam/handlers/rdp/bridge_cgo_windows.go    | 17 +++++-----------
 packages/pam/handlers/rdp/bridge_stub.go      |  4 ++--
 .../handlers/rdp/native/include/rdp_bridge.h  |  5 -----
 .../pam/handlers/rdp/native/src/bridge.rs     |  8 +-------
 .../pam/handlers/rdp/native/src/config.rs     |  6 ++----
 packages/pam/handlers/rdp/native/src/ffi.rs   | 14 +++----------
 packages/pam/handlers/rdp/proxy.go            |  5 +----
 packages/pam/pam-proxy.go                     |  1 -
 packages/pam/session/credentials.go           |  2 --
 12 files changed, 19 insertions(+), 65 deletions(-)

diff --git a/packages/api/model.go b/packages/api/model.go
index 5dd3fe95..5c79c664 100644
--- a/packages/api/model.go
+++ b/packages/api/model.go
@@ -937,7 +937,6 @@ type PAMSessionCredentials struct {
 	ServiceAccountToken   string `json:"serviceAccountToken,omitempty"`
 	ServiceAccountName    string `json:"serviceAccountName,omitempty"`
 	Namespace             string `json:"namespace,omitempty"`
-	Domain                string `json:"domain,omitempty"`
 }
 
 type MFASessionStatus string
diff --git a/packages/pam/handlers/rdp/bridge_cgo_shared.go b/packages/pam/handlers/rdp/bridge_cgo_shared.go
index 9c8d8fba..9a822e6f 100644
--- a/packages/pam/handlers/rdp/bridge_cgo_shared.go
+++ b/packages/pam/handlers/rdp/bridge_cgo_shared.go
@@ -30,7 +30,6 @@ func (p *RDPProxy) HandleConnection(ctx context.Context, clientConn net.Conn) er
 		p.config.TargetPort,
 		p.config.InjectUsername,
 		p.config.InjectPassword,
-		p.config.InjectDomain,
 	)
 	if err != nil {
 		return fmt.Errorf("rdp proxy: start bridge: %w", err)
diff --git a/packages/pam/handlers/rdp/bridge_cgo_unix.go b/packages/pam/handlers/rdp/bridge_cgo_unix.go
index 37e7d2ee..91b24d38 100644
--- a/packages/pam/handlers/rdp/bridge_cgo_unix.go
+++ b/packages/pam/handlers/rdp/bridge_cgo_unix.go
@@ -22,18 +22,16 @@ import (
 
 // StartWithConn hands an independent dup of conn's fd to the bridge.
 // For TLS-wrapped or otherwise non-fd-backed conns, use StartWithReadWriter.
-// `domain` is empty for local accounts; set to the AD domain name for
-// domain-joined NTLM CredSSP.
-func StartWithConn(conn net.Conn, targetHost string, targetPort uint16, username, password, domain string) (*Bridge, error) {
+func StartWithConn(conn net.Conn, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
 	dupFd, err := dupConnFD(conn)
 	if err != nil {
 		return nil, fmt.Errorf("rdp bridge: dup client fd: %w", err)
 	}
-	return startWithDupedFD(dupFd, targetHost, targetPort, username, password, domain)
+	return startWithDupedFD(dupFd, targetHost, targetPort, username, password)
 }
 
 // Ownership of dupFd transfers to Rust on success; we close it on failure.
-func startWithDupedFD(dupFd int, targetHost string, targetPort uint16, username, password, domain string) (*Bridge, error) {
+func startWithDupedFD(dupFd int, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
 	success := false
 	defer func() {
 		if !success {
@@ -48,13 +46,6 @@ func startWithDupedFD(dupFd int, targetHost string, targetPort uint16, username,
 	cPass := C.CString(password)
 	defer C.free(unsafe.Pointer(cPass))
 
-	// Empty domain -> NULL pointer; bridge treats both the same way.
-	var cDomain *C.char
-	if domain != "" {
-		cDomain = C.CString(domain)
-		defer C.free(unsafe.Pointer(cDomain))
-	}
-
 	var handle C.uint64_t
 	rc := C.rdp_bridge_start_unix_fd(
 		C.int(dupFd),
@@ -62,7 +53,6 @@ func startWithDupedFD(dupFd int, targetHost string, targetPort uint16, username,
 		C.uint16_t(targetPort),
 		cUser,
 		cPass,
-		cDomain,
 		&handle,
 	)
 	if rc != C.RDP_BRIDGE_OK {
@@ -85,7 +75,7 @@ func startWithDupedFD(dupFd int, targetHost string, targetPort uint16, username,
 //
 // Cost: two extra in-process copies and a loopback round-trip per byte.
 // Negligible vs. the TLS + CredSSP work on either side.
-func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16, username, password, domain string) (*Bridge, error) {
+func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		return nil, fmt.Errorf("rdp bridge: loopback listen: %w", err)
@@ -120,7 +110,7 @@ func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16,
 		return nil, fmt.Errorf("rdp bridge: dup accepted fd: %w", err)
 	}
 
-	bridge, err := startWithDupedFD(dupFd, targetHost, targetPort, username, password, domain)
+	bridge, err := startWithDupedFD(dupFd, targetHost, targetPort, username, password)
 	if err != nil {
 		_ = peer.Close()
 		return nil, err
diff --git a/packages/pam/handlers/rdp/bridge_cgo_windows.go b/packages/pam/handlers/rdp/bridge_cgo_windows.go
index d706b8ee..c28d5f89 100644
--- a/packages/pam/handlers/rdp/bridge_cgo_windows.go
+++ b/packages/pam/handlers/rdp/bridge_cgo_windows.go
@@ -21,15 +21,15 @@ import (
 	"golang.org/x/sys/windows"
 )
 
-func StartWithConn(conn net.Conn, targetHost string, targetPort uint16, username, password, domain string) (*Bridge, error) {
+func StartWithConn(conn net.Conn, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
 	dupSocket, err := dupConnSocket(conn)
 	if err != nil {
 		return nil, fmt.Errorf("rdp bridge: dup client socket: %w", err)
 	}
-	return startWithDupedSocket(dupSocket, targetHost, targetPort, username, password, domain)
+	return startWithDupedSocket(dupSocket, targetHost, targetPort, username, password)
 }
 
-func startWithDupedSocket(dupSocket windows.Handle, targetHost string, targetPort uint16, username, password, domain string) (*Bridge, error) {
+func startWithDupedSocket(dupSocket windows.Handle, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
 	success := false
 	defer func() {
 		if !success {
@@ -44,12 +44,6 @@ func startWithDupedSocket(dupSocket windows.Handle, targetHost string, targetPor
 	cPass := C.CString(password)
 	defer C.free(unsafe.Pointer(cPass))
 
-	var cDomain *C.char
-	if domain != "" {
-		cDomain = C.CString(domain)
-		defer C.free(unsafe.Pointer(cDomain))
-	}
-
 	var handle C.uint64_t
 	rc := C.rdp_bridge_start_windows_socket(
 		C.uintptr_t(dupSocket),
@@ -57,7 +51,6 @@ func startWithDupedSocket(dupSocket windows.Handle, targetHost string, targetPor
 		C.uint16_t(targetPort),
 		cUser,
 		cPass,
-		cDomain,
 		&handle,
 	)
 	if rc != C.RDP_BRIDGE_OK {
@@ -67,7 +60,7 @@ func startWithDupedSocket(dupSocket windows.Handle, targetHost string, targetPor
 	return &Bridge{handle: uint64(handle)}, nil
 }
 
-func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16, username, password, domain string) (*Bridge, error) {
+func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
 	listener, err := net.Listen("tcp", "127.0.0.1:0")
 	if err != nil {
 		return nil, fmt.Errorf("rdp bridge: loopback listen: %w", err)
@@ -102,7 +95,7 @@ func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16,
 		return nil, fmt.Errorf("rdp bridge: dup accepted socket: %w", err)
 	}
 
-	bridge, err := startWithDupedSocket(dupSocket, targetHost, targetPort, username, password, domain)
+	bridge, err := startWithDupedSocket(dupSocket, targetHost, targetPort, username, password)
 	if err != nil {
 		_ = peer.Close()
 		return nil, err
diff --git a/packages/pam/handlers/rdp/bridge_stub.go b/packages/pam/handlers/rdp/bridge_stub.go
index 2c488000..37a3bcdf 100644
--- a/packages/pam/handlers/rdp/bridge_stub.go
+++ b/packages/pam/handlers/rdp/bridge_stub.go
@@ -12,11 +12,11 @@ import (
 // where the Rust bridge isn't compiled. All entry points return
 // ErrRdpUnavailable.
 
-func StartWithConn(_ net.Conn, _ string, _ uint16, _, _, _ string) (*Bridge, error) {
+func StartWithConn(_ net.Conn, _ string, _ uint16, _, _ string) (*Bridge, error) {
 	return nil, ErrRdpUnavailable
 }
 
-func StartWithReadWriter(_ io.ReadWriter, _ string, _ uint16, _, _, _ string) (*Bridge, error) {
+func StartWithReadWriter(_ io.ReadWriter, _ string, _ uint16, _, _ string) (*Bridge, error) {
 	return nil, ErrRdpUnavailable
 }
 
diff --git a/packages/pam/handlers/rdp/native/include/rdp_bridge.h b/packages/pam/handlers/rdp/native/include/rdp_bridge.h
index 65200f5f..83088768 100644
--- a/packages/pam/handlers/rdp/native/include/rdp_bridge.h
+++ b/packages/pam/handlers/rdp/native/include/rdp_bridge.h
@@ -20,9 +20,6 @@ extern "C" {
 #define RDP_BRIDGE_BAD_ARG           -2
 #define RDP_BRIDGE_RUNTIME_ERROR     -3
 
-// `domain` is optional. NULL or empty string means no domain (NTLM falls back
-// to local-account auth). Set this for AD domain accounts so NTLM CredSSP
-// authenticates against the target's AD binding rather than its local SAM.
 #if defined(__unix__) || defined(__APPLE__)
 int32_t rdp_bridge_start_unix_fd(
     int          client_fd,
@@ -30,7 +27,6 @@ int32_t rdp_bridge_start_unix_fd(
     uint16_t     target_port,
     const char  *username,
     const char  *password,
-    const char  *domain,
     uint64_t    *out_handle
 );
 #endif
@@ -42,7 +38,6 @@ int32_t rdp_bridge_start_windows_socket(
     uint16_t     target_port,
     const char  *username,
     const char  *password,
-    const char  *domain,
     uint64_t    *out_handle
 );
 #endif
diff --git a/packages/pam/handlers/rdp/native/src/bridge.rs b/packages/pam/handlers/rdp/native/src/bridge.rs
index 1eac7b1e..cfe5e992 100644
--- a/packages/pam/handlers/rdp/native/src/bridge.rs
+++ b/packages/pam/handlers/rdp/native/src/bridge.rs
@@ -36,8 +36,6 @@ pub struct TargetEndpoint {
     pub port: u16,
     pub username: String,
     pub password: String,
-    /// Set for AD domain accounts; flows into NTLM CredSSP via connector config.
-    pub domain: Option<String>,
 }
 
 pub async fn run_mitm(
@@ -262,11 +260,7 @@ async fn run_connector_half(target: TargetEndpoint) -> Result<(ErasedStream, byt
     let client_addr = target_tcp.local_addr().context("connector: local_addr")?;
 
     let mut target_framed = ironrdp_tokio::TokioFramed::new(target_tcp);
-    let config = connector_config(
-        target.username.clone(),
-        target.password.clone(),
-        target.domain.clone(),
-    );
+    let config = connector_config(target.username.clone(), target.password.clone());
     let mut connector = ClientConnector::new(config, client_addr);
 
     let should_upgrade = ironrdp_tokio::connect_begin(&mut target_framed, &mut connector)
diff --git a/packages/pam/handlers/rdp/native/src/config.rs b/packages/pam/handlers/rdp/native/src/config.rs
index ba223311..b1f9a77a 100644
--- a/packages/pam/handlers/rdp/native/src/config.rs
+++ b/packages/pam/handlers/rdp/native/src/config.rs
@@ -9,7 +9,7 @@ use ironrdp_pdu::rdp::client_info::{PerformanceFlags, TimezoneInfo};
 pub const DEFAULT_WIDTH: u16 = 1920;
 pub const DEFAULT_HEIGHT: u16 = 1080;
 
-pub fn connector_config(username: String, password: String, domain: Option<String>) -> Config {
+pub fn connector_config(username: String, password: String) -> Config {
     Config {
         desktop_size: DesktopSize {
             width: DEFAULT_WIDTH,
@@ -25,9 +25,7 @@ pub fn connector_config(username: String, password: String, domain: Option<Strin
         enable_credssp: true,
 
         credentials: Credentials::UsernamePassword { username, password },
-        // Set for AD domain accounts; IronRDP forwards this in NTLM CredSSP so
-        // the target's LSA authenticates against AD rather than the local SAM.
-        domain,
+        domain: None,
 
         // Shape-fillers: unused after CredSSP (see module doc).
         client_build: 0,
diff --git a/packages/pam/handlers/rdp/native/src/ffi.rs b/packages/pam/handlers/rdp/native/src/ffi.rs
index 96a2fd52..ecef7782 100644
--- a/packages/pam/handlers/rdp/native/src/ffi.rs
+++ b/packages/pam/handlers/rdp/native/src/ffi.rs
@@ -59,7 +59,6 @@ fn spawn_session(
     port: u16,
     username: String,
     password: String,
-    domain: Option<String>,
 ) -> anyhow::Result<u64> {
     client_tcp.set_nonblocking(true)?;
     let cancel = CancellationToken::new();
@@ -78,7 +77,6 @@ fn spawn_session(
                     port,
                     username,
                     password,
-                    domain,
                 };
                 run_mitm(client, endpoint, cancel_for_thread).await
             })
@@ -93,8 +91,7 @@ fn spawn_session(
 /// # Safety
 ///
 /// `client_fd` ownership transfers to the bridge on OK, stays with the
-/// caller on error. Strings must be NUL-terminated valid UTF-8. `domain`
-/// may be NULL or empty for non-domain sessions.
+/// caller on error. Strings must be NUL-terminated valid UTF-8.
 #[cfg(unix)]
 #[no_mangle]
 pub unsafe extern "C" fn rdp_bridge_start_unix_fd(
@@ -103,7 +100,6 @@ pub unsafe extern "C" fn rdp_bridge_start_unix_fd(
     target_port: u16,
     username: *const c_char,
     password: *const c_char,
-    domain: *const c_char,
     out_handle: *mut u64,
 ) -> i32 {
     if out_handle.is_null() {
@@ -121,13 +117,11 @@ pub unsafe extern "C" fn rdp_bridge_start_unix_fd(
         Some(v) => v,
         None => return RDP_BRIDGE_BAD_ARG,
     };
-    // Empty domain string is treated the same as NULL: no domain.
-    let domain = unsafe { c_str_to_owned(domain) }.filter(|s| !s.is_empty());
 
     use std::os::unix::io::FromRawFd;
     let client_tcp = unsafe { StdTcpStream::from_raw_fd(client_fd) };
 
-    match spawn_session(client_tcp, host, target_port, username, password, domain) {
+    match spawn_session(client_tcp, host, target_port, username, password) {
         Ok(id) => {
             unsafe { *out_handle = id };
             RDP_BRIDGE_OK
@@ -150,7 +144,6 @@ pub unsafe extern "C" fn rdp_bridge_start_windows_socket(
     target_port: u16,
     username: *const c_char,
     password: *const c_char,
-    domain: *const c_char,
     out_handle: *mut u64,
 ) -> i32 {
     if out_handle.is_null() {
@@ -168,12 +161,11 @@ pub unsafe extern "C" fn rdp_bridge_start_windows_socket(
         Some(v) => v,
         None => return RDP_BRIDGE_BAD_ARG,
     };
-    let domain = unsafe { c_str_to_owned(domain) }.filter(|s| !s.is_empty());
 
     use std::os::windows::io::{FromRawSocket, RawSocket};
     let client_tcp = unsafe { StdTcpStream::from_raw_socket(client_socket as RawSocket) };
 
-    match spawn_session(client_tcp, host, target_port, username, password, domain) {
+    match spawn_session(client_tcp, host, target_port, username, password) {
         Ok(id) => {
             unsafe { *out_handle = id };
             RDP_BRIDGE_OK
diff --git a/packages/pam/handlers/rdp/proxy.go b/packages/pam/handlers/rdp/proxy.go
index 2bd6aa8d..e113902a 100644
--- a/packages/pam/handlers/rdp/proxy.go
+++ b/packages/pam/handlers/rdp/proxy.go
@@ -9,10 +9,7 @@ type RDPProxyConfig struct {
 	TargetPort     uint16
 	InjectUsername string
 	InjectPassword string
-	// Empty for local accounts; AD domain name (e.g. "CORP.EXAMPLE.COM") for
-	// domain-joined NTLM CredSSP. Backend session credentials populate this.
-	InjectDomain string
-	SessionID    string
+	SessionID      string
 	// Retained for API symmetry with other PAM handlers; not yet written
 	// through (no RDP session recording in this MVP).
 	SessionLogger session.SessionLogger
diff --git a/packages/pam/pam-proxy.go b/packages/pam/pam-proxy.go
index 2995e99b..0cd6c29e 100644
--- a/packages/pam/pam-proxy.go
+++ b/packages/pam/pam-proxy.go
@@ -422,7 +422,6 @@ func HandlePAMProxy(ctx context.Context, conn *tls.Conn, pamConfig *GatewayPAMCo
 			TargetPort:     uint16(credentials.Port),
 			InjectUsername: credentials.Username,
 			InjectPassword: credentials.Password,
-			InjectDomain:   credentials.Domain,
 			SessionID:      pamConfig.SessionId,
 			SessionLogger:  sessionLogger,
 		}
diff --git a/packages/pam/session/credentials.go b/packages/pam/session/credentials.go
index fcc9e3f1..c3173ec8 100644
--- a/packages/pam/session/credentials.go
+++ b/packages/pam/session/credentials.go
@@ -34,7 +34,6 @@ type PAMCredentials struct {
 	ServiceAccountToken   string
 	ServiceAccountName    string
 	Namespace             string
-	Domain                string
 	PolicyRules           *api.PAMPolicyRules
 }
 
@@ -187,7 +186,6 @@ func (cm *CredentialsManager) GetPAMSessionCredentials(sessionId string, expiryT
 		ServiceAccountToken:   response.Credentials.ServiceAccountToken,
 		ServiceAccountName:    response.Credentials.ServiceAccountName,
 		Namespace:             response.Credentials.Namespace,
-		Domain:                response.Credentials.Domain,
 		PolicyRules:           response.PolicyRules,
 	}
 

From 0fe56be962c868572a4921714ff1764509f3acfa Mon Sep 17 00:00:00 2001
From: bernie-g <bernie.gandin2@gmail.com>
Date: Wed, 6 May 2026 21:07:46 -0400
Subject: [PATCH 2/2] Revert "Merge pull request #191 from
 Infisical/feat/pam-rdp-mvp"

This reverts commit 82180bb8ac0d230345275b629a5a6e31449f7fff, reversing
changes made to 4e8d91e298b94f224e4c7d2e4a65245f7057cd69.
---
 .github/workflows/build-rdp-bridge.yml        |   93 -
 .../workflows/release_build_infisical_cli.yml |  245 +-
 .github/workflows/run-cli-rdp-smoke.yml       |   53 -
 .gitignore                                    |    5 +-
 .goreleaser-darwin.yaml                       |   89 -
 .goreleaser-windows.yaml                      |   10 +-
 .goreleaser.yaml                              |  173 +-
 packages/cmd/pam.go                           |  100 -
 packages/pam/handlers/rdp/bridge.go           |   17 -
 .../pam/handlers/rdp/bridge_cgo_shared.go     |   96 -
 packages/pam/handlers/rdp/bridge_cgo_unix.go  |  153 -
 .../pam/handlers/rdp/bridge_cgo_windows.go    |  150 -
 packages/pam/handlers/rdp/bridge_stub.go      |   34 -
 packages/pam/handlers/rdp/native/.gitignore   |    1 -
 packages/pam/handlers/rdp/native/Cargo.lock   | 3793 -----------------
 packages/pam/handlers/rdp/native/Cargo.toml   |   37 -
 packages/pam/handlers/rdp/native/README.md    |   72 -
 .../handlers/rdp/native/include/rdp_bridge.h  |   53 -
 .../handlers/rdp/native/rust-toolchain.toml   |    4 -
 .../pam/handlers/rdp/native/src/bridge.rs     |  411 --
 .../pam/handlers/rdp/native/src/config.rs     |   56 -
 packages/pam/handlers/rdp/native/src/ffi.rs   |  229 -
 packages/pam/handlers/rdp/native/src/lib.rs   |    7 -
 packages/pam/handlers/rdp/proxy.go            |   24 -
 packages/pam/local/rdp-proxy.go               |  369 --
 packages/pam/pam-proxy.go                     |   28 +-
 packages/pam/session/uploader.go              |    3 +-
 27 files changed, 66 insertions(+), 6239 deletions(-)
 delete mode 100644 .github/workflows/build-rdp-bridge.yml
 delete mode 100644 .github/workflows/run-cli-rdp-smoke.yml
 delete mode 100644 .goreleaser-darwin.yaml
 delete mode 100644 packages/pam/handlers/rdp/bridge.go
 delete mode 100644 packages/pam/handlers/rdp/bridge_cgo_shared.go
 delete mode 100644 packages/pam/handlers/rdp/bridge_cgo_unix.go
 delete mode 100644 packages/pam/handlers/rdp/bridge_cgo_windows.go
 delete mode 100644 packages/pam/handlers/rdp/bridge_stub.go
 delete mode 100644 packages/pam/handlers/rdp/native/.gitignore
 delete mode 100644 packages/pam/handlers/rdp/native/Cargo.lock
 delete mode 100644 packages/pam/handlers/rdp/native/Cargo.toml
 delete mode 100644 packages/pam/handlers/rdp/native/README.md
 delete mode 100644 packages/pam/handlers/rdp/native/include/rdp_bridge.h
 delete mode 100644 packages/pam/handlers/rdp/native/rust-toolchain.toml
 delete mode 100644 packages/pam/handlers/rdp/native/src/bridge.rs
 delete mode 100644 packages/pam/handlers/rdp/native/src/config.rs
 delete mode 100644 packages/pam/handlers/rdp/native/src/ffi.rs
 delete mode 100644 packages/pam/handlers/rdp/native/src/lib.rs
 delete mode 100644 packages/pam/handlers/rdp/proxy.go
 delete mode 100644 packages/pam/local/rdp-proxy.go

diff --git a/.github/workflows/build-rdp-bridge.yml b/.github/workflows/build-rdp-bridge.yml
deleted file mode 100644
index 2dfd7f79..00000000
--- a/.github/workflows/build-rdp-bridge.yml
+++ /dev/null
@@ -1,93 +0,0 @@
-name: Build RDP Bridge Static Libs
-
-# windows/arm64, freebsd, netbsd, openbsd excluded: no cgo-capable
-# cross toolchain we can reasonably install in CI. They ship the RDP
-# stub at runtime.
-
-on:
-  workflow_call:
-  workflow_dispatch:
-
-jobs:
-  rust-cross:
-    name: cross (${{ matrix.target }})
-    runs-on: ubuntu-latest-8-cores
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - target: x86_64-unknown-linux-gnu
-          - target: aarch64-unknown-linux-gnu
-          - target: i686-unknown-linux-gnu
-          - target: arm-unknown-linux-gnueabi
-          - target: armv7-unknown-linux-gnueabihf
-          - target: x86_64-pc-windows-gnu
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Cache cargo registry
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-          key: rdp-cross-cargo-${{ matrix.target }}-${{ hashFiles('packages/pam/handlers/rdp/native/Cargo.lock') }}
-          restore-keys: rdp-cross-cargo-${{ matrix.target }}-
-
-      - name: Install cross
-        run: cargo install cross --locked --version 0.2.5
-
-      - name: Install pinned Rust toolchain
-        working-directory: packages/pam/handlers/rdp/native
-        run: rustup show active-toolchain
-
-      - name: cross build --release --target ${{ matrix.target }}
-        working-directory: packages/pam/handlers/rdp/native
-        run: cross build --release --target ${{ matrix.target }}
-
-      - name: Upload static library
-        uses: actions/upload-artifact@v4
-        with:
-          name: rdp-bridge-${{ matrix.target }}
-          path: packages/pam/handlers/rdp/native/target/${{ matrix.target }}/release/libinfisical_rdp_bridge.a
-          if-no-files-found: error
-          retention-days: 7
-
-  rust-darwin:
-    name: macos-latest (${{ matrix.target }})
-    runs-on: macos-latest
-    strategy:
-      fail-fast: false
-      matrix:
-        include:
-          - target: x86_64-apple-darwin
-          - target: aarch64-apple-darwin
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Cache cargo registry
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-          key: rdp-darwin-cargo-${{ matrix.target }}-${{ hashFiles('packages/pam/handlers/rdp/native/Cargo.lock') }}
-          restore-keys: rdp-darwin-cargo-${{ matrix.target }}-
-
-      - name: Install pinned Rust toolchain + target
-        working-directory: packages/pam/handlers/rdp/native
-        run: |
-          rustup show active-toolchain
-          rustup target add ${{ matrix.target }}
-
-      - name: cargo build --release --target ${{ matrix.target }}
-        working-directory: packages/pam/handlers/rdp/native
-        run: cargo build --release --target ${{ matrix.target }}
-
-      - name: Upload static library
-        uses: actions/upload-artifact@v4
-        with:
-          name: rdp-bridge-${{ matrix.target }}
-          path: packages/pam/handlers/rdp/native/target/${{ matrix.target }}/release/libinfisical_rdp_bridge.a
-          if-no-files-found: error
-          retention-days: 7
diff --git a/.github/workflows/release_build_infisical_cli.yml b/.github/workflows/release_build_infisical_cli.yml
index cea56363..2a6e6716 100644
--- a/.github/workflows/release_build_infisical_cli.yml
+++ b/.github/workflows/release_build_infisical_cli.yml
@@ -2,12 +2,6 @@ name: Build and release CLI
 
 on:
   workflow_dispatch:
-    inputs:
-      dry_run:
-        description: >-
-          Do a dry-run (no artifacts are published and no release is created)
-        type: boolean
-        default: true
 
   push:
     # run only against tags
@@ -20,44 +14,11 @@ permissions:
 
 jobs:
   validate-tag-branch:
-    # Tag validation only makes sense on actual tag push. Skipped on
-    # workflow_dispatch runs (dry-run or manual real release from any branch).
-    if: github.event_name == 'push'
     uses: ./.github/workflows/pre-tag-validation.yml
   cli-tests:
     uses: ./.github/workflows/run-cli-e2e-tests.yml
     secrets: inherit
 
