WIP

.config/dotnet-tools.json

@@ -3,10 +3,11 @@
   "isRoot": true,
   "tools": {
     "dotnet-ef": {
-      "version": "8.0.3",
+      "version": "9.0.9",
       "commands": [
         "dotnet-ef"
-      ]
+      ],
+      "rollForward": false
     }
   }
 }

.run/Agent 1.run.xml

@@ -5,8 +5,7 @@
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/.workdir/Agent1" />
     <option name="PASS_PARENT_ENVS" value="1" />
     <envs>
-      <env name="AGENT_KEY" value="K5ZRZYYJ9GWM2FS6XH5N5QQ7WZRPNDGHYMN5QP7RP6PPY27KRPMSYGCN" />
-      <env name="AGENT_NAME" value="Agent 1" />
+      <env name="AGENT_KEY_FILE" value="./key" />
       <env name="ALLOWED_RCON_PORTS" value="25575,27000,27001" />
       <env name="ALLOWED_SERVER_PORTS" value="25565,26000,26001" />
       <env name="CONTROLLER_HOST" value="localhost" />
@@ -14,14 +13,12 @@
       <env name="MAX_INSTANCES" value="3" />
       <env name="MAX_MEMORY" value="12G" />
     </envs>
-    <option name="USE_EXTERNAL_CONSOLE" value="0" />
     <option name="ENV_FILE_PATHS" value="" />
     <option name="REDIRECT_INPUT_PATH" value="" />
-    <option name="PTY_MODE" value="Auto" />
+    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="USE_MONO" value="0" />
     <option name="RUNTIME_ARGUMENTS" value="" />
     <option name="AUTO_ATTACH_CHILDREN" value="0" />
-    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="PROJECT_PATH" value="$PROJECT_DIR$/Agent/Phantom.Agent/Phantom.Agent.csproj" />
     <option name="PROJECT_EXE_PATH_TRACKING" value="1" />
     <option name="PROJECT_ARGUMENTS_TRACKING" value="1" />

.run/Agent 2.run.xml

@@ -5,8 +5,7 @@
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/.workdir/Agent2" />
     <option name="PASS_PARENT_ENVS" value="1" />
     <envs>
-      <env name="AGENT_KEY" value="K5ZRZYYJ9GWM2FS6XH5N5QQ7WZRPNDGHYMN5QP7RP6PPY27KRPMSYGCN" />
-      <env name="AGENT_NAME" value="Agent 2" />
+      <env name="AGENT_KEY_FILE" value="./key" />
       <env name="ALLOWED_RCON_PORTS" value="27002-27006" />
       <env name="ALLOWED_SERVER_PORTS" value="26002-26006" />
       <env name="CONTROLLER_HOST" value="localhost" />
@@ -14,14 +13,12 @@
       <env name="MAX_INSTANCES" value="5" />
       <env name="MAX_MEMORY" value="10G" />
     </envs>
-    <option name="USE_EXTERNAL_CONSOLE" value="0" />
     <option name="ENV_FILE_PATHS" value="" />
     <option name="REDIRECT_INPUT_PATH" value="" />
-    <option name="PTY_MODE" value="Auto" />
+    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="USE_MONO" value="0" />
     <option name="RUNTIME_ARGUMENTS" value="" />
     <option name="AUTO_ATTACH_CHILDREN" value="0" />
-    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="PROJECT_PATH" value="$PROJECT_DIR$/Agent/Phantom.Agent/Phantom.Agent.csproj" />
     <option name="PROJECT_EXE_PATH_TRACKING" value="1" />
     <option name="PROJECT_ARGUMENTS_TRACKING" value="1" />

.run/Agent 3.run.xml

@@ -5,8 +5,7 @@
     <option name="WORKING_DIRECTORY" value="$PROJECT_DIR$/.workdir/Agent3" />
     <option name="PASS_PARENT_ENVS" value="1" />
     <envs>
-      <env name="AGENT_KEY" value="K5ZRZYYJ9GWM2FS6XH5N5QQ7WZRPNDGHYMN5QP7RP6PPY27KRPMSYGCN" />
-      <env name="AGENT_NAME" value="Agent 3" />
+      <env name="AGENT_KEY_FILE" value="./key" />
       <env name="ALLOWED_RCON_PORTS" value="27007" />
       <env name="ALLOWED_SERVER_PORTS" value="26007" />
       <env name="CONTROLLER_HOST" value="localhost" />
@@ -14,14 +13,12 @@
       <env name="MAX_INSTANCES" value="1" />
       <env name="MAX_MEMORY" value="2560M" />
     </envs>
-    <option name="USE_EXTERNAL_CONSOLE" value="0" />
     <option name="ENV_FILE_PATHS" value="" />
     <option name="REDIRECT_INPUT_PATH" value="" />
-    <option name="PTY_MODE" value="Auto" />
+    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="USE_MONO" value="0" />
     <option name="RUNTIME_ARGUMENTS" value="" />
     <option name="AUTO_ATTACH_CHILDREN" value="0" />
-    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="PROJECT_PATH" value="$PROJECT_DIR$/Agent/Phantom.Agent/Phantom.Agent.csproj" />
     <option name="PROJECT_EXE_PATH_TRACKING" value="1" />
     <option name="PROJECT_ARGUMENTS_TRACKING" value="1" />

.run/Web.run.xml

@@ -7,17 +7,15 @@
     <envs>
       <env name="ASPNETCORE_ENVIRONMENT" value="Development" />
       <env name="CONTROLLER_HOST" value="localhost" />
-      <env name="WEB_KEY" value="T5Y722D2GZBXT2H27QS95P2YQRFB2GCTKHSWT5CZFDTFKW52TCM9GDRW" />
+      <env name="WEB_KEY" value="G9WXPDGCGHJD9W9XBPMNYWN6YTK7NKRWHT29P2XKNDCBWKHWXP2YQRFB2GCTKHSWT5CZFDTFKW52TCM9GDRW" />
       <env name="WEB_SERVER_HOST" value="localhost" />
     </envs>
-    <option name="USE_EXTERNAL_CONSOLE" value="0" />
     <option name="ENV_FILE_PATHS" value="" />
     <option name="REDIRECT_INPUT_PATH" value="" />
-    <option name="PTY_MODE" value="Auto" />
+    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="USE_MONO" value="0" />
     <option name="RUNTIME_ARGUMENTS" value="" />
     <option name="AUTO_ATTACH_CHILDREN" value="0" />
-    <option name="MIXED_MODE_DEBUG" value="0" />
     <option name="PROJECT_PATH" value="$PROJECT_DIR$/Web/Phantom.Web/Phantom.Web.csproj" />
     <option name="PROJECT_EXE_PATH_TRACKING" value="1" />
     <option name="PROJECT_ARGUMENTS_TRACKING" value="1" />

.workdir/Controller/secrets/agent.auth

@@ -1 +0,0 @@
-满<EFBFBD>H<EFBFBD>c<EFBFBD>og<EFBFBD>

.workdir/Controller/secrets/web.auth

@@ -1 +1,2 @@
-<07>U<EFBFBD>/<2F><04><EFBFBD><EFBFBD>q
+q<EFBFBD><EFBFBD>h4<EFBFBD><EFBFBD>H<EFBFBD><18>7<EFBFBD><37><EFBFBD><EFBFBD>H`<EFBFBD><EFBFBD>W
+<EFBFBD>4u`G

Agent/Phantom.Agent.Minecraft.Tests/Java/JavaPropertiesStreamTests.cs

@@ -0,0 +1,289 @@
+using System.Collections.Immutable;
+using NUnit.Framework;
+using Phantom.Agent.Minecraft.Java;
+using Phantom.Utils.Collections;
+
+namespace Phantom.Agent.Minecraft.Tests.Java;
+
+[TestFixture]
+public sealed class JavaPropertiesStreamTests {
+	public sealed class Reader {
+		private static async Task<ImmutableArray<KeyValuePair<string, string>>> Parse(string contents) {
+			using var stream = new MemoryStream(JavaPropertiesStream.Encoding.GetBytes(contents));
+			using var properties = new JavaPropertiesStream.Reader(stream);
+			return await properties.ReadProperties(CancellationToken.None).ToImmutableArrayAsync();
+		}
+		
+		private static ImmutableArray<KeyValuePair<string, string>> KeyValue(string key, string value) {
+			return [new KeyValuePair<string, string>(key, value)];
+		}
+		
+		[TestCase("")]
+		[TestCase("\n")]
+		public async Task EmptyLinesAreIgnored(string contents) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(ImmutableArray<KeyValuePair<string, string>>.Empty));
+		}
+		
+		[TestCase("# Comment")]
+		[TestCase("! Comment")]
+		[TestCase("# Comment\n! Comment")]
+		public async Task CommentsAreIgnored(string contents) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(ImmutableArray<KeyValuePair<string, string>>.Empty));
+		}
+		
+		[TestCase("key=value")]
+		[TestCase("key= value")]
+		[TestCase("key =value")]
+		[TestCase("key = value")]
+		[TestCase("key:value")]
+		[TestCase("key: value")]
+		[TestCase("key :value")]
+		[TestCase("key : value")]
+		[TestCase("key value")]
+		[TestCase("key\tvalue")]
+		[TestCase("key\fvalue")]
+		[TestCase("key \t\fvalue")]
+		public async Task SimpleKeyValue(string contents) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", "value")));
+		}
+		
+		[TestCase("key")]
+		[TestCase(" key")]
+		[TestCase(" key ")]
+		[TestCase("key=")]
+		[TestCase("key:")]
+		public async Task KeyWithoutValue(string contents) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", "")));
+		}
+		
+		[TestCase(@"\#key=value", "#key")]
+		[TestCase(@"\!key=value", "!key")]
+		public async Task KeyBeginsWithEscapedComment(string contents, string expectedKey) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue(expectedKey, "value")));
+		}
+		
+		[TestCase(@"\=key=value", "=key")]
+		[TestCase(@"\:key=value", ":key")]
+		[TestCase(@"\ key=value", " key")]
+		[TestCase("\\\tkey=value", "\tkey")]
+		[TestCase("\\\fkey=value", "\fkey")]
+		public async Task KeyBeginsWithEscapedDelimiter(string contents, string expectedKey) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue(expectedKey, "value")));
+		}
+		
+		[TestCase(@"start\=end=value", "start=end")]
+		[TestCase(@"start\:end:value", "start:end")]
+		[TestCase(@"start\ end value", "start end")]
+		[TestCase(@"start\ \:\=end = value", "start :=end")]
+		[TestCase("start\\ \\\t\\\fend = value", "start \t\fend")]
+		public async Task KeyContainsEscapedDelimiter(string contents, string expectedKey) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue(expectedKey, "value")));
+		}
+		
+		[TestCase(@"key = \ value", " value")]
+		[TestCase("key = \\\tvalue", "\tvalue")]
+		[TestCase("key = \\\fvalue", "\fvalue")]
+		[TestCase("key=\\ \\\t\\\fvalue", " \t\fvalue")]
+		public async Task ValueBeginsWithEscapedWhitespace(string contents, string expectedValue) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", expectedValue)));
+		}
+		
+		[TestCase(@"key = value\", "value")]
+		public async Task ValueEndsWithTrailingBackslash(string contents, string expectedValue) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", expectedValue)));
+		}
+		
+		[TestCase("key=\\\0", "\0")]
+		[TestCase(@"key=\\", "\\")]
+		[TestCase(@"key=\t", "\t")]
+		[TestCase(@"key=\n", "\n")]
+		[TestCase(@"key=\r", "\r")]
+		[TestCase(@"key=\f", "\f")]
+		[TestCase(@"key=\u3053\u3093\u306b\u3061\u306f", "こんにちは")]
+		[TestCase(@"key=\u3053\u3093\u306B\u3061\u306F", "こんにちは")]
+		[TestCase("key=\\\0\\\\\\t\\n\\r\\f\\u3053", "\0\\\t\n\r\fこ")]
+		public async Task ValueContainsEscapedSpecialCharacters(string contents, string expectedValue) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", expectedValue)));
+		}
+		
+		[TestCase("key=first\\\nsecond", "first\nsecond")]
+		[TestCase("key=first\\\n    second", "first\nsecond")]
+		[TestCase("key=first\\\n#second", "first\n#second")]
+		[TestCase("key=first\\\n!second", "first\n!second")]
+		public async Task ValueContainsNewLine(string contents, string expectedValue) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", expectedValue)));
+		}
+		
+		[TestCase("key=first\\\n    \\ second", "first\n second")]
+		[TestCase("key=first\\\n    \\\tsecond", "first\n\tsecond")]
+		[TestCase("key=first\\\n    \\\fsecond", "first\n\fsecond")]
+		[TestCase("key=first\\\n \t\f\\ second", "first\n second")]
+		public async Task ValueContainsNewLineWithEscapedLeadingWhitespace(string contents, string expectedValue) {
+			Assert.That(await Parse(contents), Is.EquivalentTo(KeyValue("key", expectedValue)));
+		}
+		
+		[Test]
+		public async Task ExampleFile() {
+			// From Wikipedia: https://en.wikipedia.org/wiki/.properties
+			const string ExampleFile = """
+			                           # You are reading a comment in ".properties" file.
+			                           ! The exclamation mark ('!') can also be used for comments.
+			                           # Comments are ignored.
+			                           # Blank lines are also ignored.
+			                           
+			                           # Lines with "properties" contain a key and a value separated by a delimiting character.
+			                           # There are 3 delimiting characters: equal ('='), colon (':') and whitespace (' ', '\t' and '\f').
+			                           website = https://en.wikipedia.org/
+			                           language : English
+			                           topic .properties files
+			                           # A word on a line will just create a key with no value.
+			                           empty
+			                           # Whitespace that appears between the key, the delimiter and the value is ignored.
+			                           # This means that the following are equivalent (other than for readability).
+			                           hello=hello
+			                           hello = hello
+			                           # To start the value with whitespace, escape it with a backslash ('\').
+			                           whitespaceStart = \ <-This space is not ignored.
+			                           # Keys with the same name will be overwritten by the key that is the furthest in a file.
+			                           # For example the final value for "duplicateKey" will be "second".
+			                           duplicateKey = first
+			                           duplicateKey = second
+			                           # To use the delimiter characters inside a key, you need to escape them with a ('\').
+			                           # However, there is no need to do this in the value.
+			                           delimiterCharacters\:\=\ = This is the value for the key "delimiterCharacters\:\=\ "
+			                           # Adding a backslash ('\') at the end of a line means that the value continues on the next line.
+			                           multiline = This line \
+			                           continues
+			                           # If you want your value to include a backslash ('\'), it should be escaped by another backslash ('\').
+			                           path = c:\\wiki\\templates
+			                           # This means that if the number of backslashes ('\') at the end of the line is even, the next line is not included in the value. 
+			                           # In the following example, the value for "evenKey" is "This is on one line\".
+			                           evenKey = This is on one line\\
+			                           # This line is a normal comment and is not included in the value for "evenKey".
+			                           # If the number of backslash ('\') is odd, then the next line is included in the value.
+			                           # In the following example, the value for "oddKey" is "This is line one and\# This is line two".
+			                           oddKey = This is line one and\\\
+			                           # This is line two
+			                           # Whitespace characters at the beginning of a line is removed.
+			                           # Make sure to add the spaces you need before the backslash ('\') on the first line. 
+			                           # If you add them at the beginning of the next line, they will be removed.
+			                           # In the following example, the value for "welcome" is "Welcome to Wikipedia!".
+			                           welcome = Welcome to \
+			                                     Wikipedia!
+			                           # If you need to add newlines and carriage returns, they need to be escaped using ('\n') and ('\r') respectively.
+			                           # You can also optionally escape tabs with ('\t') for readability purposes.
+			                           valueWithEscapes = This is a newline\n and a carriage return\r and a tab\t.
+			                           # You can also use Unicode escape characters (maximum of four hexadecimal digits).
+			                           # In the following example, the value for "encodedHelloInJapanese" is "こんにちは".
+			                           encodedHelloInJapanese = \u3053\u3093\u306b\u3061\u306f
+			                           """;
+			
+			ImmutableArray<KeyValuePair<string, string>> result = [
+				new ("website", "https://en.wikipedia.org/"),
+				new ("language", "English"),
+				new ("topic", ".properties files"),
+				new ("empty", ""),
+				new ("hello", "hello"),
+				new ("hello", "hello"),
+				new ("whitespaceStart", @" <-This space is not ignored."),
+				new ("duplicateKey", "first"),
+				new ("duplicateKey", "second"),
+				new ("delimiterCharacters:= ", @"This is the value for the key ""delimiterCharacters:= """),
+				new ("multiline", "This line \ncontinues"),
+				new ("path", @"c:\wiki\templates"),
+				new ("evenKey", @"This is on one line\"),
+				new ("oddKey", "This is line one and\\\n# This is line two"),
+				new ("welcome", "Welcome to \nWikipedia!"),
+				new ("valueWithEscapes", "This is a newline\n and a carriage return\r and a tab\t."),
+				new ("encodedHelloInJapanese", "こんにちは"),
+			];
+			
+			Assert.That(await Parse(ExampleFile), Is.EquivalentTo(result));
+		}
+	}
+	
+	public sealed class Writer {
+		private static async Task<string> Write(Func<JavaPropertiesStream.Writer, Task> write) {
+			using var stream = new MemoryStream();
+			
+			await using (var writer = new JavaPropertiesStream.Writer(stream)) {
+				await write(writer);
+			}
+			
+			return JavaPropertiesStream.Encoding.GetString(stream.ToArray());
+		}
+		
+		[TestCase("one line comment", "# one line comment\n")]
+		[TestCase("こんにちは", "# \\u3053\\u3093\\u306B\\u3061\\u306F\n")]
+		[TestCase("first line\nsecond line\r\nthird line", "# first line\n# second line\n# third line\n")]
+		public async Task Comment(string comment, string contents) {
+			Assert.That(await Write(writer => writer.WriteComment(comment, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[TestCase("key", "value", "key=value\n")]
+		[TestCase("key", "", "key=\n")]
+		[TestCase("", "value", "=value\n")]
+		public async Task SimpleKeyValue(string key, string value, string contents) {
+			Assert.That(await Write(writer => writer.WriteProperty(key, value, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[TestCase("#key", "value", "\\#key=value\n")]
+		[TestCase("!key", "value", "\\!key=value\n")]
+		public async Task KeyBeginsWithEscapedComment(string key, string value, string contents) {
+			Assert.That(await Write(writer => writer.WriteProperty(key, value, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[TestCase("=key", "value", "\\=key=value\n")]
+		[TestCase(":key", "value", "\\:key=value\n")]
+		[TestCase(" key", "value", "\\ key=value\n")]
+		[TestCase("\tkey", "value", "\\tkey=value\n")]
+		[TestCase("\fkey", "value", "\\fkey=value\n")]
+		public async Task KeyBeginsWithEscapedDelimiter(string key, string value, string contents) {
+			Assert.That(await Write(writer => writer.WriteProperty(key, value, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[TestCase("start=end", "value", "start\\=end=value\n")]
+		[TestCase("start:end", "value", "start\\:end=value\n")]
+		[TestCase("start end", "value", "start\\ end=value\n")]
+		[TestCase("start :=end", "value", "start\\ \\:\\=end=value\n")]
+		[TestCase("start \t\fend", "value", "start\\ \\t\\fend=value\n")]
+		public async Task KeyContainsEscapedDelimiter(string key, string value, string contents) {
+			Assert.That(await Write(writer => writer.WriteProperty(key, value, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[TestCase("\\", "value", "\\\\=value\n")]
+		[TestCase("\t", "value", "\\t=value\n")]
+		[TestCase("\n", "value", "\\n=value\n")]
+		[TestCase("\r", "value", "\\r=value\n")]
+		[TestCase("\f", "value", "\\f=value\n")]
+		[TestCase("こんにちは", "value", "\\u3053\\u3093\\u306B\\u3061\\u306F=value\n")]
+		[TestCase("\\\t\n\r\fこ", "value", "\\\\\\t\\n\\r\\f\\u3053=value\n")]
+		[TestCase("first-line\nsecond-line\r\nthird-line", "value", "first-line\\nsecond-line\\r\\nthird-line=value\n")]
+		public async Task KeyContainsEscapedSpecialCharacters(string key, string value, string contents) {
+			Assert.That(await Write(writer => writer.WriteProperty(key, value, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[TestCase("key", "\\", "key=\\\\\n")]
+		[TestCase("key", "\t", "key=\\t\n")]
+		[TestCase("key", "\n", "key=\\n\n")]
+		[TestCase("key", "\r", "key=\\r\n")]
+		[TestCase("key", "\f", "key=\\f\n")]
+		[TestCase("key", "こんにちは", "key=\\u3053\\u3093\\u306B\\u3061\\u306F\n")]
+		[TestCase("key", "\\\t\n\r\fこ", "key=\\\\\\t\\n\\r\\f\\u3053\n")]
+		[TestCase("key", "first line\nsecond line\r\nthird line", "key=first line\\nsecond line\\r\\nthird line\n")]
+		public async Task ValueContainsEscapedSpecialCharacters(string key, string value, string contents) {
+			Assert.That(await Write(writer => writer.WriteProperty(key, value, CancellationToken.None)), Is.EqualTo(contents));
+		}
+		
+		[Test]
+		public async Task ExampleFile() {
+			string contents = await Write(static async writer => {
+				await writer.WriteComment("Comment", CancellationToken.None);
+				await writer.WriteProperty("key", "value", CancellationToken.None);
+				await writer.WriteProperty("multiline", "first line\nsecond line", CancellationToken.None);
+			});
+			
+			Assert.That(contents, Is.EqualTo("# Comment\nkey=value\nmultiline=first line\\nsecond line\n"));
+		}
+	}
+}

Agent/Phantom.Agent.Minecraft.Tests/Phantom.Agent.Minecraft.Tests.csproj

@@ -0,0 +1,23 @@
+<Project Sdk="Microsoft.NET.Sdk">
+  
+  <PropertyGroup>
+    <ImplicitUsings>enable</ImplicitUsings>
+    <Nullable>enable</Nullable>
+  </PropertyGroup>
+  
+  <PropertyGroup>
+    <IsPackable>false</IsPackable>
+  </PropertyGroup>
+  
+  <ItemGroup>
+    <PackageReference Include="Microsoft.NET.Test.Sdk" />
+    <PackageReference Include="NUnit" />
+    <PackageReference Include="NUnit3TestAdapter" />
+    <PackageReference Include="NUnit.Analyzers" />
+  </ItemGroup>
+  
+  <ItemGroup>
+    <ProjectReference Include="..\Phantom.Agent.Minecraft\Phantom.Agent.Minecraft.csproj" />
+  </ItemGroup>
+
+</Project>

Agent/Phantom.Agent.Minecraft/Java/JavaPropertiesFileEditor.cs

@@ -1,92 +1,52 @@
-using System.Text;
-using Kajabity.Tools.Java;
-
-namespace Phantom.Agent.Minecraft.Java;
+namespace Phantom.Agent.Minecraft.Java;
 
 sealed class JavaPropertiesFileEditor {
-	private static readonly Encoding Encoding = Encoding.GetEncoding("ISO-8859-1");
-	
 	private readonly Dictionary<string, string> overriddenProperties = new ();
 	
 	public void Set(string key, string value) {
 		overriddenProperties[key] = value;
 	}
 	
-	public async Task EditOrCreate(string filePath) {
+	public async Task EditOrCreate(string filePath, string comment, CancellationToken cancellationToken) {
 		if (File.Exists(filePath)) {
 			string tmpFilePath = filePath + ".tmp";
-			File.Copy(filePath, tmpFilePath, overwrite: true);
-			await EditFromCopyOrCreate(filePath, tmpFilePath);
+			await Edit(filePath, tmpFilePath, comment, cancellationToken);
 			File.Move(tmpFilePath, filePath, overwrite: true);
 		}
 		else {
-			await EditFromCopyOrCreate(sourceFilePath: null, filePath);
+			await Create(filePath, comment, cancellationToken);
 		}
 	}
 	
-	private async Task EditFromCopyOrCreate(string? sourceFilePath, string targetFilePath) {
-		var properties = new JavaProperties();
+	private async Task Create(string targetFilePath, string comment, CancellationToken cancellationToken) {
+		await using var targetWriter = new JavaPropertiesStream.Writer(targetFilePath);
 		
-		if (sourceFilePath != null) {
-			// TODO replace with custom async parser
-			await using var sourceStream = new FileStream(sourceFilePath, FileMode.Open, FileAccess.Read, FileShare.Read);
-			properties.Load(sourceStream, Encoding);
-		}
+		await targetWriter.WriteComment(comment, cancellationToken);
 		
-		foreach (var (key, value) in overriddenProperties) {
-			properties[key] = value;
-		}
-		
-		await using var targetStream = new FileStream(targetFilePath, FileMode.Create, FileAccess.Write, FileShare.Read);
-		await using var targetWriter = new StreamWriter(targetStream, Encoding);
-		
-		await targetWriter.WriteLineAsync("# Properties");
-		
-		foreach (var (key, value) in properties) {
-			await WriteProperty(targetWriter, key, value);
+		foreach ((string key, string value) in overriddenProperties) {
+			await targetWriter.WriteProperty(key, value, cancellationToken);
 		}
 	}
 	
-	private static async Task WriteProperty(StreamWriter writer, string key, string value) {
-		await WritePropertyComponent(writer, key, escapeSpaces: true);
-		await writer.WriteAsync('=');
-		await WritePropertyComponent(writer, value, escapeSpaces: false);
-		await writer.WriteLineAsync();
-	}
-	
-	private static async Task WritePropertyComponent(TextWriter writer, string component, bool escapeSpaces) {
-		for (int index = 0; index < component.Length; index++) {
-			var c = component[index];
-			switch (c) {
-				case '\\':
-				case '#':
-				case '!':
-				case '=':
-				case ':':
-				case ' ' when escapeSpaces || index == 0:
-					await writer.WriteAsync('\\');
-					await writer.WriteAsync(c);
-					break;
-				case var _ when c > 31 && c < 127:
-					await writer.WriteAsync(c);
-					break;
-				case '\t':
-					await writer.WriteAsync("\\t");
-					break;
-				case '\n':
-					await writer.WriteAsync("\\n");
-					break;
-				case '\r':
-					await writer.WriteAsync("\\r");
-					break;
-				case '\f':
-					await writer.WriteAsync("\\f");
-					break;
-				default:
-					await writer.WriteAsync("\\u");
-					await writer.WriteAsync(((int) c).ToString("X4"));
-					break;
+	private async Task Edit(string sourceFilePath, string targetFilePath, string comment, CancellationToken cancellationToken) {
+		using var sourceReader = new JavaPropertiesStream.Reader(sourceFilePath);
+		await using var targetWriter = new JavaPropertiesStream.Writer(targetFilePath);
+		
+		await targetWriter.WriteComment(comment, cancellationToken);
+		
+		var remainingOverriddenPropertyKeys = new HashSet<string>(overriddenProperties.Keys);
+		
+		await foreach ((string key, string value) in sourceReader.ReadProperties(cancellationToken)) {
+			if (remainingOverriddenPropertyKeys.Remove(key)) {
+				await targetWriter.WriteProperty(key, overriddenProperties[key], cancellationToken);
 			}
+			else {
+				await targetWriter.WriteProperty(key, value, cancellationToken);
+			}
+		}
+		
+		foreach (string key in remainingOverriddenPropertyKeys) {
+			await targetWriter.WriteProperty(key, overriddenProperties[key], cancellationToken);
 		}
 	}
 }

Agent/Phantom.Agent.Minecraft/Java/JavaPropertiesStream.cs

@@ -0,0 +1,284 @@
+using System.Buffers;
+using System.Globalization;
+using System.Runtime.CompilerServices;
+using System.Text;
+using Phantom.Utils.Collections;
+
+namespace Phantom.Agent.Minecraft.Java;
+
+static class JavaPropertiesStream {
+	internal static readonly Encoding Encoding = Encoding.GetEncoding("ISO-8859-1");
+	
+	private static FileStreamOptions CreateFileStreamOptions(FileMode mode, FileAccess access) {
+		return new FileStreamOptions {
+			Mode = mode,
+			Access = access,
+			Share = FileShare.Read,
+			Options = FileOptions.SequentialScan,
+		};
+	}
+	
+	internal sealed class Reader : IDisposable {
+		private static readonly SearchValues<char> LineStartWhitespace = SearchValues.Create(' ', '\t', '\f');
+		private static readonly SearchValues<char> KeyValueDelimiter = SearchValues.Create('=', ':', ' ', '\t', '\f');
+		private static readonly SearchValues<char> Backslash = SearchValues.Create('\\');
+		
+		private readonly StreamReader reader;
+		
+		public Reader(Stream stream) {
+			this.reader = new StreamReader(stream, Encoding, leaveOpen: false);
+		}
+		
+		public Reader(string path) {
+			this.reader = new StreamReader(path, Encoding, detectEncodingFromByteOrderMarks: false, CreateFileStreamOptions(FileMode.Open, FileAccess.Read));
+		}
+		
+		public async IAsyncEnumerable<KeyValuePair<string, string>> ReadProperties([EnumeratorCancellation] CancellationToken cancellationToken) {
+			await foreach (string line in ReadLogicalLines(cancellationToken)) {
+				yield return ParseLine(line.AsSpan());
+			}
+		}
+		
+		private async IAsyncEnumerable<string> ReadLogicalLines([EnumeratorCancellation] CancellationToken cancellationToken) {
+			StringBuilder nextLogicalLine = new StringBuilder();
+			
+			while (await reader.ReadLineAsync(cancellationToken) is {} line) {
+				var span = line.AsSpan();
+				int startIndex = span.IndexOfAnyExcept(LineStartWhitespace);
+				if (startIndex == -1) {
+					continue;
+				}
+				
+				if (nextLogicalLine.Length == 0 && (span[0] == '#' || span[0] == '!')) {
+					continue;
+				}
+				
+				span = span[startIndex..];
+				
+				if (IsEndEscaped(span)) {
+					nextLogicalLine.Append(span[..^1]);
+					nextLogicalLine.Append('\n');
+				}
+				else {
+					nextLogicalLine.Append(span);
+					yield return nextLogicalLine.ToString();
+					nextLogicalLine.Clear();
+				}
+			}
+			
+			if (nextLogicalLine.Length > 0) {
+				yield return nextLogicalLine.ToString(startIndex: 0, nextLogicalLine.Length - 1); // Remove trailing new line.
+			}
+		}
+		
+		private static KeyValuePair<string, string> ParseLine(ReadOnlySpan<char> line) {
+			int delimiterIndex = -1;
+			
+			foreach (int candidateIndex in line.IndicesOf(KeyValueDelimiter)) {
+				if (candidateIndex == 0 || !IsEndEscaped(line[..candidateIndex])) {
+					delimiterIndex = candidateIndex;
+					break;
+				}
+			}
+			
+			if (delimiterIndex == -1) {
+				return new KeyValuePair<string, string>(line.ToString(), string.Empty);
+			}
+			
+			string key = ReadPropertyComponent(line[..delimiterIndex]);
+			
+			line = line[(delimiterIndex + 1)..];
+			int valueStartIndex = line.IndexOfAnyExcept(KeyValueDelimiter);
+			string value = valueStartIndex == -1 ? string.Empty : ReadPropertyComponent(line[valueStartIndex..]);
+			
+			return new KeyValuePair<string, string>(key, value);
+		}
+		
+		private static string ReadPropertyComponent(ReadOnlySpan<char> component) {
+			StringBuilder builder = new StringBuilder();
+			int nextStartIndex = 0;
+			
+			foreach (int backslashIndex in component.IndicesOf(Backslash)) {
+				if (backslashIndex == component.Length - 1) {
+					break;
+				}
+				
+				if (backslashIndex < nextStartIndex) {
+					continue;
+				}
+				
+				builder.Append(component[nextStartIndex..backslashIndex]);
+				
+				int escapedIndex = backslashIndex + 1;
+				int escapedLength = 1;
+				
+				char c = component[escapedIndex];
+				switch (c) {
+					case 't':
+						builder.Append('\t');
+						break;
+					
+					case 'n':
+						builder.Append('\n');
+						break;
+					
+					case 'r':
+						builder.Append('\r');
+						break;
+					
+					case 'f':
+						builder.Append('\f');
+						break;
+					
+					case 'u':
+						escapedLength += 4;
+						
+						int hexRangeStart = escapedIndex + 1;
+						int hexRangeEnd = hexRangeStart + 4;
+						
+						if (hexRangeEnd - 1 < component.Length) {
+							var hexString = component[hexRangeStart..hexRangeEnd];
+							int hexValue = int.Parse(hexString, NumberStyles.HexNumber);
+							builder.Append((char) hexValue);
+						}
+						else {
+							throw new FormatException("Malformed \\uxxxx encoding.");
+						}
+						
+						break;
+					
+					default:
+						builder.Append(c);
+						break;
+				}
+				
+				nextStartIndex = escapedIndex + escapedLength;
+			}
+			
+			builder.Append(component[nextStartIndex..]);
+			return builder.ToString();
+		}
+		
+		private static bool IsEndEscaped(ReadOnlySpan<char> span) {
+			if (span.EndsWith('\\')) {
+				int trailingBackslashCount = span.Length - span.TrimEnd('\\').Length;
+				return trailingBackslashCount % 2 == 1;
+			}
+			else {
+				return false;
+			}
+		}
+		
+		public void Dispose() {
+			reader.Dispose();
+		}
+	}
+	
+	internal sealed class Writer : IAsyncDisposable {
+		private const string CommentStart = "# ";
+		
+		private readonly StreamWriter writer;
+		private readonly Memory<char> oneCharBuffer = new char[1];
+		
+		public Writer(Stream stream) {
+			this.writer = new StreamWriter(stream, Encoding, leaveOpen: false);
+		}
+		
+		public Writer(string path) {
+			this.writer = new StreamWriter(path, Encoding, CreateFileStreamOptions(FileMode.Create, FileAccess.Write));
+		}
+		
+		public async Task WriteComment(string comment, CancellationToken cancellationToken) {
+			await Write(CommentStart, cancellationToken);
+			
+			for (int index = 0; index < comment.Length; index++) {
+				char c = comment[index];
+				switch (c) {
+					case var _ when c > 31 && c < 127:
+						await Write(c, cancellationToken);
+						break;
+					
+					case '\n':
+					case '\r':
+						await Write(c: '\n', cancellationToken);
+						await Write(CommentStart, cancellationToken);
+						
+						if (index < comment.Length - 1 && comment[index + 1] == '\n') {
+							index++;
+						}
+						
+						break;
+					
+					default:
+						await Write("\\u", cancellationToken);
+						await Write(((int) c).ToString("X4"), cancellationToken);
+						break;
+				}
+			}
+			
+			await Write(c: '\n', cancellationToken);
+		}
+		
+		public async Task WriteProperty(string key, string value, CancellationToken cancellationToken) {
+			await WritePropertyComponent(key, escapeSpaces: true, cancellationToken);
+			await Write(c: '=', cancellationToken);
+			await WritePropertyComponent(value, escapeSpaces: false, cancellationToken);
+			await Write(c: '\n', cancellationToken);
+		}
+		
+		private async Task WritePropertyComponent(string component, bool escapeSpaces, CancellationToken cancellationToken) {
+			for (int index = 0; index < component.Length; index++) {
+				char c = component[index];
+				switch (c) {
+					case '\\':
+					case '#':
+					case '!':
+					case '=':
+					case ':':
+					case ' ' when escapeSpaces || index == 0:
+						await Write(c: '\\', cancellationToken);
+						await Write(c, cancellationToken);
+						break;
+					
+					case var _ when c > 31 && c < 127:
+						await Write(c, cancellationToken);
+						break;
+					
+					case '\t':
+						await Write("\\t", cancellationToken);
+						break;
+					
+					case '\n':
+						await Write("\\n", cancellationToken);
+						break;
+					
+					case '\r':
+						await Write("\\r", cancellationToken);
+						break;
+					
+					case '\f':
+						await Write("\\f", cancellationToken);
+						break;
+					
+					default:
+						await Write("\\u", cancellationToken);
+						await Write(((int) c).ToString("X4"), cancellationToken);
+						break;
+				}
+			}
+		}
+		
+		private Task Write(char c, CancellationToken cancellationToken) {
+			oneCharBuffer.Span[0] = c;
+			return writer.WriteAsync(oneCharBuffer, cancellationToken);
+		}
+		
+		private Task Write(string value, CancellationToken cancellationToken) {
+			return writer.WriteAsync(value.AsMemory(), cancellationToken);
+		}
+		
+		public async ValueTask DisposeAsync() {
+			await writer.DisposeAsync();
+		}
+	}
+}