-  build-rdp-bridge:
-    uses: ./.github/workflows/build-rdp-bridge.yml
-
-  # Create the GitHub release draft up front so both goreleaser
-  # (ubuntu) and goreleaser-darwin (macos) can append to it in
-  # parallel instead of serializing on ubuntu creating the draft.
-  # Skipped on dry-run since --snapshot doesn't touch GitHub at all.
-  create-release-draft:
-    if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)
-    needs:
-      - validate-tag-branch
-      - cli-tests
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-      - name: Create GitHub release draft (idempotent)
-        run: |
-          if gh release view "${{ github.ref_name }}" >/dev/null 2>&1; then
-            echo "Release for ${{ github.ref_name }} already exists, skipping creation"
-          else
-            gh release create "${{ github.ref_name }}" \
-              --draft \
-              --title "${{ github.ref_name }}" \
-              --generate-notes
-          fi
-        env:
-          GH_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
-
   # cli-integration-tests:
   #   name: Run tests before deployment
   #   uses: ./.github/workflows/run-cli-tests.yml
@@ -72,20 +33,12 @@ jobs:
   #     CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE: ${{ secrets.CLI_TESTS_INFISICAL_VAULT_FILE_PASSPHRASE }}
 
   npm-release:
-    if: |
-      always() &&
-      (github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)) &&
-      needs.goreleaser.result == 'success' &&
-      needs.goreleaser-darwin.result == 'success' &&
-      needs.cli-tests.result == 'success' &&
-      (github.event_name == 'workflow_dispatch' || needs.validate-tag-branch.result == 'success')
     runs-on: ubuntu-latest
     env:
       working-directory: ./npm
     needs:
       # - cli-integration-tests
       - goreleaser
-      - goreleaser-darwin
       - validate-tag-branch
       - cli-tests
     steps:
@@ -131,14 +84,6 @@ jobs:
     needs:
       - validate-tag-branch
       - cli-tests
-      - build-rdp-bridge
-      - create-release-draft
-    if: |
-      always() &&
-      needs.cli-tests.result == 'success' &&
-      needs.build-rdp-bridge.result == 'success' &&
-      (needs.create-release-draft.result == 'success' || needs.create-release-draft.result == 'skipped') &&
-      (github.event_name == 'workflow_dispatch' || needs.validate-tag-branch.result == 'success')
     steps:
       - uses: actions/checkout@v3
         with:
@@ -166,49 +111,11 @@ jobs:
           sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B4FE6ACC0B21F32
           sudo apt update
           sudo apt-get install -y libssl1.0-dev
-      - name: Install cross-compile toolchains for RDP tier
-        run: |
-          sudo apt-get install -y \
-            gcc-aarch64-linux-gnu \
-            gcc-i686-linux-gnu \
-            gcc-arm-linux-gnueabi \
-            gcc-arm-linux-gnueabihf \
-            gcc-mingw-w64-x86-64
-      - name: Download RDP bridge static libs
-        uses: actions/download-artifact@v4
-        with:
-          pattern: rdp-bridge-*
-          path: /tmp/rdp-bridge-artifacts/
-      - name: Stage RDP bridge static libs into cargo target dirs
+      - name: OSXCross for CGO Support
         run: |
-          set -euo pipefail
-          for triple in \
-            x86_64-unknown-linux-gnu \
-            aarch64-unknown-linux-gnu \
-            i686-unknown-linux-gnu \
-            arm-unknown-linux-gnueabi \
-            armv7-unknown-linux-gnueabihf \
-            x86_64-pc-windows-gnu; do
-            target_dir="packages/pam/handlers/rdp/native/target/$triple/release"
-            mkdir -p "$target_dir"
-            cp "/tmp/rdp-bridge-artifacts/rdp-bridge-$triple/libinfisical_rdp_bridge.a" "$target_dir/"
-          done
-      - name: GoReleaser (dry-run snapshot)
-        if: github.event_name == 'workflow_dispatch' && inputs.dry_run
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser-pro
-          version: v1.26.2-pro
-          args: release --clean --snapshot --skip=publish
-        env:
-          GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
-          POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
-          FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
-          AUR_KEY: ${{ secrets.AUR_KEY }}
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-      - name: GoReleaser (release)
-        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)
-        uses: goreleaser/goreleaser-action@v4
+          mkdir ../../osxcross
+          git clone https://github.com/plentico/osxcross-target.git ../../osxcross/target
+      - uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser-pro
           version: v1.26.2-pro
@@ -219,13 +126,6 @@ jobs:
           FURY_TOKEN: ${{ secrets.FURYPUSHTOKEN }}
           AUR_KEY: ${{ secrets.AUR_KEY }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-      - name: Upload dry-run dist as workflow artifact
-        if: github.event_name == 'workflow_dispatch' && inputs.dry_run
-        uses: actions/upload-artifact@v4
-        with:
-          name: goreleaser-dist-linux
-          path: dist/
-          retention-days: 7
       - uses: actions/setup-python@v4
         with:
           python-version: "3.12"
@@ -253,7 +153,6 @@ jobs:
         env:
           APK_PRIVATE_KEY: ${{ secrets.APK_PRIVATE_KEY }}
       - name: Publish packages to repositories
-        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)
         run: bash upload_to_s3.sh
         env:
           INFISICAL_CLI_S3_BUCKET: ${{ secrets.INFISICAL_CLI_S3_BUCKET }}
@@ -262,107 +161,18 @@ jobs:
           AWS_SECRET_ACCESS_KEY: ${{ secrets.INFISICAL_CLI_REPO_AWS_SECRET_ACCESS_KEY }}
           APK_PRIVATE_KEY_PATH: /tmp/infisical-apk.rsa
       - name: Invalidate Cloudfront cache
-        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)
         run: aws cloudfront create-invalidation --distribution-id $CLOUDFRONT_DISTRIBUTION_ID --paths '/rpm/Packages/*' '/rpm/repodata/*' '/deb/dists/stable/*' '/apk/stable/main/*'
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.INFISICAL_CLI_REPO_AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.INFISICAL_CLI_REPO_AWS_SECRET_ACCESS_KEY }}
           CLOUDFRONT_DISTRIBUTION_ID: ${{ secrets.INFISICAL_CLI_REPO_CLOUDFRONT_DISTRIBUTION_ID }}
 
-  goreleaser-darwin:
-    runs-on: macos-latest
-    needs:
-      - validate-tag-branch
-      - cli-tests
-      - build-rdp-bridge
-      - create-release-draft
-    if: |
-      always() &&
-      needs.cli-tests.result == 'success' &&
-      needs.build-rdp-bridge.result == 'success' &&
-      (needs.create-release-draft.result == 'success' || needs.create-release-draft.result == 'skipped') &&
-      (github.event_name == 'workflow_dispatch' || needs.validate-tag-branch.result == 'success')
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Fetch all tags
-        run: git fetch --force --tags
-
-      - uses: actions/setup-go@v5
-        with:
-          go-version: "1.25.9"
-          cache: true
-          cache-dependency-path: go.sum
-
-      - name: Download darwin RDP bridge static libs
-        uses: actions/download-artifact@v4
-        with:
-          pattern: rdp-bridge-*-apple-darwin
-          path: /tmp/rdp-bridge-artifacts/
-
-      - name: Stage darwin RDP bridge static libs
-        run: |
-          set -euo pipefail
-          for triple in x86_64-apple-darwin aarch64-apple-darwin; do
-            target_dir="packages/pam/handlers/rdp/native/target/$triple/release"
-            mkdir -p "$target_dir"
-            cp "/tmp/rdp-bridge-artifacts/rdp-bridge-$triple/libinfisical_rdp_bridge.a" "$target_dir/"
-          done
-
-      - name: GoReleaser Darwin (dry-run snapshot)
-        if: github.event_name == 'workflow_dispatch' && inputs.dry_run
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser-pro
-          version: v1.26.2-pro
-          args: release --clean --config .goreleaser-darwin.yaml --snapshot --skip=publish
-        env:
-          GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
-          POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-
-      - name: GoReleaser Darwin (release)
-        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser-pro
-          version: v1.26.2-pro
-          args: release --clean --config .goreleaser-darwin.yaml
-        env:
-          GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
-          POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-
-      - name: Upload dry-run dist as workflow artifact
-        if: github.event_name == 'workflow_dispatch' && inputs.dry_run
-        uses: actions/upload-artifact@v4
-        with:
-          name: goreleaser-dist-darwin
-          path: dist/
-          retention-days: 7
-
-  # Builds the Windows Server container images (→ Docker Hub). The
-  # binary baked in is RDP-enabled via MinGW CGO, matching the
-  # user-facing Windows zip.
-  #
-  # The Rust bridge is built here natively rather than downloaded from
-  # build-rdp-bridge: cross-rs's MinGW produces MSVCRT-ABI archives,
-  # but windows-2022's MinGW 14 is UCRT-based, which doesn't resolve
-  # MSVCRT-only symbols like __iob_func. Building both the .a and the
-  # Go binary on the same runner guarantees the ABIs match.
+  # Currently only supports Windows amd64
   goreleaser-windows:
     runs-on: windows-2022
     needs:
       - validate-tag-branch
       - cli-tests
-      - create-release-draft
-    if: |
-      always() &&
-      needs.cli-tests.result == 'success' &&
-      (needs.create-release-draft.result == 'success' || needs.create-release-draft.result == 'skipped') &&
-      (github.event_name == 'workflow_dispatch' || needs.validate-tag-branch.result == 'success')
     steps:
       - uses: actions/checkout@v3
         with:
@@ -378,49 +188,13 @@ jobs:
           cache: true
           cache-dependency-path: go.sum
 
-      - name: Cache cargo registry + target
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            packages/pam/handlers/rdp/native/target
-          key: rdp-bridge-windows-cargo-${{ hashFiles('packages/pam/handlers/rdp/native/Cargo.lock') }}
-          restore-keys: rdp-bridge-windows-cargo-
-
-      - name: Install pinned Rust toolchain + gnu target
-        working-directory: packages/pam/handlers/rdp/native
-        shell: pwsh
-        run: |
-          rustup show active-toolchain
-          rustup target add x86_64-pc-windows-gnu
-
-      - name: Build Rust bridge for x86_64-pc-windows-gnu
-        working-directory: packages/pam/handlers/rdp/native
-        shell: pwsh
-        run: cargo build --release --target x86_64-pc-windows-gnu
-
       - name: 🐋 Login to Docker Hub
         uses: docker/login-action@v2
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
-      - name: GoReleaser Windows (dry-run snapshot)
-        if: github.event_name == 'workflow_dispatch' && inputs.dry_run
-        uses: goreleaser/goreleaser-action@v4
-        with:
-          distribution: goreleaser-pro
-          version: v1.26.2-pro
-          args: release --clean --config .goreleaser-windows.yaml --skip-validate --snapshot --skip=publish
-        env:
-          GITHUB_TOKEN: ${{ secrets.GO_RELEASER_GITHUB_TOKEN }}
-          POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
-          AUR_KEY: ${{ secrets.AUR_KEY }}
-          GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-      - name: GoReleaser Windows (release)
-        if: github.event_name == 'push' || (github.event_name == 'workflow_dispatch' && !inputs.dry_run)
-        uses: goreleaser/goreleaser-action@v4
+      - uses: goreleaser/goreleaser-action@v4
         with:
           distribution: goreleaser-pro
           version: v1.26.2-pro
@@ -430,12 +204,5 @@ jobs:
           POSTHOG_API_KEY_FOR_CLI: ${{ secrets.POSTHOG_API_KEY_FOR_CLI }}
           AUR_KEY: ${{ secrets.AUR_KEY }}
           GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
-      - name: Upload dry-run dist as workflow artifact
-        if: github.event_name == 'workflow_dispatch' && inputs.dry_run
-        uses: actions/upload-artifact@v4
-        with:
-          name: goreleaser-dist-windows
-          path: dist/
-          retention-days: 7
 
 
diff --git a/.github/workflows/run-cli-rdp-smoke.yml b/.github/workflows/run-cli-rdp-smoke.yml
deleted file mode 100644
index ecb807de..00000000
--- a/.github/workflows/run-cli-rdp-smoke.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-name: RDP Bridge Smoke Test
-
-on:
-  pull_request:
-    types: [opened, synchronize]
-  workflow_dispatch:
-
-jobs:
-  smoke:
-    name: Build + smoke test on linux/amd64
-    runs-on: ubuntu-latest
-
-    steps:
-      - uses: actions/checkout@v4
-
-      - name: Set up Go
-        uses: actions/setup-go@v5
-        with:
-          go-version: "1.25.9"
-
-      - name: Cache cargo registry + target
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            packages/pam/handlers/rdp/native/target
-          key: rdp-bridge-cargo-${{ runner.os }}-${{ hashFiles('packages/pam/handlers/rdp/native/Cargo.lock') }}
-          restore-keys: rdp-bridge-cargo-${{ runner.os }}-
-
-      - name: Install pinned Rust toolchain
-        working-directory: packages/pam/handlers/rdp/native
-        run: rustup show active-toolchain
-
-      - name: cargo fmt --check
-        working-directory: packages/pam/handlers/rdp/native
-        run: cargo fmt --check
-
-      - name: cargo clippy -D warnings
-        working-directory: packages/pam/handlers/rdp/native
-        run: cargo clippy --all-targets -- -D warnings
-
-      - name: cargo build --release
-        working-directory: packages/pam/handlers/rdp/native
-        run: cargo build --release
-
-      - name: go build -tags rdp
-        run: go build -tags rdp -o ./infisical-rdp .
-
-      - name: Smoke test CLI
-        run: |
-          ./infisical-rdp --version
-          ./infisical-rdp pam rdp access --help
diff --git a/.gitignore b/.gitignore
index 2891130d..9574a412 100644
--- a/.gitignore
+++ b/.gitignore
@@ -12,7 +12,4 @@ test/infisical-merge
 infisical
 
 
-/agent-testing
-.vscode/
-# PAM CLI session artifacts (local testing only)
-/session/
+/agent-testing
\ No newline at end of file
diff --git a/.goreleaser-darwin.yaml b/.goreleaser-darwin.yaml
deleted file mode 100644
index 9871e640..00000000
--- a/.goreleaser-darwin.yaml
+++ /dev/null
@@ -1,89 +0,0 @@
-before:
-  hooks:
-    - ./scripts/completions.sh
-    - ./scripts/manpages.sh
-
-builds:
-  - id: darwin-amd64-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/x86_64-apple-darwin/release'
-    goos:
-      - darwin
-    goarch:
-      - amd64
-
-  - id: darwin-arm64-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/aarch64-apple-darwin/release'
-    goos:
-      - darwin
-    goarch:
-      - arm64
-
-archives:
-  - files:
-      - README*
-      - LICENSE*
-      - manpages/*
-      - completions/*
-
-# Append to the release draft created by the ubuntu goreleaser job.
-release:
-  replace_existing_draft: false
-  mode: append
-
-checksum:
-  name_template: "checksums-darwin.txt"
-
-snapshot:
-  name_template: "{{ .Version }}-devel"
-
-brews:
-  - name: infisical
-    tap:
-      owner: Infisical
-      name: homebrew-get-cli
-    commit_author:
-      name: "Infisical"
-      email: ai@infisical.com
-    folder: Formula
-    homepage: "https://infisical.com"
-    description: "The official Infisical CLI"
-    install: |-
-      bin.install "infisical"
-      bash_completion.install "completions/infisical.bash" => "infisical"
-      zsh_completion.install "completions/infisical.zsh" => "_infisical"
-      fish_completion.install "completions/infisical.fish"
-      man1.install "manpages/infisical.1.gz"
-  - name: "infisical@{{.Version}}"
-    tap:
-      owner: Infisical
-      name: homebrew-get-cli
-    commit_author:
-      name: "Infisical"
-      email: ai@infisical.com
-    folder: Formula
-    homepage: "https://infisical.com"
-    description: "The official Infisical CLI"
-    install: |-
-      bin.install "infisical"
-      bash_completion.install "completions/infisical.bash" => "infisical"
-      zsh_completion.install "completions/infisical.zsh" => "_infisical"
-      fish_completion.install "completions/infisical.fish"
-      man1.install "manpages/infisical.1.gz"
diff --git a/.goreleaser-windows.yaml b/.goreleaser-windows.yaml
index d73884d2..a32f12fb 100644
--- a/.goreleaser-windows.yaml
+++ b/.goreleaser-windows.yaml
@@ -1,21 +1,13 @@
-# Append to the release draft created by the ubuntu goreleaser job.
-release:
-  replace_existing_draft: false
-  mode: append
-
 builds:
   - id: windows-build
     env:
-      - CGO_ENABLED=1
-      - CC=gcc
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/x86_64-pc-windows-gnu/release'
+      - CGO_ENABLED=0
     binary: infisical
     ldflags:
       - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
       - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
     flags:
       - -trimpath
-      - -tags=rdp
     goos:
       - windows
     goarch:
diff --git a/.goreleaser.yaml b/.goreleaser.yaml
index 654258ef..0e95d859 100644
--- a/.goreleaser.yaml
+++ b/.goreleaser.yaml
@@ -1,117 +1,34 @@
+# This is an example .goreleaser.yml file with some sensible defaults.
+# Make sure to check the documentation at https://goreleaser.com
+# before:
+#   hooks:
+#     # You may remove this if you don't use go modules.
+#     - cd cli && go mod tidy
+#     # you may remove this if you don't need go generate
+#     - cd cli && go generate ./...
 before:
   hooks:
     - ./scripts/completions.sh
     - ./scripts/manpages.sh
 
 builds:
-  - id: linux-amd64-rdp
+  - id: darwin-build
     binary: infisical
     ldflags:
       - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
       - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
     flags:
       - -trimpath
-      - -tags=rdp
     env:
       - CGO_ENABLED=1
-      - CC=gcc
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/x86_64-unknown-linux-gnu/release'
+      - CC=/home/runner/work/osxcross/target/bin/o64-clang
+      - CXX=/home/runner/work/osxcross/target/bin/o64-clang++
     goos:
-      - linux
-    goarch:
-      - amd64
-
-  - id: linux-arm64-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - CC=aarch64-linux-gnu-gcc
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/aarch64-unknown-linux-gnu/release'
-    goos:
-      - linux
-    goarch:
-      - arm64
-
-  - id: windows-amd64-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - CC=x86_64-w64-mingw32-gcc
-      - CXX=x86_64-w64-mingw32-g++
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/x86_64-pc-windows-gnu/release'
-    goos:
-      - windows
-    goarch:
-      - amd64
-
-  - id: linux-386-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - CC=i686-linux-gnu-gcc
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/i686-unknown-linux-gnu/release'
-    goos:
-      - linux
-    goarch:
-      - "386"
-
-  - id: linux-armv6-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - CC=arm-linux-gnueabi-gcc
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/arm-unknown-linux-gnueabi/release'
-    goos:
-      - linux
-    goarch:
-      - arm
-    goarm:
-      - "6"
-
-  - id: linux-armv7-rdp
-    binary: infisical
-    ldflags:
-      - -X github.com/Infisical/infisical-merge/packages/util.CLI_VERSION={{ .Version }}
-      - -X github.com/Infisical/infisical-merge/packages/telemetry.POSTHOG_API_KEY_FOR_CLI={{ .Env.POSTHOG_API_KEY_FOR_CLI }}
-    flags:
-      - -trimpath
-      - -tags=rdp
-    env:
-      - CGO_ENABLED=1
-      - CC=arm-linux-gnueabihf-gcc
-      - 'CGO_LDFLAGS=-L packages/pam/handlers/rdp/native/target/armv7-unknown-linux-gnueabihf/release'
-    goos:
-      - linux
-    goarch:
-      - arm
-    goarm:
-      - "7"
+      - darwin
+    ignore:
+      - goos: darwin
+        goarch: "386"
 
-  # BSDs and windows/arm64 stay on CGO=0 stub; see build-rdp-bridge.yml.
   - id: all-other-builds
     env:
       - CGO_ENABLED=0
@@ -123,6 +40,7 @@ builds:
       - -trimpath
     goos:
       - freebsd
+      - linux
       - netbsd
       - openbsd
       - windows
@@ -135,14 +53,10 @@ builds:
       - "6"
       - "7"
     ignore:
-      - goos: freebsd
-        goarch: "386"
-      - goos: windows
-        goarch: amd64
       - goos: windows
         goarch: "386"
-      - goos: windows
-        goarch: arm
+      - goos: freebsd
+        goarch: "386"
 
 archives:
   - format_overrides:
@@ -155,11 +69,8 @@ archives:
       - completions/*
 
 release:
-  # The draft is created up front by the create-release-draft workflow
-  # job, so both this config and .goreleaser-darwin.yaml use append mode
-  # to add their artifacts in parallel.
-  replace_existing_draft: false
-  mode: append
+  replace_existing_draft: true
+  mode: "replace"
 
 checksum:
   name_template: "checksums.txt"
@@ -174,17 +85,45 @@ snapshot:
 #     dir: "{{ dir .ArtifactPath }}"
 #     cmd: curl -F package=@{{ .ArtifactName }} https://{{ .Env.FURY_TOKEN }}@push.fury.io/infisical/
 
-# brews: moved to .goreleaser-darwin.yaml (where darwin binaries are built).
+brews:
+  - name: infisical
+    tap:
+      owner: Infisical
+      name: homebrew-get-cli
+    commit_author:
+      name: "Infisical"
+      email: ai@infisical.com
+    folder: Formula
+    homepage: "https://infisical.com"
+    description: "The official Infisical CLI"
+    install: |-
+      bin.install "infisical"
+      bash_completion.install "completions/infisical.bash" => "infisical"
+      zsh_completion.install "completions/infisical.zsh" => "_infisical"
+      fish_completion.install "completions/infisical.fish"
+      man1.install "manpages/infisical.1.gz"
+  - name: "infisical@{{.Version}}"
+    tap:
+      owner: Infisical
+      name: homebrew-get-cli
+    commit_author:
+      name: "Infisical"
+      email: ai@infisical.com
+    folder: Formula
+    homepage: "https://infisical.com"
+    description: "The official Infisical CLI"
+    install: |-
+      bin.install "infisical"
+      bash_completion.install "completions/infisical.bash" => "infisical"
+      zsh_completion.install "completions/infisical.zsh" => "_infisical"
+      fish_completion.install "completions/infisical.fish"
+      man1.install "manpages/infisical.1.gz"
 
 nfpms:
   - id: infisical
     package_name: infisical
     builds:
-      - linux-amd64-rdp
-      - linux-arm64-rdp
-      - linux-386-rdp
-      - linux-armv6-rdp
-      - linux-armv7-rdp
+      - all-other-builds
     vendor: Infisical, Inc
     homepage: https://infisical.com/
     maintainer: Infisical, Inc
@@ -266,7 +205,7 @@ dockers:
     goarch: amd64
     use: buildx
     ids:
-      - linux-amd64-rdp
+      - all-other-builds
     image_templates:
       - "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-amd64"
       - "infisical/cli:latest-amd64"
@@ -278,7 +217,7 @@ dockers:
     goarch: arm64
     use: buildx
     ids:
-      - linux-arm64-rdp
+      - all-other-builds
     image_templates:
       - "infisical/cli:{{ .Major }}.{{ .Minor }}.{{ .Patch }}-arm64"
       - "infisical/cli:latest-arm64"
diff --git a/packages/cmd/pam.go b/packages/cmd/pam.go
index 5f9d99b0..aa9c013c 100644
--- a/packages/cmd/pam.go
+++ b/packages/cmd/pam.go
@@ -415,93 +415,6 @@ var pamRedisAccessCmd = &cobra.Command{
 	},
 }
 
-// ==================== RDP Commands ====================
-
-var pamRdpCmd = &cobra.Command{
-	Use:                   "rdp",
-	Short:                 "RDP-related PAM commands",
-	Long:                  "RDP-related PAM commands for Infisical (Windows Server / Remote Desktop)",
-	DisableFlagsInUseLine: true,
-	Args:                  cobra.NoArgs,
-}
-
-var pamRdpAccessCmd = &cobra.Command{
-	Use:                   "access",
-	Short:                 "Access PAM Windows/RDP accounts",
-	Long:                  "Access a PAM-managed Windows target over RDP. This starts a local loopback proxy that your RDP client connects to; the session tunnels through the Infisical Gateway with credentials injected server-side.",
-	Example:               "infisical pam rdp access --resource windows-prod --account administrator --duration 1h --project-id <project_uuid>",
-	DisableFlagsInUseLine: true,
-	Args:                  cobra.NoArgs,
-	Run: func(cmd *cobra.Command, args []string) {
-		util.RequireLogin()
-
-		resourceName, _ := cmd.Flags().GetString("resource")
-		accountName, _ := cmd.Flags().GetString("account")
-
-		if resourceName == "" || accountName == "" {
-			util.PrintErrorMessageAndExit("Both --resource and --account flags are required")
-		}
-
-		projectID, err := cmd.Flags().GetString("project-id")
-		if err != nil {
-			util.HandleError(err, "Unable to parse project-id flag")
-		}
-
-		if projectID == "" {
-			workspaceFile, err := util.GetWorkSpaceFromFile()
-			if err != nil {
-				util.PrintErrorMessageAndExit("Please either run infisical init to connect to a project or pass in project id with --project-id flag")
-			}
-			projectID = workspaceFile.WorkspaceId
-		}
-
-		durationStr, err := cmd.Flags().GetString("duration")
-		if err != nil {
-			util.HandleError(err, "Unable to parse duration flag")
-		}
-
-		_, err = time.ParseDuration(durationStr)
-		if err != nil {
-			util.HandleError(err, "Invalid duration format. Use formats like '1h', '30m', '2h30m'")
-		}
-
-		port, err := cmd.Flags().GetInt("port")
-		if err != nil {
-			util.HandleError(err, "Unable to parse port flag")
-		}
-
-		noLaunch, err := cmd.Flags().GetBool("no-launch")
-		if err != nil {
-			util.HandleError(err, "Unable to parse no-launch flag")
-		}
-
-		reason := resolveReason(cmd)
-
-		log.Debug().Msg("PAM RDP Access: Trying to start session using logged in details")
-
-		loggedInUserDetails, err := util.GetCurrentLoggedInUserDetails(true)
-		isConnected := util.ValidateInfisicalAPIConnection()
-
-		if isConnected {
-			log.Debug().Msg("PAM RDP Access: Connected to Infisical instance, checking logged in creds")
-		}
-
-		if err != nil {
-			util.HandleError(err, "Unable to get logged in user details")
-		}
-
-		if isConnected && loggedInUserDetails.LoginExpired {
-			loggedInUserDetails = util.EstablishUserLoginSession()
-		}
-
-		pam.StartRDPLocalProxy(loggedInUserDetails.UserCredentials.JTWToken, pam.PAMAccessParams{
-			ResourceName: resourceName,
-			AccountName:  accountName,
-			Reason:       reason,
-		}, projectID, durationStr, port, noLaunch)
-	},
-}
-
 func init() {
 	// Database commands
 	pamDbCmd.AddCommand(pamDbAccessCmd)
@@ -556,22 +469,9 @@ func init() {
 	pamRedisAccessCmd.MarkFlagRequired("resource")
 	pamRedisAccessCmd.MarkFlagRequired("account")
 
-	// RDP commands
-	pamRdpCmd.AddCommand(pamRdpAccessCmd)
-	pamRdpAccessCmd.Flags().String("resource", "", "Name of the PAM resource to access")
-	pamRdpAccessCmd.Flags().String("account", "", "Name of the account within the resource")
-	pamRdpAccessCmd.Flags().String("duration", "1h", "Duration for RDP access session (e.g., '1h', '30m', '2h30m')")
-	pamRdpAccessCmd.Flags().Int("port", 0, "Port for the local RDP proxy server (0 for auto-assign)")
-	pamRdpAccessCmd.Flags().String("project-id", "", "Project ID of the account to access")
-	pamRdpAccessCmd.Flags().Bool("no-launch", false, "Do not auto-launch the system RDP client; print connection details only")
-	pamRdpAccessCmd.Flags().String("reason", "", "Reason for accessing the account (stored for audit purposes)")
-	pamRdpAccessCmd.MarkFlagRequired("resource")
-	pamRdpAccessCmd.MarkFlagRequired("account")
-
 	pamCmd.AddCommand(pamDbCmd)
 	pamCmd.AddCommand(pamSshCmd)
 	pamCmd.AddCommand(pamKubernetesCmd)
 	pamCmd.AddCommand(pamRedisCmd)
-	pamCmd.AddCommand(pamRdpCmd)
 	RootCmd.AddCommand(pamCmd)
 }
diff --git a/packages/pam/handlers/rdp/bridge.go b/packages/pam/handlers/rdp/bridge.go
deleted file mode 100644
index f582c864..00000000
--- a/packages/pam/handlers/rdp/bridge.go
+++ /dev/null
@@ -1,17 +0,0 @@
-// Package rdp wraps the Rust MITM bridge behind the `rdp` build tag.
-// Stub builds return ErrRdpUnavailable.
-package rdp
-
-import "errors"
-
-var (
-	ErrRdpUnavailable = errors.New("rdp bridge: not available in this build")
-	ErrInvalidHandle  = errors.New("rdp bridge: invalid handle")
-	ErrSessionFailed  = errors.New("rdp bridge: session ended with error")
-)
-
-
-type Bridge struct {
-	handle  uint64
-	cleanup func()
-}
diff --git a/packages/pam/handlers/rdp/bridge_cgo_shared.go b/packages/pam/handlers/rdp/bridge_cgo_shared.go
deleted file mode 100644
index 9a822e6f..00000000
--- a/packages/pam/handlers/rdp/bridge_cgo_shared.go
+++ /dev/null
@@ -1,96 +0,0 @@
-//go:build rdp && (linux || darwin || windows)
-
-package rdp
-
-/*
-#cgo CFLAGS: -I${SRCDIR}/native/include
-
-#include "rdp_bridge.h"
-*/
-import "C"
-
-import (
-	"context"
-	"errors"
-	"fmt"
-	"net"
-)
-
-func (p *RDPProxy) HandleConnection(ctx context.Context, clientConn net.Conn) error {
-	defer clientConn.Close()
-	if p.config.SessionLogger != nil {
-		defer func() {
-			_ = p.config.SessionLogger.Close()
-		}()
-	}
-
-	bridge, err := StartWithReadWriter(
-		clientConn,
-		p.config.TargetHost,
-		p.config.TargetPort,
-		p.config.InjectUsername,
-		p.config.InjectPassword,
-	)
-	if err != nil {
-		return fmt.Errorf("rdp proxy: start bridge: %w", err)
-	}
-	defer bridge.Close()
-
-	waitErr := make(chan error, 1)
-	go func() { waitErr <- bridge.Wait() }()
-
-	select {
-	case err := <-waitErr:
-		if err != nil && !errors.Is(err, ErrInvalidHandle) {
-			return fmt.Errorf("rdp proxy: session: %w", err)
-		}
-		return nil
-	case <-ctx.Done():
-		_ = bridge.Cancel()
-		<-waitErr
-		return ctx.Err()
-	}
-}
-
-// Wait blocks until the session ends. Idempotent.
-func (b *Bridge) Wait() error {
-	rc := C.rdp_bridge_wait(C.uint64_t(b.handle))
-	switch rc {
-	case C.RDP_BRIDGE_OK:
-		return nil
-	case C.RDP_BRIDGE_INVALID_HANDLE:
-		return ErrInvalidHandle
-	case C.RDP_BRIDGE_SESSION_ERROR, C.RDP_BRIDGE_THREAD_PANIC:
-		return ErrSessionFailed
-	default:
-		return fmt.Errorf("rdp bridge: wait returned unexpected status %d", int32(rc))
-	}
-}
-
-// Cancel is idempotent and safe from any goroutine, including
-// concurrently with Wait.
-func (b *Bridge) Cancel() error {
-	rc := C.rdp_bridge_cancel(C.uint64_t(b.handle))
-	if rc == C.RDP_BRIDGE_INVALID_HANDLE {
-		return ErrInvalidHandle
-	}
-	return nil
-}
-
-// Close must be called after Wait has returned.
-func (b *Bridge) Close() error {
-	rc := C.rdp_bridge_free(C.uint64_t(b.handle))
-	if b.cleanup != nil {
-		b.cleanup()
-	}
-	if rc == C.RDP_BRIDGE_INVALID_HANDLE {
-		return ErrInvalidHandle
-	}
-	return nil
-}
-
-// IsSupported reports whether this build has a real RDP bridge. Used
-// by the gateway to decide whether to advertise RDP in the capabilities
-// response: a stub-build gateway that advertises support would route
-// RDP sessions only to fail them at connect time.
-func IsSupported() bool { return true }
diff --git a/packages/pam/handlers/rdp/bridge_cgo_unix.go b/packages/pam/handlers/rdp/bridge_cgo_unix.go
deleted file mode 100644
index 91b24d38..00000000
--- a/packages/pam/handlers/rdp/bridge_cgo_unix.go
+++ /dev/null
@@ -1,153 +0,0 @@
-//go:build rdp && (linux || darwin)
-
-package rdp
-
-/*
-#cgo CFLAGS: -I${SRCDIR}/native/include
-#cgo linux LDFLAGS: -L${SRCDIR}/native/target/release -linfisical_rdp_bridge -lm -ldl -lpthread
-#cgo darwin LDFLAGS: -L${SRCDIR}/native/target/release -linfisical_rdp_bridge -framework Security -framework CoreFoundation -framework SystemConfiguration
-
-#include "rdp_bridge.h"
-#include <stdlib.h>
-*/
-import "C"
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"syscall"
-	"unsafe"
-)
-
-// StartWithConn hands an independent dup of conn's fd to the bridge.
-// For TLS-wrapped or otherwise non-fd-backed conns, use StartWithReadWriter.
-func StartWithConn(conn net.Conn, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
-	dupFd, err := dupConnFD(conn)
-	if err != nil {
-		return nil, fmt.Errorf("rdp bridge: dup client fd: %w", err)
-	}
-	return startWithDupedFD(dupFd, targetHost, targetPort, username, password)
-}
-
-// Ownership of dupFd transfers to Rust on success; we close it on failure.
-func startWithDupedFD(dupFd int, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
-	success := false
-	defer func() {
-		if !success {
-			_ = syscall.Close(dupFd)
-		}
-	}()
-
-	cHost := C.CString(targetHost)
-	defer C.free(unsafe.Pointer(cHost))
-	cUser := C.CString(username)
-	defer C.free(unsafe.Pointer(cUser))
-	cPass := C.CString(password)
-	defer C.free(unsafe.Pointer(cPass))
-
-	var handle C.uint64_t
-	rc := C.rdp_bridge_start_unix_fd(
-		C.int(dupFd),
-		cHost,
-		C.uint16_t(targetPort),
-		cUser,
-		cPass,
-		&handle,
-	)
-	if rc != C.RDP_BRIDGE_OK {
-		return nil, fmt.Errorf("rdp bridge: start failed (status %d)", int32(rc))
-	}
-	success = true
-	return &Bridge{handle: uint64(handle)}, nil
-}
-
-// StartWithReadWriter adapts an fd-less Go byte stream (e.g. *tls.Conn
-// from the gateway's mTLS-wrapped virtual connection) to the bridge,
-// which needs a real file descriptor because the Rust side uses tokio's
-// TcpStream::from_raw_fd and does direct async I/O on the socket.
-//
-// Trick: open a loopback TCP pair. Hand one end's fd to the bridge (it
-// thinks it has a real client). Keep the other end in Go and shuttle
-// bytes between it and rw with two io.Copy goroutines.
-//
-//	rw (e.g. *tls.Conn)  <-io.Copy->  peer  <-kernel loopback->  accepted (fd -> Rust bridge)
-//
-// Cost: two extra in-process copies and a loopback round-trip per byte.
-// Negligible vs. the TLS + CredSSP work on either side.
-func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
-	listener, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		return nil, fmt.Errorf("rdp bridge: loopback listen: %w", err)
-	}
-	defer listener.Close()
-
-	type dialResult struct {
-		conn net.Conn
-		err  error
-	}
-	dialCh := make(chan dialResult, 1)
-	go func() {
-		c, err := net.Dial("tcp", listener.Addr().String())
-		dialCh <- dialResult{c, err}
-	}()
-
-	accepted, err := listener.Accept()
-	if err != nil {
-		return nil, fmt.Errorf("rdp bridge: loopback accept: %w", err)
-	}
-	dr := <-dialCh
-	if dr.err != nil {
-		_ = accepted.Close()
-		return nil, fmt.Errorf("rdp bridge: loopback dial: %w", dr.err)
-	}
-	peer := dr.conn
-
-	dupFd, err := dupConnFD(accepted)
-	_ = accepted.Close()
-	if err != nil {
-		_ = peer.Close()
-		return nil, fmt.Errorf("rdp bridge: dup accepted fd: %w", err)
-	}
-
-	bridge, err := startWithDupedFD(dupFd, targetHost, targetPort, username, password)
-	if err != nil {
-		_ = peer.Close()
-		return nil, err
-	}
-
-	go func() {
-		_, _ = io.Copy(peer, rw)
-		_ = peer.Close()
-	}()
-	go func() {
-		_, _ = io.Copy(rw, peer)
-		_ = peer.Close()
-	}()
-
-	bridge.cleanup = func() { _ = peer.Close() }
-	return bridge, nil
-}
-
-func dupConnFD(conn net.Conn) (int, error) {
-	sc, ok := conn.(syscall.Conn)
-	if !ok {
-		return -1, fmt.Errorf("conn %T does not expose syscall.Conn", conn)
-	}
-	raw, err := sc.SyscallConn()
-	if err != nil {
-		return -1, err
-	}
-	var dup int
-	var dupErr error
-	ctrlErr := raw.Control(func(fd uintptr) {
-		dup, dupErr = syscall.Dup(int(fd))
-	})
-	if ctrlErr != nil {
-		return -1, ctrlErr
-	}
-	if dupErr != nil {
-		return -1, dupErr
-	}
-	return dup, nil
-}
diff --git a/packages/pam/handlers/rdp/bridge_cgo_windows.go b/packages/pam/handlers/rdp/bridge_cgo_windows.go
deleted file mode 100644
index c28d5f89..00000000
--- a/packages/pam/handlers/rdp/bridge_cgo_windows.go
+++ /dev/null
@@ -1,150 +0,0 @@
-//go:build rdp && windows
-
-package rdp
-
-/*
-#cgo CFLAGS: -I${SRCDIR}/native/include
-#cgo windows LDFLAGS: -L${SRCDIR}/native/target/release -linfisical_rdp_bridge -lws2_32 -luserenv -lbcrypt -lntdll -ladvapi32 -lcrypt32 -lsecur32 -lwinpthread
-
-#include "rdp_bridge.h"
-#include <stdlib.h>
-*/
-import "C"
-
-import (
-	"fmt"
-	"io"
-	"net"
-	"syscall"
-	"unsafe"
-
-	"golang.org/x/sys/windows"
-)
-
-func StartWithConn(conn net.Conn, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
-	dupSocket, err := dupConnSocket(conn)
-	if err != nil {
-		return nil, fmt.Errorf("rdp bridge: dup client socket: %w", err)
-	}
-	return startWithDupedSocket(dupSocket, targetHost, targetPort, username, password)
-}
-
-func startWithDupedSocket(dupSocket windows.Handle, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
-	success := false
-	defer func() {
-		if !success {
-			_ = windows.Closesocket(dupSocket)
-		}
-	}()
-
-	cHost := C.CString(targetHost)
-	defer C.free(unsafe.Pointer(cHost))
-	cUser := C.CString(username)
-	defer C.free(unsafe.Pointer(cUser))
-	cPass := C.CString(password)
-	defer C.free(unsafe.Pointer(cPass))
-
-	var handle C.uint64_t
-	rc := C.rdp_bridge_start_windows_socket(
-		C.uintptr_t(dupSocket),
-		cHost,
-		C.uint16_t(targetPort),
-		cUser,
-		cPass,
-		&handle,
-	)
-	if rc != C.RDP_BRIDGE_OK {
-		return nil, fmt.Errorf("rdp bridge: start failed (status %d)", int32(rc))
-	}
-	success = true
-	return &Bridge{handle: uint64(handle)}, nil
-}
-
-func StartWithReadWriter(rw io.ReadWriter, targetHost string, targetPort uint16, username, password string) (*Bridge, error) {
-	listener, err := net.Listen("tcp", "127.0.0.1:0")
-	if err != nil {
-		return nil, fmt.Errorf("rdp bridge: loopback listen: %w", err)
-	}
-	defer listener.Close()
-
-	type dialResult struct {
-		conn net.Conn
-		err  error
-	}
-	dialCh := make(chan dialResult, 1)
-	go func() {
-		c, err := net.Dial("tcp", listener.Addr().String())
-		dialCh <- dialResult{c, err}
-	}()
-
-	accepted, err := listener.Accept()
-	if err != nil {
-		return nil, fmt.Errorf("rdp bridge: loopback accept: %w", err)
-	}
-	dr := <-dialCh
-	if dr.err != nil {
-		_ = accepted.Close()
-		return nil, fmt.Errorf("rdp bridge: loopback dial: %w", dr.err)
-	}
-	peer := dr.conn
-
-	dupSocket, err := dupConnSocket(accepted)
-	_ = accepted.Close()
-	if err != nil {
-		_ = peer.Close()
-		return nil, fmt.Errorf("rdp bridge: dup accepted socket: %w", err)
-	}
-
-	bridge, err := startWithDupedSocket(dupSocket, targetHost, targetPort, username, password)
-	if err != nil {
-		_ = peer.Close()
-		return nil, err
-	}
-
-	go func() {
-		_, _ = io.Copy(peer, rw)
-		_ = peer.Close()
-	}()
-	go func() {
-		_, _ = io.Copy(rw, peer)
-		_ = peer.Close()
-	}()
-
-	bridge.cleanup = func() { _ = peer.Close() }
-	return bridge, nil
-}
-
-// DuplicateHandle (not WSADuplicateSocketW, which is for cross-process
-// sharing): SOCKETs are kernel handles on modern Windows, so DuplicateHandle
-// gives us an independent in-process SOCKET the bridge can own and close.
-func dupConnSocket(conn net.Conn) (windows.Handle, error) {
-	sc, ok := conn.(syscall.Conn)
-	if !ok {
-		return 0, fmt.Errorf("conn %T does not expose syscall.Conn", conn)
-	}
-	raw, err := sc.SyscallConn()
-	if err != nil {
-		return 0, err
-	}
-	var dup windows.Handle
-	var dupErr error
-	proc := windows.CurrentProcess()
-	ctrlErr := raw.Control(func(fd uintptr) {
-		dupErr = windows.DuplicateHandle(
-			proc,
-			windows.Handle(fd),
-			proc,
-			&dup,
-			0,
-			false,
-			windows.DUPLICATE_SAME_ACCESS,
-		)
-	})
-	if ctrlErr != nil {
-		return 0, ctrlErr
-	}
-	if dupErr != nil {
-		return 0, dupErr
-	}
-	return dup, nil
-}
diff --git a/packages/pam/handlers/rdp/bridge_stub.go b/packages/pam/handlers/rdp/bridge_stub.go
deleted file mode 100644
index 37a3bcdf..00000000
--- a/packages/pam/handlers/rdp/bridge_stub.go
+++ /dev/null
@@ -1,34 +0,0 @@
-//go:build !rdp || (!linux && !darwin && !windows)
-
-package rdp
-
-import (
-	"context"
-	"io"
-	"net"
-)
-
-// Stub implementations for builds without `-tags rdp` or on platforms
-// where the Rust bridge isn't compiled. All entry points return
-// ErrRdpUnavailable.
-
-func StartWithConn(_ net.Conn, _ string, _ uint16, _, _ string) (*Bridge, error) {
-	return nil, ErrRdpUnavailable
-}
-
-func StartWithReadWriter(_ io.ReadWriter, _ string, _ uint16, _, _ string) (*Bridge, error) {
-	return nil, ErrRdpUnavailable
-}
-
-func (p *RDPProxy) HandleConnection(_ context.Context, clientConn net.Conn) error {
-	_ = clientConn.Close()
-	return ErrRdpUnavailable
-}
-
-func (b *Bridge) Wait() error   { return ErrRdpUnavailable }
-func (b *Bridge) Cancel() error { return ErrRdpUnavailable }
-func (b *Bridge) Close() error  { return ErrRdpUnavailable }
-
-// IsSupported reports whether this build has a real RDP bridge. See the
-// rdp-enabled counterpart in bridge_cgo_shared.go for details.
-func IsSupported() bool { return false }
diff --git a/packages/pam/handlers/rdp/native/.gitignore b/packages/pam/handlers/rdp/native/.gitignore
deleted file mode 100644
index ea8c4bf7..00000000
--- a/packages/pam/handlers/rdp/native/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-/target
diff --git a/packages/pam/handlers/rdp/native/Cargo.lock b/packages/pam/handlers/rdp/native/Cargo.lock
deleted file mode 100644
index 5c04a3e5..00000000
--- a/packages/pam/handlers/rdp/native/Cargo.lock
+++ /dev/null
@@ -1,3793 +0,0 @@
-# This file is automatically @generated by Cargo.
-# It is not intended for manual editing.
-version = 4
-
-[[package]]
-name = "adler2"
-version = "2.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "320119579fcad9c21884f5c4861d16174d0e06250625266f50fe6898340abefa"
-
-[[package]]
-name = "aead"
-version = "0.6.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac8202ab55fcbf46ca829833f347a82a2a4ce0596f0304ac322c2d100030cd56"
-dependencies = [
- "crypto-common 0.2.0-rc.4",
- "inout",
-]
-
-[[package]]
-name = "aes"
-version = "0.9.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e713c57c2a2b19159e7be83b9194600d7e8eb3b7c2cd67e671adf47ce189a05"
-dependencies = [
- "cfg-if",
- "cipher",
- "cpufeatures",
-]
-
-[[package]]
-name = "aes-gcm"
-version = "0.11.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0686ba04dc80c816104c96cd7782b748f6ad58c5dd4ee619ff3258cf68e83d54"
-dependencies = [
- "aead",
- "aes",
- "cipher",
- "ctr",
- "ghash",
- "subtle",
-]
-
-[[package]]
-name = "aes-kw"
-version = "0.3.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02eaa2d54d0fad0116e4b1efb65803ea0bf059ce970a67cd49718d87e807cb51"
-dependencies = [
- "aes",
- "const-oid 0.10.2",
-]
-
-[[package]]
-name = "anyhow"
-version = "1.0.102"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f202df86484c868dbad7eaa557ef785d5c66295e41b460ef922eca0723b842c"
-
-[[package]]
-name = "asn1-rs"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "56624a96882bb8c26d61312ae18cb45868e5a9992ea73c58e45c3101e56a1e60"
-dependencies = [
- "asn1-rs-derive",
- "asn1-rs-impl",
- "displaydoc",
- "nom",
- "num-traits",
- "rusticata-macros",
- "thiserror",
-]
-
-[[package]]
-name = "asn1-rs-derive"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3109e49b1e4909e9db6515a30c633684d68cdeaa252f215214cb4fa1a5bfee2c"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
- "synstructure",
-]
-
-[[package]]
-name = "asn1-rs-impl"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b18050c2cd6fe86c3a76584ef5e0baf286d038cda203eb6223df2cc413565f7"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "async-dnssd"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d49ffe175ab45bbfd74b548313d9d7cdfff27161a94b007b52eeeb5f9aaa15e"
-dependencies = [
- "bitflags 1.3.2",
- "futures-channel",
- "futures-core",
- "futures-executor",
- "futures-util",
- "libc",
- "log",
- "pin-utils",
- "pkg-config",
- "tokio",
- "winapi",
-]
-
-[[package]]
-name = "async-recursion"
-version = "1.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b43422f69d8ff38f95f1b2bb76517c91589a924d1559a0e935d7c8ce0274c11"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "async-trait"
-version = "0.1.89"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9035ad2d096bed7955a320ee7e2230574d28fd3c3a0f186cbea1ff3c7eed5dbb"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "atomic-polyfill"
-version = "1.0.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8cf2bce30dfe09ef0bfaef228b9d414faaf7e563035494d7fe092dba54b300f4"
-dependencies = [
- "critical-section",
-]
-
-[[package]]
-name = "atomic-waker"
-version = "1.1.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1505bd5d3d116872e7271a6d4e16d81d0c8570876c8de68093a09ac269d8aac0"
-
-[[package]]
-name = "autocfg"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c08606f8c3cbf4ce6ec8e28fb0014a2c086708fe954eaa885384a6165172e7e8"
-
-[[package]]
-name = "aws-lc-rs"
-version = "1.16.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0ec6fb3fe69024a75fa7e1bfb48aa6cf59706a101658ea01bfd33b2b248a038f"
-dependencies = [
- "aws-lc-sys",
- "zeroize",
-]
-
-[[package]]
-name = "aws-lc-sys"
-version = "0.40.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f50037ee5e1e41e7b8f9d161680a725bd1626cb6f8c7e901f91f942850852fe7"
-dependencies = [
- "cc",
- "cmake",
- "dunce",
- "fs_extra",
-]
-
-[[package]]
-name = "base16ct"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8b59d472eab27ade8d770dcb11da7201c11234bef9f82ce7aa517be028d462b"
-
-[[package]]
-name = "base16ct"
-version = "1.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fd307490d624467aa6f74b0eabb77633d1f758a7b25f12bceb0b22e08d9726f6"
-
-[[package]]
-name = "base64"
-version = "0.22.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"
-
-[[package]]
-name = "base64ct"
-version = "1.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2af50177e190e07a26ab74f8b1efbfe2ef87da2116221318cb1c2e82baf7de06"
-
-[[package]]
-name = "bit_field"
-version = "0.10.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e4b40c7323adcfc0a41c4b88143ed58346ff65a288fc144329c5c45e05d70c6"
-
-[[package]]
-name = "bitflags"
-version = "1.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bef38d45163c2f1dde094a7dfd33ccf595c92905c8f8f4fdc18d06fb1037718a"
-
-[[package]]
-name = "bitflags"
-version = "2.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4512299f36f043ab09a583e57bceb5a5aab7a73db1805848e8fef3c9e8c78b3"
-
-[[package]]
-name = "block-buffer"
-version = "0.10.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
-dependencies = [
- "generic-array",
-]
-
-[[package]]
-name = "block-buffer"
-version = "0.11.0-rc.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9ef36a6fcdb072aa548f3da057640ec10859eb4e91ddf526ee648d50c76a949"
-dependencies = [
- "hybrid-array",
-]
-
-[[package]]
-name = "block-padding"
-version = "0.4.0-rc.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e59c1aab3e6c5e56afe1b7e8650be9b5a791cb997bdea449194ae62e4bf8c73"
-dependencies = [
- "hybrid-array",
-]
-
-[[package]]
-name = "bumpalo"
-version = "3.20.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5d20789868f4b01b2f2caec9f5c4e0213b41e3e5702a50157d699ae31ced2fcb"
-
-[[package]]
-name = "byteorder"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
-
-[[package]]
-name = "bytes"
-version = "1.11.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e748733b7cbc798e1434b6ac524f0c1ff2ab456fe201501e6497c8417a4fc33"
-
-[[package]]
-name = "cbc"
-version = "0.2.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5dbf9e5b071e9de872e32b73f485e8f644ff47c7011d95476733e7482ee3e5c3"
-dependencies = [
- "cipher",
-]
-
-[[package]]
-name = "cc"
-version = "1.2.60"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "43c5703da9466b66a946814e1adf53ea2c90f10063b86290cc9eb67ce3478a20"
-dependencies = [
- "find-msvc-tools",
- "jobserver",
- "libc",
- "shlex",
-]
-
-[[package]]
-name = "cfg-if"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9330f8b2ff13f34540b44e946ef35111825727b38d33286ef986142615121801"
-
-[[package]]
-name = "cipher"
-version = "0.5.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e12a13eb01ded5d32ee9658d94f553a19e804204f2dc811df69ab4d9e0cb8c7"
-dependencies = [
- "block-buffer 0.11.0-rc.5",
- "crypto-common 0.2.0-rc.4",
- "inout",
-]
-
-[[package]]
-name = "cmake"
-version = "0.1.58"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c0f78a02292a74a88ac736019ab962ece0bc380e3f977bf72e376c5d78ff0678"
-dependencies = [
- "cc",
-]
-
-[[package]]
-name = "const-oid"
-version = "0.9.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c2459377285ad874054d797f3ccebf984978aa39129f6eafde5cdc8315b612f8"
-
-[[package]]
-name = "const-oid"
-version = "0.10.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a6ef517f0926dd24a1582492c791b6a4818a4d94e789a334894aa15b0d12f55c"
-
-[[package]]
-name = "core-foundation"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91e195e091a93c46f7102ec7818a2aa394e1e1771c3ab4825963fa03e45afb8f"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "core-foundation"
-version = "0.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2a6cd9ae233e7f62ba4e9353e81a88df7fc8a5987b8d445b4d90c879bd156f6"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "core-foundation-sys"
-version = "0.8.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "773648b94d0e5d620f64f280777445740e61fe701025087ec8b57f45c791888b"
-
-[[package]]
-name = "cpufeatures"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "59ed5838eebb26a2bb2e58f6d5b5316989ae9d08bab10e0e6d103e656d1b0280"
-dependencies = [
- "libc",
-]
-
-[[package]]
-name = "crc32fast"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9481c1c90cbf2ac953f07c8d4a58aa3945c425b7185c9154d67a65e4230da511"
-dependencies = [
- "cfg-if",
-]
-
-[[package]]
-name = "critical-section"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "790eea4361631c5e7d22598ecd5723ff611904e3344ce8720784c93e3d83d40b"
-
-[[package]]
-name = "crossbeam-channel"
-version = "0.5.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "82b8f8f868b36967f9606790d1903570de9ceaf870a7bf9fbbd3016d636a2cb2"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-epoch"
-version = "0.9.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5b82ac4a3c2ca9c3460964f020e1402edd5753411d7737aa39c3714ad1b5420e"
-dependencies = [
- "crossbeam-utils",
-]
-
-[[package]]
-name = "crossbeam-utils"
-version = "0.8.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d0a5c400df2834b80a4c3327b3aad3a4c4cd4de0629063962b03235697506a28"
-
-[[package]]
-name = "crypto-bigint"
-version = "0.7.0-rc.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4113edbc9f68c0a64d5b911f803eb245d04bb812680fd56776411f69c670f3e0"
-dependencies = [
- "hybrid-array",
- "num-traits",
- "rand_core 0.9.5",
- "serdect",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "crypto-common"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "78c8292055d1c1df0cce5d180393dc8cce0abec0a7102adb6c7b1eef6016d60a"
-dependencies = [
- "generic-array",
- "typenum",
-]
-
-[[package]]
-name = "crypto-common"
-version = "0.2.0-rc.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6a8235645834fbc6832939736ce2f2d08192652269e11010a6240f61b908a1c6"
-dependencies = [
- "hybrid-array",
- "rand_core 0.9.5",
-]
-
-[[package]]
-name = "crypto-mac"
-version = "0.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25fab6889090c8133f3deb8f73ba3c65a7f456f66436fc012a1b1e272b1e103e"
-dependencies = [
- "generic-array",
- "subtle",
-]
-
-[[package]]
-name = "crypto-primes"
-version = "0.7.0-pre.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25f2523fbb68811c8710829417ad488086720a6349e337c38d12fa81e09e50bf"
-dependencies = [
- "crypto-bigint",
- "libm",
- "rand_core 0.9.5",
-]
-
-[[package]]
-name = "cryptoki"
-version = "0.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "781357a7779a8e92ea985121bbf379a9adf0777f44ab6392efc6abd5aa9b67db"
-dependencies = [
- "bitflags 1.3.2",
- "cryptoki-sys",
- "libloading",
- "log",
- "paste",
- "secrecy",
-]
-
-[[package]]
-name = "cryptoki-sys"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "753e27d860277930ae9f394c119c8c70303236aab0ffab1d51f3d207dbb2bc4b"
-dependencies = [
- "libloading",
-]
-
-[[package]]
-name = "ctr"
-version = "0.10.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "27e41d01c6f73b9330177f5cf782ae5b581b5f2c7840e298e0275ceee5001434"
-dependencies = [
- "cipher",
-]
-
-[[package]]
-name = "curve25519-dalek"
-version = "5.0.0-pre.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6f9200d1d13637f15a6acb71e758f64624048d85b31a5fdbfd8eca1e2687d0b7"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "curve25519-dalek-derive",
- "digest 0.11.0-rc.3",
- "fiat-crypto",
- "rustc_version",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "curve25519-dalek-derive"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f46882e17999c6cc590af592290432be3bce0428cb0d5f8b6715e4dc7b383eb3"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "data-encoding"
-version = "2.10.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7a1e2f27636f116493b8b860f5546edb47c8d8f8ea73e1d2a20be88e28d1fea"
-
-[[package]]
-name = "der"
-version = "0.7.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e7c1832837b905bbfb5101e07cc24c8deddf52f93225eee6ead5f4d63d53ddcb"
-dependencies = [
- "const-oid 0.9.6",
- "der_derive",
- "flagset",
- "pem-rfc7468 0.7.0",
- "zeroize",
-]
-
-[[package]]
-name = "der"
-version = "0.8.0-rc.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e9d8dd2f26c86b27a2a8ea2767ec7f9df7a89516e4794e54ac01ee618dda3aa4"
-dependencies = [
- "const-oid 0.10.2",
- "pem-rfc7468 1.0.0-rc.3",
- "zeroize",
-]
-
-[[package]]
-name = "der-parser"
-version = "10.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07da5016415d5a3c4dd39b11ed26f915f52fc4e0dc197d87908bc916e51bc1a6"
-dependencies = [
- "asn1-rs",
- "displaydoc",
- "nom",
- "num-traits",
- "rusticata-macros",
-]
-
-[[package]]
-name = "der_derive"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8034092389675178f570469e6c3b0465d3d30b4505c294a6550db47f3c17ad18"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "deranged"
-version = "0.5.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7cd812cc2bc1d69d4764bd80df88b4317eaef9e773c75226407d9bc0876b211c"
-dependencies = [
- "powerfmt",
-]
-
-[[package]]
-name = "des"
-version = "0.9.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f51594a70805988feb1c85495ddec0c2052e4fbe59d9c0bb7f94bfc164f4f90"
-dependencies = [
- "cipher",
-]
-
-[[package]]
-name = "digest"
-version = "0.10.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
-dependencies = [
- "block-buffer 0.10.4",
- "crypto-common 0.1.7",
-]
-
-[[package]]
-name = "digest"
-version = "0.11.0-rc.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dac89f8a64533a9b0eaa73a68e424db0fb1fd6271c74cc0125336a05f090568d"
-dependencies = [
- "block-buffer 0.11.0-rc.5",
- "const-oid 0.10.2",
- "crypto-common 0.2.0-rc.4",
- "subtle",
-]
-
-[[package]]
-name = "displaydoc"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "97369cbbc041bc366949bc74d34658d6cda5621039731c6310521892a3a20ae0"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "dunce"
-version = "1.0.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92773504d58c093f6de2459af4af33faa518c13451eb8f2b5698ed3d36e7c813"
-
-[[package]]
-name = "ecdsa"
-version = "0.17.0-rc.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b4ab355ec063f7a110eb627471058093aba00eb7f4e70afbd15e696b79d1077b"