Agent/Phantom.Agent.Minecraft/Launcher/BaseLauncher.cs

@@ -1,4 +1,5 @@
-using System.Text;
+using System.Collections.ObjectModel;
+using System.Text;
 using Phantom.Agent.Minecraft.Instance;
 using Phantom.Agent.Minecraft.Java;
 using Phantom.Agent.Minecraft.Server;
@@ -11,7 +12,7 @@ public abstract class BaseLauncher : IServerLauncher {
 	private readonly InstanceProperties instanceProperties;
 	
 	protected string MinecraftVersion => instanceProperties.ServerVersion;
-	
+	protected string InstanceFolder => instanceProperties.InstanceFolder;
 	private protected BaseLauncher(InstanceProperties instanceProperties) {
 		this.instanceProperties = instanceProperties;
 	}
@@ -43,7 +44,7 @@ public abstract class BaseLauncher : IServerLauncher {
 		
 		try {
 			await AcceptEula(instanceProperties);
-			await UpdateServerProperties(instanceProperties);
+			await UpdateServerProperties(instanceProperties, cancellationToken);
 		} catch (Exception e) {
 			logger.Error(e, "Caught exception while configuring the server.");
 			return new LaunchResult.CouldNotConfigureMinecraftServer();
@@ -51,17 +52,14 @@ public abstract class BaseLauncher : IServerLauncher {
 		
 		var processConfigurator = new ProcessConfigurator {
 			FileName = javaRuntimeExecutable.ExecutablePath,
-			WorkingDirectory = instanceProperties.InstanceFolder,
+			WorkingDirectory = InstanceFolder,
 			RedirectInput = true,
 			UseShellExecute = false,
 		};
 		
 		var processArguments = processConfigurator.ArgumentList;
 		PrepareJvmArguments(serverJar).Build(processArguments);
-		processArguments.Add("-jar");
-		processArguments.Add(serverJar.FilePath);
-		processArguments.Add("nogui");
-		
+		PrepareJavaProcessArguments(processArguments, serverJar.FilePath);
 		var process = processConfigurator.CreateProcess();
 		var instanceProcess = new InstanceProcess(instanceProperties, process);
 		
@@ -98,7 +96,12 @@ public abstract class BaseLauncher : IServerLauncher {
 	}
 	
 	private protected virtual void CustomizeJvmArguments(JvmArgumentBuilder arguments) {}
-	
+
+	protected virtual void PrepareJavaProcessArguments(Collection<string> processArguments, string serverJarFilePath) {
+		processArguments.Add("-jar");
+		processArguments.Add(serverJarFilePath);
+		processArguments.Add("nogui");
+	}
 	private protected virtual Task<ServerJarInfo> PrepareServerJar(ILogger logger, string serverJarPath, CancellationToken cancellationToken) {
 		return Task.FromResult(new ServerJarInfo(serverJarPath));
 	}
@@ -108,9 +111,9 @@ public abstract class BaseLauncher : IServerLauncher {
 		await File.WriteAllLinesAsync(eulaFilePath, ["# EULA", "eula=true"], Encoding.UTF8);
 	}
 	
-	private static async Task UpdateServerProperties(InstanceProperties instanceProperties) {
+	private static async Task UpdateServerProperties(InstanceProperties instanceProperties, CancellationToken cancellationToken) {
 		var serverPropertiesEditor = new JavaPropertiesFileEditor();
 		instanceProperties.ServerProperties.SetTo(serverPropertiesEditor);
-		await serverPropertiesEditor.EditOrCreate(Path.Combine(instanceProperties.InstanceFolder, "server.properties"));
+		await serverPropertiesEditor.EditOrCreate(Path.Combine(instanceProperties.InstanceFolder, "server.properties"), comment: "server.properties", cancellationToken);
 	}
 }

Agent/Phantom.Agent.Minecraft/Launcher/Types/ForgeLauncher.cs

@@ -0,0 +1,29 @@
+using System.Collections.ObjectModel;
+using Phantom.Agent.Minecraft.Instance;
+using Phantom.Agent.Minecraft.Java;
+using Serilog;
+
+namespace Phantom.Agent.Minecraft.Launcher.Types; 
+
+public sealed class ForgeLauncher : BaseLauncher {
+	public ForgeLauncher(InstanceProperties instanceProperties) : base(instanceProperties) {}
+	
+	private protected override void CustomizeJvmArguments(JvmArgumentBuilder arguments) {
+		arguments.AddProperty("terminal.ansi", "true"); // TODO
+	}
+
+	protected override void PrepareJavaProcessArguments(Collection<string> processArguments, string serverJarFilePath) {
+		if (OperatingSystem.IsWindows()) {
+			processArguments.Add("@libraries/net/minecraftforge/forge/1.20.1-47.2.0/win_args.txt");
+		}
+		else {
+			processArguments.Add("@libraries/net/minecraftforge/forge/1.20.1-47.2.0/unix_args.txt");
+		}
+		
+		processArguments.Add("nogui");
+	}
+
+	private protected override Task<ServerJarInfo> PrepareServerJar(ILogger logger, string serverJarPath, CancellationToken cancellationToken) {
+		return Task.FromResult(new ServerJarInfo(Path.Combine(InstanceFolder, "run.sh")));
+	}
+}

Agent/Phantom.Agent.Minecraft/Phantom.Agent.Minecraft.csproj

@@ -6,7 +6,7 @@
   </PropertyGroup>
   
   <ItemGroup>
-    <PackageReference Include="Kajabity.Tools.Java" />
+    <InternalsVisibleTo Include="Phantom.Agent.Minecraft.Tests" />
   </ItemGroup>
   
   <ItemGroup>

Agent/Phantom.Agent.Services/Instances/InstanceManagerActor.cs

@@ -97,6 +97,7 @@ sealed class InstanceManagerActor : ReceiveActor<InstanceManagerActor.ICommand>
 		IServerLauncher launcher = configuration.MinecraftServerKind switch {
 			MinecraftServerKind.Vanilla => new VanillaLauncher(properties),
 			MinecraftServerKind.Fabric  => new FabricLauncher(properties),
+			MinecraftServerKind.Forge   => new ForgeLauncher(properties),
 			_                           => InvalidLauncher.Instance,
 		};
 		

Agent/Phantom.Agent/AgentKey.cs

@@ -29,7 +29,7 @@ static class AgentKey {
 		}
 		
 		try {
-			Files.RequireMaximumFileSize(agentKeyFilePath, maximumBytes: 64);
+			Files.RequireMaximumFileSize(agentKeyFilePath, maximumBytes: 128);
 			string[] lines = await File.ReadAllLinesAsync(agentKeyFilePath, Encoding.UTF8);
 			return LoadFromToken(lines[0]);
 		} catch (IOException e) {

Agent/Phantom.Agent/GuidFile.cs

@@ -1,44 +0,0 @@
-using System.Text;
-using Phantom.Utils.IO;
-using Phantom.Utils.Logging;
-using Serilog;
-
-namespace Phantom.Agent;
-
-static class GuidFile {
-	private static ILogger Logger { get; } = PhantomLogger.Create(nameof(GuidFile));
-	
-	private const string GuidFileName = "agent.guid";
-	
-	public static async Task<Guid?> CreateOrLoad(string folderPath) {
-		string filePath = Path.Combine(folderPath, GuidFileName);
-		
-		if (File.Exists(filePath)) {
-			try {
-				var guid = await LoadGuidFromFile(filePath);
-				Logger.Information("Loaded existing agent GUID file.");
-				return guid;
-			} catch (Exception e) {
-				Logger.Fatal("Error reading agent GUID file: {Message}", e.Message);
-				return null;
-			}
-		}
-		
-		Logger.Information("Creating agent GUID file: {FilePath}", filePath);
-		
-		try {
-			var guid = Guid.NewGuid();
-			await File.WriteAllTextAsync(filePath, guid.ToString(), Encoding.ASCII);
-			return guid;
-		} catch (Exception e) {
-			Logger.Fatal("Error creating agent GUID file: {Message}", e.Message);
-			return null;
-		}
-	}
-	
-	private static async Task<Guid> LoadGuidFromFile(string filePath) {
-		Files.RequireMaximumFileSize(filePath, maximumBytes: 128);
-		string contents = await File.ReadAllTextAsync(filePath, Encoding.ASCII);
-		return Guid.Parse(contents.Trim());
-	}
-}

Agent/Phantom.Agent/Program.cs

@@ -30,7 +30,7 @@ try {
 	PhantomLogger.Root.InformationHeading("Initializing Phantom Panel agent...");
 	PhantomLogger.Root.Information("Agent version: {Version}", fullVersion);
 	
-	var (controllerHost, controllerPort, javaSearchPath, agentKeyToken, agentKeyFilePath, agentName, maxInstances, maxMemory, allowedServerPorts, allowedRconPorts, maxConcurrentBackupCompressionTasks) = Variables.LoadOrStop();
+	var (controllerHost, controllerPort, javaSearchPath, agentKeyToken, agentKeyFilePath, maxInstances, maxMemory, allowedServerPorts, allowedRconPorts, maxConcurrentBackupCompressionTasks) = Variables.LoadOrStop();
 	
 	var agentKey = await AgentKey.Load(agentKeyToken, agentKeyFilePath);
 	if (agentKey == null) {
@@ -42,12 +42,7 @@ try {
 		return 1;
 	}
 	
-	var agentGuid = await GuidFile.CreateOrLoad(folders.DataFolderPath);
-	if (agentGuid == null) {
-		return 1;
-	}
-	
-	var agentInfo = new AgentInfo(agentGuid.Value, agentName, ProtocolVersion, fullVersion, maxInstances, maxMemory, allowedServerPorts, allowedRconPorts);
+	var agentInfo = new AgentInfo(ProtocolVersion, fullVersion, maxInstances, maxMemory, allowedServerPorts, allowedRconPorts);
 	var javaRuntimeRepository = await JavaRuntimeDiscovery.Scan(folders.JavaSearchFolderPath, shutdownCancellationToken);
 	
 	var agentRegistrationHandler = new AgentRegistrationHandler();
@@ -65,7 +60,7 @@ try {
 		MaxConcurrentlyHandledMessages: 50
 	);
 	
-	using var rpcClient = await RpcClient<IMessageToController, IMessageToAgent>.Connect("Controller", rpcClientConnectionParameters, AgentMessageRegistries.Definitions, shutdownCancellationToken);
+	using var rpcClient = await RpcClient<IMessageToController, IMessageToAgent>.Connect("Controller", rpcClientConnectionParameters, AgentMessageRegistries.Registries, shutdownCancellationToken);
 	if (rpcClient == null) {
 		PhantomLogger.Root.Fatal("Could not connect to Phantom Controller, shutting down.");
 		return 1;

Agent/Phantom.Agent/Variables.cs

@@ -11,7 +11,6 @@ sealed record Variables(
 	string JavaSearchPath,
 	string? AgentKeyToken,
 	string? AgentKeyFilePath,
-	string AgentName,
 	ushort MaxInstances,
 	RamAllocationUnits MaxMemory,
 	AllowedPorts AllowedServerPorts,
@@ -28,7 +27,6 @@ sealed record Variables(
 			javaSearchPath,
 			agentKeyToken,
 			agentKeyFilePath,
-			EnvironmentVariables.GetString("AGENT_NAME").Require,
 			(ushort) EnvironmentVariables.GetInteger("MAX_INSTANCES", min: 1, max: 10000).Require,
 			EnvironmentVariables.GetString("MAX_MEMORY").MapParse(RamAllocationUnits.FromString).Require,
 			EnvironmentVariables.GetString("ALLOWED_SERVER_PORTS").MapParse(AllowedPorts.FromString).Require,
@@ -45,7 +43,7 @@ sealed record Variables(
 		try {
 			return LoadOrThrow();
 		} catch (Exception e) {
-			PhantomLogger.Root.Fatal(e.Message);
+			PhantomLogger.Root.Fatal("{}", e.Message);
 			throw StopProcedureException.Instance;
 		}
 	}

Common/Phantom.Common.Data.Web/Agent/Agent.cs

@@ -1,4 +1,5 @@
-using MemoryPack;
+using System.Collections.Immutable;
+using MemoryPack;
 using Phantom.Common.Data.Agent;
 
 namespace Phantom.Common.Data.Web.Agent;
@@ -7,9 +8,11 @@ namespace Phantom.Common.Data.Web.Agent;
 public sealed partial record Agent(
 	[property: MemoryPackOrder(0)] Guid AgentGuid,
 	[property: MemoryPackOrder(1)] AgentConfiguration Configuration,
-	[property: MemoryPackOrder(2)] AgentStats? Stats,
-	[property: MemoryPackOrder(3)] IAgentConnectionStatus ConnectionStatus
+	[property: MemoryPackOrder(2)] ImmutableArray<byte> ConnectionKey,
+	[property: MemoryPackOrder(3)] AgentRuntimeInfo RuntimeInfo,
+	[property: MemoryPackOrder(4)] AgentStats? Stats,
+	[property: MemoryPackOrder(5)] IAgentConnectionStatus ConnectionStatus
 ) {
 	[MemoryPackIgnore]
-	public RamAllocationUnits? AvailableMemory => Configuration.MaxMemory - Stats?.RunningInstanceMemory;
+	public RamAllocationUnits? AvailableMemory => RuntimeInfo.MaxMemory - Stats?.RunningInstanceMemory;
 }

Common/Phantom.Common.Data.Web/Agent/AgentConfiguration.cs

@@ -1,19 +1,8 @@
 using MemoryPack;
-using Phantom.Common.Data.Agent;
 
 namespace Phantom.Common.Data.Web.Agent;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record AgentConfiguration(
-	[property: MemoryPackOrder(0)] string AgentName,
-	[property: MemoryPackOrder(1)] ushort ProtocolVersion,
-	[property: MemoryPackOrder(2)] string BuildVersion,
-	[property: MemoryPackOrder(3)] ushort MaxInstances,
-	[property: MemoryPackOrder(4)] RamAllocationUnits MaxMemory,
-	[property: MemoryPackOrder(5)] AllowedPorts? AllowedServerPorts = null,
-	[property: MemoryPackOrder(6)] AllowedPorts? AllowedRconPorts = null
-) {
-	public static AgentConfiguration From(AgentInfo agentInfo) {
-		return new AgentConfiguration(agentInfo.AgentName, agentInfo.ProtocolVersion, agentInfo.BuildVersion, agentInfo.MaxInstances, agentInfo.MaxMemory, agentInfo.AllowedServerPorts, agentInfo.AllowedRconPorts);
-	}
-}
+	[property: MemoryPackOrder(0)] string AgentName
+);

Common/Phantom.Common.Data.Web/Agent/AgentRuntimeInfo.cs

@@ -0,0 +1,17 @@
+using MemoryPack;
+using Phantom.Common.Data.Agent;
+
+namespace Phantom.Common.Data.Web.Agent;
+
+[MemoryPackable(GenerateType.VersionTolerant)]
+public sealed partial record AgentRuntimeInfo(
+	[property: MemoryPackOrder(0)] AgentVersionInfo? VersionInfo = null,
+	[property: MemoryPackOrder(1)] ushort? MaxInstances = null,
+	[property: MemoryPackOrder(2)] RamAllocationUnits? MaxMemory = null,
+	[property: MemoryPackOrder(3)] AllowedPorts? AllowedServerPorts = null,
+	[property: MemoryPackOrder(4)] AllowedPorts? AllowedRconPorts = null
+) {
+	public static AgentRuntimeInfo From(AgentInfo agentInfo) {
+		return new AgentRuntimeInfo(new AgentVersionInfo(agentInfo.ProtocolVersion, agentInfo.BuildVersion), agentInfo.MaxInstances, agentInfo.MaxMemory, agentInfo.AllowedServerPorts, agentInfo.AllowedRconPorts);
+	}
+}

Common/Phantom.Common.Data.Web/Agent/AgentVersionInfo.cs

@@ -0,0 +1,9 @@
+using MemoryPack;
+
+namespace Phantom.Common.Data.Web.Agent;
+
+[MemoryPackable(GenerateType.VersionTolerant)]
+public readonly partial record struct AgentVersionInfo(
+	[property: MemoryPackOrder(0)] ushort ProtocolVersion,
+	[property: MemoryPackOrder(1)] string BuildVersion
+);

Common/Phantom.Common.Data.Web/Agent/CreateOrUpdateAgentResult.cs

@@ -0,0 +1,17 @@
+namespace Phantom.Common.Data.Web.Agent;
+
+public enum CreateOrUpdateAgentResult : byte {
+	UnknownError,
+	Success,
+	AgentNameMustNotBeEmpty,
+}
+
+public static class CreateOrUpdateAgentResultExtensions {
+	public static string ToSentence(this CreateOrUpdateAgentResult reason) {
+		return reason switch {
+			CreateOrUpdateAgentResult.Success                 => "Success.",
+			CreateOrUpdateAgentResult.AgentNameMustNotBeEmpty => "Agent name must not be empty.",
+			_                                                 => "Unknown error.",
+		};
+	}
+}

Common/Phantom.Common.Data.Web/AuditLog/AuditLogEventType.cs

@@ -9,6 +9,8 @@ public enum AuditLogEventType {
 	UserPasswordChanged,
 	UserRolesChanged,
 	UserDeleted,
+	AgentCreated,
+	AgentEdited,
 	InstanceCreated,
 	InstanceEdited,
 	InstanceLaunched,
@@ -26,6 +28,8 @@ public static class AuditLogEventTypeExtensions {
 		{ AuditLogEventType.UserPasswordChanged,       AuditLogSubjectType.User },
 		{ AuditLogEventType.UserRolesChanged,          AuditLogSubjectType.User },
 		{ AuditLogEventType.UserDeleted,               AuditLogSubjectType.User },
+		{ AuditLogEventType.AgentCreated,              AuditLogSubjectType.Agent },
+		{ AuditLogEventType.AgentEdited,               AuditLogSubjectType.Agent },
 		{ AuditLogEventType.InstanceCreated,           AuditLogSubjectType.Instance },
 		{ AuditLogEventType.InstanceEdited,            AuditLogSubjectType.Instance },
 		{ AuditLogEventType.InstanceLaunched,          AuditLogSubjectType.Instance },