-dependencies = [
- "der 0.8.0-rc.9",
- "digest 0.11.0-rc.3",
- "elliptic-curve",
- "rfc6979",
- "signature",
- "spki 0.8.0-rc.4",
- "zeroize",
-]
-
-[[package]]
-name = "ed25519"
-version = "3.0.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ef49c0b20c0ad088893ad2a790a29c06a012b3f05bcfc66661fd22a94b32129"
-dependencies = [
- "pkcs8",
- "signature",
-]
-
-[[package]]
-name = "ed25519-dalek"
-version = "3.0.0-pre.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ad207ed88a133091f83224265eac21109930db09bedcad05d5252f2af2de20a1"
-dependencies = [
- "curve25519-dalek",
- "ed25519",
- "rand_core 0.9.5",
- "sha2",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "elliptic-curve"
-version = "0.14.0-rc.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e3be87c458d756141f3b6ee188828132743bf90c7d14843e2835d6443e5fb03"
-dependencies = [
- "base16ct 0.3.0",
- "crypto-bigint",
- "digest 0.11.0-rc.3",
- "ff",
- "group",
- "hkdf",
- "hybrid-array",
- "once_cell",
- "pem-rfc7468 1.0.0-rc.3",
- "pkcs8",
- "rand_core 0.9.5",
- "sec1",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "enum-as-inner"
-version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a1e6a265c649f3f5979b601d26f1d05ada116434c87741c9493cb56218f76cbc"
-dependencies = [
- "heck",
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "equivalent"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "877a4ace8713b0bcf2a4e7eec82529c029f1d0619886d18145fea96c3ffe5c0f"
-
-[[package]]
-name = "errno"
-version = "0.3.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "39cab71617ae0d63f51a36d69f866391735b51691dbda63cf6f96d042b63efeb"
-dependencies = [
- "libc",
- "windows-sys 0.61.2",
-]
-
-[[package]]
-name = "ff"
-version = "0.14.0-pre.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d42dd26f5790eda47c1a2158ea4120e32c35ddc9a7743c98a292accc01b54ef3"
-dependencies = [
- "rand_core 0.9.5",
- "subtle",
-]
-
-[[package]]
-name = "fiat-crypto"
-version = "0.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "64cd1e32ddd350061ae6edb1b082d7c54915b5c672c389143b9a63403a109f24"
-
-[[package]]
-name = "find-msvc-tools"
-version = "0.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5baebc0774151f905a1a2cc41989300b1e6fbb29aff0ceffa1064fdd3088d582"
-
-[[package]]
-name = "flagset"
-version = "0.4.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7ac824320a75a52197e8f2d787f6a38b6718bb6897a35142d749af3c0e8f4fe"
-
-[[package]]
-name = "flate2"
-version = "1.1.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "843fba2746e448b37e26a819579957415c8cef339bf08564fe8b7ddbd959573c"
-dependencies = [
- "crc32fast",
- "libz-sys",
- "miniz_oxide",
-]
-
-[[package]]
-name = "fnv"
-version = "1.0.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f9eec918d3f24069decb9af1554cad7c880e2da24a9afd88aca000531ab82c1"
-
-[[package]]
-name = "foldhash"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9c4f5dac5e15c24eb999c26181a6ca40b39fe946cbe4c263c7209467bc83af2"
-
-[[package]]
-name = "form_urlencoded"
-version = "1.2.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cb4cb245038516f5f85277875cdaa4f7d2c9a0fa0468de06ed190163b1581fcf"
-dependencies = [
- "percent-encoding",
-]
-
-[[package]]
-name = "fs_extra"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "42703706b716c37f96a77aea830392ad231f44c9e9a67872fa5548707e11b11c"
-
-[[package]]
-name = "futures"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b147ee9d1f6d097cef9ce628cd2ee62288d963e16fb287bd9286455b241382d"
-dependencies = [
- "futures-channel",
- "futures-core",
- "futures-executor",
- "futures-io",
- "futures-sink",
- "futures-task",
- "futures-util",
-]
-
-[[package]]
-name = "futures-channel"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "07bbe89c50d7a535e539b8c17bc0b49bdb77747034daa8087407d655f3f7cc1d"
-dependencies = [
- "futures-core",
- "futures-sink",
-]
-
-[[package]]
-name = "futures-core"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7e3450815272ef58cec6d564423f6e755e25379b217b0bc688e295ba24df6b1d"
-
-[[package]]
-name = "futures-executor"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "baf29c38818342a3b26b5b923639e7b1f4a61fc5e76102d4b1981c6dc7a7579d"
-dependencies = [
- "futures-core",
- "futures-task",
- "futures-util",
-]
-
-[[package]]
-name = "futures-io"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cecba35d7ad927e23624b22ad55235f2239cfa44fd10428eecbeba6d6a717718"
-
-[[package]]
-name = "futures-macro"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e835b70203e41293343137df5c0664546da5745f82ec9b84d40be8336958447b"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "futures-sink"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c39754e157331b013978ec91992bde1ac089843443c49cbc7f46150b0fad0893"
-
-[[package]]
-name = "futures-task"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "037711b3d59c33004d3856fbdc83b99d4ff37a24768fa1be9ce3538a1cde4393"
-
-[[package]]
-name = "futures-util"
-version = "0.3.32"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "389ca41296e6190b48053de0321d02a77f32f8a5d2461dd38762c0593805c6d6"
-dependencies = [
- "futures-channel",
- "futures-core",
- "futures-io",
- "futures-macro",
- "futures-sink",
- "futures-task",
- "memchr",
- "pin-project-lite",
- "slab",
-]
-
-[[package]]
-name = "generic-array"
-version = "0.14.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
-dependencies = [
- "typenum",
- "version_check",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff2abc00be7fca6ebc474524697ae276ad847ad0a6b3faa4bcb027e9a4614ad0"
-dependencies = [
- "cfg-if",
- "libc",
- "wasi",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.3.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "899def5c37c4fd7b2664648c28120ecec138e4d395b459e5ca34f9cce2dd77fd"
-dependencies = [
- "cfg-if",
- "js-sys",
- "libc",
- "r-efi 5.3.0",
- "wasip2",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "getrandom"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0de51e6874e94e7bf76d726fc5d13ba782deca734ff60d5bb2fb2607c7406555"
-dependencies = [
- "cfg-if",
- "libc",
- "r-efi 6.0.0",
- "wasip2",
- "wasip3",
-]
-
-[[package]]
-name = "ghash"
-version = "0.6.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f88107cb02ed63adcc4282942e60c4d09d80208d33b360ce7c729ce6dae1739"
-dependencies = [
- "polyval",
-]
-
-[[package]]
-name = "group"
-version = "0.14.0-pre.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ff6a0b2dd4b981b1ae9e3e6830ab146771f3660d31d57bafd9018805a91b0f1"
-dependencies = [
- "ff",
- "rand_core 0.9.5",
- "subtle",
-]
-
-[[package]]
-name = "h2"
-version = "0.4.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2f44da3a8150a6703ed5d34e164b875fd14c2cdab9af1252a9a1020bde2bdc54"
-dependencies = [
- "atomic-waker",
- "bytes",
- "fnv",
- "futures-core",
- "futures-sink",
- "http",
- "indexmap",
- "slab",
- "tokio",
- "tokio-util",
- "tracing",
-]
-
-[[package]]
-name = "hash32"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b0c35f58762feb77d74ebe43bdbc3210f09be9fe6742234d573bacc26ed92b67"
-dependencies = [
- "byteorder",
-]
-
-[[package]]
-name = "hashbrown"
-version = "0.15.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9229cfe53dfd69f0609a49f65461bd93001ea1ef889cd5529dd176593f5338a1"
-dependencies = [
- "foldhash",
-]
-
-[[package]]
-name = "hashbrown"
-version = "0.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f467dd6dccf739c208452f8014c75c18bb8301b050ad1cfb27153803edb0f51"
-
-[[package]]
-name = "heapless"
-version = "0.7.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cdc6457c0eb62c71aac4bc17216026d8410337c4126773b9c5daba343f17964f"
-dependencies = [
- "atomic-polyfill",
- "hash32",
- "rustc_version",
- "spin",
- "stable_deref_trait",
-]
-
-[[package]]
-name = "heck"
-version = "0.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2304e00983f87ffb38b55b444b5e3b60a884b5d30c0fca7d82fe33449bbe55ea"
-
-[[package]]
-name = "hex"
-version = "0.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7f24254aa9a54b5c858eaee2f5bccdb46aaf0e486a595ed5fd8f86ba55232a70"
-
-[[package]]
-name = "hickory-proto"
-version = "0.25.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8a6fe56c0038198998a6f217ca4e7ef3a5e51f46163bd6dd60b5c71ca6c6502"
-dependencies = [
- "async-trait",
- "cfg-if",
- "data-encoding",
- "enum-as-inner",
- "futures-channel",
- "futures-io",
- "futures-util",
- "idna",
- "ipnet",
- "once_cell",
- "rand 0.9.4",
- "ring",
- "thiserror",
- "tinyvec",
- "tokio",
- "tracing",
- "url",
-]
-
-[[package]]
-name = "hickory-resolver"
-version = "0.25.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc62a9a99b0bfb44d2ab95a7208ac952d31060efc16241c87eaf36406fecf87a"
-dependencies = [
- "cfg-if",
- "futures-util",
- "hickory-proto",
- "ipconfig",
- "moka",
- "once_cell",
- "parking_lot",
- "rand 0.9.4",
- "resolv-conf",
- "smallvec",
- "thiserror",
- "tokio",
- "tracing",
-]
-
-[[package]]
-name = "hkdf"
-version = "0.13.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d8ef30358b03ca095a5b910547f4f8d4b9f163e4057669c5233ef595b1ecf008"
-dependencies = [
- "hmac",
-]
-
-[[package]]
-name = "hmac"
-version = "0.13.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a3fd4dc94c318c1ede8a2a48341c250d6ddecd3ba793da2820301a9f92417ad9"
-dependencies = [
- "digest 0.11.0-rc.3",
-]
-
-[[package]]
-name = "http"
-version = "1.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3ba2a386d7f85a81f119ad7498ebe444d2e22c2af0b86b069416ace48b3311a"
-dependencies = [
- "bytes",
- "itoa",
-]
-
-[[package]]
-name = "http-body"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1efedce1fb8e6913f23e0c92de8e62cd5b772a67e7b3946df930a62566c93184"
-dependencies = [
- "bytes",
- "http",
-]
-
-[[package]]
-name = "http-body-util"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b021d93e26becf5dc7e1b75b1bed1fd93124b374ceb73f43d4d4eafec896a64a"
-dependencies = [
- "bytes",
- "futures-core",
- "http",
- "http-body",
- "pin-project-lite",
-]
-
-[[package]]
-name = "httparse"
-version = "1.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6dbf3de79e51f3d586ab4cb9d5c3e2c14aa28ed23d180cf89b4df0454a69cc87"
-
-[[package]]
-name = "hybrid-array"
-version = "0.4.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3944cf8cf766b40e2a1a333ee5e9b563f854d5fa49d6a8ca2764e97c6eddb214"
-dependencies = [
- "subtle",
- "typenum",
- "zeroize",
-]
-
-[[package]]
-name = "hyper"
-version = "1.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6299f016b246a94207e63da54dbe807655bf9e00044f73ded42c3ac5305fbcca"
-dependencies = [
- "atomic-waker",
- "bytes",
- "futures-channel",
- "futures-core",
- "h2",
- "http",
- "http-body",
- "httparse",
- "itoa",
- "pin-project-lite",
- "smallvec",
- "tokio",
- "want",
-]
-
-[[package]]
-name = "hyper-rustls"
-version = "0.27.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "33ca68d021ef39cf6463ab54c1d0f5daf03377b70561305bb89a8f83aab66e0f"
-dependencies = [
- "http",
- "hyper",
- "hyper-util",
- "rustls",
- "tokio",
- "tokio-rustls",
- "tower-service",
-]
-
-[[package]]
-name = "hyper-util"
-version = "0.1.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "96547c2556ec9d12fb1578c4eaf448b04993e7fb79cbaad930a656880a6bdfa0"
-dependencies = [
- "base64",
- "bytes",
- "futures-channel",
- "futures-util",
- "http",
- "http-body",
- "hyper",
- "ipnet",
- "libc",
- "percent-encoding",
- "pin-project-lite",
- "socket2",
- "system-configuration",
- "tokio",
- "tower-service",
- "tracing",
- "windows-registry",
-]
-
-[[package]]
-name = "icu_collections"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2984d1cd16c883d7935b9e07e44071dca8d917fd52ecc02c04d5fa0b5a3f191c"
-dependencies = [
- "displaydoc",
- "potential_utf",
- "utf8_iter",
- "yoke",
- "zerofrom",
- "zerovec",
-]
-
-[[package]]
-name = "icu_locale_core"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92219b62b3e2b4d88ac5119f8904c10f8f61bf7e95b640d25ba3075e6cac2c29"
-dependencies = [
- "displaydoc",
- "litemap",
- "tinystr",
- "writeable",
- "zerovec",
-]
-
-[[package]]
-name = "icu_normalizer"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c56e5ee99d6e3d33bd91c5d85458b6005a22140021cc324cea84dd0e72cff3b4"
-dependencies = [
- "icu_collections",
- "icu_normalizer_data",
- "icu_properties",
- "icu_provider",
- "smallvec",
- "zerovec",
-]
-
-[[package]]
-name = "icu_normalizer_data"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "da3be0ae77ea334f4da67c12f149704f19f81d1adf7c51cf482943e84a2bad38"
-
-[[package]]
-name = "icu_properties"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bee3b67d0ea5c2cca5003417989af8996f8604e34fb9ddf96208a033901e70de"
-dependencies = [
- "icu_collections",
- "icu_locale_core",
- "icu_properties_data",
- "icu_provider",
- "zerotrie",
- "zerovec",
-]
-
-[[package]]
-name = "icu_properties_data"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e2bbb201e0c04f7b4b3e14382af113e17ba4f63e2c9d2ee626b720cbce54a14"
-
-[[package]]
-name = "icu_provider"
-version = "2.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "139c4cf31c8b5f33d7e199446eff9c1e02decfc2f0eec2c8d71f65befa45b421"
-dependencies = [
- "displaydoc",
- "icu_locale_core",
- "writeable",
- "yoke",
- "zerofrom",
- "zerotrie",
- "zerovec",
-]
-
-[[package]]
-name = "id-arena"
-version = "2.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d3067d79b975e8844ca9eb072e16b31c3c1c36928edf9c6789548c524d0d954"
-
-[[package]]
-name = "idna"
-version = "1.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3b0875f23caa03898994f6ddc501886a45c7d3d62d04d2d90788d47be1b1e4de"
-dependencies = [
- "idna_adapter",
- "smallvec",
- "utf8_iter",
-]
-
-[[package]]
-name = "idna_adapter"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3acae9609540aa318d1bc588455225fb2085b9ed0c4f6bd0d9d5bcd86f1a0344"
-dependencies = [
- "icu_normalizer",
- "icu_properties",
-]
-
-[[package]]
-name = "indexmap"
-version = "2.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d466e9454f08e4a911e14806c24e16fba1b4c121d1ea474396f396069cf949d9"
-dependencies = [
- "equivalent",
- "hashbrown 0.17.0",
- "serde",
- "serde_core",
-]
-
-[[package]]
-name = "infisical-rdp-bridge"
-version = "0.1.0"
-dependencies = [
- "anyhow",
- "bytes",
- "ironrdp-acceptor",
- "ironrdp-connector",
- "ironrdp-pdu",
- "ironrdp-tls",
- "ironrdp-tokio",
- "libz-sys",
- "rcgen",
- "rustls",
- "tokio",
- "tokio-rustls",
- "tokio-util",
- "tracing",
- "x509-cert",
-]
-
-[[package]]
-name = "inout"
-version = "0.2.0-rc.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1603f76010ff924b616c8f44815a42eb10fb0b93d308b41deaa8da6d4251fd4b"
-dependencies = [
- "block-padding",
- "hybrid-array",
-]
-
-[[package]]
-name = "ipconfig"
-version = "0.3.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4d40460c0ce33d6ce4b0630ad68ff63d6661961c48b6dba35e5a4d81cfb48222"
-dependencies = [
- "socket2",
- "widestring",
- "windows-registry",
- "windows-result",
- "windows-sys 0.61.2",
-]
-
-[[package]]
-name = "ipnet"
-version = "2.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d98f6fed1fde3f8c21bc40a1abb88dd75e67924f9cffc3ef95607bad8017f8e2"
-
-[[package]]
-name = "iri-string"
-version = "0.7.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "25e659a4bb38e810ebc252e53b5814ff908a8c58c2a9ce2fae1bbec24cbf4e20"
-dependencies = [
- "memchr",
- "serde",
-]
-
-[[package]]
-name = "ironrdp-acceptor"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52c18abf50681dda6ea22ac3a812a385ee915a4a69512c775c2358541e89fdd2"
-dependencies = [
- "ironrdp-async",
- "ironrdp-connector",
- "ironrdp-core",
- "ironrdp-pdu",
- "ironrdp-svc",
- "tracing",
-]
-
-[[package]]
-name = "ironrdp-async"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "62813c05253206699b2c8e44e268908dafd9668e07bb46ff262ee5b42d13e8cd"
-dependencies = [
- "bytes",
- "ironrdp-connector",
- "ironrdp-core",
- "ironrdp-pdu",
- "tracing",
-]
-
-[[package]]
-name = "ironrdp-connector"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0a8d5c1b8f167bbd9c935b08a4d3b592fe0a163ded7e4cc8880d471f06b3e2fa"
-dependencies = [
- "ironrdp-core",
- "ironrdp-error",
- "ironrdp-pdu",
- "ironrdp-svc",
- "picky",
- "picky-asn1-der",
- "picky-asn1-x509",
- "rand 0.9.4",
- "sspi",
- "tracing",
- "url",
-]
-
-[[package]]
-name = "ironrdp-core"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2db60a59716a84d09040d29c9e75e81545842510fccb0934c09b28e78b46680"
-dependencies = [
- "ironrdp-error",
-]
-
-[[package]]
-name = "ironrdp-error"
-version = "0.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4a9d7794e854eef2f13fdf79c8502bcc567a75a15fd0522885f37739386a4cef"
-
-[[package]]
-name = "ironrdp-pdu"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "409b96a94ca1fad1bfaa41789611bbb5efc112503b27b0513a1feb243e49eb60"
-dependencies = [
- "bit_field",
- "bitflags 2.11.1",
- "byteorder",
- "der-parser",
- "ironrdp-core",
- "ironrdp-error",
- "md-5 0.10.6",
- "num-bigint",
- "num-derive",
- "num-integer",
- "num-traits",
- "pkcs1 0.7.5",
- "sha1 0.10.6",
- "tap",
- "thiserror",
- "x509-cert",
-]
-
-[[package]]
-name = "ironrdp-svc"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "aef43a3ea966070b0e12a3f49ffb863c80311bd15f26c2b3681622c85e70d729"
-dependencies = [
- "bitflags 2.11.1",
- "ironrdp-core",
- "ironrdp-pdu",
-]
-
-[[package]]
-name = "ironrdp-tls"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a301516949e619a5bd9c4476dfeeccaf7709b9997ea5958d01c9432085dc64d8"
-dependencies = [
- "tokio",
- "tokio-rustls",
- "x509-cert",
-]
-
-[[package]]
-name = "ironrdp-tokio"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6af190b161daba5d88c614bbf5915fdb586e9a28cb4b938aaac7abf473a1109b"
-dependencies = [
- "bytes",
- "ironrdp-async",
- "ironrdp-connector",
- "reqwest",
- "sspi",
- "tokio",
- "url",
-]
-
-[[package]]
-name = "iso7816"
-version = "0.1.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cd3c7e91da489667bb054f9cd2f1c60cc2ac4478a899f403d11dbc62189215b0"
-dependencies = [
- "heapless",
-]
-
-[[package]]
-name = "iso7816-tlv"
-version = "0.4.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7660d28d24a831d690228a275d544654a30f3b167a8e491cf31af5fe5058b546"
-dependencies = [
- "untrusted",
-]
-
-[[package]]
-name = "itoa"
-version = "1.0.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8f42a60cbdf9a97f5d2305f08a87dc4e09308d1276d28c869c684d7777685682"
-
-[[package]]
-name = "jobserver"
-version = "0.1.34"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9afb3de4395d6b3e67a780b6de64b51c978ecf11cb9a462c66be7d4ca9039d33"
-dependencies = [
- "getrandom 0.3.4",
- "libc",
-]
-
-[[package]]
-name = "js-sys"
-version = "0.3.95"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2964e92d1d9dc3364cae4d718d93f227e3abb088e747d92e0395bfdedf1c12ca"
-dependencies = [
- "cfg-if",
- "futures-util",
- "once_cell",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "keccak"
-version = "0.2.0-rc.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3d546793a04a1d3049bd192856f804cfe96356e2cf36b54b4e575155babe9f41"
-dependencies = [
- "cpufeatures",
-]
-
-[[package]]
-name = "leb128fmt"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09edd9e8b54e49e587e4f6295a7d29c3ea94d469cb40ab8ca70b288248a81db2"
-
-[[package]]
-name = "libc"
-version = "0.2.185"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "52ff2c0fe9bc6cb6b14a0592c2ff4fa9ceb83eea9db979b0487cd054946a2b8f"
-
-[[package]]
-name = "libloading"
-version = "0.8.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7c4b02199fee7c5d21a5ae7d8cfa79a6ef5bb2fc834d6e9058e89c825efdc55"
-dependencies = [
- "cfg-if",
- "windows-link",
-]
-
-[[package]]
-name = "libm"
-version = "0.2.16"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6d2cec3eae94f9f509c767b45932f1ada8350c4bdb85af2fcab4a3c14807981"
-
-[[package]]
-name = "libz-sys"
-version = "1.1.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc3a226e576f50782b3305c5ccf458698f92798987f551c6a02efe8276721e22"
-dependencies = [
- "cc",
- "libc",
- "pkg-config",
- "vcpkg",
-]
-
-[[package]]
-name = "litemap"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "92daf443525c4cce67b150400bc2316076100ce0b3686209eb8cf3c31612e6f0"
-
-[[package]]
-name = "lock_api"
-version = "0.4.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "224399e74b87b5f3557511d98dff8b14089b3dadafcab6bb93eab67d3aace965"
-dependencies = [
- "scopeguard",
-]
-
-[[package]]
-name = "log"
-version = "0.4.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5e5032e24019045c762d3c0f28f5b6b8bbf38563a65908389bf7978758920897"
-
-[[package]]
-name = "md-5"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d89e7ee0cfbedfc4da3340218492196241d89eefb6dab27de5df917a6d2e78cf"
-dependencies = [
- "cfg-if",
- "digest 0.10.7",
-]
-
-[[package]]
-name = "md-5"
-version = "0.11.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f9ec86664728010f574d67ef01aec964e6f1299241a3402857c1a8a390a62478"
-dependencies = [
- "cfg-if",
- "digest 0.11.0-rc.3",
-]
-
-[[package]]
-name = "md4"
-version = "0.10.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7da5ac363534dce5fabf69949225e174fbf111a498bf0ff794c8ea1fba9f3dda"
-dependencies = [
- "digest 0.10.7",
-]
-
-[[package]]
-name = "memchr"
-version = "2.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8ca58f447f06ed17d5fc4043ce1b10dd205e060fb3ce5b979b8ed8e59ff3f79"
-
-[[package]]
-name = "minimal-lexical"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "68354c5c6bd36d73ff3feceb05efa59b6acb7626617f4962be322a825e61f79a"
-
-[[package]]
-name = "miniz_oxide"
-version = "0.8.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fa76a2c86f704bdb222d66965fb3d63269ce38518b83cb0575fca855ebb6316"
-dependencies = [
- "adler2",
- "simd-adler32",
-]
-
-[[package]]
-name = "mio"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "50b7e5b27aa02a74bac8c3f23f448f8d87ff11f92d3aac1a6ed369ee08cc56c1"
-dependencies = [
- "libc",
- "wasi",
- "windows-sys 0.61.2",
-]
-
-[[package]]
-name = "moka"
-version = "0.12.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "957228ad12042ee839f93c8f257b62b4c0ab5eaae1d4fa60de53b27c9d7c5046"
-dependencies = [
- "crossbeam-channel",
- "crossbeam-epoch",
- "crossbeam-utils",
- "equivalent",
- "parking_lot",
- "portable-atomic",
- "smallvec",
- "tagptr",
- "uuid",
-]
-
-[[package]]
-name = "nom"
-version = "7.1.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d273983c5a657a70a3e8f2a01329822f3b8c8172b73826411a55751e404a0a4a"
-dependencies = [
- "memchr",
- "minimal-lexical",
-]
-
-[[package]]
-name = "num-bigint"
-version = "0.4.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5e44f723f1133c9deac646763579fdb3ac745e418f2a7af9cd0c431da1f20b9"
-dependencies = [
- "num-integer",
- "num-traits",
-]
-
-[[package]]
-name = "num-conv"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c6673768db2d862beb9b39a78fdcb1a69439615d5794a1be50caa9bc92c81967"
-
-[[package]]
-name = "num-derive"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed3955f1a9c7c0c15e092f9c887db08b1fc683305fdf6eb6684f22555355e202"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "num-integer"
-version = "0.1.46"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7969661fd2958a5cb096e56c8e1ad0444ac2bbcd0061bd28660485a44879858f"
-dependencies = [
- "num-traits",
-]
-
-[[package]]
-name = "num-traits"
-version = "0.2.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "071dfc062690e90b734c0b2273ce72ad0ffa95f0c74596bc250dcfd960262841"
-dependencies = [
- "autocfg",
-]
-
-[[package]]
-name = "oid"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9c19903c598813dba001b53beeae59bb77ad4892c5c1b9b3500ce4293a0d06c2"
-dependencies = [
- "serde",
-]
-
-[[package]]
-name = "once_cell"
-version = "1.21.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9f7c3e4beb33f85d45ae3e3a1792185706c8e16d043238c593331cc7cd313b50"
-dependencies = [
- "critical-section",
- "portable-atomic",
-]
-
-[[package]]
-name = "openssl-probe"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7c87def4c32ab89d880effc9e097653c8da5d6ef28e6b539d313baaacfbafcbe"
-
-[[package]]
-name = "p256"
-version = "0.14.0-pre.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "81b374901df34ee468167a58e2a49e468cb059868479cafebeb804f6b855423d"
-dependencies = [
- "ecdsa",
- "elliptic-curve",
- "primefield",
- "primeorder",
- "sha2",
-]
-
-[[package]]
-name = "p384"
-version = "0.14.0-pre.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "701032b3730df6b882496d6cee8221de0ce4bc11ddc64e6d89784aa5b8a6de30"
-dependencies = [
- "ecdsa",
- "elliptic-curve",
- "fiat-crypto",
- "primefield",
- "primeorder",
- "sha2",
-]
-
-[[package]]
-name = "p521"
-version = "0.14.0-pre.11"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40ba29c2906eb5c89a8c411c4f11243ee4e5517ee7d71d9a13fedc877a6057b1"
-dependencies = [
- "base16ct 0.3.0",
- "ecdsa",
- "elliptic-curve",
- "primefield",
- "primeorder",
- "rand_core 0.9.5",
- "sha2",
-]
-
-[[package]]
-name = "parking_lot"
-version = "0.12.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93857453250e3077bd71ff98b6a65ea6621a19bb0f559a85248955ac12c45a1a"
-dependencies = [
- "lock_api",
- "parking_lot_core",
-]
-
-[[package]]
-name = "parking_lot_core"
-version = "0.9.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2621685985a2ebf1c516881c026032ac7deafcda1a2c9b7850dc81e3dfcb64c1"
-dependencies = [
- "cfg-if",
- "libc",
- "redox_syscall",
- "smallvec",
- "windows-link",
-]
-
-[[package]]
-name = "paste"
-version = "1.0.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "57c0d7b74b563b49d38dae00a0c37d4d6de9b432382b2892f0574ddcae73fd0a"
-
-[[package]]
-name = "pbkdf2"
-version = "0.13.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ca3fc18bb4460ac250ba6b75dfa7cf9d0b2273e3e623f660bd6ce2c3e902342e"
-dependencies = [
- "digest 0.11.0-rc.3",
- "hmac",
- "sha1 0.11.0-rc.2",
-]
-
-[[package]]
-name = "pem"
-version = "3.0.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1d30c53c26bc5b31a98cd02d20f25a7c8567146caf63ed593a9d87b2775291be"
-dependencies = [
- "base64",
- "serde_core",
-]
-
-[[package]]
-name = "pem-rfc7468"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "88b39c9bfcfc231068454382784bb460aae594343fb030d46e9f50a645418412"
-dependencies = [
- "base64ct",
-]
-
-[[package]]
-name = "pem-rfc7468"
-version = "1.0.0-rc.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a8e58fab693c712c0d4e88f8eb3087b6521d060bcaf76aeb20cb192d809115ba"
-dependencies = [
- "base64ct",
-]
-
-[[package]]
-name = "percent-encoding"
-version = "2.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b4f627cb1b25917193a259e49bdad08f671f8d9708acfd5fe0a8c1455d87220"
-
-[[package]]
-name = "picky"
-version = "7.0.0-rc.20"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4cdc52be663aebd70d7006ae305c87eb32a2b836d6c2f26f7e384f845d80b621"
-dependencies = [
- "aead",
- "aes",
- "aes-gcm",
- "aes-kw",
- "base64",
- "block-buffer 0.11.0-rc.5",
- "block-padding",
- "cbc",
- "cipher",
- "crypto-bigint",
- "crypto-common 0.2.0-rc.4",
- "crypto-primes",
- "ctr",
- "curve25519-dalek",
- "der 0.8.0-rc.9",
- "des",
- "digest 0.11.0-rc.3",
- "ecdsa",
- "ed25519",
- "ed25519-dalek",
- "elliptic-curve",
- "ff",
- "ghash",
- "group",
- "hex",
- "hkdf",
- "hmac",
- "http",
- "inout",
- "keccak",
- "md-5 0.11.0-rc.2",
- "p256",
- "p384",
- "p521",
- "pbkdf2",
- "pem-rfc7468 1.0.0-rc.3",
- "picky-asn1",
- "picky-asn1-der",
- "picky-asn1-x509",
- "pkcs1 0.8.0-rc.4",
- "pkcs8",
- "polyval",
- "primefield",
- "primeorder",
- "rand 0.9.4",
- "rand_core 0.9.5",
- "rc2",
- "rfc6979",
- "rsa",
- "sec1",
- "serde",
- "serde_json",
- "sha1 0.11.0-rc.2",
- "sha2",
- "sha3",
- "signature",
- "spki 0.8.0-rc.4",
- "thiserror",
- "universal-hash",
- "x25519-dalek",
- "zeroize",
-]
-
-[[package]]
-name = "picky-asn1"
-version = "0.10.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2ff038f9360b934342fb3c0a1d6e82c438a2624b51c3c6e3e6d7cf252b6f3ee3"
-dependencies = [
- "oid",
- "serde",
- "serde_bytes",
- "time",
- "zeroize",
-]
-
-[[package]]
-name = "picky-asn1-der"
-version = "0.5.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d413165e4bf7f808b9a27cbaba657657a2921f0965db833f488c4d4be96dcd2e"
-dependencies = [
- "picky-asn1",
- "serde",
- "serde_bytes",
-]
-
-[[package]]
-name = "picky-asn1-x509"
-version = "0.15.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c97cd14d567a17755910fa8718277baf39d08682a980b1b1a4b4da7d0bc61a04"
-dependencies = [
- "base64",
- "crypto-bigint",
- "oid",
- "picky-asn1",
- "picky-asn1-der",
- "serde",
- "widestring",
- "zeroize",
-]
-
-[[package]]
-name = "picky-krb"
-version = "0.12.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ed61c8d7448649c031ecae02afb10c679524c7a9af5fb0fbee466b3cc0d6df1"
-dependencies = [
- "aes",
- "block-buffer 0.11.0-rc.5",
- "block-padding",
- "byteorder",
- "cbc",
- "cipher",
- "crypto-bigint",
- "crypto-common 0.2.0-rc.4",
- "des",
- "digest 0.11.0-rc.3",
- "hmac",
- "inout",
- "oid",
- "pbkdf2",
- "picky-asn1",
- "picky-asn1-der",
- "picky-asn1-x509",
- "rand 0.9.4",
- "serde",
- "sha1 0.11.0-rc.2",
- "thiserror",
- "uuid",
-]
-
-[[package]]
-name = "pin-project-lite"
-version = "0.2.17"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a89322df9ebe1c1578d689c92318e070967d1042b512afbe49518723f4e6d5cd"
-
-[[package]]
-name = "pin-utils"
-version = "0.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8b870d8c151b6f2fb93e84a13146138f05d02ed11c7e7c54f8826aaaf7c9f184"
-
-[[package]]
-name = "pkcs1"
-version = "0.7.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8ffb9f10fa047879315e6625af03c164b16962a5368d724ed16323b68ace47f"
-dependencies = [
- "der 0.7.10",
- "spki 0.7.3",
-]
-
-[[package]]
-name = "pkcs1"
-version = "0.8.0-rc.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "986d2e952779af96ea048f160fd9194e1751b4faea78bcf3ceb456efe008088e"
-dependencies = [
- "der 0.8.0-rc.9",
- "spki 0.8.0-rc.4",
-]
-
-[[package]]
-name = "pkcs8"
-version = "0.11.0-rc.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "93eac55f10aceed84769df670ea4a32d2ffad7399400d41ee1c13b1cd8e1b478"
-dependencies = [
- "der 0.8.0-rc.9",
- "spki 0.8.0-rc.4",
-]
-
-[[package]]
-name = "pkg-config"
-version = "0.3.33"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "19f132c84eca552bf34cab8ec81f1c1dcc229b811638f9d283dceabe58c5569e"
-
-[[package]]
-name = "polyval"
-version = "0.7.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ffd40cc99d0fbb02b4b3771346b811df94194bc103983efa0203c8893755085"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "universal-hash",
-]
-
-[[package]]
-name = "portable-atomic"
-version = "1.13.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c33a9471896f1c69cecef8d20cbe2f7accd12527ce60845ff44c153bb2a21b49"
-
-[[package]]
-name = "portpicker"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be97d76faf1bfab666e1375477b23fde79eccf0276e9b63b92a39d676a889ba9"
-dependencies = [
- "rand 0.8.6",
-]
-
-[[package]]
-name = "potential_utf"
-version = "0.1.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0103b1cef7ec0cf76490e969665504990193874ea05c85ff9bab8b911d0a0564"
-dependencies = [
- "zerovec",
-]
-
-[[package]]
-name = "powerfmt"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"
-
-[[package]]
-name = "ppv-lite86"
-version = "0.2.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85eae3c4ed2f50dcfe72643da4befc30deadb458a9b590d720cde2f2b1e97da9"
-dependencies = [
- "zerocopy",
-]
-
-[[package]]
-name = "prettyplease"
-version = "0.2.37"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "479ca8adacdd7ce8f1fb39ce9ecccbfe93a3f1344b3d0d97f20bc0196208f62b"
-dependencies = [
- "proc-macro2",
- "syn",
-]
-
-[[package]]
-name = "primefield"
-version = "0.14.0-pre.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7fcd4a163053332fd93f39b81c133e96a98567660981654579c90a99062fbf5"
-dependencies = [
- "crypto-bigint",
- "ff",
- "rand_core 0.9.5",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "primeorder"
-version = "0.14.0-pre.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1c36e8766fcd270fa9c665b9dc364f570695f5a59240949441b077a397f15b74"
-dependencies = [
- "elliptic-curve",
-]
-
-[[package]]
-name = "proc-macro2"
-version = "1.0.106"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8fd00f0bb2e90d81d1044c2b32617f68fcb9fa3bb7640c23e9c748e53fb30934"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "quote"
-version = "1.0.45"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41f2619966050689382d2b44f664f4bc593e129785a36d6ee376ddf37259b924"
-dependencies = [
- "proc-macro2",
-]
-
-[[package]]
-name = "r-efi"
-version = "5.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69cdb34c158ceb288df11e18b4bd39de994f6657d83847bdffdbd7f346754b0f"
-
-[[package]]
-name = "r-efi"
-version = "6.0.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f8dcc9c7d52a811697d2151c701e0d08956f92b0e24136cf4cf27b57a6a0d9bf"
-
-[[package]]
-name = "rand"
-version = "0.8.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5ca0ecfa931c29007047d1bc58e623ab12e5590e8c7cc53200d5202b69266d8a"
-dependencies = [
- "libc",
- "rand_chacha 0.3.1",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand"
-version = "0.9.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "44c5af06bb1b7d3216d91932aed5265164bf384dc89cd6ba05cf59a35f5f76ea"
-dependencies = [
- "rand_chacha 0.9.0",
- "rand_core 0.9.5",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.6.4",
-]
-
-[[package]]
-name = "rand_chacha"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3022b5f1df60f26e1ffddd6c66e8aa15de382ae63b3a0c1bfc0e4d3e3f325cb"
-dependencies = [
- "ppv-lite86",
- "rand_core 0.9.5",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.6.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
-dependencies = [
- "getrandom 0.2.17",
-]
-
-[[package]]
-name = "rand_core"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "76afc826de14238e6e8c374ddcc1fa19e374fd8dd986b0d2af0d02377261d83c"
-dependencies = [
- "getrandom 0.3.4",
-]
-
-[[package]]
-name = "rc2"
-version = "0.9.0-pre.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b03621ac292cc723def9e0fd0eb9573b1df8d6a9ee7ad637fe94dfc153705f3c"
-dependencies = [
- "cipher",
-]
-
-[[package]]
-name = "rcgen"
-version = "0.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "75e669e5202259b5314d1ea5397316ad400819437857b90861765f24c4cf80a2"
-dependencies = [
- "pem",
- "ring",
- "rustls-pki-types",
- "time",
- "yasna",
-]
-
-[[package]]
-name = "redox_syscall"
-version = "0.5.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ed2bf2547551a7053d6fdfafda3f938979645c44812fbfcda098faae3f1a362d"
-dependencies = [
- "bitflags 2.11.1",
-]
-
-[[package]]
-name = "reqwest"
-version = "0.12.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eddd3ca559203180a307f12d114c268abf583f59b03cb906fd0b3ff8646c1147"
-dependencies = [
- "base64",
- "bytes",
- "futures-channel",
- "futures-core",
- "futures-util",
- "h2",
- "http",
- "http-body",
- "http-body-util",
- "hyper",
- "hyper-rustls",
- "hyper-util",
- "js-sys",
- "log",
- "percent-encoding",
- "pin-project-lite",
- "rustls",
- "rustls-pki-types",
- "serde",
- "serde_json",
- "serde_urlencoded",
- "sync_wrapper",
- "tokio",
- "tokio-rustls",
- "tower",
- "tower-http",
- "tower-service",
- "url",
- "wasm-bindgen",
- "wasm-bindgen-futures",
- "web-sys",
-]
-
-[[package]]
-name = "resolv-conf"
-version = "0.7.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1e061d1b48cb8d38042de4ae0a7a6401009d6143dc80d2e2d6f31f0bdd6470c7"
-
-[[package]]
-name = "rfc6979"
-version = "0.5.0-rc.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d369f9c4f79388704648e7bcb92749c0d6cf4397039293a9b747694fa4fb4bae"
-dependencies = [
- "hmac",
- "subtle",
-]
-
-[[package]]
-name = "ring"
-version = "0.17.14"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a4689e6c2294d81e88dc6261c768b63bc4fcdb852be6d1352498b114f61383b7"
-dependencies = [
- "cc",
- "cfg-if",
- "getrandom 0.2.17",
- "libc",
- "untrusted",
- "windows-sys 0.52.0",
-]
-
-[[package]]
-name = "rsa"
-version = "0.10.0-rc.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bf8955ab399f6426998fde6b76ae27233cce950705e758a6c17afd2f6d0e5d52"
-dependencies = [
- "const-oid 0.10.2",
- "crypto-bigint",
- "crypto-primes",
- "digest 0.11.0-rc.3",
- "pkcs1 0.8.0-rc.4",
- "pkcs8",
- "rand_core 0.9.5",
- "sha1 0.11.0-rc.2",
- "signature",
- "spki 0.8.0-rc.4",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "rustc_version"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "cfcb3a22ef46e85b45de6ee7e79d063319ebb6594faafcf1c225ea92ab6e9b92"
-dependencies = [
- "semver",
-]
-
-[[package]]
-name = "rusticata-macros"
-version = "4.1.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "faf0c4a6ece9950b9abdb62b1cfcf2a68b3b67a10ba445b3bb85be2a293d0632"
-dependencies = [
- "nom",
-]
-
-[[package]]
-name = "rustls"
-version = "0.23.38"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69f9466fb2c14ea04357e91413efb882e2a6d4a406e625449bc0a5d360d53a21"
-dependencies = [
- "aws-lc-rs",
- "log",
- "once_cell",
- "ring",
- "rustls-pki-types",
- "rustls-webpki",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "rustls-native-certs"
-version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "612460d5f7bea540c490b2b6395d8e34a953e52b491accd6c86c8164c5932a63"
-dependencies = [
- "openssl-probe",
- "rustls-pki-types",
- "schannel",
- "security-framework",
-]
-
-[[package]]
-name = "rustls-pki-types"
-version = "1.14.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "be040f8b0a225e40375822a563fa9524378b9d63112f53e19ffff34df5d33fdd"
-dependencies = [
- "zeroize",
-]
-
-[[package]]
-name = "rustls-webpki"
-version = "0.103.13"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "61c429a8649f110dddef65e2a5ad240f747e85f7758a6bccc7e5777bd33f756e"
-dependencies = [
- "aws-lc-rs",
- "ring",
- "rustls-pki-types",
- "untrusted",
-]
-
-[[package]]
-name = "rustversion"
-version = "1.0.22"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b39cdef0fa800fc44525c84ccb54a029961a8215f9619753635a9c0d2538d46d"
-
-[[package]]
-name = "ryu"
-version = "1.0.23"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9774ba4a74de5f7b1c1451ed6cd5285a32eddb5cccb8cc655a4e50009e06477f"
-
-[[package]]
-name = "schannel"
-version = "0.1.29"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "91c1b7e4904c873ef0710c1f407dde2e6287de2bebc1bbbf7d430bb7cbffd939"
-dependencies = [
- "windows-sys 0.61.2",
-]
-
-[[package]]
-name = "scopeguard"
-version = "1.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "94143f37725109f92c262ed2cf5e59bce7498c01bcc1502d7b9afe439a4e9f49"
-
-[[package]]
-name = "sec1"
-version = "0.8.0-rc.10"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1dff52f6118bc9f0ac974a54a639d499ac26a6cad7a6e39bc0990c19625e793b"
-dependencies = [
- "base16ct 0.3.0",
- "der 0.8.0-rc.9",
- "hybrid-array",
- "subtle",
- "zeroize",
-]
-
-[[package]]
-name = "secrecy"
-version = "0.8.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9bd1c54ea06cfd2f6b63219704de0b9b4f72dcc2b8fdef820be6cd799780e91e"
-dependencies = [
- "zeroize",
-]
-
-[[package]]
-name = "security-framework"
-version = "3.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7f4bc775c73d9a02cde8bf7b2ec4c9d12743edf609006c7facc23998404cd1d"
-dependencies = [
- "bitflags 2.11.1",
- "core-foundation 0.10.1",
- "core-foundation-sys",
- "libc",
- "security-framework-sys",
-]
-
-[[package]]
-name = "security-framework-sys"
-version = "2.17.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ce2691df843ecc5d231c0b14ece2acc3efb62c0a398c7e1d875f3983ce020e3"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "semver"
-version = "1.0.28"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8a7852d02fc848982e0c167ef163aaff9cd91dc640ba85e263cb1ce46fae51cd"
-
-[[package]]
-name = "serde"
-version = "1.0.228"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9a8e94ea7f378bd32cbbd37198a4a91436180c5bb472411e48b5ec2e2124ae9e"
-dependencies = [
- "serde_core",
- "serde_derive",
-]
-
-[[package]]
-name = "serde_bytes"
-version = "0.11.19"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a5d440709e79d88e51ac01c4b72fc6cb7314017bb7da9eeff678aa94c10e3ea8"
-dependencies = [
- "serde",
- "serde_core",
-]
-
-[[package]]
-name = "serde_core"
-version = "1.0.228"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "41d385c7d4ca58e59fc732af25c3983b67ac852c1a25000afe1175de458b67ad"
-dependencies = [
- "serde_derive",
-]
-
-[[package]]
-name = "serde_derive"
-version = "1.0.228"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d540f220d3187173da220f885ab66608367b6574e925011a9353e4badda91d79"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "serde_json"
-version = "1.0.149"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "83fc039473c5595ace860d8c4fafa220ff474b3fc6bfdb4293327f1a37e94d86"
-dependencies = [
- "itoa",
- "memchr",
- "serde",
- "serde_core",
- "zmij",
-]
-
-[[package]]
-name = "serde_urlencoded"
-version = "0.7.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d3491c14715ca2294c4d6a88f15e84739788c1d030eed8c110436aafdaa2f3fd"
-dependencies = [
- "form_urlencoded",
- "itoa",
- "ryu",
- "serde",
-]
-
-[[package]]
-name = "serdect"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9af4a3e75ebd5599b30d4de5768e00b5095d518a79fefc3ecbaf77e665d1ec06"
-dependencies = [
- "base16ct 1.0.0",
- "serde",
-]
-
-[[package]]
-name = "sha1"
-version = "0.10.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e3bf829a2d51ab4a5ddf1352d8470c140cadc8301b2ae1789db023f01cedd6ba"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest 0.10.7",
-]
-
-[[package]]
-name = "sha1"
-version = "0.11.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c5e046edf639aa2e7afb285589e5405de2ef7e61d4b0ac1e30256e3eab911af9"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest 0.11.0-rc.3",
-]
-
-[[package]]
-name = "sha2"
-version = "0.11.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d1e3878ab0f98e35b2df35fe53201d088299b41a6bb63e3e34dada2ac4abd924"
-dependencies = [
- "cfg-if",
- "cpufeatures",
- "digest 0.11.0-rc.3",
-]
-
-[[package]]
-name = "sha3"
-version = "0.11.0-rc.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2103ca0e6f4e9505eae906de5e5883e06fc3b2232fb5d6914890c7bbcb62f478"
-dependencies = [
- "digest 0.11.0-rc.3",
- "keccak",
-]
-
-[[package]]
-name = "shlex"
-version = "1.3.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0fda2ff0d084019ba4d7c6f371c95d8fd75ce3524c3cb8fb653a3023f6323e64"
-
-[[package]]
-name = "signal-hook-registry"
-version = "1.4.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c4db69cba1110affc0e9f7bcd48bbf87b3f4fc7c61fc9155afd4c469eb3d6c1b"
-dependencies = [
- "errno",
- "libc",
-]
-
-[[package]]
-name = "signature"
-version = "3.0.0-rc.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "fc280a6ff65c79fbd6622f64d7127f32b85563bca8c53cd2e9141d6744a9056d"
-dependencies = [
- "digest 0.11.0-rc.3",
- "rand_core 0.9.5",
-]
-
-[[package]]
-name = "simd-adler32"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "703d5c7ef118737c72f1af64ad2f6f8c5e1921f818cdcb97b8fe6fc69bf66214"
-
-[[package]]
-name = "slab"
-version = "0.4.12"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c790de23124f9ab44544d7ac05d60440adc586479ce501c1d6d7da3cd8c9cf5"
-
-[[package]]
-name = "smallvec"
-version = "1.15.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "67b1b7a3b5fe4f1376887184045fcf45c69e92af734b7aaddc05fb777b6fbd03"
-
-[[package]]
-name = "socket2"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3a766e1110788c36f4fa1c2b71b387a7815aa65f88ce0229841826633d93723e"
-dependencies = [
- "libc",
- "windows-sys 0.61.2",
-]
-
-[[package]]
-name = "spin"
-version = "0.9.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6980e8d7511241f8acf4aebddbb1ff938df5eebe98691418c4468d0b72a96a67"
-dependencies = [
- "lock_api",
-]
-
-[[package]]
-name = "spki"
-version = "0.7.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d91ed6c858b01f942cd56b37a94b3e0a1798290327d1236e4d9cf4eaca44d29d"
-dependencies = [
- "base64ct",
- "der 0.7.10",
-]
-
-[[package]]
-name = "spki"
-version = "0.8.0-rc.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8baeff88f34ed0691978ec34440140e1572b68c7dd4a495fd14a3dc1944daa80"
-dependencies = [
- "base64ct",
- "der 0.8.0-rc.9",
-]
-
-[[package]]
-name = "sspi"
-version = "0.18.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b2f4823ee743a4a0cc2153eb640e28ff95b55ca25c88085b559bae59fb6c317a"
-dependencies = [
- "async-dnssd",
- "async-recursion",
- "bitflags 2.11.1",
- "block-buffer 0.11.0-rc.5",
- "byteorder",
- "cfg-if",
- "crypto-bigint",
- "crypto-common 0.2.0-rc.4",
- "crypto-mac",
- "crypto-primes",
- "cryptoki",
- "curve25519-dalek",
- "der 0.8.0-rc.9",
- "digest 0.11.0-rc.3",
- "ed25519-dalek",
- "ff",
- "futures",
- "getrandom 0.3.4",
- "group",
- "hickory-proto",
- "hickory-resolver",
- "hmac",
- "md-5 0.11.0-rc.2",
- "md4",
- "num-derive",
- "num-traits",
- "oid",
- "p256",
- "p384",
- "p521",
- "pem-rfc7468 1.0.0-rc.3",
- "picky",
- "picky-asn1",
- "picky-asn1-der",
- "picky-asn1-x509",
- "picky-krb",
- "pkcs1 0.8.0-rc.4",
- "pkcs8",
- "portpicker",
- "primefield",
- "primeorder",
- "rand 0.9.4",
- "reqwest",
- "rsa",
- "rustls",
- "rustls-native-certs",
- "serde",
- "sha1 0.11.0-rc.2",
- "sha2",
- "signature",
- "spki 0.8.0-rc.4",
- "time",
- "tokio",
- "tracing",
- "url",
- "uuid",
- "windows",
- "windows-registry",
- "winscard",
- "zeroize",
-]
-
-[[package]]
-name = "stable_deref_trait"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6ce2be8dc25455e1f91df71bfa12ad37d7af1092ae736f3a6cd0e37bc7810596"
-
-[[package]]
-name = "subtle"
-version = "2.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
-
-[[package]]
-name = "syn"
-version = "2.0.117"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e665b8803e7b1d2a727f4023456bbbbe74da67099c585258af0ad9c5013b9b99"
-dependencies = [
- "proc-macro2",
- "quote",
- "unicode-ident",
-]
-
-[[package]]
-name = "sync_wrapper"
-version = "1.0.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0bf256ce5efdfa370213c1dabab5935a12e49f2c58d15e9eac2870d3b4f27263"
-dependencies = [
- "futures-core",
-]
-
-[[package]]
-name = "synstructure"
-version = "0.13.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "728a70f3dbaf5bab7f0c4b1ac8d7ae5ea60a4b5549c8a5914361c99147a709d2"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "system-configuration"
-version = "0.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a13f3d0daba03132c0aa9767f98351b3488edc2c100cda2d2ec2b04f3d8d3c8b"
-dependencies = [
- "bitflags 2.11.1",
- "core-foundation 0.9.4",
- "system-configuration-sys",
-]
-
-[[package]]
-name = "system-configuration-sys"
-version = "0.6.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e1d1b10ced5ca923a1fcb8d03e96b8d3268065d724548c0211415ff6ac6bac4"
-dependencies = [
- "core-foundation-sys",
- "libc",
-]
-
-[[package]]
-name = "tagptr"
-version = "0.2.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7b2093cf4c8eb1e67749a6762251bc9cd836b6fc171623bd0a9d324d37af2417"
-
-[[package]]
-name = "tap"
-version = "1.0.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "55937e1799185b12863d447f42597ed69d9928686b8d88a1df17376a097d8369"
-
-[[package]]
-name = "thiserror"
-version = "2.0.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4288b5bcbc7920c07a1149a35cf9590a2aa808e0bc1eafaade0b80947865fbc4"
-dependencies = [
- "thiserror-impl",
-]
-
-[[package]]
-name = "thiserror-impl"
-version = "2.0.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ebc4ee7f67670e9b64d05fa4253e753e016c6c95ff35b89b7941d6b856dec1d5"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "time"
-version = "0.3.47"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "743bd48c283afc0388f9b8827b976905fb217ad9e647fae3a379a9283c4def2c"
-dependencies = [
- "deranged",
- "itoa",
- "js-sys",
- "num-conv",
- "powerfmt",
- "serde_core",
- "time-core",
- "time-macros",
-]
-
-[[package]]
-name = "time-core"
-version = "0.1.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7694e1cfe791f8d31026952abf09c69ca6f6fa4e1a1229e18988f06a04a12dca"
-
-[[package]]
-name = "time-macros"
-version = "0.2.27"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2e70e4c5a0e0a8a4823ad65dfe1a6930e4f4d756dcd9dd7939022b5e8c501215"
-dependencies = [
- "num-conv",
- "time-core",
-]
-
-[[package]]
-name = "tinystr"
-version = "0.8.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "c8323304221c2a851516f22236c5722a72eaa19749016521d6dff0824447d96d"
-dependencies = [
- "displaydoc",
- "zerovec",
-]
-
-[[package]]
-name = "tinyvec"
-version = "1.11.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3e61e67053d25a4e82c844e8424039d9745781b3fc4f32b8d55ed50f5f667ef3"
-dependencies = [
- "tinyvec_macros",
-]
-
-[[package]]
-name = "tinyvec_macros"
-version = "0.1.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1f3ccbac311fea05f86f61904b462b55fb3df8837a366dfc601a0161d0532f20"
-
-[[package]]
-name = "tls_codec"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0de2e01245e2bb89d6f05801c564fa27624dbd7b1846859876c7dad82e90bf6b"
-dependencies = [
- "tls_codec_derive",
- "zeroize",
-]
-
-[[package]]
-name = "tls_codec_derive"
-version = "0.4.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "2d2e76690929402faae40aebdda620a2c0e25dd6d3b9afe48867dfd95991f4bd"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "tokio"
-version = "1.52.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b67dee974fe86fd92cc45b7a95fdd2f99a36a6d7b0d431a231178d3d670bbcc6"
-dependencies = [
- "bytes",
- "libc",
- "mio",
- "parking_lot",
- "pin-project-lite",
- "signal-hook-registry",
- "socket2",
- "tokio-macros",
- "windows-sys 0.61.2",
-]
-
-[[package]]
-name = "tokio-macros"
-version = "2.7.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "385a6cb71ab9ab790c5fe8d67f1645e6c450a7ce006a33de03daa956cf70a496"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "tokio-rustls"
-version = "0.26.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1729aa945f29d91ba541258c8df89027d5792d85a8841fb65e8bf0f4ede4ef61"
-dependencies = [
- "rustls",
- "tokio",
-]
-
-[[package]]
-name = "tokio-util"
-version = "0.7.18"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9ae9cec805b01e8fc3fd2fe289f89149a9b66dd16786abd8b19cfa7b48cb0098"
-dependencies = [
- "bytes",
- "futures-core",
- "futures-sink",
- "pin-project-lite",
- "tokio",
-]
-
-[[package]]
-name = "tower"
-version = "0.5.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ebe5ef63511595f1344e2d5cfa636d973292adc0eec1f0ad45fae9f0851ab1d4"
-dependencies = [
- "futures-core",
- "futures-util",
- "pin-project-lite",
- "sync_wrapper",
- "tokio",
- "tower-layer",
- "tower-service",
-]
-
-[[package]]
-name = "tower-http"
-version = "0.6.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d4e6559d53cc268e5031cd8429d05415bc4cb4aefc4aa5d6cc35fbf5b924a1f8"
-dependencies = [
- "bitflags 2.11.1",
- "bytes",
- "futures-util",
- "http",
- "http-body",
- "iri-string",
- "pin-project-lite",
- "tower",
- "tower-layer",
- "tower-service",
-]
-
-[[package]]
-name = "tower-layer"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "121c2a6cda46980bb0fcd1647ffaf6cd3fc79a013de288782836f6df9c48780e"
-
-[[package]]
-name = "tower-service"
-version = "0.3.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8df9b6e13f2d32c91b9bd719c00d1958837bc7dec474d94952798cc8e69eeec3"
-
-[[package]]
-name = "tracing"
-version = "0.1.44"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "63e71662fa4b2a2c3a26f570f037eb95bb1f85397f3cd8076caed2f026a6d100"
-dependencies = [
- "log",
- "pin-project-lite",
- "tracing-attributes",
- "tracing-core",
-]
-
-[[package]]
-name = "tracing-attributes"
-version = "0.1.31"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7490cfa5ec963746568740651ac6781f701c9c5ea257c58e057f3ba8cf69e8da"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "tracing-core"
-version = "0.1.36"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "db97caf9d906fbde555dd62fa95ddba9eecfd14cb388e4f491a66d74cd5fb79a"
-dependencies = [
- "once_cell",
-]
-
-[[package]]
-name = "try-lock"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e421abadd41a4225275504ea4d6566923418b7f05506fbc9c0fe86ba7396114b"
-
-[[package]]
-name = "typenum"
-version = "1.20.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "40ce102ab67701b8526c123c1bab5cbe42d7040ccfd0f64af1a385808d2f43de"
-
-[[package]]
-name = "unicode-ident"
-version = "1.0.24"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e6e4313cd5fcd3dad5cafa179702e2b244f760991f45397d14d4ebf38247da75"
-
-[[package]]
-name = "unicode-xid"
-version = "0.2.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ebc1c04c71510c7f702b52b7c350734c9ff1295c464a03335b00bb84fc54f853"
-
-[[package]]
-name = "universal-hash"
-version = "0.6.0-rc.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a55be643b40a21558f44806b53ee9319595bc7ca6896372e4e08e5d7d83c9cd6"
-dependencies = [
- "crypto-common 0.2.0-rc.4",
- "subtle",
-]
-
-[[package]]
-name = "untrusted"
-version = "0.9.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8ecb6da28b8a351d773b68d5825ac39017e680750f980f3a1a85cd8dd28a47c1"
-
-[[package]]
-name = "url"
-version = "2.5.8"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ff67a8a4397373c3ef660812acab3268222035010ab8680ec4215f38ba3d0eed"
-dependencies = [
- "form_urlencoded",
- "idna",
- "percent-encoding",
- "serde",
-]
-
-[[package]]
-name = "utf8_iter"
-version = "1.0.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b6c140620e7ffbb22c2dee59cafe6084a59b5ffc27a8859a5f0d494b5d52b6be"
-
-[[package]]
-name = "uuid"
-version = "1.23.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ddd74a9687298c6858e9b88ec8935ec45d22e8fd5e6394fa1bd4e99a87789c76"
-dependencies = [
- "getrandom 0.4.2",
- "js-sys",
- "serde_core",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "vcpkg"
-version = "0.2.15"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "accd4ea62f7bb7a82fe23066fb0957d48ef677f6eeb8215f372f52e48bb32426"
-
-[[package]]
-name = "version_check"
-version = "0.9.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
-
-[[package]]
-name = "want"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bfa7760aed19e106de2c7c0b581b509f2f25d3dacaf737cb82ac61bc6d760b0e"
-dependencies = [
- "try-lock",
-]
-
-[[package]]
-name = "wasi"
-version = "0.11.1+wasi-snapshot-preview1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ccf3ec651a847eb01de73ccad15eb7d99f80485de043efb2f370cd654f4ea44b"
-
-[[package]]
-name = "wasip2"
-version = "1.0.3+wasi-0.2.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "20064672db26d7cdc89c7798c48a0fdfac8213434a1186e5ef29fd560ae223d6"
-dependencies = [
- "wit-bindgen 0.57.1",
-]
-
-[[package]]
-name = "wasip3"
-version = "0.4.0+wasi-0.3.0-rc-2026-01-06"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5428f8bf88ea5ddc08faddef2ac4a67e390b88186c703ce6dbd955e1c145aca5"
-dependencies = [
- "wit-bindgen 0.51.0",
-]
-
-[[package]]
-name = "wasm-bindgen"
-version = "0.2.118"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0bf938a0bacb0469e83c1e148908bd7d5a6010354cf4fb73279b7447422e3a89"
-dependencies = [
- "cfg-if",
- "once_cell",
- "rustversion",
- "wasm-bindgen-macro",
- "wasm-bindgen-shared",
-]
-
-[[package]]
-name = "wasm-bindgen-futures"
-version = "0.4.68"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f371d383f2fb139252e0bfac3b81b265689bf45b6874af544ffa4c975ac1ebf8"
-dependencies = [
- "js-sys",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "wasm-bindgen-macro"
-version = "0.2.118"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eeff24f84126c0ec2db7a449f0c2ec963c6a49efe0698c4242929da037ca28ed"
-dependencies = [
- "quote",
- "wasm-bindgen-macro-support",
-]
-
-[[package]]
-name = "wasm-bindgen-macro-support"
-version = "0.2.118"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d08065faf983b2b80a79fd87d8254c409281cf7de75fc4b773019824196c904"
-dependencies = [
- "bumpalo",
- "proc-macro2",
- "quote",
- "syn",
- "wasm-bindgen-shared",
-]
-
-[[package]]
-name = "wasm-bindgen-shared"
-version = "0.2.118"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5fd04d9e306f1907bd13c6361b5c6bfc7b3b3c095ed3f8a9246390f8dbdee129"
-dependencies = [
- "unicode-ident",
-]
-
-[[package]]
-name = "wasm-encoder"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "990065f2fe63003fe337b932cfb5e3b80e0b4d0f5ff650e6985b1048f62c8319"
-dependencies = [
- "leb128fmt",
- "wasmparser",
-]
-
-[[package]]
-name = "wasm-metadata"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "bb0e353e6a2fbdc176932bbaab493762eb1255a7900fe0fea1a2f96c296cc909"
-dependencies = [
- "anyhow",
- "indexmap",