Common/Phantom.Common.Data.Web/AuditLog/AuditLogSubjectType.cs

@@ -2,5 +2,6 @@
 
 public enum AuditLogSubjectType {
 	User,
+	Agent,
 	Instance,
 }

Common/Phantom.Common.Data.Web/Users/AddUserError.cs

@@ -1,19 +1,16 @@
 using System.Collections.Immutable;
 using MemoryPack;
-using Phantom.Common.Data.Web.Users.AddUserErrors;
 
-namespace Phantom.Common.Data.Web.Users {
-	[MemoryPackable]
-	[MemoryPackUnion(tag: 0, typeof(NameIsInvalid))]
-	[MemoryPackUnion(tag: 1, typeof(PasswordIsInvalid))]
-	[MemoryPackUnion(tag: 2, typeof(NameAlreadyExists))]
-	[MemoryPackUnion(tag: 3, typeof(UnknownError))]
-	public abstract partial record AddUserError {
-		internal AddUserError() {}
-	}
-}
+namespace Phantom.Common.Data.Web.Users;
 
-namespace Phantom.Common.Data.Web.Users.AddUserErrors {
+[MemoryPackable]
+[MemoryPackUnion(tag: 0, typeof(NameIsInvalid))]
+[MemoryPackUnion(tag: 1, typeof(PasswordIsInvalid))]
+[MemoryPackUnion(tag: 2, typeof(NameAlreadyExists))]
+[MemoryPackUnion(tag: 3, typeof(UnknownError))]
+public abstract partial record AddUserError {
+	private AddUserError() {}
+	
 	[MemoryPackable(GenerateType.VersionTolerant)]
 	public sealed partial record NameIsInvalid([property: MemoryPackOrder(0)] UsernameRequirementViolation Violation) : AddUserError;
 	

Common/Phantom.Common.Data.Web/Users/CreateOrUpdateAdministratorUserResult.cs

@@ -1,19 +1,16 @@
 using MemoryPack;
-using Phantom.Common.Data.Web.Users.CreateOrUpdateAdministratorUserResults;
 
-namespace Phantom.Common.Data.Web.Users {
-	[MemoryPackable]
-	[MemoryPackUnion(tag: 0, typeof(Success))]
-	[MemoryPackUnion(tag: 1, typeof(CreationFailed))]
-	[MemoryPackUnion(tag: 2, typeof(UpdatingFailed))]
-	[MemoryPackUnion(tag: 3, typeof(AddingToRoleFailed))]
-	[MemoryPackUnion(tag: 4, typeof(UnknownError))]
-	public abstract partial record CreateOrUpdateAdministratorUserResult {
-		internal CreateOrUpdateAdministratorUserResult() {}
-	}
-}
+namespace Phantom.Common.Data.Web.Users;
 
-namespace Phantom.Common.Data.Web.Users.CreateOrUpdateAdministratorUserResults {
+[MemoryPackable]
+[MemoryPackUnion(tag: 0, typeof(Success))]
+[MemoryPackUnion(tag: 1, typeof(CreationFailed))]
+[MemoryPackUnion(tag: 2, typeof(UpdatingFailed))]
+[MemoryPackUnion(tag: 3, typeof(AddingToRoleFailed))]
+[MemoryPackUnion(tag: 4, typeof(UnknownError))]
+public abstract partial record CreateOrUpdateAdministratorUserResult {
+	private CreateOrUpdateAdministratorUserResult() {}
+	
 	[MemoryPackable(GenerateType.VersionTolerant)]
 	public sealed partial record Success([property: MemoryPackOrder(0)] UserInfo User) : CreateOrUpdateAdministratorUserResult;
 	

Common/Phantom.Common.Data.Web/Users/CreateUserResult.cs

@@ -1,17 +1,14 @@
 using MemoryPack;
-using Phantom.Common.Data.Web.Users.CreateUserResults;
 
-namespace Phantom.Common.Data.Web.Users {
-	[MemoryPackable]
-	[MemoryPackUnion(tag: 0, typeof(Success))]
-	[MemoryPackUnion(tag: 1, typeof(CreationFailed))]
-	[MemoryPackUnion(tag: 2, typeof(UnknownError))]
-	public abstract partial record CreateUserResult {
-		internal CreateUserResult() {}
-	}
-}
+namespace Phantom.Common.Data.Web.Users;
 
-namespace Phantom.Common.Data.Web.Users.CreateUserResults {
+[MemoryPackable]
+[MemoryPackUnion(tag: 0, typeof(Success))]
+[MemoryPackUnion(tag: 1, typeof(CreationFailed))]
+[MemoryPackUnion(tag: 2, typeof(UnknownError))]
+public abstract partial record CreateUserResult {
+	private CreateUserResult() {}
+	
 	[MemoryPackable(GenerateType.VersionTolerant)]
 	public sealed partial record Success([property: MemoryPackOrder(0)] UserInfo User) : CreateUserResult;
 	

Common/Phantom.Common.Data.Web/Users/PasswordRequirementViolation.cs

@@ -1,18 +1,15 @@
 using MemoryPack;
-using Phantom.Common.Data.Web.Users.PasswordRequirementViolations;
 
-namespace Phantom.Common.Data.Web.Users {
-	[MemoryPackable]
-	[MemoryPackUnion(tag: 0, typeof(TooShort))]
-	[MemoryPackUnion(tag: 1, typeof(MustContainLowercaseLetter))]
-	[MemoryPackUnion(tag: 2, typeof(MustContainUppercaseLetter))]
-	[MemoryPackUnion(tag: 3, typeof(MustContainDigit))]
-	public abstract partial record PasswordRequirementViolation {
-		internal PasswordRequirementViolation() {}
-	}
-}
+namespace Phantom.Common.Data.Web.Users;
 
-namespace Phantom.Common.Data.Web.Users.PasswordRequirementViolations {
+[MemoryPackable]
+[MemoryPackUnion(tag: 0, typeof(TooShort))]
+[MemoryPackUnion(tag: 1, typeof(MustContainLowercaseLetter))]
+[MemoryPackUnion(tag: 2, typeof(MustContainUppercaseLetter))]
+[MemoryPackUnion(tag: 3, typeof(MustContainDigit))]
+public abstract partial record PasswordRequirementViolation {
+	private PasswordRequirementViolation() {}
+	
 	[MemoryPackable(GenerateType.VersionTolerant)]
 	public sealed partial record TooShort([property: MemoryPackOrder(0)] int MinimumLength) : PasswordRequirementViolation;
 	

Common/Phantom.Common.Data.Web/Users/SetUserPasswordError.cs

@@ -1,18 +1,15 @@
 using System.Collections.Immutable;
 using MemoryPack;
-using Phantom.Common.Data.Web.Users.SetUserPasswordErrors;
 
-namespace Phantom.Common.Data.Web.Users {
-	[MemoryPackable]
-	[MemoryPackUnion(tag: 0, typeof(UserNotFound))]
-	[MemoryPackUnion(tag: 1, typeof(PasswordIsInvalid))]
-	[MemoryPackUnion(tag: 2, typeof(UnknownError))]
-	public abstract partial record SetUserPasswordError {
-		internal SetUserPasswordError() {}
-	}
-}
+namespace Phantom.Common.Data.Web.Users;
 
-namespace Phantom.Common.Data.Web.Users.SetUserPasswordErrors {
+[MemoryPackable]
+[MemoryPackUnion(tag: 0, typeof(UserNotFound))]
+[MemoryPackUnion(tag: 1, typeof(PasswordIsInvalid))]
+[MemoryPackUnion(tag: 2, typeof(UnknownError))]
+public abstract partial record SetUserPasswordError {
+	private SetUserPasswordError() {}
+	
 	[MemoryPackable(GenerateType.VersionTolerant)]
 	public sealed partial record UserNotFound : SetUserPasswordError;
 	

Common/Phantom.Common.Data.Web/Users/UserInstanceActionFailure.cs

@@ -4,22 +4,22 @@ using Phantom.Common.Data.Replies;
 namespace Phantom.Common.Data.Web.Users;
 
 [MemoryPackable]
-[MemoryPackUnion(tag: 0, typeof(OfUserActionFailure))]
-[MemoryPackUnion(tag: 1, typeof(OfInstanceActionFailure))]
+[MemoryPackUnion(tag: 0, typeof(User))]
+[MemoryPackUnion(tag: 1, typeof(Instance))]
 public abstract partial record UserInstanceActionFailure {
-	internal UserInstanceActionFailure() {}
+	private UserInstanceActionFailure() {}
+	
+	[MemoryPackable(GenerateType.VersionTolerant)]
+	public sealed partial record User([property: MemoryPackOrder(0)] UserActionFailure Failure) : UserInstanceActionFailure;
+	
+	[MemoryPackable(GenerateType.VersionTolerant)]
+	public sealed partial record Instance([property: MemoryPackOrder(0)] InstanceActionFailure Failure) : UserInstanceActionFailure;
 	
 	public static implicit operator UserInstanceActionFailure(UserActionFailure failure) {
-		return new OfUserActionFailure(failure);
+		return new User(failure);
 	}
 	
 	public static implicit operator UserInstanceActionFailure(InstanceActionFailure failure) {
-		return new OfInstanceActionFailure(failure);
+		return new Instance(failure);
 	}
 }
-
-[MemoryPackable(GenerateType.VersionTolerant)]
-public sealed partial record OfUserActionFailure([property: MemoryPackOrder(0)] UserActionFailure Failure) : UserInstanceActionFailure;
-
-[MemoryPackable(GenerateType.VersionTolerant)]
-public sealed partial record OfInstanceActionFailure([property: MemoryPackOrder(0)] InstanceActionFailure Failure) : UserInstanceActionFailure;

Common/Phantom.Common.Data.Web/Users/UsernameRequirementViolation.cs

@@ -1,16 +1,13 @@
 using MemoryPack;
-using Phantom.Common.Data.Web.Users.UsernameRequirementViolations;
 
-namespace Phantom.Common.Data.Web.Users {
-	[MemoryPackable]
-	[MemoryPackUnion(tag: 0, typeof(IsEmpty))]
-	[MemoryPackUnion(tag: 1, typeof(TooLong))]
-	public abstract partial record UsernameRequirementViolation {
-		internal UsernameRequirementViolation() {}
-	}
-}
+namespace Phantom.Common.Data.Web.Users;
 
-namespace Phantom.Common.Data.Web.Users.UsernameRequirementViolations {
+[MemoryPackable]
+[MemoryPackUnion(tag: 0, typeof(IsEmpty))]
+[MemoryPackUnion(tag: 1, typeof(TooLong))]
+public abstract partial record UsernameRequirementViolation {
+	private UsernameRequirementViolation() {}
+	
 	[MemoryPackable(GenerateType.VersionTolerant)]
 	public sealed partial record IsEmpty : UsernameRequirementViolation;
 	

Common/Phantom.Common.Data/Agent/AgentInfo.cs

@@ -4,12 +4,10 @@ namespace Phantom.Common.Data.Agent;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
 public sealed partial record AgentInfo(
-	[property: MemoryPackOrder(0)] Guid AgentGuid,
-	[property: MemoryPackOrder(1)] string AgentName,
-	[property: MemoryPackOrder(2)] ushort ProtocolVersion,
-	[property: MemoryPackOrder(3)] string BuildVersion,
-	[property: MemoryPackOrder(4)] ushort MaxInstances,
-	[property: MemoryPackOrder(5)] RamAllocationUnits MaxMemory,
-	[property: MemoryPackOrder(6)] AllowedPorts AllowedServerPorts,
-	[property: MemoryPackOrder(7)] AllowedPorts AllowedRconPorts
+	[property: MemoryPackOrder(0)] ushort ProtocolVersion,
+	[property: MemoryPackOrder(1)] string BuildVersion,
+	[property: MemoryPackOrder(2)] ushort MaxInstances,
+	[property: MemoryPackOrder(3)] RamAllocationUnits MaxMemory,
+	[property: MemoryPackOrder(4)] AllowedPorts AllowedServerPorts,
+	[property: MemoryPackOrder(5)] AllowedPorts AllowedRconPorts
 );

Common/Phantom.Common.Data/ConnectionKey.cs

@@ -1,20 +1,21 @@
-using Phantom.Utils.Rpc;
+using System.Collections.Immutable;
+using Phantom.Utils.Rpc;
 using Phantom.Utils.Rpc.Runtime.Tls;
 
 namespace Phantom.Common.Data;
 
 public readonly record struct ConnectionKey(RpcCertificateThumbprint CertificateThumbprint, AuthToken AuthToken) {
 	private const byte TokenLength = AuthToken.Length;
-
-	public byte[] ToBytes() {
+	
+	public ImmutableArray<byte> ToBytes() {
 		Span<byte> result = stackalloc byte[TokenLength + CertificateThumbprint.Bytes.Length];
-		AuthToken.Bytes.CopyTo(result[..TokenLength]);
+		AuthToken.ToBytes(result[..TokenLength]);
 		CertificateThumbprint.Bytes.CopyTo(result[TokenLength..]);
-		return result.ToArray();
+		return [..result];
 	}
-
+	
 	public static ConnectionKey FromBytes(ReadOnlySpan<byte> data) {
-		var authToken = new AuthToken([..data[..TokenLength]]);
+		var authToken = AuthToken.FromBytes(data[..TokenLength]);
 		var certificateThumbprint = RpcCertificateThumbprint.From(data[TokenLength..]);
 		return new ConnectionKey(certificateThumbprint, authToken);
 	}

Common/Phantom.Common.Data/Instance/InstancePlayerCounts.cs

@@ -3,7 +3,7 @@
 namespace Phantom.Common.Data.Instance;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
-public readonly partial record struct InstancePlayerCounts(
+public sealed partial record InstancePlayerCounts(
 	[property: MemoryPackOrder(0)] int Online,
 	[property: MemoryPackOrder(1)] int Maximum
 );

Common/Phantom.Common.Data/Minecraft/MinecraftServerKind.cs

@@ -3,4 +3,5 @@
 public enum MinecraftServerKind : ushort {
 	Vanilla = 1,
 	Fabric = 2,
+	Forge = 3,
 }

Common/Phantom.Common.Data/Minecraft/MinecraftStopStrategy.cs

@@ -3,7 +3,7 @@
 namespace Phantom.Common.Data.Minecraft;
 
 [MemoryPackable(GenerateType.VersionTolerant)]
-public readonly partial record struct MinecraftStopStrategy(
+public sealed partial record MinecraftStopStrategy(
 	[property: MemoryPackOrder(0)] ushort Seconds
 ) {
 	public static MinecraftStopStrategy Instant => new (0);

Common/Phantom.Common.Data/PortRange.cs

@@ -3,7 +3,7 @@ using MemoryPack;
 
 namespace Phantom.Common.Data;
 
-[MemoryPackable(GenerateType.VersionTolerant)]
+[MemoryPackable]
 readonly partial record struct PortRange(
 	[property: MemoryPackOrder(0)] ushort FirstPort,
 	[property: MemoryPackOrder(1)] ushort LastPort

Common/Phantom.Common.Data/RamAllocationUnits.cs

@@ -6,7 +6,7 @@ namespace Phantom.Common.Data;
 /// <summary>
 /// Represents a number of RAM allocation units, using the conversion factor of 256 MB per unit. Supports allocations up to 16 TB minus 256 MB (65535 units).
 /// </summary>
-[MemoryPackable(GenerateType.VersionTolerant)]
+[MemoryPackable]
 [SuppressMessage("ReSharper", "MemberCanBePrivate.Global")]
 public readonly partial record struct RamAllocationUnits(
 	[property: MemoryPackOrder(0)] ushort RawValue

Common/Phantom.Common.Messages.Agent/AgentMessageRegistries.cs

@@ -10,23 +10,18 @@ public static class AgentMessageRegistries {
 	public static MessageRegistry<IMessageToAgent> ToAgent { get; } = new (nameof(ToAgent));
 	public static MessageRegistry<IMessageToController> ToController { get; } = new (nameof(ToController));
 	
-	public static IMessageDefinitions<IMessageToController, IMessageToAgent> Definitions { get; } = new MessageDefinitions();
+	public static MessageRegistries<IMessageToController, IMessageToAgent> Registries => new (ToAgent, ToController);
 	
 	static AgentMessageRegistries() {
-		ToAgent.Add<ConfigureInstanceMessage, Result<ConfigureInstanceResult, InstanceActionFailure>>(1);
-		ToAgent.Add<LaunchInstanceMessage, Result<LaunchInstanceResult, InstanceActionFailure>>(2);
-		ToAgent.Add<StopInstanceMessage, Result<StopInstanceResult, InstanceActionFailure>>(3);
-		ToAgent.Add<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, InstanceActionFailure>>(4);
+		ToAgent.Add<ConfigureInstanceMessage, Result<ConfigureInstanceResult, InstanceActionFailure>>();
+		ToAgent.Add<LaunchInstanceMessage, Result<LaunchInstanceResult, InstanceActionFailure>>();
+		ToAgent.Add<StopInstanceMessage, Result<StopInstanceResult, InstanceActionFailure>>();
+		ToAgent.Add<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, InstanceActionFailure>>();
 		
-		ToController.Add<ReportInstanceStatusMessage>(1);
-		ToController.Add<InstanceOutputMessage>(2);
-		ToController.Add<ReportAgentStatusMessage>(3);
-		ToController.Add<ReportInstanceEventMessage>(4);
-		ToController.Add<ReportInstancePlayerCountsMessage>(5);
-	}
-	
-	private sealed class MessageDefinitions : IMessageDefinitions<IMessageToController, IMessageToAgent> {
-		public MessageRegistry<IMessageToAgent> ToClient => ToAgent;
-		public MessageRegistry<IMessageToController> ToServer => ToController;
+		ToController.Add<ReportAgentStatusMessage>();
+		ToController.Add<ReportInstanceStatusMessage>();
+		ToController.Add<ReportInstancePlayerCountsMessage>();
+		ToController.Add<ReportInstanceEventMessage>();
+		ToController.Add<InstanceOutputMessage>();
 	}
 }