- "wasm-encoder",
- "wasmparser",
-]
-
-[[package]]
-name = "wasmparser"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "47b807c72e1bac69382b3a6fb3dbe8ea4c0ed87ff5629b8685ae6b9a611028fe"
-dependencies = [
- "bitflags 2.11.1",
- "hashbrown 0.15.5",
- "indexmap",
- "semver",
-]
-
-[[package]]
-name = "web-sys"
-version = "0.3.95"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "4f2dfbb17949fa2088e5d39408c48368947b86f7834484e87b73de55bc14d97d"
-dependencies = [
- "js-sys",
- "wasm-bindgen",
-]
-
-[[package]]
-name = "widestring"
-version = "1.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "72069c3113ab32ab29e5584db3c6ec55d416895e60715417b5b883a357c3e471"
-
-[[package]]
-name = "winapi"
-version = "0.3.9"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "5c839a674fcd7a98952e593242ea400abe93992746761e38641405d28b00f419"
-dependencies = [
- "winapi-i686-pc-windows-gnu",
- "winapi-x86_64-pc-windows-gnu",
-]
-
-[[package]]
-name = "winapi-i686-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ac3b87c63620426dd9b991e5ce0329eff545bccbbb34f3be09ff6fb6ab51b7b6"
-
-[[package]]
-name = "winapi-x86_64-pc-windows-gnu"
-version = "0.4.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "712e227841d057c1ee1cd2fb22fa7e5a5461ae8e48fa2ca79ec42cfc1931183f"
-
-[[package]]
-name = "windows"
-version = "0.62.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "527fadee13e0c05939a6a05d5bd6eec6cd2e3dbd648b9f8e447c6518133d8580"
-dependencies = [
- "windows-collections",
- "windows-core",
- "windows-future",
- "windows-numerics",
-]
-
-[[package]]
-name = "windows-collections"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "23b2d95af1a8a14a3c7367e1ed4fc9c20e0a26e79551b1454d72583c97cc6610"
-dependencies = [
- "windows-core",
-]
-
-[[package]]
-name = "windows-core"
-version = "0.62.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8e83a14d34d0623b51dce9581199302a221863196a1dde71a7663a4c2be9deb"
-dependencies = [
- "windows-implement",
- "windows-interface",
- "windows-link",
- "windows-result",
- "windows-strings",
-]
-
-[[package]]
-name = "windows-future"
-version = "0.3.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e1d6f90251fe18a279739e78025bd6ddc52a7e22f921070ccdc67dde84c605cb"
-dependencies = [
- "windows-core",
- "windows-link",
- "windows-threading",
-]
-
-[[package]]
-name = "windows-implement"
-version = "0.60.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "053e2e040ab57b9dc951b72c264860db7eb3b0200ba345b4e4c3b14f67855ddf"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "windows-interface"
-version = "0.59.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3f316c4a2570ba26bbec722032c4099d8c8bc095efccdc15688708623367e358"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "windows-link"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "f0805222e57f7521d6a62e36fa9163bc891acd422f971defe97d64e70d0a4fe5"
-
-[[package]]
-name = "windows-numerics"
-version = "0.3.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "6e2e40844ac143cdb44aead537bbf727de9b044e107a0f1220392177d15b0f26"
-dependencies = [
- "windows-core",
- "windows-link",
-]
-
-[[package]]
-name = "windows-registry"
-version = "0.6.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "02752bf7fbdcce7f2a27a742f798510f3e5ad88dbe84871e5168e2120c3d5720"
-dependencies = [
- "windows-link",
- "windows-result",
- "windows-strings",
-]
-
-[[package]]
-name = "windows-result"
-version = "0.4.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7781fa89eaf60850ac3d2da7af8e5242a5ea78d1a11c49bf2910bb5a73853eb5"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows-strings"
-version = "0.5.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "7837d08f69c77cf6b07689544538e017c1bfcf57e34b4c0ff58e6c2cd3b37091"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.52.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "282be5f36a8ce781fad8c8ae18fa3f9beff57ec1b52cb3de0789201425d9a33d"
-dependencies = [
- "windows-targets",
-]
-
-[[package]]
-name = "windows-sys"
-version = "0.61.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ae137229bcbd6cdf0f7b80a31df61766145077ddf49416a728b02cb3921ff3fc"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows-targets"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9b724f72796e036ab90c1021d4780d4d3d648aca59e491e6b98e725b84e99973"
-dependencies = [
- "windows_aarch64_gnullvm",
- "windows_aarch64_msvc",
- "windows_i686_gnu",
- "windows_i686_gnullvm",
- "windows_i686_msvc",
- "windows_x86_64_gnu",
- "windows_x86_64_gnullvm",
- "windows_x86_64_msvc",
-]
-
-[[package]]
-name = "windows-threading"
-version = "0.2.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3949bd5b99cafdf1c7ca86b43ca564028dfe27d66958f2470940f73d86d75b37"
-dependencies = [
- "windows-link",
-]
-
-[[package]]
-name = "windows_aarch64_gnullvm"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "32a4622180e7a0ec044bb555404c800bc9fd9ec262ec147edd5989ccd0c02cd3"
-
-[[package]]
-name = "windows_aarch64_msvc"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "09ec2a7bb152e2252b53fa7803150007879548bc709c039df7627cabbd05d469"
-
-[[package]]
-name = "windows_i686_gnu"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8e9b5ad5ab802e97eb8e295ac6720e509ee4c243f69d781394014ebfe8bbfa0b"
-
-[[package]]
-name = "windows_i686_gnullvm"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0eee52d38c090b3caa76c563b86c3a4bd71ef1a819287c19d586d7334ae8ed66"
-
-[[package]]
-name = "windows_i686_msvc"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "240948bc05c5e7c6dabba28bf89d89ffce3e303022809e73deaefe4f6ec56c66"
-
-[[package]]
-name = "windows_x86_64_gnu"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "147a5c80aabfbf0c7d901cb5895d1de30ef2907eb21fbbab29ca94c5b08b1a78"
-
-[[package]]
-name = "windows_x86_64_gnullvm"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "24d5b23dc417412679681396f2b49f3de8c1473deb516bd34410872eff51ed0d"
-
-[[package]]
-name = "windows_x86_64_msvc"
-version = "0.52.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
-
-[[package]]
-name = "winscard"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "73b6ec4e6176df62589d1ac9950f6295be87ca06ee61a7c9a579a2bcc80efe34"
-dependencies = [
- "bitflags 2.11.1",
- "crypto-bigint",
- "flate2",
- "iso7816",
- "iso7816-tlv",
- "num-derive",
- "num-traits",
- "picky",
- "picky-asn1-x509",
- "rand_core 0.9.5",
- "rsa",
- "sha1 0.11.0-rc.2",
- "time",
- "tracing",
- "uuid",
-]
-
-[[package]]
-name = "wit-bindgen"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d7249219f66ced02969388cf2bb044a09756a083d0fab1e566056b04d9fbcaa5"
-dependencies = [
- "wit-bindgen-rust-macro",
-]
-
-[[package]]
-name = "wit-bindgen"
-version = "0.57.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ebf944e87a7c253233ad6766e082e3cd714b5d03812acc24c318f549614536e"
-
-[[package]]
-name = "wit-bindgen-core"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ea61de684c3ea68cb082b7a88508a8b27fcc8b797d738bfc99a82facf1d752dc"
-dependencies = [
- "anyhow",
- "heck",
- "wit-parser",
-]
-
-[[package]]
-name = "wit-bindgen-rust"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b7c566e0f4b284dd6561c786d9cb0142da491f46a9fbed79ea69cdad5db17f21"
-dependencies = [
- "anyhow",
- "heck",
- "indexmap",
- "prettyplease",
- "syn",
- "wasm-metadata",
- "wit-bindgen-core",
- "wit-component",
-]
-
-[[package]]
-name = "wit-bindgen-rust-macro"
-version = "0.51.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0c0f9bfd77e6a48eccf51359e3ae77140a7f50b1e2ebfe62422d8afdaffab17a"
-dependencies = [
- "anyhow",
- "prettyplease",
- "proc-macro2",
- "quote",
- "syn",
- "wit-bindgen-core",
- "wit-bindgen-rust",
-]
-
-[[package]]
-name = "wit-component"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "9d66ea20e9553b30172b5e831994e35fbde2d165325bec84fc43dbf6f4eb9cb2"
-dependencies = [
- "anyhow",
- "bitflags 2.11.1",
- "indexmap",
- "log",
- "serde",
- "serde_derive",
- "serde_json",
- "wasm-encoder",
- "wasm-metadata",
- "wasmparser",
- "wit-parser",
-]
-
-[[package]]
-name = "wit-parser"
-version = "0.244.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "ecc8ac4bc1dc3381b7f59c34f00b67e18f910c2c0f50015669dde7def656a736"
-dependencies = [
- "anyhow",
- "id-arena",
- "indexmap",
- "log",
- "semver",
- "serde",
- "serde_derive",
- "serde_json",
- "unicode-xid",
- "wasmparser",
-]
-
-[[package]]
-name = "writeable"
-version = "0.6.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1ffae5123b2d3fc086436f8834ae3ab053a283cfac8fe0a0b8eaae044768a4c4"
-
-[[package]]
-name = "x25519-dalek"
-version = "3.0.0-pre.1"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "3a45998121837fd8c92655d2334aa8f3e5ef0645cdfda5b321b13760c548fd55"
-dependencies = [
- "curve25519-dalek",
- "rand_core 0.9.5",
- "serde",
- "zeroize",
-]
-
-[[package]]
-name = "x509-cert"
-version = "0.2.5"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1301e935010a701ae5f8655edc0ad17c44bad3ac5ce8c39185f75453b720ae94"
-dependencies = [
- "const-oid 0.9.6",
- "der 0.7.10",
- "spki 0.7.3",
- "tls_codec",
-]
-
-[[package]]
-name = "yasna"
-version = "0.5.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "e17bb3549cc1321ae1296b9cdc2698e2b6cb1992adfa19a8c72e5b7a738f44cd"
-dependencies = [
- "time",
-]
-
-[[package]]
-name = "yoke"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "abe8c5fda708d9ca3df187cae8bfb9ceda00dd96231bed36e445a1a48e66f9ca"
-dependencies = [
- "stable_deref_trait",
- "yoke-derive",
- "zerofrom",
-]
-
-[[package]]
-name = "yoke-derive"
-version = "0.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "de844c262c8848816172cef550288e7dc6c7b7814b4ee56b3e1553f275f1858e"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
- "synstructure",
-]
-
-[[package]]
-name = "zerocopy"
-version = "0.8.48"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "eed437bf9d6692032087e337407a86f04cd8d6a16a37199ed57949d415bd68e9"
-dependencies = [
- "zerocopy-derive",
-]
-
-[[package]]
-name = "zerocopy-derive"
-version = "0.8.48"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "70e3cd084b1788766f53af483dd21f93881ff30d7320490ec3ef7526d203bad4"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "zerofrom"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "69faa1f2a1ea75661980b013019ed6687ed0e83d069bc1114e2cc74c6c04c4df"
-dependencies = [
- "zerofrom-derive",
-]
-
-[[package]]
-name = "zerofrom-derive"
-version = "0.1.7"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "11532158c46691caf0f2593ea8358fed6bbf68a0315e80aae9bd41fbade684a1"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
- "synstructure",
-]
-
-[[package]]
-name = "zeroize"
-version = "1.8.2"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b97154e67e32c85465826e8bcc1c59429aaaf107c1e4a9e53c8d8ccd5eff88d0"
-dependencies = [
- "zeroize_derive",
-]
-
-[[package]]
-name = "zeroize_derive"
-version = "1.4.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "85a5b4158499876c763cb03bc4e49185d3cccbabb15b33c627f7884f43db852e"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "zerotrie"
-version = "0.2.4"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "0f9152d31db0792fa83f70fb2f83148effb5c1f5b8c7686c3459e361d9bc20bf"
-dependencies = [
- "displaydoc",
- "yoke",
- "zerofrom",
-]
-
-[[package]]
-name = "zerovec"
-version = "0.11.6"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "90f911cbc359ab6af17377d242225f4d75119aec87ea711a880987b18cd7b239"
-dependencies = [
- "yoke",
- "zerofrom",
- "zerovec-derive",
-]
-
-[[package]]
-name = "zerovec-derive"
-version = "0.11.3"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "625dc425cab0dca6dc3c3319506e6593dcb08a9f387ea3b284dbd52a92c40555"
-dependencies = [
- "proc-macro2",
- "quote",
- "syn",
-]
-
-[[package]]
-name = "zmij"
-version = "1.0.21"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b8848ee67ecc8aedbaf3e4122217aff892639231befc6a1b58d29fff4c2cabaa"
diff --git a/packages/pam/handlers/rdp/native/Cargo.toml b/packages/pam/handlers/rdp/native/Cargo.toml
deleted file mode 100644
index 500a2117..00000000
--- a/packages/pam/handlers/rdp/native/Cargo.toml
+++ /dev/null
@@ -1,37 +0,0 @@
-[package]
-name = "infisical-rdp-bridge"
-version = "0.1.0"
-edition = "2021"
-description = "IronRDP MITM bridge for Infisical PAM Windows/RDP support"
-publish = false
-
-[lib]
-name = "infisical_rdp_bridge"
-crate-type = ["staticlib", "rlib"]
-path = "src/lib.rs"
-
-[dependencies]
-ironrdp-acceptor = "0.8"
-ironrdp-connector = "0.8"
-ironrdp-tokio = { version = "0.8", features = ["reqwest"] }
-ironrdp-pdu = "0.7"
-ironrdp-tls = { version = "0.2", features = ["rustls"] }
-x509-cert = { version = "0.2", features = ["std"] }
-
-tokio = { version = "1", features = ["full"] }
-tokio-util = "0.7"
-bytes = "1"
-tokio-rustls = "0.26"
-rustls = { version = "0.23", features = ["ring"] }
-rcgen = "0.13"
-
-anyhow = "1"
-tracing = "0.1"
-
-# Bundle zlib into the .a so cross-compile linkers don't need system -lz
-# per target arch. Pulled in transitively via flate2 (winscard -> sspi).
-libz-sys = { version = "1", features = ["static"] }
-
-[profile.release]
-lto = true
-codegen-units = 1
diff --git a/packages/pam/handlers/rdp/native/README.md b/packages/pam/handlers/rdp/native/README.md
deleted file mode 100644
index 83228343..00000000
--- a/packages/pam/handlers/rdp/native/README.md
+++ /dev/null
@@ -1,72 +0,0 @@
-# Infisical RDP Bridge
-
-Rust static library that provides the RDP MITM bridge for Infisical PAM Windows/RDP support. Uses [IronRDP](https://github.com/Devolutions/IronRDP) for protocol handling.
-
-## Prerequisites
-
-- Rust 1.95.0 (automatically selected via `rust-toolchain.toml`)
-- For cross-compilation: [cross](https://github.com/cross-rs/cross)
-
-```bash
-# Install Rust if not already installed
-curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
-
-# The rust-toolchain.toml will auto-install 1.95.0 on first build,
-# or install manually:
-rustup install 1.95.0
-```
-
-## Building
-
-### Local development (macOS/Linux)
-
-```bash
-cd packages/pam/handlers/rdp/native
-cargo build --release
-```
-
-The static library is output to `target/release/libinfisical_rdp_bridge.a`.
-
-### Cross-compilation
-
-For Linux targets from any host:
-
-```bash
-cargo install cross --locked --version 0.2.5
-cross build --release --target x86_64-unknown-linux-gnu
-```
-
-Supported targets:
-- `x86_64-unknown-linux-gnu`
-- `aarch64-unknown-linux-gnu`
-- `x86_64-apple-darwin`
-- `aarch64-apple-darwin`
-- `x86_64-pc-windows-gnu`
-
-## Building the CLI with RDP support
-
-The Go CLI links against the static library via CGO. Build with the `rdp` tag:
-
-```bash
-cd /path/to/cli
-go build -tags rdp -o infisical ./cmd/infisical
-```
-
-Without `-tags rdp`, the CLI uses a stub that returns `ErrRdpUnavailable` for all RDP operations.
-
-## Verifying the build
-
-```bash
-./infisical pam rdp --help
-```
-
-If you see help output, the bridge linked correctly. If you see "rdp bridge: not available in this build", the stub is active (missing `-tags rdp` or missing static library).
-
-## Architecture
-
-- `src/lib.rs` - Crate entry point, re-exports
-- `src/ffi.rs` - C ABI exports (see `include/rdp_bridge.h`)
-- `src/bridge.rs` - MITM logic: accepts client connection, injects credentials, connects to target
-- `src/config.rs` - TLS and connection configuration
-
-The bridge runs async Tokio tasks but exposes a blocking C ABI. The Go side calls `rdp_bridge_start_*` to spawn the session, `rdp_bridge_wait` to block until completion, and `rdp_bridge_free` to release resources.
diff --git a/packages/pam/handlers/rdp/native/include/rdp_bridge.h b/packages/pam/handlers/rdp/native/include/rdp_bridge.h
deleted file mode 100644
index 83088768..00000000
--- a/packages/pam/handlers/rdp/native/include/rdp_bridge.h
+++ /dev/null
@@ -1,53 +0,0 @@
-/*
- * infisical-rdp-bridge C ABI. See ffi.rs for details. Lifecycle:
- *   start_* -> wait -> free; cancel may be called from any thread.
- * start_* transfers ownership of the client fd/socket to the bridge.
- */
-
-#ifndef INFISICAL_RDP_BRIDGE_H
-#define INFISICAL_RDP_BRIDGE_H
-
-#include <stdint.h>
-
-#ifdef __cplusplus
-extern "C" {
-#endif
-
-#define RDP_BRIDGE_OK                 0
-#define RDP_BRIDGE_SESSION_ERROR      1
-#define RDP_BRIDGE_THREAD_PANIC       2
-#define RDP_BRIDGE_INVALID_HANDLE    -1
-#define RDP_BRIDGE_BAD_ARG           -2
-#define RDP_BRIDGE_RUNTIME_ERROR     -3
-
-#if defined(__unix__) || defined(__APPLE__)
-int32_t rdp_bridge_start_unix_fd(
-    int          client_fd,
-    const char  *target_host,
-    uint16_t     target_port,
-    const char  *username,
-    const char  *password,
-    uint64_t    *out_handle
-);
-#endif
-
-#if defined(_WIN32) || defined(_WIN64)
-int32_t rdp_bridge_start_windows_socket(
-    uintptr_t    client_socket,
-    const char  *target_host,
-    uint16_t     target_port,
-    const char  *username,
-    const char  *password,
-    uint64_t    *out_handle
-);
-#endif
-
-int32_t rdp_bridge_wait(uint64_t handle);
-int32_t rdp_bridge_cancel(uint64_t handle);
-int32_t rdp_bridge_free(uint64_t handle);
-
-#ifdef __cplusplus
-}
-#endif
-
-#endif
diff --git a/packages/pam/handlers/rdp/native/rust-toolchain.toml b/packages/pam/handlers/rdp/native/rust-toolchain.toml
deleted file mode 100644
index 3417ee59..00000000
--- a/packages/pam/handlers/rdp/native/rust-toolchain.toml
+++ /dev/null
@@ -1,4 +0,0 @@
-[toolchain]
-channel = "1.95.0"
-components = ["rustfmt", "clippy"]
-profile = "minimal"
diff --git a/packages/pam/handlers/rdp/native/src/bridge.rs b/packages/pam/handlers/rdp/native/src/bridge.rs
deleted file mode 100644
index cfe5e992..00000000
--- a/packages/pam/handlers/rdp/native/src/bridge.rs
+++ /dev/null
@@ -1,411 +0,0 @@
-//! MITM bridge. Runs acceptor + connector only through CredSSP (to inject
-//! credentials), then byte-forwards between the two TLS streams. Letting
-//! client and target negotiate MCS/capabilities/share-state directly
-//! avoids drift that breaks strict clients (Windows App, mstsc).
-
-use std::sync::Arc;
-
-use anyhow::{Context, Result};
-use ironrdp_acceptor::{Acceptor, BeginResult};
-use ironrdp_connector::credssp::{CredsspSequence, KerberosConfig};
-use ironrdp_connector::sspi::credssp::ClientState;
-use ironrdp_connector::sspi::generator::GeneratorState;
-use ironrdp_connector::{encode_x224_packet, ClientConnector, ClientConnectorState};
-use ironrdp_pdu::gcc::ConferenceCreateRequest;
-use ironrdp_pdu::ironrdp_core::{decode, WriteBuf};
-use ironrdp_pdu::mcs::ConnectInitial;
-use ironrdp_pdu::nego::SecurityProtocol;
-use ironrdp_pdu::rdp::client_info::Credentials as AcceptorCredentials;
-use ironrdp_pdu::x224::{X224Data, X224};
-use ironrdp_tokio::reqwest::ReqwestNetworkClient;
-use ironrdp_tokio::{FramedWrite, NetworkClient};
-use tokio::io::{AsyncRead, AsyncReadExt, AsyncWrite, AsyncWriteExt};
-use tokio::net::TcpStream;
-use tokio_util::sync::CancellationToken;
-use tracing::info;
-
-use crate::config::{connector_config, DEFAULT_HEIGHT, DEFAULT_WIDTH};
-
-// The acceptor side of the bridge expects the user to type the target
-// username with an empty password. The real password is injected by the
-// connector side from the PAM vault.
-pub const ACCEPTOR_PASSWORD: &str = "";
-
-pub struct TargetEndpoint {
-    pub host: String,
-    pub port: u16,
-    pub username: String,
-    pub password: String,
-}
-
-pub async fn run_mitm(
-    client_tcp: TcpStream,
-    target: TargetEndpoint,
-    cancel: CancellationToken,
-) -> Result<()> {
-    tokio::select! {
-        result = run_mitm_inner(client_tcp, target) => result,
-        _ = cancel.cancelled() => {
-            info!("session canceled by caller");
-            Ok(())
-        }
-    }
-}
-
-async fn run_mitm_inner(client_tcp: TcpStream, target: TargetEndpoint) -> Result<()> {
-    // Our tree pulls both ring (direct) and aws-lc-rs (via reqwest); rustls
-    // 0.23 needs an explicit provider when more than one is compiled in.
-    let _ = rustls::crypto::ring::default_provider().install_default();
-
-    let acceptor_username = target.username.clone();
-    let (acceptor_output, connector_output) = tokio::try_join!(
-        run_acceptor_half(client_tcp, acceptor_username),
-        run_connector_half(target)
-    )?;
-
-    let (mut client_stream, client_leftover) = acceptor_output;
-    let (mut target_stream, target_leftover) = connector_output;
-
-    // Strip virtual channels (clipboard, drives, audio, USB, etc.) from the
-    // client's MCS Connect Initial before forwarding. Mouse/keyboard/screen
-    // ride the implicit MCS I/O channel, not virtual channels, so they're
-    // unaffected.
-    filter_client_mcs_connect_initial(&mut client_stream, &mut target_stream, client_leftover)
-        .await
-        .context("filter client MCS Connect Initial")?;
-
-    if !target_leftover.is_empty() {
-        client_stream
-            .write_all(&target_leftover)
-            .await
-            .context("flush target leftover to client")?;
-    }
-
-    // Explicit flush before passthrough: avoids a stall if the final
-    // EarlyUserAuthResult PDU is sitting in the write buffer.
-    client_stream
-        .flush()
-        .await
-        .context("flush client stream before passthrough")?;
-    target_stream
-        .flush()
-        .await
-        .context("flush target stream before passthrough")?;
-
-    // Real RDP clients hard-close TCP without TLS close_notify, which
-    // rustls surfaces as UnexpectedEof. Treat that as clean shutdown.
-    match tokio::io::copy_bidirectional(&mut client_stream, &mut target_stream).await {
-        Ok(_) => info!("session ended cleanly"),
-        Err(e) if is_unexpected_eof(&e) => info!("session ended (peer hard-closed)"),
-        Err(e) => return Err(e).context("passthrough copy_bidirectional"),
-    }
-    Ok(())
-}
-
-fn is_unexpected_eof(err: &std::io::Error) -> bool {
-    err.kind() == std::io::ErrorKind::UnexpectedEof
-}
-
-// Reads the client's MCS Connect Initial PDU, removes any virtual channels
-// declared in its Client Network Data block, and forwards the rewritten PDU
-// to the target. Any bytes after the PDU (rare; PDUs typically arrive one at
-// a time at this stage) are forwarded unchanged.
-async fn filter_client_mcs_connect_initial(
-    client_stream: &mut ErasedStream,
-    target_stream: &mut ErasedStream,
-    leftover: bytes::BytesMut,
-) -> Result<()> {
-    let mut buf: Vec<u8> = leftover.to_vec();
-
-    // TPKT header: 0x03 0x00 [len_hi] [len_lo], len includes the header.
-    while buf.len() < 4 {
-        let mut chunk = [0u8; 1024];
-        let n = client_stream
-            .read(&mut chunk)
-            .await
-            .context("read TPKT header")?;
-        if n == 0 {
-            anyhow::bail!("EOF before TPKT header for MCS Connect Initial");
-        }
-        buf.extend_from_slice(&chunk[..n]);
-    }
-    if buf[0] != 0x03 {
-        anyhow::bail!("expected TPKT version 3, got 0x{:02x}", buf[0]);
-    }
-    let total_len = usize::from(u16::from_be_bytes([buf[2], buf[3]]));
-
-    while buf.len() < total_len {
-        let mut chunk = vec![0u8; (total_len - buf.len()).max(1024)];
-        let n = client_stream
-            .read(&mut chunk)
-            .await
-            .context("read MCS Connect Initial body")?;
-        if n == 0 {
-            anyhow::bail!("EOF mid MCS Connect Initial");
-        }
-        buf.extend_from_slice(&chunk[..n]);
-    }
-
-    let pdu_bytes = &buf[..total_len];
-    let extra_bytes: Vec<u8> = buf[total_len..].to_vec();
-
-    let x224 = decode::<X224<X224Data<'_>>>(pdu_bytes)
-        .map_err(|e| anyhow::anyhow!("decode X.224 wrapper: {e:?}"))?;
-    let mut connect_initial = decode::<ConnectInitial>(x224.0.data.as_ref())
-        .map_err(|e| anyhow::anyhow!("decode MCS Connect Initial: {e:?}"))?;
-
-    let mut gcc_blocks = connect_initial.conference_create_request.into_gcc_blocks();
-    if let Some(network) = gcc_blocks.network.as_mut() {
-        let stripped: Vec<String> = network
-            .channels
-            .iter()
-            .map(|c| c.name.as_str().unwrap_or("?").to_owned())
-            .collect();
-        if !stripped.is_empty() {
-            info!(
-                ?stripped,
-                "stripped virtual channels from MCS Connect Initial"
-            );
-            network.channels.clear();
-        }
-    }
-    connect_initial.conference_create_request = ConferenceCreateRequest::new(gcc_blocks)
-        .map_err(|e| anyhow::anyhow!("rebuild ConferenceCreateRequest: {e:?}"))?;
-
-    let mut out = WriteBuf::new();
-    encode_x224_packet(&connect_initial, &mut out)
-        .map_err(|e| anyhow::anyhow!("re-encode MCS Connect Initial: {e:?}"))?;
-
-    target_stream
-        .write_all(out.filled())
-        .await
-        .context("write filtered MCS Connect Initial to target")?;
-    if !extra_bytes.is_empty() {
-        target_stream
-            .write_all(&extra_bytes)
-            .await
-            .context("forward bytes trailing MCS Connect Initial")?;
-    }
-    Ok(())
-}
-
-async fn run_acceptor_half(
-    client_tcp: TcpStream,
-    username: String,
-) -> Result<(ErasedStream, bytes::BytesMut)> {
-    let (server_tls, acceptor_public_key) =
-        build_acceptor_tls().context("build acceptor TLS config")?;
-    let server_tls = Arc::new(server_tls);
-
-    let acceptor_framed = ironrdp_tokio::TokioFramed::new(client_tcp);
-    let expected_creds = AcceptorCredentials {
-        username,
-        password: ACCEPTOR_PASSWORD.to_owned(),
-        domain: None,
-    };
-    // Capabilities/desktop-size are shape-fillers; we never call accept_finalize.
-    let mut acceptor = Acceptor::new(
-        SecurityProtocol::HYBRID_EX | SecurityProtocol::HYBRID | SecurityProtocol::SSL,
-        ironrdp_acceptor::DesktopSize {
-            width: DEFAULT_WIDTH,
-            height: DEFAULT_HEIGHT,
-        },
-        Vec::new(),
-        Some(expected_creds),
-    );
-
-    let begin_result = ironrdp_acceptor::accept_begin(acceptor_framed, &mut acceptor)
-        .await
-        .context("acceptor: accept_begin")?;
-
-    let mut acceptor_framed: ironrdp_tokio::TokioFramed<ErasedStream> = match begin_result {
-        BeginResult::Continue(framed) => {
-            let (stream, leftover) = framed.into_inner();
-            let erased: ErasedStream = Box::new(stream);
-            ironrdp_tokio::TokioFramed::new_with_leftover(erased, leftover)
-        }
-        BeginResult::ShouldUpgrade(tcp) => {
-            let tls_stream = tokio_rustls::TlsAcceptor::from(server_tls)
-                .accept(tcp)
-                .await
-                .context("acceptor: TLS accept")?;
-            acceptor.mark_security_upgrade_as_done();
-            let erased: ErasedStream = Box::new(tls_stream);
-            ironrdp_tokio::TokioFramed::new(erased)
-        }
-    };
-
-    if acceptor.should_perform_credssp() {
-        ironrdp_acceptor::accept_credssp(
-            &mut acceptor_framed,
-            &mut acceptor,
-            &mut ReqwestNetworkClient::new(),
-            ironrdp_connector::ServerName::new("infisical-rdp-bridge"),
-            acceptor_public_key,
-            None,
-        )
-        .await
-        .context("acceptor: CredSSP")?;
-    }
-    info!("acceptor: CredSSP complete");
-
-    Ok(acceptor_framed.into_inner())
-}
-
-async fn run_connector_half(target: TargetEndpoint) -> Result<(ErasedStream, bytes::BytesMut)> {
-    let target_addr = format!("{}:{}", target.host, target.port);
-    let target_tcp = TcpStream::connect(&target_addr)
-        .await
-        .with_context(|| format!("connector: tcp connect to {target_addr}"))?;
-    let client_addr = target_tcp.local_addr().context("connector: local_addr")?;
-
-    let mut target_framed = ironrdp_tokio::TokioFramed::new(target_tcp);
-    let config = connector_config(target.username.clone(), target.password.clone());
-    let mut connector = ClientConnector::new(config, client_addr);
-
-    let should_upgrade = ironrdp_tokio::connect_begin(&mut target_framed, &mut connector)
-        .await
-        .context("connector: connect_begin")?;
-
-    let (initial_stream, leftover) = target_framed.into_inner();