Common/Phantom.Common.Messages.Web/ToController/CreateOrUpdateAgentMessage.cs

@@ -0,0 +1,15 @@
+using System.Collections.Immutable;
+using MemoryPack;
+using Phantom.Common.Data;
+using Phantom.Common.Data.Web.Agent;
+using Phantom.Common.Data.Web.Users;
+using Phantom.Utils.Actor;
+
+namespace Phantom.Common.Messages.Web.ToController;
+
+[MemoryPackable(GenerateType.VersionTolerant)]
+public sealed partial record CreateOrUpdateAgentMessage(
+	[property: MemoryPackOrder(0)] ImmutableArray<byte> AuthToken,
+	[property: MemoryPackOrder(1)] Guid AgentGuid,
+	[property: MemoryPackOrder(2)] AgentConfiguration Configuration
+) : IMessageToController, ICanReply<Result<CreateOrUpdateAgentResult, UserActionFailure>>;

Common/Phantom.Common.Messages.Web/WebMessageRegistries.cs

@@ -3,6 +3,7 @@ using Phantom.Common.Data;
 using Phantom.Common.Data.Java;
 using Phantom.Common.Data.Minecraft;
 using Phantom.Common.Data.Replies;
+using Phantom.Common.Data.Web.Agent;
 using Phantom.Common.Data.Web.AuditLog;
 using Phantom.Common.Data.Web.EventLog;
 using Phantom.Common.Data.Web.Instance;
@@ -17,36 +18,32 @@ public static class WebMessageRegistries {
 	public static MessageRegistry<IMessageToController> ToController { get; } = new (nameof(ToController));
 	public static MessageRegistry<IMessageToWeb> ToWeb { get; } = new (nameof(ToWeb));
 	
-	public static IMessageDefinitions<IMessageToController, IMessageToWeb> Definitions { get; } = new MessageDefinitions();
+	public static MessageRegistries<IMessageToController, IMessageToWeb> Registries => new (ToWeb, ToController);
 	
 	static WebMessageRegistries() {
-		ToController.Add<LogInMessage, Optional<LogInSuccess>>(1);
-		ToController.Add<LogOutMessage>(2);
-		ToController.Add<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(3);
-		ToController.Add<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(4);
-		ToController.Add<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(5);
-		ToController.Add<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(6);
-		ToController.Add<GetUsersMessage, ImmutableArray<UserInfo>>(7);
-		ToController.Add<GetRolesMessage, ImmutableArray<RoleInfo>>(8);
-		ToController.Add<GetUserRolesMessage, ImmutableDictionary<Guid, ImmutableArray<Guid>>>(9);
-		ToController.Add<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(10);
-		ToController.Add<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(11);
-		ToController.Add<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(12);
-		ToController.Add<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(13);
-		ToController.Add<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(14);
-		ToController.Add<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>(15);
-		ToController.Add<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>(16);
-		ToController.Add<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(17);
-		ToController.Add<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(18);
+		ToController.Add<LogInMessage, Optional<LogInSuccess>>();
+		ToController.Add<LogOutMessage>();
+		ToController.Add<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>();
+		ToController.Add<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>();
+		ToController.Add<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>();
+		ToController.Add<GetUsersMessage, ImmutableArray<UserInfo>>();
+		ToController.Add<GetRolesMessage, ImmutableArray<RoleInfo>>();
+		ToController.Add<GetUserRolesMessage, ImmutableDictionary<Guid, ImmutableArray<Guid>>>();
+		ToController.Add<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>();
+		ToController.Add<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>();
+		ToController.Add<CreateOrUpdateAgentMessage, Result<CreateOrUpdateAgentResult, UserActionFailure>>();
+		ToController.Add<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>();
+		ToController.Add<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>();
+		ToController.Add<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>();
+		ToController.Add<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>();
+		ToController.Add<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>();
+		ToController.Add<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>();
+		ToController.Add<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>();
+		ToController.Add<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>();
 		
-		ToWeb.Add<RefreshAgentsMessage>(1);
-		ToWeb.Add<RefreshInstancesMessage>(2);
-		ToWeb.Add<InstanceOutputMessage>(3);
-		ToWeb.Add<RefreshUserSessionMessage>(4);
-	}
-	
-	private sealed class MessageDefinitions : IMessageDefinitions<IMessageToController, IMessageToWeb> {
-		public MessageRegistry<IMessageToWeb> ToClient => ToWeb;
-		public MessageRegistry<IMessageToController> ToServer => ToController;
+		ToWeb.Add<RefreshAgentsMessage>();
+		ToWeb.Add<RefreshInstancesMessage>();
+		ToWeb.Add<InstanceOutputMessage>();
+		ToWeb.Add<RefreshUserSessionMessage>();
 	}
 }

Controller/Phantom.Controller.Database.Postgres/Migrations/20251225053921_AgentAuthSecret.Designer.cs

@@ -0,0 +1,357 @@
+// <auto-generated />
+using System;
+using System.Text.Json;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+using Phantom.Controller.Database;
+
+#nullable disable
+
+namespace Phantom.Controller.Database.Postgres.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20251225053921_AgentAuthSecret")]
+    partial class AgentAuthSecret
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.9")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.AgentEntity", b =>
+                {
+                    b.Property<Guid>("AgentGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<byte[]>("AuthSecret")
+                        .HasMaxLength(12)
+                        .HasColumnType("bytea");
+
+                    b.Property<string>("BuildVersion")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<int>("MaxInstances")
+                        .HasColumnType("integer");
+
+                    b.Property<int>("MaxMemory")
+                        .HasColumnType("integer");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<int>("ProtocolVersion")
+                        .HasColumnType("integer");
+
+                    b.HasKey("AgentGuid");
+
+                    b.ToTable("Agents", "agents");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.AuditLogEntity", b =>
+                {
+                    b.Property<long>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("bigint");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<long>("Id"));
+
+                    b.Property<JsonDocument>("Data")
+                        .HasColumnType("jsonb");
+
+                    b.Property<string>("EventType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectId")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<Guid?>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<DateTime>("UtcTime")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserGuid");
+
+                    b.ToTable("AuditLog", "system");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.EventLogEntity", b =>
+                {
+                    b.Property<Guid>("EventGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid?>("AgentGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<JsonDocument>("Data")
+                        .HasColumnType("jsonb");
+
+                    b.Property<string>("EventType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectId")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<DateTime>("UtcTime")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.HasKey("EventGuid");
+
+                    b.ToTable("EventLog", "system");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.InstanceEntity", b =>
+                {
+                    b.Property<Guid>("InstanceGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("AgentGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("InstanceName")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("JavaRuntimeGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("JvmArguments")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<bool>("LaunchAutomatically")
+                        .HasColumnType("boolean");
+
+                    b.Property<int>("MemoryAllocation")
+                        .HasColumnType("integer");
+
+                    b.Property<string>("MinecraftServerKind")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("MinecraftVersion")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<int>("RconPort")
+                        .HasColumnType("integer");
+
+                    b.Property<int>("ServerPort")
+                        .HasColumnType("integer");
+
+                    b.HasKey("InstanceGuid");
+
+                    b.ToTable("Instances", "agents");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.PermissionEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("Permissions", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.RoleEntity", b =>
+                {
+                    b.Property<Guid>("RoleGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.HasKey("RoleGuid");
+
+                    b.ToTable("Roles", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.RolePermissionEntity", b =>
+                {
+                    b.Property<Guid>("RoleGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("PermissionId")
+                        .HasColumnType("text");
+
+                    b.HasKey("RoleGuid", "PermissionId");
+
+                    b.HasIndex("PermissionId");
+
+                    b.ToTable("RolePermissions", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("AgentGuid")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("UserGuid", "AgentGuid");
+
+                    b.HasIndex("AgentGuid");
+
+                    b.ToTable("UserAgentAccess", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("PasswordHash")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.HasKey("UserGuid");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("Users", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("PermissionId")
+                        .HasColumnType("text");
+
+                    b.HasKey("UserGuid", "PermissionId");
+
+                    b.HasIndex("PermissionId");
+
+                    b.ToTable("UserPermissions", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserRoleEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("RoleGuid")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("UserGuid", "RoleGuid");
+
+                    b.HasIndex("RoleGuid");
+
+                    b.ToTable("UserRoles", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.AuditLogEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", "User")
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.SetNull);
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.RolePermissionEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)
+                        .WithMany()
+                        .HasForeignKey("PermissionId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.RoleEntity", null)
+                        .WithMany()
+                        .HasForeignKey("RoleGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.AgentEntity", null)
+                        .WithMany()
+                        .HasForeignKey("AgentGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)
+                        .WithMany()
+                        .HasForeignKey("PermissionId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserRoleEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.RoleEntity", "Role")
+                        .WithMany()
+                        .HasForeignKey("RoleGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", "User")
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Role");
+
+                    b.Navigation("User");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

Controller/Phantom.Controller.Database.Postgres/Migrations/20251225053921_AgentAuthSecret.cs

@@ -0,0 +1,31 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Phantom.Controller.Database.Postgres.Migrations
+{
+    /// <inheritdoc />
+    public partial class AgentAuthSecret : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AddColumn<byte[]>(
+                name: "AuthSecret",
+                schema: "agents",
+                table: "Agents",
+                type: "bytea",
+                maxLength: 12,
+                nullable: true);
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropColumn(
+                name: "AuthSecret",
+                schema: "agents",
+                table: "Agents");
+        }
+    }
+}

Controller/Phantom.Controller.Database.Postgres/Migrations/20251228053557_AgentFieldNullability.Designer.cs

@@ -0,0 +1,356 @@
+// <auto-generated />
+using System;
+using System.Text.Json;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.EntityFrameworkCore.Infrastructure;
+using Microsoft.EntityFrameworkCore.Migrations;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Npgsql.EntityFrameworkCore.PostgreSQL.Metadata;
+using Phantom.Controller.Database;
+
+#nullable disable
+
+namespace Phantom.Controller.Database.Postgres.Migrations
+{
+    [DbContext(typeof(ApplicationDbContext))]
+    [Migration("20251228053557_AgentFieldNullability")]
+    partial class AgentFieldNullability
+    {
+        /// <inheritdoc />
+        protected override void BuildTargetModel(ModelBuilder modelBuilder)
+        {
+#pragma warning disable 612, 618
+            modelBuilder
+                .HasAnnotation("ProductVersion", "9.0.9")
+                .HasAnnotation("Relational:MaxIdentifierLength", 63);
+
+            NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.AgentEntity", b =>
+                {
+                    b.Property<Guid>("AgentGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<byte[]>("AuthSecret")
+                        .HasMaxLength(12)
+                        .HasColumnType("bytea");
+
+                    b.Property<string>("BuildVersion")
+                        .HasColumnType("text");
+
+                    b.Property<int?>("MaxInstances")
+                        .HasColumnType("integer");
+
+                    b.Property<int?>("MaxMemory")
+                        .HasColumnType("integer");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<int?>("ProtocolVersion")
+                        .HasColumnType("integer");
+
+                    b.HasKey("AgentGuid");
+
+                    b.ToTable("Agents", "agents");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.AuditLogEntity", b =>
+                {
+                    b.Property<long>("Id")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("bigint");
+
+                    NpgsqlPropertyBuilderExtensions.UseIdentityByDefaultColumn(b.Property<long>("Id"));
+
+                    b.Property<JsonDocument>("Data")
+                        .HasColumnType("jsonb");
+
+                    b.Property<string>("EventType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectId")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<Guid?>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<DateTime>("UtcTime")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.HasKey("Id");
+
+                    b.HasIndex("UserGuid");
+
+                    b.ToTable("AuditLog", "system");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.EventLogEntity", b =>
+                {
+                    b.Property<Guid>("EventGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid?>("AgentGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<JsonDocument>("Data")
+                        .HasColumnType("jsonb");
+
+                    b.Property<string>("EventType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectId")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("SubjectType")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<DateTime>("UtcTime")
+                        .HasColumnType("timestamp with time zone");
+
+                    b.HasKey("EventGuid");
+
+                    b.ToTable("EventLog", "system");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.InstanceEntity", b =>
+                {
+                    b.Property<Guid>("InstanceGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("AgentGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("InstanceName")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<Guid>("JavaRuntimeGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("JvmArguments")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<bool>("LaunchAutomatically")
+                        .HasColumnType("boolean");
+
+                    b.Property<int>("MemoryAllocation")
+                        .HasColumnType("integer");
+
+                    b.Property<string>("MinecraftServerKind")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("MinecraftVersion")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<int>("RconPort")
+                        .HasColumnType("integer");
+
+                    b.Property<int>("ServerPort")
+                        .HasColumnType("integer");
+
+                    b.HasKey("InstanceGuid");
+
+                    b.ToTable("Instances", "agents");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.PermissionEntity", b =>
+                {
+                    b.Property<string>("Id")
+                        .HasColumnType("text");
+
+                    b.HasKey("Id");
+
+                    b.ToTable("Permissions", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.RoleEntity", b =>
+                {
+                    b.Property<Guid>("RoleGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.HasKey("RoleGuid");
+
+                    b.ToTable("Roles", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.RolePermissionEntity", b =>
+                {
+                    b.Property<Guid>("RoleGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("PermissionId")
+                        .HasColumnType("text");
+
+                    b.HasKey("RoleGuid", "PermissionId");
+
+                    b.HasIndex("PermissionId");
+
+                    b.ToTable("RolePermissions", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("AgentGuid")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("UserGuid", "AgentGuid");
+
+                    b.HasIndex("AgentGuid");
+
+                    b.ToTable("UserAgentAccess", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .ValueGeneratedOnAdd()
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("Name")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.Property<string>("PasswordHash")
+                        .IsRequired()
+                        .HasColumnType("text");
+
+                    b.HasKey("UserGuid");
+
+                    b.HasIndex("Name")
+                        .IsUnique();
+
+                    b.ToTable("Users", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<string>("PermissionId")
+                        .HasColumnType("text");
+
+                    b.HasKey("UserGuid", "PermissionId");
+
+                    b.HasIndex("PermissionId");
+
+                    b.ToTable("UserPermissions", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserRoleEntity", b =>
+                {
+                    b.Property<Guid>("UserGuid")
+                        .HasColumnType("uuid");
+
+                    b.Property<Guid>("RoleGuid")
+                        .HasColumnType("uuid");
+
+                    b.HasKey("UserGuid", "RoleGuid");
+
+                    b.HasIndex("RoleGuid");
+
+                    b.ToTable("UserRoles", "identity");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.AuditLogEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", "User")
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.SetNull);
+
+                    b.Navigation("User");
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.RolePermissionEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)
+                        .WithMany()
+                        .HasForeignKey("PermissionId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.RoleEntity", null)
+                        .WithMany()
+                        .HasForeignKey("RoleGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserAgentAccessEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.AgentEntity", null)
+                        .WithMany()
+                        .HasForeignKey("AgentGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserPermissionEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.PermissionEntity", null)
+                        .WithMany()
+                        .HasForeignKey("PermissionId")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", null)
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+                });
+
+            modelBuilder.Entity("Phantom.Controller.Database.Entities.UserRoleEntity", b =>
+                {
+                    b.HasOne("Phantom.Controller.Database.Entities.RoleEntity", "Role")
+                        .WithMany()
+                        .HasForeignKey("RoleGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.HasOne("Phantom.Controller.Database.Entities.UserEntity", "User")
+                        .WithMany()
+                        .HasForeignKey("UserGuid")
+                        .OnDelete(DeleteBehavior.Cascade)
+                        .IsRequired();
+
+                    b.Navigation("Role");
+
+                    b.Navigation("User");
+                });
+#pragma warning restore 612, 618
+        }
+    }
+}

Controller/Phantom.Controller.Database.Postgres/Migrations/20251228053557_AgentFieldNullability.cs

@@ -0,0 +1,98 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Phantom.Controller.Database.Postgres.Migrations
+{
+    /// <inheritdoc />
+    public partial class AgentFieldNullability : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AlterColumn<int>(
+                name: "ProtocolVersion",
+                schema: "agents",
+                table: "Agents",
+                type: "integer",
+                nullable: true,
+                oldClrType: typeof(int),
+                oldType: "integer");
+
+            migrationBuilder.AlterColumn<int>(
+                name: "MaxMemory",
+                schema: "agents",
+                table: "Agents",
+                type: "integer",
+                nullable: true,
+                oldClrType: typeof(int),
+                oldType: "integer");
+
+            migrationBuilder.AlterColumn<int>(
+                name: "MaxInstances",
+                schema: "agents",
+                table: "Agents",
+                type: "integer",
+                nullable: true,
+                oldClrType: typeof(int),
+                oldType: "integer");
+
+            migrationBuilder.AlterColumn<string>(
+                name: "BuildVersion",
+                schema: "agents",
+                table: "Agents",
+                type: "text",
+                nullable: true,
+                oldClrType: typeof(string),
+                oldType: "text");
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.AlterColumn<int>(
+                name: "ProtocolVersion",
+                schema: "agents",
+                table: "Agents",
+                type: "integer",
+                nullable: false,
+                defaultValue: 0,
+                oldClrType: typeof(int),
+                oldType: "integer",
+                oldNullable: true);
+
+            migrationBuilder.AlterColumn<int>(
+                name: "MaxMemory",
+                schema: "agents",
+                table: "Agents",
+                type: "integer",
+                nullable: false,
+                defaultValue: 0,
+                oldClrType: typeof(int),
+                oldType: "integer",
+                oldNullable: true);
+
+            migrationBuilder.AlterColumn<int>(
+                name: "MaxInstances",
+                schema: "agents",
+                table: "Agents",
+                type: "integer",
+                nullable: false,
+                defaultValue: 0,
+                oldClrType: typeof(int),
+                oldType: "integer",
+                oldNullable: true);
+
+            migrationBuilder.AlterColumn<string>(
+                name: "BuildVersion",
+                schema: "agents",
+                table: "Agents",
+                type: "text",
+                nullable: false,
+                defaultValue: "",
+                oldClrType: typeof(string),
+                oldType: "text",
+                oldNullable: true);
+        }
+    }
+}

Controller/Phantom.Controller.Database.Postgres/Migrations/ApplicationDbContextModelSnapshot.cs

@@ -18,7 +18,7 @@ namespace Phantom.Controller.Database.Postgres.Migrations
         {
 #pragma warning disable 612, 618
             modelBuilder
-                .HasAnnotation("ProductVersion", "8.0.0")
+                .HasAnnotation("ProductVersion", "9.0.9")
                 .HasAnnotation("Relational:MaxIdentifierLength", 63);
 
             NpgsqlModelBuilderExtensions.UseIdentityByDefaultColumns(modelBuilder);
@@ -29,21 +29,24 @@ namespace Phantom.Controller.Database.Postgres.Migrations
                         .ValueGeneratedOnAdd()
                         .HasColumnType("uuid");
 
+                    b.Property<byte[]>("AuthSecret")
+                        .HasMaxLength(12)
+                        .HasColumnType("bytea");
+
                     b.Property<string>("BuildVersion")
-                        .IsRequired()
                         .HasColumnType("text");
 
-                    b.Property<int>("MaxInstances")
+                    b.Property<int?>("MaxInstances")
                         .HasColumnType("integer");
 
-                    b.Property<ushort>("MaxMemory")
+                    b.Property<int?>("MaxMemory")
                         .HasColumnType("integer");
 
                     b.Property<string>("Name")
                         .IsRequired()
                         .HasColumnType("text");
 
-                    b.Property<int>("ProtocolVersion")
+                    b.Property<int?>("ProtocolVersion")
                         .HasColumnType("integer");
 
                     b.HasKey("AgentGuid");
@@ -142,7 +145,7 @@ namespace Phantom.Controller.Database.Postgres.Migrations
                     b.Property<bool>("LaunchAutomatically")
                         .HasColumnType("boolean");
 
-                    b.Property<ushort>("MemoryAllocation")
+                    b.Property<int>("MemoryAllocation")
                         .HasColumnType("integer");
 
                     b.Property<string>("MinecraftServerKind")

Controller/Phantom.Controller.Database/ApplicationDbContext.cs

@@ -8,6 +8,7 @@ using Phantom.Common.Data.Web.EventLog;
 using Phantom.Controller.Database.Converters;
 using Phantom.Controller.Database.Entities;
 using Phantom.Controller.Database.Factories;
+using Phantom.Utils.Rpc;
 
 namespace Phantom.Controller.Database;
 
@@ -79,6 +80,8 @@ public class ApplicationDbContext : DbContext {
 		builder.Properties<EventLogEventType>().HaveConversion<EnumToStringConverter<EventLogEventType>>();
 		builder.Properties<EventLogSubjectType>().HaveConversion<EnumToStringConverter<EventLogSubjectType>>();
 		builder.Properties<MinecraftServerKind>().HaveConversion<EnumToStringConverter<MinecraftServerKind>>();
+		
+		builder.Properties<AuthSecret>().HaveConversion<AuthSecretConverter>();
 		builder.Properties<RamAllocationUnits>().HaveConversion<RamAllocationUnitsConverter>();
 	}
 }

Controller/Phantom.Controller.Database/Converters/AuthSecretConverter.cs

@@ -0,0 +1,12 @@
+using System.Collections.Immutable;
+using System.Diagnostics.CodeAnalysis;
+using Microsoft.EntityFrameworkCore.Storage.ValueConversion;
+using Phantom.Utils.Rpc;
+
+namespace Phantom.Controller.Database.Converters;
+
+[SuppressMessage("ReSharper", "ClassNeverInstantiated.Global")]
+sealed class AuthSecretConverter() : ValueConverter<AuthSecret, byte[]>(
+	static units => units.Bytes.ToArray(),
+	static value => new AuthSecret(ImmutableArray.Create(value))
+);

Controller/Phantom.Controller.Database/Converters/RamAllocationUnitsConverter.cs

@@ -5,9 +5,7 @@ using Phantom.Common.Data;
 namespace Phantom.Controller.Database.Converters;
 
 [SuppressMessage("ReSharper", "ClassNeverInstantiated.Global")]
-sealed class RamAllocationUnitsConverter : ValueConverter<RamAllocationUnits, ushort> {
-	public RamAllocationUnitsConverter() : base(
-		static units => units.RawValue,
-		static value => new RamAllocationUnits(value)
-	) {}
-}
+sealed class RamAllocationUnitsConverter() : ValueConverter<RamAllocationUnits, ushort>(
+	static units => units.RawValue,
+	static value => new RamAllocationUnits(value)
+);

Controller/Phantom.Controller.Database/Entities/AgentEntity.cs

@@ -2,6 +2,8 @@
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Diagnostics.CodeAnalysis;
 using Phantom.Common.Data;
+using Phantom.Common.Data.Web.Agent;
+using Phantom.Utils.Rpc;
 
 namespace Phantom.Controller.Database.Entities;
 
@@ -12,10 +14,17 @@ public sealed class AgentEntity {
 	public Guid AgentGuid { get; init; }
 	
 	public string Name { get; set; }
-	public ushort ProtocolVersion { get; set; }
-	public string BuildVersion { get; set; }
-	public ushort MaxInstances { get; set; }
-	public RamAllocationUnits MaxMemory { get; set; }
+	public ushort? ProtocolVersion { get; set; }
+	public string? BuildVersion { get; set; }
+	public ushort? MaxInstances { get; set; }
+	public RamAllocationUnits? MaxMemory { get; set; }
+	
+	[MaxLength(AuthSecret.Length)]
+	public AuthSecret? AuthSecret { get; set; }
+	
+	public AgentConfiguration Configuration => new (Name);
+	public AgentVersionInfo? VersionInfo => ProtocolVersion is {} protocolVersion && BuildVersion is {} buildVersion ? new AgentVersionInfo(protocolVersion, buildVersion) : null;
+	public AgentRuntimeInfo RuntimeInfo => new (VersionInfo, MaxInstances, MaxMemory);
 	
 	internal AgentEntity(Guid agentGuid) {
 		AgentGuid = agentGuid;

Controller/Phantom.Controller.Database/Factories/AbstractUpsertHelper.cs

@@ -14,15 +14,21 @@ public abstract class AbstractUpsertHelper<T> where T : class {
 	private protected abstract T Construct(Guid guid);
 	
 	public T Fetch(Guid guid) {
+		return Fetch(guid, out _);
+	}
+	
+	public T Fetch(Guid guid, out bool wasCreated) {
 		DbSet<T> set = Set;
 		T? entity = set.Find(guid);
 		
 		if (entity == null) {
 			entity = Construct(guid);
 			set.Add(entity);
+			wasCreated = true;
 		}
 		else {
 			set.Update(entity);
+			wasCreated = false;
 		}
 		
 		return entity;

Controller/Phantom.Controller.Database/Repositories/AuditLogRepository.Writer.cs

@@ -61,6 +61,14 @@ sealed partial class AuditLogRepository {
 			});
 		}
 		
+		public void AgentCreated(Guid agentGuid) {
+			AddItem(AuditLogEventType.AgentCreated, agentGuid.ToString());
+		}
+		
+		public void AgentEdited(Guid agentGuid) {
+			AddItem(AuditLogEventType.AgentEdited, agentGuid.ToString());
+		}
+		
 		public void InstanceCreated(Guid instanceGuid) {
 			AddItem(AuditLogEventType.InstanceCreated, instanceGuid.ToString());
 		}

Controller/Phantom.Controller.Database/Repositories/UserRepository.cs

@@ -2,9 +2,6 @@
 using Microsoft.EntityFrameworkCore;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
-using Phantom.Common.Data.Web.Users.AddUserErrors;
-using Phantom.Common.Data.Web.Users.PasswordRequirementViolations;
-using Phantom.Common.Data.Web.Users.UsernameRequirementViolations;
 using Phantom.Controller.Database.Entities;
 using Phantom.Utils.Collections;
 
@@ -16,10 +13,10 @@ public sealed class UserRepository {
 	
 	private static UsernameRequirementViolation? CheckUsernameRequirements(string username) {
 		if (string.IsNullOrWhiteSpace(username)) {
-			return new IsEmpty();
+			return new UsernameRequirementViolation.IsEmpty();
 		}
 		else if (username.Length > MaxUserNameLength) {
-			return new TooLong(MaxUserNameLength);
+			return new UsernameRequirementViolation.TooLong(MaxUserNameLength);
 		}
 		else {
 			return null;
@@ -30,19 +27,19 @@ public sealed class UserRepository {
 		var violations = ImmutableArray.CreateBuilder<PasswordRequirementViolation>();
 		
 		if (password.Length < MinimumPasswordLength) {
-			violations.Add(new TooShort(MinimumPasswordLength));
+			violations.Add(new PasswordRequirementViolation.TooShort(MinimumPasswordLength));
 		}
 		
 		if (!password.Any(char.IsLower)) {
-			violations.Add(new MustContainLowercaseLetter());
+			violations.Add(new PasswordRequirementViolation.MustContainLowercaseLetter());
 		}
 		
 		if (!password.Any(char.IsUpper)) {
-			violations.Add(new MustContainUppercaseLetter());
+			violations.Add(new PasswordRequirementViolation.MustContainUppercaseLetter());
 		}
 		
 		if (!password.Any(char.IsDigit)) {
-			violations.Add(new MustContainDigit());
+			violations.Add(new PasswordRequirementViolation.MustContainDigit());
 		}
 		
 		return violations.ToImmutable();
@@ -73,16 +70,16 @@ public sealed class UserRepository {
 	public async Task<Result<UserEntity, AddUserError>> CreateUser(string username, string password) {
 		var usernameRequirementViolation = CheckUsernameRequirements(username);
 		if (usernameRequirementViolation != null) {
-			return new NameIsInvalid(usernameRequirementViolation);
+			return new AddUserError.NameIsInvalid(usernameRequirementViolation);
 		}
 		
 		var passwordRequirementViolations = CheckPasswordRequirements(password);
 		if (!passwordRequirementViolations.IsEmpty) {
-			return new PasswordIsInvalid(passwordRequirementViolations);
+			return new AddUserError.PasswordIsInvalid(passwordRequirementViolations);
 		}
 		
 		if (await db.Ctx.Users.AnyAsync(user => user.Name == username)) {
-			return new NameAlreadyExists();
+			return new AddUserError.NameAlreadyExists();
 		}
 		
 		var user = new UserEntity(Guid.NewGuid(), username, UserPasswords.Hash(password));
@@ -95,7 +92,7 @@ public sealed class UserRepository {
 	public Result<SetUserPasswordError> SetUserPassword(UserEntity user, string password) {
 		var requirementViolations = CheckPasswordRequirements(password);
 		if (!requirementViolations.IsEmpty) {
-			return new Common.Data.Web.Users.SetUserPasswordErrors.PasswordIsInvalid(requirementViolations);
+			return new SetUserPasswordError.PasswordIsInvalid(requirementViolations);
 		}
 		
 		user.PasswordHash = UserPasswords.Hash(password);

Controller/Phantom.Controller.Minecraft/MinecraftVersionApi.cs

@@ -150,12 +150,12 @@ sealed class MinecraftVersionApi : IDisposable {
 	
 	private static JsonElement GetJsonPropertyOrThrow(JsonElement parentElement, string propertyKey, JsonValueKind expectedKind, string location) {
 		if (!parentElement.TryGetProperty(propertyKey, out var valueElement)) {
-			Logger.Error("Missing \"{Property}\" key in " + location + ".", propertyKey);
+			Logger.Error("Missing \"{Property}\" key in {Location}.", propertyKey, location);
 			throw StopProcedureException.Instance;
 		}
 		
 		if (valueElement.ValueKind != expectedKind) {
-			Logger.Error("The \"{Property}\" key in " + location + " does not contain a JSON {ExpectedType}. Actual type: {ActualType}", propertyKey, expectedKind, valueElement.ValueKind);
+			Logger.Error("The \"{Property}\" key in {Location} does not contain a JSON {ExpectedType}. Actual type: {ActualType}", propertyKey, location, expectedKind, valueElement.ValueKind);
 			throw StopProcedureException.Instance;
 		}
 		

Controller/Phantom.Controller.Services/Agents/AgentActor.cs

@@ -21,34 +21,53 @@ using Phantom.Utils.Actor.Mailbox;
 using Phantom.Utils.Actor.Tasks;
 using Phantom.Utils.Collections;
 using Phantom.Utils.Logging;
+using Phantom.Utils.Rpc;
 using Phantom.Utils.Rpc.Runtime.Server;
 using Serilog;
 
 namespace Phantom.Controller.Services.Agents;
 
-sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
+sealed class AgentActor : ReceiveActor<AgentActor.ICommand>, IWithTimers {
 	private static readonly ILogger Logger = PhantomLogger.Create<AgentActor>();
 	
 	private static readonly TimeSpan DisconnectionRecheckInterval = TimeSpan.FromSeconds(5);
 	private static readonly TimeSpan DisconnectionThreshold = TimeSpan.FromSeconds(12);
 	
-	public readonly record struct Init(Guid AgentGuid, AgentConfiguration AgentConfiguration, ControllerState ControllerState, MinecraftVersions MinecraftVersions, IDbContextProvider DbProvider, CancellationToken CancellationToken);
+	public readonly record struct Init(
+		Guid? LoggedInUserGuid,
+		Guid AgentGuid,
+		AgentConfiguration AgentConfiguration,
+		AuthSecret AuthSecret,
+		AgentRuntimeInfo AgentRuntimeInfo,
+		AgentConnectionKeys AgentConnectionKeys,
+		ControllerState ControllerState,
+		MinecraftVersions MinecraftVersions,
+		IDbContextProvider DbProvider,
+		CancellationToken CancellationToken
+	);
 	
 	public static Props<ICommand> Factory(Init init) {
 		return Props<ICommand>.Create(() => new AgentActor(init), new ActorConfiguration { SupervisorStrategy = SupervisorStrategies.Resume, MailboxType = UnboundedJumpAheadMailbox.Name });
 	}
 	
+	public ITimerScheduler Timers { get; set; } = null!;
+	
+	private readonly AgentConnectionKeys agentConnectionKeys;
 	private readonly ControllerState controllerState;
 	private readonly MinecraftVersions minecraftVersions;
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
 	private readonly Guid agentGuid;
+	private readonly AuthInfo authInfo;
 	
 	private AgentConfiguration configuration;
+	private AgentRuntimeInfo runtimeInfo;
 	private AgentStats? stats;
 	private ImmutableArray<TaggedJavaRuntime> javaRuntimes = ImmutableArray<TaggedJavaRuntime>.Empty;
 	
+	private string AgentName => configuration.AgentName;
+	
 	private readonly AgentConnection connection;
 	
 	private DateTimeOffset? lastPingTime;
@@ -74,23 +93,33 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	private readonly Dictionary<Guid, Instance> instanceDataByGuid = new ();
 	
 	private AgentActor(Init init) {
+		this.agentConnectionKeys = init.AgentConnectionKeys;
 		this.controllerState = init.ControllerState;
 		this.minecraftVersions = init.MinecraftVersions;
 		this.dbProvider = init.DbProvider;
 		this.cancellationToken = init.CancellationToken;
 		
 		this.agentGuid = init.AgentGuid;
+		this.authInfo = new AuthInfo(this, init.AuthSecret);
+		
 		this.configuration = init.AgentConfiguration;
+		this.runtimeInfo = init.AgentRuntimeInfo;
 		this.connection = new AgentConnection(agentGuid, configuration.AgentName);
 		
 		this.databaseStorageActor = Context.ActorOf(AgentDatabaseStorageActor.Factory(new AgentDatabaseStorageActor.Init(agentGuid, init.DbProvider, init.CancellationToken)), "DatabaseStorage");
 		
+		if (init.LoggedInUserGuid is {} loggedInUserGuid) {
+			databaseStorageActor.Tell(new AgentDatabaseStorageActor.StoreAgentConfigurationCommand(loggedInUserGuid, configuration));
+		}
+		
 		NotifyAgentUpdated();
 		
 		ReceiveAsync<InitializeCommand>(Initialize);
+		Receive<ConfigureAgentCommand>(ConfigureAgent);
 		ReceiveAsyncAndReply<RegisterCommand, ImmutableArray<ConfigureInstanceMessage>>(Register);
 		Receive<SetConnectionCommand>(SetConnection);
 		Receive<UnregisterCommand>(Unregister);
+		ReceiveAndReply<GetAuthSecretCommand, AuthSecret>(GetAuthSecret);
 		Receive<RefreshConnectionStatusCommand>(RefreshConnectionStatus);
 		Receive<NotifyIsAliveCommand>(NotifyIsAlive);
 		Receive<UpdateStatsCommand>(UpdateStats);
@@ -104,13 +133,13 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	}
 	
 	private void NotifyAgentUpdated() {
-		controllerState.UpdateAgent(new Agent(agentGuid, configuration, stats, ConnectionStatus));
+		controllerState.UpdateAgent(new Agent(agentGuid, configuration, authInfo.ConnectionKey, runtimeInfo, stats, ConnectionStatus));
 	}
 	
 	protected override void PreStart() {
 		Self.Tell(new InitializeCommand());
 		
-		Context.System.Scheduler.ScheduleTellRepeatedly(DisconnectionRecheckInterval, DisconnectionRecheckInterval, Self, new RefreshConnectionStatusCommand(), Self);
+		Timers.StartPeriodicTimer("RefreshConnectionStatus", new RefreshConnectionStatusCommand(), DisconnectionRecheckInterval, Self);
 	}
 	
 	private ActorRef<InstanceActor.ICommand> CreateNewInstance(Instance instance) {
@@ -172,12 +201,16 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	
 	private sealed record InitializeCommand : ICommand;
 	
-	public sealed record RegisterCommand(AgentConfiguration Configuration, ImmutableArray<TaggedJavaRuntime> JavaRuntimes) : ICommand, ICanReply<ImmutableArray<ConfigureInstanceMessage>>;
+	public sealed record ConfigureAgentCommand(Guid LoggedInUserGuid, AgentConfiguration Configuration) : ICommand;
+	
+	public sealed record RegisterCommand(AgentRuntimeInfo RuntimeInfo, ImmutableArray<TaggedJavaRuntime> JavaRuntimes) : ICommand, ICanReply<ImmutableArray<ConfigureInstanceMessage>>;
 	
 	public sealed record SetConnectionCommand(RpcServerToClientConnection<IMessageToController, IMessageToAgent> Connection) : ICommand;
 	
 	public sealed record UnregisterCommand : ICommand;
 	
+	public sealed record GetAuthSecretCommand : ICommand, ICanReply<AuthSecret>;
+	
 	private sealed record RefreshConnectionStatusCommand : ICommand;
 	
 	public sealed record NotifyIsAliveCommand : ICommand;
@@ -225,19 +258,24 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		}
 	}
 	
+	private void ConfigureAgent(ConfigureAgentCommand message) {
+		configuration = message.Configuration;
+		NotifyAgentUpdated();
+		
+		databaseStorageActor.Tell(new AgentDatabaseStorageActor.StoreAgentConfigurationCommand(message.LoggedInUserGuid, configuration));
+	}
+	
 	private async Task<ImmutableArray<ConfigureInstanceMessage>> Register(RegisterCommand command) {
 		var configurationMessages = await PrepareInitialConfigurationMessages();
 		