-    let (upgraded_stream, tls_cert) = ironrdp_tls::upgrade(initial_stream, &target.host)
-        .await
-        .context("connector: TLS upgrade")?;
-
-    let _upgraded = ironrdp_tokio::mark_as_upgraded(should_upgrade, &mut connector);
-    let erased: ErasedStream = Box::new(upgraded_stream);
-    let mut target_framed = ironrdp_tokio::TokioFramed::new_with_leftover(erased, leftover);
-
-    let server_public_key = ironrdp_tls::extract_tls_server_public_key(&tls_cert)
-        .ok_or_else(|| anyhow::anyhow!("connector: extract TLS server public key"))?
-        .to_vec();
-
-    if connector.should_perform_credssp() {
-        perform_connector_credssp(
-            &mut connector,
-            &mut target_framed,
-            &mut ReqwestNetworkClient::new(),
-            ironrdp_connector::ServerName::new(&target.host),
-            server_public_key,
-            None,
-        )
-        .await
-        .context("connector: CredSSP")?;
-    }
-    info!("connector: CredSSP complete, credential injection succeeded");
-
-    Ok(target_framed.into_inner())
-}
-
-// Replicated from ironrdp-async's private perform_credssp_step so we can
-// stop before connect_finalize (which would start MCS/capability exchange).
-async fn perform_connector_credssp<S>(
-    connector: &mut ClientConnector,
-    framed: &mut ironrdp_tokio::TokioFramed<S>,
-    network_client: &mut ReqwestNetworkClient,
-    server_name: ironrdp_connector::ServerName,
-    server_public_key: Vec<u8>,
-    kerberos_config: Option<KerberosConfig>,
-) -> Result<()>
-where
-    S: AsyncRead + AsyncWrite + Send + Sync + Unpin + 'static,
-{
-    let selected_protocol = match connector.state {
-        ClientConnectorState::Credssp { selected_protocol } => selected_protocol,
-        _ => anyhow::bail!("connector not in Credssp state"),
-    };
-
-    let (mut sequence, mut ts_request) = CredsspSequence::init(
-        connector.config.credentials.clone(),
-        connector.config.domain.as_deref(),
-        selected_protocol,
-        server_name,
-        server_public_key,
-        kerberos_config,
-    )
-    .context("CredsspSequence::init")?;
-
-    let mut buf = WriteBuf::new();
-
-    loop {
-        let client_state: ClientState = {
-            let mut generator = sequence.process_ts_request(ts_request);
-            let mut state = generator.start();
-            loop {
-                match state {
-                    GeneratorState::Suspended(request) => {
-                        let response = network_client
-                            .send(&request)
-                            .await
-                            .context("CredSSP network request")?;
-                        state = generator.resume(Ok(response));
-                    }
-                    GeneratorState::Completed(result) => {
-                        break result.map_err(|e| anyhow::anyhow!("CredSSP process: {e:?}"))?;
-                    }
-                }
-            }
-        };
-
-        buf.clear();
-        let written = sequence
-            .handle_process_result(client_state, &mut buf)
-            .context("CredsspSequence::handle_process_result")?;
-
-        if let Some(response_len) = written.size() {
-            framed
-                .write_all(&buf[..response_len])
-                .await
-                .context("write CredSSP response")?;
-        }
-
-        let Some(next_pdu_hint) = sequence.next_pdu_hint() else {
-            break;
-        };
-
-        let pdu = framed
-            .read_by_hint(next_pdu_hint)
-            .await
-            .context("read CredSSP PDU")?;
-
-        if let Some(next_request) = sequence
-            .decode_server_message(&pdu)
-            .context("CredsspSequence::decode_server_message")?
-        {
-            ts_request = next_request;
-        } else {
-            break;
-        }
-    }
-
-    connector.mark_credssp_as_done();
-    Ok(())
-}
-
-fn build_acceptor_tls() -> Result<(tokio_rustls::rustls::ServerConfig, Vec<u8>)> {
-    use x509_cert::der::Decode;
-
-    let subject_alt_names = vec!["localhost".to_string(), "infisical-rdp-bridge".to_string()];
-    let cert =
-        rcgen::generate_simple_self_signed(subject_alt_names).context("rcgen self-signed cert")?;
-
-    let cert_der = cert.cert.der().clone();
-    let parsed =
-        x509_cert::Certificate::from_der(cert_der.as_ref()).context("parse self-signed cert")?;
-    let public_key = ironrdp_tls::extract_tls_server_public_key(&parsed)
-        .ok_or_else(|| anyhow::anyhow!("extract public key from self-signed cert"))?
-        .to_vec();
-
-    let key_der = rustls::pki_types::PrivateKeyDer::Pkcs8(cert.key_pair.serialize_der().into());
-    let config = tokio_rustls::rustls::ServerConfig::builder()
-        .with_no_client_auth()
-        .with_single_cert(vec![cert_der], key_der)
-        .context("rustls ServerConfig")?;
-
-    Ok((config, public_key))
-}
-
-pub trait AsyncReadWrite: AsyncRead + AsyncWrite {}
-impl<T> AsyncReadWrite for T where T: AsyncRead + AsyncWrite {}
-
-pub type ErasedStream = Box<dyn AsyncReadWrite + Send + Sync + Unpin + 'static>;
diff --git a/packages/pam/handlers/rdp/native/src/config.rs b/packages/pam/handlers/rdp/native/src/config.rs
deleted file mode 100644
index b1f9a77a..00000000
--- a/packages/pam/handlers/rdp/native/src/config.rs
+++ /dev/null
@@ -1,56 +0,0 @@
-//! Connector config. Only CredSSP-relevant fields matter; after CredSSP
-//! we switch to byte passthrough, so other fields are just shape-fillers.
-
-use ironrdp_connector::{BitmapConfig, Config, Credentials, DesktopSize};
-use ironrdp_pdu::gcc::KeyboardType;
-use ironrdp_pdu::rdp::capability_sets::{BitmapCodecs, MajorPlatformType};
-use ironrdp_pdu::rdp::client_info::{PerformanceFlags, TimezoneInfo};
-
-pub const DEFAULT_WIDTH: u16 = 1920;
-pub const DEFAULT_HEIGHT: u16 = 1080;
-
-pub fn connector_config(username: String, password: String) -> Config {
-    Config {
-        desktop_size: DesktopSize {
-            width: DEFAULT_WIDTH,
-            height: DEFAULT_HEIGHT,
-        },
-        desktop_scale_factor: 0,
-
-        // Advertise HYBRID_EX|HYBRID|SSL to match what native clients send.
-        // Windows App validates the target's echoed clientRequestedProtocols
-        // against what it sent on the acceptor side; if the sets diverge it
-        // disconnects right after Connect Response.
-        enable_tls: true,
-        enable_credssp: true,
-
-        credentials: Credentials::UsernamePassword { username, password },
-        domain: None,
-
-        // Shape-fillers: unused after CredSSP (see module doc).
-        client_build: 0,
-        client_name: String::new(),
-        keyboard_type: KeyboardType::IbmEnhanced,
-        keyboard_subtype: 0,
-        keyboard_functional_keys_count: 12,
-        keyboard_layout: 0,
-        ime_file_name: String::new(),
-        bitmap: Some(BitmapConfig {
-            lossy_compression: false,
-            color_depth: 32,
-            codecs: BitmapCodecs(Vec::new()),
-        }),
-        dig_product_id: String::new(),
-        client_dir: String::new(),
-        platform: MajorPlatformType::UNSPECIFIED,
-        hardware_id: None,
-        request_data: None,
-        autologon: false,
-        enable_audio_playback: false,
-        performance_flags: PerformanceFlags::default(),
-        license_cache: None,
-        timezone_info: TimezoneInfo::default(),
-        enable_server_pointer: false,
-        pointer_software_rendering: false,
-    }
-}
diff --git a/packages/pam/handlers/rdp/native/src/ffi.rs b/packages/pam/handlers/rdp/native/src/ffi.rs
deleted file mode 100644
index ecef7782..00000000
--- a/packages/pam/handlers/rdp/native/src/ffi.rs
+++ /dev/null
@@ -1,229 +0,0 @@
-//! C ABI for the bridge. Called from Go via CGo.
-//!
-//! Each session runs on its own OS thread with a current-thread tokio
-//! runtime. `start_*` transfers ownership of the client fd/socket to
-//! Rust (Go hands in a dup). Contract: wait, then free.
-
-use std::collections::HashMap;
-use std::ffi::{c_char, CStr};
-use std::net::TcpStream as StdTcpStream;
-use std::sync::atomic::{AtomicU64, Ordering};
-use std::sync::{LazyLock, Mutex};
-use std::thread::JoinHandle;
-
-use tokio::net::TcpStream;
-use tokio_util::sync::CancellationToken;
-use tracing::{error, info};
-
-use crate::bridge::{run_mitm, TargetEndpoint};
-
-pub const RDP_BRIDGE_OK: i32 = 0;
-pub const RDP_BRIDGE_SESSION_ERROR: i32 = 1;
-pub const RDP_BRIDGE_THREAD_PANIC: i32 = 2;
-pub const RDP_BRIDGE_INVALID_HANDLE: i32 = -1;
-pub const RDP_BRIDGE_BAD_ARG: i32 = -2;
-pub const RDP_BRIDGE_RUNTIME_ERROR: i32 = -3;
-
-struct BridgeEntry {
-    cancel: CancellationToken,
-    // Taken by wait(); None afterward.
-    join: Mutex<Option<JoinHandle<anyhow::Result<()>>>>,
-}
-
-static HANDLES: LazyLock<Mutex<HashMap<u64, BridgeEntry>>> =
-    LazyLock::new(|| Mutex::new(HashMap::new()));
-static NEXT_HANDLE: AtomicU64 = AtomicU64::new(1);
-
-fn register(entry: BridgeEntry) -> u64 {
-    let id = NEXT_HANDLE.fetch_add(1, Ordering::Relaxed);
-    HANDLES.lock().expect("HANDLES poisoned").insert(id, entry);
-    id
-}
-
-/// # Safety
-///
-/// `ptr` must be null or a valid NUL-terminated C string.
-unsafe fn c_str_to_owned(ptr: *const c_char) -> Option<String> {
-    if ptr.is_null() {
-        return None;
-    }
-    unsafe { CStr::from_ptr(ptr) }
-        .to_str()
-        .ok()
-        .map(str::to_owned)
-}
-
-fn spawn_session(
-    client_tcp: StdTcpStream,
-    host: String,
-    port: u16,
-    username: String,
-    password: String,
-) -> anyhow::Result<u64> {
-    client_tcp.set_nonblocking(true)?;
-    let cancel = CancellationToken::new();
-    let cancel_for_thread = cancel.clone();
-
-    let join = std::thread::Builder::new()
-        .name("rdp-bridge-session".to_owned())
-        .spawn(move || -> anyhow::Result<()> {
-            let rt = tokio::runtime::Builder::new_current_thread()
-                .enable_all()
-                .build()?;
-            rt.block_on(async move {
-                let client = TcpStream::from_std(client_tcp)?;
-                let endpoint = TargetEndpoint {
-                    host,
-                    port,
-                    username,
-                    password,
-                };
-                run_mitm(client, endpoint, cancel_for_thread).await
-            })
-        })?;
-
-    Ok(register(BridgeEntry {
-        cancel,
-        join: Mutex::new(Some(join)),
-    }))
-}
-
-/// # Safety
-///
-/// `client_fd` ownership transfers to the bridge on OK, stays with the
-/// caller on error. Strings must be NUL-terminated valid UTF-8.
-#[cfg(unix)]
-#[no_mangle]
-pub unsafe extern "C" fn rdp_bridge_start_unix_fd(
-    client_fd: std::ffi::c_int,
-    target_host: *const c_char,
-    target_port: u16,
-    username: *const c_char,
-    password: *const c_char,
-    out_handle: *mut u64,
-) -> i32 {
-    if out_handle.is_null() {
-        return RDP_BRIDGE_BAD_ARG;
-    }
-    let host = match unsafe { c_str_to_owned(target_host) } {
-        Some(v) => v,
-        None => return RDP_BRIDGE_BAD_ARG,
-    };
-    let username = match unsafe { c_str_to_owned(username) } {
-        Some(v) => v,
-        None => return RDP_BRIDGE_BAD_ARG,
-    };
-    let password = match unsafe { c_str_to_owned(password) } {
-        Some(v) => v,
-        None => return RDP_BRIDGE_BAD_ARG,
-    };
-
-    use std::os::unix::io::FromRawFd;
-    let client_tcp = unsafe { StdTcpStream::from_raw_fd(client_fd) };
-
-    match spawn_session(client_tcp, host, target_port, username, password) {
-        Ok(id) => {
-            unsafe { *out_handle = id };
-            RDP_BRIDGE_OK
-        }
-        Err(e) => {
-            error!(error = ?e, "rdp_bridge_start_unix_fd: failed to spawn session");
-            RDP_BRIDGE_RUNTIME_ERROR
-        }
-    }
-}
-
-/// # Safety
-///
-/// See `rdp_bridge_start_unix_fd`.
-#[cfg(windows)]
-#[no_mangle]
-pub unsafe extern "C" fn rdp_bridge_start_windows_socket(
-    client_socket: usize,
-    target_host: *const c_char,
-    target_port: u16,
-    username: *const c_char,
-    password: *const c_char,
-    out_handle: *mut u64,
-) -> i32 {
-    if out_handle.is_null() {
-        return RDP_BRIDGE_BAD_ARG;
-    }
-    let host = match unsafe { c_str_to_owned(target_host) } {
-        Some(v) => v,
-        None => return RDP_BRIDGE_BAD_ARG,
-    };
-    let username = match unsafe { c_str_to_owned(username) } {
-        Some(v) => v,
-        None => return RDP_BRIDGE_BAD_ARG,
-    };
-    let password = match unsafe { c_str_to_owned(password) } {
-        Some(v) => v,
-        None => return RDP_BRIDGE_BAD_ARG,
-    };
-
-    use std::os::windows::io::{FromRawSocket, RawSocket};
-    let client_tcp = unsafe { StdTcpStream::from_raw_socket(client_socket as RawSocket) };
-
-    match spawn_session(client_tcp, host, target_port, username, password) {
-        Ok(id) => {
-            unsafe { *out_handle = id };
-            RDP_BRIDGE_OK
-        }
-        Err(e) => {
-            error!(error = ?e, "rdp_bridge_start_windows_socket: failed to spawn session");
-            RDP_BRIDGE_RUNTIME_ERROR
-        }
-    }
-}
-
-#[no_mangle]
-pub extern "C" fn rdp_bridge_wait(handle: u64) -> i32 {
-    let join = {
-        let handles = HANDLES.lock().expect("HANDLES poisoned");
-        match handles.get(&handle) {
-            Some(entry) => entry.join.lock().expect("join poisoned").take(),
-            None => return RDP_BRIDGE_INVALID_HANDLE,
-        }
-    };
-
-    match join {
-        Some(jh) => match jh.join() {
-            Ok(Ok(())) => {
-                info!(handle, "rdp_bridge_wait: session ended cleanly");
-                RDP_BRIDGE_OK
-            }
-            Ok(Err(e)) => {
-                error!(handle, error = ?e, "rdp_bridge_wait: session failed");
-                RDP_BRIDGE_SESSION_ERROR
-            }
-            Err(_) => {
-                error!(handle, "rdp_bridge_wait: session thread panicked");
-                RDP_BRIDGE_THREAD_PANIC
-            }
-        },
-        None => RDP_BRIDGE_OK,
-    }
-}
-
-#[no_mangle]
-pub extern "C" fn rdp_bridge_cancel(handle: u64) -> i32 {
-    let handles = HANDLES.lock().expect("HANDLES poisoned");
-    match handles.get(&handle) {
-        Some(entry) => {
-            entry.cancel.cancel();
-            RDP_BRIDGE_OK
-        }
-        None => RDP_BRIDGE_INVALID_HANDLE,
-    }
-}
-
-#[no_mangle]
-pub extern "C" fn rdp_bridge_free(handle: u64) -> i32 {
-    let mut handles = HANDLES.lock().expect("HANDLES poisoned");
-    if handles.remove(&handle).is_some() {
-        RDP_BRIDGE_OK
-    } else {
-        RDP_BRIDGE_INVALID_HANDLE
-    }
-}
diff --git a/packages/pam/handlers/rdp/native/src/lib.rs b/packages/pam/handlers/rdp/native/src/lib.rs
deleted file mode 100644
index 61c64480..00000000
--- a/packages/pam/handlers/rdp/native/src/lib.rs
+++ /dev/null
@@ -1,7 +0,0 @@
-//! Infisical RDP MITM bridge. Accepts inbound RDP with a placeholder
-//! credential, connects outbound with gateway-injected credentials, then
-//! passes bytes through.
-
-pub mod bridge;
-pub mod config;
-pub mod ffi;
diff --git a/packages/pam/handlers/rdp/proxy.go b/packages/pam/handlers/rdp/proxy.go
deleted file mode 100644
index e113902a..00000000
--- a/packages/pam/handlers/rdp/proxy.go
+++ /dev/null
@@ -1,24 +0,0 @@
-package rdp
-
-import (
-	"github.com/Infisical/infisical-merge/packages/pam/session"
-)
-
-type RDPProxyConfig struct {
-	TargetHost     string
-	TargetPort     uint16
-	InjectUsername string
-	InjectPassword string
-	SessionID      string
-	// Retained for API symmetry with other PAM handlers; not yet written
-	// through (no RDP session recording in this MVP).
-	SessionLogger session.SessionLogger
-}
-
-type RDPProxy struct {
-	config RDPProxyConfig
-}
-
-func NewRDPProxy(config RDPProxyConfig) *RDPProxy {
-	return &RDPProxy{config: config}
-}
diff --git a/packages/pam/local/rdp-proxy.go b/packages/pam/local/rdp-proxy.go
deleted file mode 100644
index af3b43ef..00000000
--- a/packages/pam/local/rdp-proxy.go
+++ /dev/null
@@ -1,369 +0,0 @@
-package pam
-
-import (
-	"context"
-	"fmt"
-	"io"
-	"net"
-	"os"
-	"os/exec"
-	"os/signal"
-	"path/filepath"
-	"runtime"
-	"syscall"
-	"time"
-
-	"github.com/Infisical/infisical-merge/packages/util"
-	"github.com/go-resty/resty/v2"
-	"github.com/rs/zerolog/log"
-)
-
-// RDPProxyServer exposes a local loopback TCP listener that tunnels bytes
-// to the gateway's RDP MITM bridge via the existing mTLS + SSH relay. The
-// user's RDP client connects to the loopback port; the gateway takes care
-// of credential injection and forwarding to the Windows target.
-type RDPProxyServer struct {
-	BaseProxyServer
-	server      net.Listener
-	port        int
-	rdpFilePath string // path to the generated .rdp file, if any
-}
-
-// StartRDPLocalProxy is the CLI entry point for `infisical pam rdp access`.
-// It creates a PAM session with the backend, binds a loopback listener,
-// writes a .rdp file pointing at that loopback, optionally launches the
-// user's default RDP client, and forwards accepted connections to the
-// gateway.
-func StartRDPLocalProxy(accessToken string, accessParams PAMAccessParams, projectID string, durationStr string, port int, noLaunch bool) {
-	log.Info().Msgf("Starting RDP proxy for account: %s", accessParams.GetDisplayName())
-	log.Info().Msgf("Session duration: %s", durationStr)
-
-	httpClient := resty.New()
-	httpClient.SetAuthToken(accessToken)
-	httpClient.SetHeader("User-Agent", "infisical-cli")
-
-	pamRequest := accessParams.ToAPIRequest(projectID, durationStr)
-
-	pamResponse, err := CallPAMAccessWithMFA(httpClient, pamRequest, true)
-	if err != nil {
-		if HandleApprovalWorkflow(httpClient, err, projectID, accessParams, durationStr) {
-			return
-		}
-		util.HandleError(err, "Failed to access PAM account")
-		return
-	}
-
-	log.Info().Msgf("RDP session created with ID: %s", pamResponse.SessionId)
-
-	duration, err := time.ParseDuration(durationStr)
-	if err != nil {
-		util.HandleError(err, "Failed to parse duration")
-		return
-	}
-
-	ctx, cancel := context.WithCancel(context.Background())
-
-	proxy := &RDPProxyServer{
-		BaseProxyServer: BaseProxyServer{
-			httpClient:             httpClient,
-			relayHost:              pamResponse.RelayHost,
-			relayClientCert:        pamResponse.RelayClientCertificate,
-			relayClientKey:         pamResponse.RelayClientPrivateKey,
-			relayServerCertChain:   pamResponse.RelayServerCertificateChain,
-			gatewayClientCert:      pamResponse.GatewayClientCertificate,
-			gatewayClientKey:       pamResponse.GatewayClientPrivateKey,
-			gatewayServerCertChain: pamResponse.GatewayServerCertificateChain,
-			sessionExpiry:          time.Now().Add(duration),
-			sessionId:              pamResponse.SessionId,
-			resourceType:           pamResponse.ResourceType,
-			ctx:                    ctx,
-			cancel:                 cancel,
-			shutdownCh:             make(chan struct{}),
-		},
-	}
-
-	if err := proxy.ValidateResourceTypeSupported(); err != nil {
-		util.HandleError(err, "Gateway version outdated")
-		return
-	}
-
-	if err := proxy.Start(port); err != nil {
-		util.HandleError(err, "Failed to start proxy server")
-		return
-	}
-
-	username, ok := pamResponse.Metadata["username"]
-	if !ok {
-		util.HandleError(fmt.Errorf("PAM response metadata is missing 'username'"), "Failed to start proxy server")
-		return
-	}
-
-	rdpFilePath, err := writeRDPFile(proxy.port, pamResponse.SessionId, username)
-	if err != nil {
-		log.Warn().Err(err).Msg("Failed to write .rdp file; proxy still running")
-	} else {
-		proxy.rdpFilePath = rdpFilePath
-	}
-
-	log.Info().Msgf("RDP proxy server listening on port %d", proxy.port)
-	util.PrintfStderr("\n")
-	util.PrintfStderr("**********************************************************************\n")
-	util.PrintfStderr("                      RDP Proxy Session Started!                      \n")
-	util.PrintfStderr("----------------------------------------------------------------------\n")
-	util.PrintfStderr("Resource: %s\n", accessParams.ResourceName)
-	util.PrintfStderr("Account:  %s\n", accessParams.AccountName)
-	util.PrintfStderr("\n")
-	util.PrintfStderr("Connect your RDP client to:\n")
-	util.PrintfStderr("  127.0.0.1:%d\n", proxy.port)
-	util.PrintfStderr("With credentials:\n")
-	util.PrintfStderr("  username: %s\n", username)
-	util.PrintfStderr("  password: (leave blank)\n")
-	if proxy.rdpFilePath != "" {
-		util.PrintfStderr("\n")
-		util.PrintfStderr("Generated .rdp file:\n")
-		util.PrintfStderr("  %s\n", proxy.rdpFilePath)
-	}
-	util.PrintfStderr("\n")
-	util.PrintfStderr("Press Ctrl+C to terminate the session.\n")
-	util.PrintfStderr("**********************************************************************\n")
-	util.PrintfStderr("\n")
-
-	if !noLaunch && proxy.rdpFilePath != "" {
-		if err := launchRDPClient(proxy.rdpFilePath); err != nil {
-			log.Warn().Err(err).Msg("Failed to auto-launch RDP client; connect manually using the details above")
-		}
-	}
-
-	sigChan := make(chan os.Signal, 1)
-	signal.Notify(sigChan, syscall.SIGINT, syscall.SIGTERM)
-	go func() {
-		sig := <-sigChan
-		log.Info().Msgf("Received signal %v, initiating graceful shutdown...", sig)
-		proxy.gracefulShutdown()
-	}()
-
-	proxy.Run()
-}
-
-// Start binds the loopback listener. Port 0 picks a random free port.
-func (p *RDPProxyServer) Start(port int) error {
-	var err error
-	if port == 0 {
-		p.server, err = net.Listen("tcp", "127.0.0.1:0")
-	} else {
-		p.server, err = net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port))
-	}
-	if err != nil {
-		return fmt.Errorf("failed to start server: %w", err)
-	}
-	p.port = p.server.Addr().(*net.TCPAddr).Port
-	return nil
-}
-
-func (p *RDPProxyServer) gracefulShutdown() {
-	p.shutdownOnce.Do(func() {
-		log.Info().Msg("Starting graceful shutdown of RDP proxy...")
-
-		// Remove the .rdp file first: p.cancel() below unblocks Run(),
-		// which returns to main, which may exit before the rest of this
-		// goroutine completes. Do the cleanup that has to happen before
-		// anything that could let main race ahead.
-		if p.rdpFilePath != "" {
-			if err := os.Remove(p.rdpFilePath); err != nil && !os.IsNotExist(err) {
-				log.Debug().Err(err).Str("path", p.rdpFilePath).Msg("Failed to remove .rdp file on exit")
-			}
-		}
-
-		p.NotifySessionTermination()
-
-		close(p.shutdownCh)
-
-		if p.server != nil {
-			p.server.Close()
-		}
-
-		p.cancel()
-
-		p.WaitForConnectionsWithTimeout(10 * time.Second)
-
-		log.Info().Msg("RDP proxy shutdown complete")
-		os.Exit(0)
-	})
-}
-
-func (p *RDPProxyServer) Run() {
-	defer p.server.Close()
-
-	for {
-		select {
-		case <-p.ctx.Done():
-			log.Info().Msg("Context cancelled, stopping proxy server")
-			return
-		case <-p.shutdownCh:
-			log.Info().Msg("Shutdown signal received, stopping proxy server")
-			return
-		default:
-			if time.Now().After(p.sessionExpiry) {
-				log.Warn().Msg("RDP session expired, shutting down proxy")
-				p.gracefulShutdown()
-				return
-			}
-
-			if tcpListener, ok := p.server.(*net.TCPListener); ok {
-				tcpListener.SetDeadline(time.Now().Add(1 * time.Second))
-			}
-
-			conn, err := p.server.Accept()
-			if err != nil {
-				if netErr, ok := err.(net.Error); ok && netErr.Timeout() {
-					continue
-				}
-				select {
-				case <-p.ctx.Done():
-					return
-				case <-p.shutdownCh:
-					return
-				default:
-					log.Error().Err(err).Msg("Failed to accept connection")
-					continue
-				}
-			}
-
-			p.activeConnections.Add(1)
-			go p.handleConnection(conn)
-		}
-	}
-}
-
-// handleConnection forwards bytes between the RDP client and the gateway
-// tunnel. Identical shape to the database proxy; the gateway's RDP
-// handler takes over on the other side.
-func (p *RDPProxyServer) handleConnection(clientConn net.Conn) {
-	defer func() {
-		clientConn.Close()
-		p.activeConnections.Done()
-	}()
-
-	log.Info().Msgf("New RDP connection from %s", clientConn.RemoteAddr())
-
-	select {
-	case <-p.ctx.Done():
-		return
-	default:
-	}
-
-	relayConn, err := p.CreateRelayConnection()
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to connect to relay")
-		return
-	}
-	defer relayConn.Close()
-
-	gatewayConn, err := p.CreateGatewayConnection(relayConn, ALPNInfisicalPAMProxy)
-	if err != nil {
-		log.Error().Err(err).Msg("Failed to connect to gateway")
-		return
-	}
-	defer gatewayConn.Close()
-
-	log.Info().Msg("Established connection to RDP resource")
-
-	connCtx, connCancel := context.WithCancel(p.ctx)
-	defer connCancel()
-
-	done := make(chan struct{}, 2)
-
-	go func() {
-		defer connCancel()
-		_, err := io.Copy(clientConn, gatewayConn)
-		if err != nil {
-			select {
-			case <-connCtx.Done():
-			default:
-				log.Debug().Err(err).Msg("Gateway to client copy ended")
-			}
-		}
-		done <- struct{}{}
-	}()
-
-	go func() {
-		defer connCancel()
-		_, err := io.Copy(gatewayConn, clientConn)
-		if err != nil {
-			select {
-			case <-connCtx.Done():
-			default:
-				log.Debug().Err(err).Msg("Client to gateway copy ended")
-			}
-		}
-		done <- struct{}{}
-	}()
-
-	select {
-	case <-done:
-	case <-connCtx.Done():
-		log.Info().Msg("Connection cancelled by context")
-	}
-
-	log.Info().Msgf("RDP connection closed for client: %s", clientConn.RemoteAddr().String())
-}
-
-// writeRDPFile creates a .rdp file pointing at the local loopback
-// listener. Files live under `~/.infisical/rdp/` to match the CLI's
-// existing convention for per-user state (alongside the login config
-// and update-check cache). Filename includes the session ID so
-// concurrent sessions don't collide. The file is removed on graceful
-// shutdown (see gracefulShutdown) since the embedded loopback port
-// becomes invalid as soon as the CLI exits; reopening the file later
-// would just dial a dead port.
-// Falls back to the OS temp dir if the home directory can't be resolved.
-func writeRDPFile(listenPort int, sessionID, username string) (string, error) {
-	filename := fmt.Sprintf("infisical-rdp-%s.rdp", sessionID)
-
-	dir, err := rdpFileDir()
-	if err != nil {
-		log.Debug().Err(err).Msg("Falling back to OS temp dir for .rdp file")
-		dir = os.TempDir()
-	} else if err := os.MkdirAll(dir, 0o700); err != nil {
-		return "", fmt.Errorf("create rdp dir %q: %w", dir, err)
-	}
-	path := filepath.Join(dir, filename)
-
-	content := fmt.Sprintf(
-		"full address:s:127.0.0.1:%d\r\n"+
-			"username:s:%s\r\n",
-		listenPort,
-		username,
-	)
-
-	if err := os.WriteFile(path, []byte(content), 0o600); err != nil {
-		return "", fmt.Errorf("write rdp file: %w", err)
-	}
-	return path, nil
-}
-
-// rdpFileDir returns ~/.infisical/rdp (the conventional per-user state
-// location for CLI data; see util.CONFIG_FOLDER_NAME).
-func rdpFileDir() (string, error) {
-	home, err := util.GetHomeDir()
-	if err != nil {
-		return "", err
-	}
-	return filepath.Join(home, util.CONFIG_FOLDER_NAME, "rdp"), nil
-}
-
-// launchRDPClient opens the given .rdp file with the user's default RDP
-// client. Failure is non-fatal; the caller can still manually connect
-// using the printed connection details.
-func launchRDPClient(rdpFilePath string) error {
-	var cmd *exec.Cmd
-	switch runtime.GOOS {
-	case "darwin":
-		cmd = exec.Command("open", rdpFilePath)
-	case "windows":
-		cmd = exec.Command("cmd", "/c", "start", "", rdpFilePath)
-	default:
-		cmd = exec.Command("xdg-open", rdpFilePath)
-	}
-	return cmd.Start()
-}
diff --git a/packages/pam/pam-proxy.go b/packages/pam/pam-proxy.go
index 0cd6c29e..3c44db0d 100644
--- a/packages/pam/pam-proxy.go
+++ b/packages/pam/pam-proxy.go
@@ -18,7 +18,6 @@ import (
 	"github.com/Infisical/infisical-merge/packages/pam/handlers/mongodb"
 	"github.com/Infisical/infisical-merge/packages/pam/handlers/mssql"
 	"github.com/Infisical/infisical-merge/packages/pam/handlers/mysql"
-	"github.com/Infisical/infisical-merge/packages/pam/handlers/rdp"
 	"github.com/Infisical/infisical-merge/packages/pam/handlers/redis"
 	"github.com/Infisical/infisical-merge/packages/pam/handlers/ssh"
 	"github.com/Infisical/infisical-merge/packages/pam/session"
@@ -46,7 +45,7 @@ type PAMCapabilitiesResponse struct {
 }
 