-		configuration = command.Configuration;
-		connection.SetAgentName(configuration.AgentName);
-		
+		runtimeInfo = command.RuntimeInfo;
 		lastPingTime = DateTimeOffset.Now;
 		isOnline = true;
 		NotifyAgentUpdated();
 		
-		Logger.Information("Registered agent \"{Name}\" (GUID {Guid}).", configuration.AgentName, agentGuid);
+		Logger.Information("Registered agent \"{AgentName}\" (GUID {AgentGuid}).", AgentName, agentGuid);
 		
-		databaseStorageActor.Tell(new AgentDatabaseStorageActor.StoreAgentConfigurationCommand(configuration));
+		databaseStorageActor.Tell(new AgentDatabaseStorageActor.StoreAgentRuntimeInfoCommand(runtimeInfo));
 		
 		javaRuntimes = command.JavaRuntimes;
 		controllerState.UpdateAgentJavaRuntimes(agentGuid, javaRuntimes);
@@ -259,7 +297,11 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		
 		TellAllInstances(new InstanceActor.SetStatusCommand(InstanceStatus.Offline));
 		
-		Logger.Information("Unregistered agent \"{Name}\" (GUID {Guid}).", configuration.AgentName, agentGuid);
+		Logger.Information("Unregistered agent \"{AgentName}\" (GUID {AgentGuid}).", AgentName, agentGuid);
+	}
+	
+	private AuthSecret GetAuthSecret(GetAuthSecretCommand command) {
+		return authInfo.Secret;
 	}
 	
 	private void RefreshConnectionStatus(RefreshConnectionStatusCommand command) {
@@ -267,7 +309,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 			isOnline = false;
 			NotifyAgentUpdated();
 			
-			Logger.Warning("Lost connection to agent \"{Name}\" (GUID {Guid}).", configuration.AgentName, agentGuid);
+			Logger.Warning("Lost connection to agent \"{AgentName}\" (GUID {AgentGuid}).", AgentName, agentGuid);
 		}
 	}
 	
@@ -278,7 +320,7 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 			isOnline = true;
 			NotifyAgentUpdated();
 			
-			Logger.Warning("Restored connection to agent \"{Name}\" (GUID {Guid}).", configuration.AgentName, agentGuid);
+			Logger.Warning("Restored connection to agent \"{AgentName}\" (GUID {AgentGuid}).", AgentName, agentGuid);
 		}
 	}
 	
@@ -327,19 +369,15 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 		var isCreating = command.IsCreatingInstance;
 		
 		if (result.Is(ConfigureInstanceResult.Success)) {
-			string action = isCreating ? "Added" : "Edited";
-			string relation = isCreating ? "to agent" : "in agent";
-			
-			Logger.Information(action + " instance \"{InstanceName}\" (GUID {InstanceGuid}) " + relation + " \"{AgentName}\".", instanceName, instanceGuid, configuration.AgentName);
+			string action = isCreating ? "Created" : "Edited";
+			Logger.Information(action + " instance \"{InstanceName}\" (GUID {InstanceGuid}) in agent \"{AgentName}\".", instanceName, instanceGuid, AgentName);
 			
 			return CreateOrUpdateInstanceResult.Success;
 		}
 		else {
-			string action = isCreating ? "adding" : "editing";
-			string relation = isCreating ? "to agent" : "in agent";
+			string action = isCreating ? "creating" : "editing";
 			string reason = result.Into(ConfigureInstanceResultExtensions.ToSentence, InstanceActionFailureExtensions.ToSentence);
-			
-			Logger.Information("Failed " + action + " instance \"{InstanceName}\" (GUID {InstanceGuid}) " + relation + " \"{AgentName}\". {ErrorMessage}", instanceName, instanceGuid, configuration.AgentName, reason);
+			Logger.Information("Failed " + action + " instance \"{InstanceName}\" (GUID {InstanceGuid}) in agent \"{AgentName}\". {ErrorMessage}", instanceName, instanceGuid, AgentName, reason);
 			
 			return CreateOrUpdateInstanceResult.UnknownError;
 		}
@@ -368,4 +406,26 @@ sealed class AgentActor : ReceiveActor<AgentActor.ICommand> {
 	private void ReceiveInstanceData(ReceiveInstanceDataCommand command) {
 		UpdateInstanceData(command.Instance);
 	}
+	
+	private sealed class AuthInfo {
+		private readonly AgentActor actor;
+		
+		public AuthSecret Secret { get; private set; }
+		public ImmutableArray<byte> ConnectionKey { get; private set; }
+		
+		public AuthInfo(AgentActor actor, AuthSecret authSecret) {
+			this.actor = actor;
+			this.Secret = authSecret;
+			this.ConnectionKey = CreateConnectionKey(authSecret);
+		}
+		
+		public void UpdateSecret(AuthSecret newSecret) {
+			this.Secret = newSecret;
+			this.ConnectionKey = CreateConnectionKey(newSecret);
+		}
+		
+		private ImmutableArray<byte> CreateConnectionKey(AuthSecret authSecret) {
+			return actor.agentConnectionKeys.Get(new AuthToken(actor.agentGuid, authSecret)).ToBytes();
+		}
+	}
 }

Controller/Phantom.Controller.Services/Agents/AgentConnectionKeys.cs

@@ -0,0 +1,11 @@
+using Phantom.Common.Data;
+using Phantom.Utils.Rpc;
+using Phantom.Utils.Rpc.Runtime.Tls;
+
+namespace Phantom.Controller.Services.Agents;
+
+sealed class AgentConnectionKeys(RpcCertificateThumbprint certificateThumbprint) {
+	public ConnectionKey Get(AuthToken authToken) {
+		return new ConnectionKey(certificateThumbprint, authToken);
+	}
+}

Controller/Phantom.Controller.Services/Agents/AgentDatabaseStorageActor.cs

@@ -1,12 +1,16 @@
-using Phantom.Common.Data.Web.Agent;
+using Akka.Actor;
+using Phantom.Common.Data.Web.Agent;
 using Phantom.Controller.Database;
+using Phantom.Controller.Database.Entities;
+using Phantom.Controller.Database.Repositories;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Logging;
+using Phantom.Utils.Rpc;
 using Serilog;
 
 namespace Phantom.Controller.Services.Agents;
 
-sealed class AgentDatabaseStorageActor : ReceiveActor<AgentDatabaseStorageActor.ICommand> {
+sealed class AgentDatabaseStorageActor : ReceiveActor<AgentDatabaseStorageActor.ICommand>, IWithTimers {
 	private static readonly ILogger Logger = PhantomLogger.Create<AgentDatabaseStorageActor>();
 	
 	public readonly record struct Init(Guid AgentGuid, IDbContextProvider DbProvider, CancellationToken CancellationToken);
@@ -15,66 +19,111 @@ sealed class AgentDatabaseStorageActor : ReceiveActor<AgentDatabaseStorageActor.
 		return Props<ICommand>.Create(() => new AgentDatabaseStorageActor(init), new ActorConfiguration { SupervisorStrategy = SupervisorStrategies.Resume });
 	}
 	
+	public ITimerScheduler Timers { get; set; } = null!;
+	
 	private readonly Guid agentGuid;
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
-	private AgentConfiguration? configurationToStore;
-	private bool hasScheduledFlush;
+	private StoreAgentRuntimeInfoCommand? storeRuntimeInfoCommand;
 	
 	private AgentDatabaseStorageActor(Init init) {
 		this.agentGuid = init.AgentGuid;
 		this.dbProvider = init.DbProvider;
 		this.cancellationToken = init.CancellationToken;
 		
-		Receive<StoreAgentConfigurationCommand>(StoreAgentConfiguration);
-		ReceiveAsync<FlushChangesCommand>(FlushChanges);
+		Receive<StoreAgentRuntimeInfoCommand>(StoreAgentRuntimeInfo);
+		ReceiveAsync<StoreAgentConfigurationCommand>(StoreAgentConfiguration);
+		ReceiveAsync<FlushAgentRuntimeInfoCommand>(FlushAgentRuntimeInfo);
+	}
+	
+	private ValueTask<AgentEntity?> FindAgentEntity(ILazyDbContext db) {
+		return db.Ctx.Agents.FindAsync([agentGuid], cancellationToken);
 	}
 	
 	public interface ICommand;
 	
-	public sealed record StoreAgentConfigurationCommand(AgentConfiguration Configuration) : ICommand;
+	public sealed record StoreAgentConfigurationCommand(Guid AuditLogUserGuid, AgentConfiguration Configuration) : ICommand;
 	
-	private sealed record FlushChangesCommand : ICommand;
+	public sealed record StoreAgentRuntimeInfoCommand(AgentRuntimeInfo RuntimeInfo) : ICommand;
 	
-	private void StoreAgentConfiguration(StoreAgentConfigurationCommand command) {
-		configurationToStore = command.Configuration;
+	private sealed record FlushAgentRuntimeInfoCommand : ICommand;
+	
+	private async Task StoreAgentConfiguration(StoreAgentConfigurationCommand command) {
+		await FlushAgentRuntimeInfo();
+		
+		bool wasCreated;
+		
+		await using (var db = dbProvider.Lazy()) {
+			var entity = db.Ctx.AgentUpsert.Fetch(agentGuid, out wasCreated);
+			
+			if (wasCreated) {
+				entity.AuthSecret = AuthSecret.Generate();
+			}
+			
+			entity.Name = command.Configuration.AgentName;
+			
+			var auditLogWriter = new AuditLogRepository(db).Writer(command.AuditLogUserGuid);
+			if (wasCreated) {
+				auditLogWriter.AgentCreated(agentGuid);
+			}
+			else {
+				auditLogWriter.AgentEdited(agentGuid);
+			}
+			
+			await db.Ctx.SaveChangesAsync(cancellationToken);
+		}
+		
+		string action = wasCreated ? "Created" : "Edited";
+		Logger.Information(action + " agent \"{AgentName}\" (GUID {AgentGuid}) in database.", command.Configuration.AgentName, agentGuid);
+	}
+	
+	private void StoreAgentRuntimeInfo(StoreAgentRuntimeInfoCommand command) {
+		storeRuntimeInfoCommand = command;
 		ScheduleFlush(TimeSpan.FromSeconds(2));
 	}
 	
-	private async Task FlushChanges(FlushChangesCommand command) {
-		hasScheduledFlush = false;
-		
-		if (configurationToStore == null) {
-			return;
+	private void ScheduleFlush(TimeSpan delay) {
+		if (storeRuntimeInfoCommand != null) {
+			Timers.StartSingleTimer("FlushChanges", new FlushAgentRuntimeInfoCommand(), delay, Self);
 		}
-		
-		try {
-			await using var ctx = dbProvider.Eager();
-			var entity = ctx.AgentUpsert.Fetch(agentGuid);
-			
-			entity.Name = configurationToStore.AgentName;
-			entity.ProtocolVersion = configurationToStore.ProtocolVersion;
-			entity.BuildVersion = configurationToStore.BuildVersion;
-			entity.MaxInstances = configurationToStore.MaxInstances;
-			entity.MaxMemory = configurationToStore.MaxMemory;
-			
-			await ctx.SaveChangesAsync(cancellationToken);
-		} catch (Exception e) {
-			ScheduleFlush(TimeSpan.FromSeconds(10));
-			Logger.Error(e, "Could not store agent \"{AgentName}\" (GUID {AgentGuid}) in database.", configurationToStore.AgentName, agentGuid);
-			return;
-		}
-		
-		Logger.Information("Stored agent \"{AgentName}\" (GUID {AgentGuid}) in database.", configurationToStore.AgentName, agentGuid);
-		
-		configurationToStore = null;
 	}
 	
-	private void ScheduleFlush(TimeSpan delay) {
-		if (!hasScheduledFlush) {
-			hasScheduledFlush = true;
-			Context.System.Scheduler.ScheduleTellOnce(delay, Self, new FlushChangesCommand(), Self);
+	private Task FlushAgentRuntimeInfo(FlushAgentRuntimeInfoCommand command) {
+		return FlushAgentRuntimeInfo();
+	}
+	
+	private async Task FlushAgentRuntimeInfo() {
+		if (storeRuntimeInfoCommand == null) {
+			return;
 		}
+		
+		string agentName;
+		
+		await using (var db = dbProvider.Lazy()) {
+			var entity = await FindAgentEntity(db);
+			if (entity == null) {
+				return;
+			}
+			
+			agentName = entity.Name;
+			
+			try {
+				entity.ProtocolVersion = storeRuntimeInfoCommand.RuntimeInfo.VersionInfo?.ProtocolVersion;
+				entity.BuildVersion = storeRuntimeInfoCommand.RuntimeInfo.VersionInfo?.BuildVersion;
+				entity.MaxInstances = storeRuntimeInfoCommand.RuntimeInfo.MaxInstances;
+				entity.MaxMemory = storeRuntimeInfoCommand.RuntimeInfo.MaxMemory;
+				
+				await db.Ctx.SaveChangesAsync(cancellationToken);
+			} catch (Exception e) {
+				ScheduleFlush(TimeSpan.FromSeconds(10));
+				Logger.Error(e, "Could not update agent \"{AgentName}\" (GUID {AgentGuid}) in database.", entity.Name, agentGuid);
+				return;
+			}
+		}
+		
+		Logger.Information("Updated agent \"{AgentName}\" (GUID {AgentGuid}) in database.", agentName, agentGuid);
+		
+		storeRuntimeInfoCommand = null;
 	}
 }

Controller/Phantom.Controller.Services/Agents/AgentManager.cs

@@ -1,6 +1,7 @@
 using System.Collections.Concurrent;
 using System.Collections.Immutable;
 using Akka.Actor;
+using Microsoft.EntityFrameworkCore;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Replies;
 using Phantom.Common.Data.Web.Agent;
@@ -8,61 +9,76 @@ using Phantom.Common.Data.Web.Users;
 using Phantom.Common.Messages.Agent.Handshake;
 using Phantom.Common.Messages.Agent.ToAgent;
 using Phantom.Controller.Database;
+using Phantom.Controller.Database.Entities;
 using Phantom.Controller.Minecraft;
 using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Logging;
+using Phantom.Utils.Rpc;
 using Serilog;
 
 namespace Phantom.Controller.Services.Agents;
 
-sealed class AgentManager {
+sealed class AgentManager(
+	IActorRefFactory actorSystem,
+	AgentConnectionKeys agentConnectionKeys,
+	ControllerState controllerState,
+	MinecraftVersions minecraftVersions,
+	IDbContextProvider dbProvider,
+	CancellationToken cancellationToken
+) {
 	private static readonly ILogger Logger = PhantomLogger.Create<AgentManager>();
 	
-	private readonly IActorRefFactory actorSystem;
-	private readonly ControllerState controllerState;
-	private readonly MinecraftVersions minecraftVersions;
-	private readonly UserLoginManager userLoginManager;
-	private readonly IDbContextProvider dbProvider;
-	private readonly CancellationToken cancellationToken;
-	
 	private readonly ConcurrentDictionary<Guid, ActorRef<AgentActor.ICommand>> agentsByAgentGuid = new ();
-	private readonly Func<Guid, AgentConfiguration, ActorRef<AgentActor.ICommand>> addAgentActorFactory;
-	
-	public AgentManager(IActorRefFactory actorSystem, ControllerState controllerState, MinecraftVersions minecraftVersions, UserLoginManager userLoginManager, IDbContextProvider dbProvider, CancellationToken cancellationToken) {
-		this.actorSystem = actorSystem;
-		this.controllerState = controllerState;
-		this.minecraftVersions = minecraftVersions;
-		this.userLoginManager = userLoginManager;
-		this.dbProvider = dbProvider;
-		this.cancellationToken = cancellationToken;
-		
-		this.addAgentActorFactory = CreateAgentActor;
-	}
-	
-	private ActorRef<AgentActor.ICommand> CreateAgentActor(Guid agentGuid, AgentConfiguration agentConfiguration) {
-		var init = new AgentActor.Init(agentGuid, agentConfiguration, controllerState, minecraftVersions, dbProvider, cancellationToken);
-		var name = "Agent:" + agentGuid;
-		return actorSystem.ActorOf(AgentActor.Factory(init), name);
-	}
 	
 	public async Task Initialize() {
 		await using var ctx = dbProvider.Eager();
+		await Migrate(ctx);
 		
 		await foreach (var entity in ctx.Agents.AsAsyncEnumerable().WithCancellation(cancellationToken)) {
 			var agentGuid = entity.AgentGuid;
-			var agentConfiguration = new AgentConfiguration(entity.Name, entity.ProtocolVersion, entity.BuildVersion, entity.MaxInstances, entity.MaxMemory);
 			
-			if (agentsByAgentGuid.TryAdd(agentGuid, CreateAgentActor(agentGuid, agentConfiguration))) {
-				Logger.Information("Loaded agent \"{AgentName}\" (GUID {AgentGuid}) from database.", agentConfiguration.AgentName, agentGuid);
+			if (AddAgent(loggedInUserGuid: null, agentGuid, entity.Configuration, entity.AuthSecret!, entity.RuntimeInfo)) {
+				Logger.Information("Loaded agent \"{AgentName}\" (GUID {AgentGuid}) from database.", entity.Name, agentGuid);
 			}
 		}
 	}
 	