 func GetSupportedResourceTypes() []string {
-	types := []string{
+	return []string{
 		session.ResourceTypePostgres,
 		session.ResourceTypeMysql,
 		session.ResourceTypeMssql,
@@ -55,13 +54,6 @@ func GetSupportedResourceTypes() []string {
 		session.ResourceTypeRedis,
 		session.ResourceTypeMongodb,
 	}
-	// Only advertise RDP when the real bridge is compiled in. A stub
-	// build would otherwise accept RDP session routing and fail every
-	// session at connect time with ErrRdpUnavailable.
-	if rdp.IsSupported() {
-		types = append(types, session.ResourceTypeWindows)
-	}
-	return types
 }
 
 // HandlePAMCapabilities handles the capabilities request from the client
@@ -413,24 +405,6 @@ func HandlePAMProxy(ctx context.Context, conn *tls.Conn, pamConfig *GatewayPAMCo
 		}
 
 		return proxy.HandleConnection(ctx, conn, sessionLogger)
-	case session.ResourceTypeWindows:
-		if credentials.Port <= 0 || credentials.Port > 65535 {
-			return fmt.Errorf("rdp: target port %d out of range", credentials.Port)
-		}
-		rdpConfig := rdp.RDPProxyConfig{
-			TargetHost:     credentials.Host,
-			TargetPort:     uint16(credentials.Port),
-			InjectUsername: credentials.Username,
-			InjectPassword: credentials.Password,
-			SessionID:      pamConfig.SessionId,
-			SessionLogger:  sessionLogger,
-		}
-		proxy := rdp.NewRDPProxy(rdpConfig)
-		log.Info().
-			Str("sessionId", pamConfig.SessionId).
-			Str("target", fmt.Sprintf("%s:%d", credentials.Host, credentials.Port)).
-			Msg("Starting RDP PAM proxy")
-		return proxy.HandleConnection(ctx, conn)
 	default:
 		return fmt.Errorf("unsupported resource type: %s", pamConfig.ResourceType)
 	}
diff --git a/packages/pam/session/uploader.go b/packages/pam/session/uploader.go
index 6f43781c..8dd0e749 100644
--- a/packages/pam/session/uploader.go
+++ b/packages/pam/session/uploader.go
@@ -31,7 +31,6 @@ const (
 	ResourceTypeSSH        = "ssh"
 	ResourceTypeKubernetes = "kubernetes"
 	ResourceTypeMongodb    = "mongodb"
-	ResourceTypeWindows    = "windows"
 )
 
 type SessionFileInfo struct {
@@ -75,7 +74,7 @@ func NewSessionUploader(httpClient *resty.Client, credentialsManager *Credential
 func ParseSessionFilename(filename string) (*SessionFileInfo, error) {
 	// Try new format first: pam_session_{sessionID}_{resourceType}_expires_{timestamp}.enc
 	// Build regex pattern using constants
-	resourceTypePattern := fmt.Sprintf("(%s|%s|%s|%s|%s|%s|%s|%s)", ResourceTypeSSH, ResourceTypePostgres, ResourceTypeRedis, ResourceTypeMysql, ResourceTypeMssql, ResourceTypeKubernetes, ResourceTypeMongodb, ResourceTypeWindows)
+	resourceTypePattern := fmt.Sprintf("(%s|%s|%s|%s|%s|%s|%s)", ResourceTypeSSH, ResourceTypePostgres, ResourceTypeRedis, ResourceTypeMysql, ResourceTypeMssql, ResourceTypeKubernetes, ResourceTypeMongodb)
 	newFormatRegex := regexp.MustCompile(fmt.Sprintf(`^pam_session_(.+)_%s_expires_(\d+)\.enc$`, resourceTypePattern))
 	matches := newFormatRegex.FindStringSubmatch(filename)