-	public async Task<ImmutableArray<ConfigureInstanceMessage>> RegisterAgent(AgentRegistration registration) {
-		var agentConfiguration = AgentConfiguration.From(registration.AgentInfo);
-		var agentActor = agentsByAgentGuid.GetOrAdd(registration.AgentInfo.AgentGuid, addAgentActorFactory, agentConfiguration);
-		return await agentActor.Request(new AgentActor.RegisterCommand(agentConfiguration, registration.JavaRuntimes), cancellationToken);
+	private bool AddAgent(Guid? loggedInUserGuid, Guid agentGuid, AgentConfiguration configuration, AuthSecret authSecret, AgentRuntimeInfo runtimeInfo) {
+		var init = new AgentActor.Init(loggedInUserGuid, agentGuid, configuration, authSecret, runtimeInfo, agentConnectionKeys, controllerState, minecraftVersions, dbProvider, cancellationToken);
+		var name = "Agent:" + agentGuid;
+		return agentsByAgentGuid.TryAdd(agentGuid, actorSystem.ActorOf(AgentActor.Factory(init), name));
+	}
+	
+	private async Task Migrate(ApplicationDbContext ctx) {
+		List<AgentEntity> agentsWithoutSecrets = await ctx.Agents.Where(static entity => entity.AuthSecret == null).ToListAsync(cancellationToken);
+		if (agentsWithoutSecrets.Count == 0) {
+			return;
+		}
+		
+		foreach (var entity in agentsWithoutSecrets) {
+			entity.AuthSecret = AuthSecret.Generate();
+		}
+		
+		await ctx.SaveChangesAsync(cancellationToken);
+	}
+	
+	public async Task<ImmutableArray<ConfigureInstanceMessage>?> RegisterAgent(Guid agentGuid, AgentRegistration registration) {
+		if (!agentsByAgentGuid.TryGetValue(agentGuid, out var agentActor)) {
+			return null;
+		}
+		
+		var runtimeInfo = AgentRuntimeInfo.From(registration.AgentInfo);
+		return await agentActor.Request(new AgentActor.RegisterCommand(runtimeInfo, registration.JavaRuntimes), cancellationToken);
+	}
+	
+	public async Task<AuthSecret?> GetAgentAuthSecret(Guid agentGuid) {
+		if (agentsByAgentGuid.TryGetValue(agentGuid, out var agent)) {
+			return await agent.Request(new AgentActor.GetAuthSecretCommand(), cancellationToken);
+		}
+		else {
+			return null;
+		}
 	}
 	
 	public bool TellAgent(Guid agentGuid, AgentActor.ICommand command) {
@@ -71,13 +87,31 @@ sealed class AgentManager {
 			return true;
 		}
 		else {
-			Logger.Warning("Could not deliver command {CommandType} to agent {AgentGuid}, agent not registered.", command.GetType().Name, agentGuid);
+			Logger.Warning("Could not deliver command {CommandType} to unknown agent {AgentGuid}.", command.GetType().Name, agentGuid);
 			return false;
 		}
 	}
 	
-	public async Task<Result<TReply, UserInstanceActionFailure>> DoInstanceAction<TCommand, TReply>(Permission requiredPermission, ImmutableArray<byte> authToken, Guid agentGuid, Func<Guid, TCommand> commandFactoryFromLoggedInUserGuid) where TCommand : class, AgentActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
-		var loggedInUser = userLoginManager.GetLoggedInUser(authToken);
+	public Result<CreateOrUpdateAgentResult, UserActionFailure> CreateOrUpdateAgent(LoggedInUser loggedInUser, Guid agentGuid, AgentConfiguration configuration) {
+		if (!loggedInUser.CheckPermission(Permission.ManageAllAgents)) {
+			return UserActionFailure.NotAuthorized;
+		}
+		
+		if (configuration.AgentName.Length == 0) {
+			return CreateOrUpdateAgentResult.AgentNameMustNotBeEmpty;
+		}
+		
+		if (agentsByAgentGuid.TryGetValue(agentGuid, out var agent)) {
+			agent.Tell(new AgentActor.ConfigureAgentCommand(loggedInUser.Guid!.Value, configuration));
+		}
+		else {
+			AddAgent(loggedInUser.Guid!.Value, agentGuid, configuration, AuthSecret.Generate(), new AgentRuntimeInfo());
+		}
+		
+		return CreateOrUpdateAgentResult.Success;
+	}
+	
+	public async Task<Result<TReply, UserInstanceActionFailure>> DoInstanceAction<TCommand, TReply>(LoggedInUser loggedInUser, Permission requiredPermission, Guid agentGuid, Func<Guid, TCommand> commandFactoryFromLoggedInUserGuid) where TCommand : class, AgentActor.ICommand, ICanReply<Result<TReply, InstanceActionFailure>> {
 		if (!loggedInUser.HasAccessToAgent(agentGuid) || !loggedInUser.CheckPermission(requiredPermission)) {
 			return (UserInstanceActionFailure) UserActionFailure.NotAuthorized;
 		}

Controller/Phantom.Controller.Services/ControllerServices.cs

@@ -8,8 +8,10 @@ using Phantom.Controller.Services.Rpc;
 using Phantom.Controller.Services.Users;
 using Phantom.Controller.Services.Users.Sessions;
 using Phantom.Utils.Actor;
-using IRpcAgentRegistrar = Phantom.Utils.Rpc.Runtime.Server.IRpcServerClientRegistrar<Phantom.Common.Messages.Agent.IMessageToController, Phantom.Common.Messages.Agent.IMessageToAgent, Phantom.Common.Data.Agent.AgentInfo>;
-using IRpcWebRegistrar = Phantom.Utils.Rpc.Runtime.Server.IRpcServerClientRegistrar<Phantom.Common.Messages.Web.IMessageToController, Phantom.Common.Messages.Web.IMessageToWeb, Phantom.Utils.Rpc.Runtime.Server.RpcServerClientHandshake.NoValue>;
+using Phantom.Utils.Rpc.Runtime.Server;
+using Phantom.Utils.Rpc.Runtime.Tls;
+using IRpcAgentRegistrar = Phantom.Utils.Rpc.Runtime.Server.IRpcServerClientRegistrar<Phantom.Common.Messages.Agent.IMessageToController, Phantom.Common.Messages.Agent.IMessageToAgent>;
+using IRpcWebRegistrar = Phantom.Utils.Rpc.Runtime.Server.IRpcServerClientRegistrar<Phantom.Common.Messages.Web.IMessageToController, Phantom.Common.Messages.Web.IMessageToWeb>;
 
 namespace Phantom.Controller.Services;
 
@@ -32,14 +34,15 @@ public sealed class ControllerServices : IDisposable {
 	private AuditLogManager AuditLogManager { get; }
 	private EventLogManager EventLogManager { get; }
 	
+	public IRpcServerClientAuthProvider AgentAuthProvider { get; }
+	public IRpcServerClientHandshake AgentHandshake { get; }
 	public IRpcAgentRegistrar AgentRegistrar { get; }
-	public AgentClientHandshake AgentHandshake { get; }
 	public IRpcWebRegistrar WebRegistrar { get; }
 	
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
-	public ControllerServices(IDbContextProvider dbProvider, CancellationToken shutdownCancellationToken) {
+	public ControllerServices(IDbContextProvider dbProvider, RpcCertificateThumbprint agentCertificateThumbprint, CancellationToken shutdownCancellationToken) {
 		this.dbProvider = dbProvider;
 		this.cancellationToken = shutdownCancellationToken;
 		
@@ -55,14 +58,15 @@ public sealed class ControllerServices : IDisposable {
 		this.UserLoginManager = new UserLoginManager(AuthenticatedUserCache, dbProvider);
 		this.PermissionManager = new PermissionManager(dbProvider);
 		
-		this.AgentManager = new AgentManager(ActorSystem, ControllerState, MinecraftVersions, UserLoginManager, dbProvider, cancellationToken);
+		this.AgentManager = new AgentManager(ActorSystem, new AgentConnectionKeys(agentCertificateThumbprint), ControllerState, MinecraftVersions, dbProvider, cancellationToken);
 		this.InstanceLogManager = new InstanceLogManager();
 		
 		this.AuditLogManager = new AuditLogManager(dbProvider);
 		this.EventLogManager = new EventLogManager(ControllerState, ActorSystem, dbProvider, shutdownCancellationToken);
 		
-		this.AgentRegistrar = new AgentClientRegistrar(ActorSystem, AgentManager, InstanceLogManager, EventLogManager);
+		this.AgentAuthProvider = new AgentClientAuthProvider(AgentManager);
 		this.AgentHandshake = new AgentClientHandshake(AgentManager);
+		this.AgentRegistrar = new AgentClientRegistrar(ActorSystem, AgentManager, InstanceLogManager, EventLogManager);
 		this.WebRegistrar = new WebClientRegistrar(ActorSystem, ControllerState, InstanceLogManager, UserManager, RoleManager, UserRoleManager, UserLoginManager, AuditLogManager, AgentManager, MinecraftVersions, EventLogManager);
 	}
 	

Controller/Phantom.Controller.Services/Events/EventLogDatabaseStorageActor.cs

@@ -1,4 +1,5 @@
-using Phantom.Common.Data.Web.EventLog;
+using Akka.Actor;
+using Phantom.Common.Data.Web.EventLog;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Repositories;
 using Phantom.Utils.Actor;
@@ -7,7 +8,7 @@ using Serilog;
 
 namespace Phantom.Controller.Services.Events;
 
-sealed class EventLogDatabaseStorageActor : ReceiveActor<EventLogDatabaseStorageActor.ICommand> {
+sealed class EventLogDatabaseStorageActor : ReceiveActor<EventLogDatabaseStorageActor.ICommand>, IWithTimers {
 	private static readonly ILogger Logger = PhantomLogger.Create<EventLogDatabaseStorageActor>();
 	
 	public readonly record struct Init(IDbContextProvider DbProvider, CancellationToken CancellationToken);
@@ -16,6 +17,8 @@ sealed class EventLogDatabaseStorageActor : ReceiveActor<EventLogDatabaseStorage
 		return Props<ICommand>.Create(() => new EventLogDatabaseStorageActor(init), new ActorConfiguration { SupervisorStrategy = SupervisorStrategies.Resume });
 	}
 	
+	public ITimerScheduler Timers { get; set; } = null!;
+	
 	private readonly IDbContextProvider dbProvider;
 	private readonly CancellationToken cancellationToken;
 	
@@ -71,7 +74,7 @@ sealed class EventLogDatabaseStorageActor : ReceiveActor<EventLogDatabaseStorage
 	private void ScheduleFlush(TimeSpan delay) {
 		if (!hasScheduledFlush) {
 			hasScheduledFlush = true;
-			Context.System.Scheduler.ScheduleTellOnce(delay, Self, new FlushChangesCommand(), Self);
+			Timers.StartSingleTimer("FlushChanges", new FlushChangesCommand(), delay, Self);
 		}
 	}
 }

Controller/Phantom.Controller.Services/Rpc/AgentClientAuthProvider.cs

@@ -0,0 +1,11 @@
+using Phantom.Controller.Services.Agents;
+using Phantom.Utils.Rpc;
+using Phantom.Utils.Rpc.Runtime.Server;
+
+namespace Phantom.Controller.Services.Rpc;
+
+sealed class AgentClientAuthProvider(AgentManager agentManager) : IRpcServerClientAuthProvider {
+	public Task<AuthSecret?> GetAuthSecret(Guid agentGuid) {
+		return agentManager.GetAgentAuthSecret(agentGuid);
+	}
+}

Controller/Phantom.Controller.Services/Rpc/AgentClientHandshake.cs

@@ -1,5 +1,4 @@
 using System.Collections.Immutable;
-using Phantom.Common.Data.Agent;
 using Phantom.Common.Messages.Agent.Handshake;
 using Phantom.Common.Messages.Agent.ToAgent;
 using Phantom.Controller.Services.Agents;
@@ -10,7 +9,7 @@ using Phantom.Utils.Rpc.Runtime.Server;
 
 namespace Phantom.Controller.Services.Rpc;
 
-public sealed class AgentClientHandshake : IRpcServerClientHandshake<AgentInfo> {
+sealed class AgentClientHandshake : IRpcServerClientHandshake {
 	private const int MaxRegistrationBytes = 1024 * 1024 * 8;
 	
 	private readonly AgentManager agentManager;
@@ -19,9 +18,9 @@ public sealed class AgentClientHandshake : IRpcServerClientHandshake<AgentInfo>
 		this.agentManager = agentManager;
 	}
 	
-	public async Task<Either<AgentInfo, Exception>> Perform(bool isNewSession, RpcStream stream, CancellationToken cancellationToken) {
+	public async Task Perform(bool isNewSession, RpcStream stream, Guid agentGuid, CancellationToken cancellationToken) {
 		RegistrationResult registrationResult;
-		switch (await RegisterAgent(stream, cancellationToken)) {
+		switch (await RegisterAgent(stream, agentGuid, cancellationToken)) {
 			case Left<RegistrationResult, Exception>(var result):
 				await stream.WriteByte(value: 1, cancellationToken);
 				registrationResult = result;
@@ -29,11 +28,11 @@ public sealed class AgentClientHandshake : IRpcServerClientHandshake<AgentInfo>
 			
 			case Right<RegistrationResult, Exception>(var exception):
 				await stream.WriteByte(value: 0, cancellationToken);
-				return Either.Right(exception);
+				throw exception;
 			
 			default:
 				await stream.WriteByte(value: 0, cancellationToken);
-				return Either.Right<Exception>(new InvalidOperationException("Invalid result type."));
+				throw new InvalidOperationException("Invalid result type.");
 		}
 		
 		if (isNewSession) {
@@ -50,11 +49,9 @@ public sealed class AgentClientHandshake : IRpcServerClientHandshake<AgentInfo>
 		}
 		
 		await stream.Flush(cancellationToken);
-		
-		return Either.Left(registrationResult.AgentInfo);
 	}
 	
-	private async Task<Either<RegistrationResult, Exception>> RegisterAgent(RpcStream stream, CancellationToken cancellationToken) {
+	private async Task<Either<RegistrationResult, Exception>> RegisterAgent(RpcStream stream, Guid agentGuid, CancellationToken cancellationToken) {
 		int serializedRegistrationLength = await stream.ReadSignedInt(cancellationToken);
 		if (serializedRegistrationLength is < 0 or > MaxRegistrationBytes) {
 			return Either.Right<Exception>(new InvalidOperationException("Registration must be between 0 and " + MaxRegistrationBytes + " bytes."));
@@ -69,9 +66,13 @@ public sealed class AgentClientHandshake : IRpcServerClientHandshake<AgentInfo>
 			return Either.Right<Exception>(new InvalidOperationException("Caught exception during deserialization.", e));
 		}
 		
-		var configureInstanceMessages = await agentManager.RegisterAgent(registration);
-		return Either.Left(new RegistrationResult(registration.AgentInfo, configureInstanceMessages));
+		var configureInstanceMessages = await agentManager.RegisterAgent(agentGuid, registration);
+		if (configureInstanceMessages == null) {
+			return Either.Right<Exception>(new InvalidOperationException("Could not register agent."));
+		}
+		
+		return Either.Left(new RegistrationResult(configureInstanceMessages.Value));
 	}
 	
-	private readonly record struct RegistrationResult(AgentInfo AgentInfo, ImmutableArray<ConfigureInstanceMessage> ConfigureInstanceMessages);
+	private readonly record struct RegistrationResult(ImmutableArray<ConfigureInstanceMessage> ConfigureInstanceMessages);
 }

Controller/Phantom.Controller.Services/Rpc/AgentClientRegistrar.cs

@@ -1,7 +1,5 @@
 using System.Collections.Concurrent;
-using System.Diagnostics.CodeAnalysis;
 using Akka.Actor;
-using Phantom.Common.Data.Agent;
 using Phantom.Common.Messages.Agent;
 using Phantom.Controller.Services.Agents;
 using Phantom.Controller.Services.Events;
@@ -12,20 +10,29 @@ using Phantom.Utils.Rpc.Runtime.Server;
 
 namespace Phantom.Controller.Services.Rpc;
 
-sealed class AgentClientRegistrar(
-	IActorRefFactory actorSystem,
-	AgentManager agentManager,
-	InstanceLogManager instanceLogManager,
-	EventLogManager eventLogManager
-) : IRpcServerClientRegistrar<IMessageToController, IMessageToAgent, AgentInfo> {
+sealed class AgentClientRegistrar : IRpcServerClientRegistrar<IMessageToController, IMessageToAgent> {
+	private readonly IActorRefFactory actorSystem;
+	private readonly AgentManager agentManager;
+	private readonly InstanceLogManager instanceLogManager;
+	private readonly EventLogManager eventLogManager;
+	
+	private readonly Func<Guid, Guid, Receiver> receiverFactory;
 	private readonly ConcurrentDictionary<Guid, Receiver> receiversBySessionGuid = new ();
 	
-	[SuppressMessage("ReSharper", "LambdaShouldNotCaptureContext")]
-	public IMessageReceiver<IMessageToController> Register(RpcServerToClientConnection<IMessageToController, IMessageToAgent> connection, AgentInfo handshakeResult) {
-		var agentGuid = handshakeResult.AgentGuid;
+	public AgentClientRegistrar(IActorRefFactory actorSystem, AgentManager agentManager, InstanceLogManager instanceLogManager, EventLogManager eventLogManager) {
+		this.actorSystem = actorSystem;
+		this.agentManager = agentManager;
+		this.instanceLogManager = instanceLogManager;
+		this.eventLogManager = eventLogManager;
+		this.receiverFactory = CreateReceiver;
+	}
+	
+	public IMessageReceiver<IMessageToController> Register(RpcServerToClientConnection<IMessageToController, IMessageToAgent> connection) {
+		Guid agentGuid = connection.ClientGuid;
+		
 		agentManager.TellAgent(agentGuid, new AgentActor.SetConnectionCommand(connection));
 		
-		var receiver = receiversBySessionGuid.GetOrAdd(connection.SessionId, CreateReceiver, agentGuid);
+		var receiver = receiversBySessionGuid.GetOrAdd(connection.SessionGuid, receiverFactory, agentGuid);
 		if (receiver.AgentGuid != agentGuid) {
 			throw new InvalidOperationException("Cannot register two agents to the same session!");
 		}
@@ -33,8 +40,8 @@ sealed class AgentClientRegistrar(
 		return receiver;
 	}
 	
-	private Receiver CreateReceiver(Guid sessionId, Guid agentGuid) {
-		var name = "AgentClient-" + sessionId;
+	private Receiver CreateReceiver(Guid sessionGuid, Guid agentGuid) {
+		var name = "AgentClient-" + sessionGuid;
 		var init = new AgentMessageHandlerActor.Init(agentGuid, agentManager, instanceLogManager, eventLogManager);
 		return new Receiver(agentGuid, agentManager, actorSystem.ActorOf(AgentMessageHandlerActor.Factory(init), name));
 	}

Controller/Phantom.Controller.Services/Rpc/AgentMessageHandlerActor.cs

@@ -25,30 +25,30 @@ sealed class AgentMessageHandlerActor : ReceiveActor<IMessageToController> {
 		this.instanceLogManager = init.InstanceLogManager;
 		this.eventLogManager = init.EventLogManager;
 		
-		Receive<ReportAgentStatusMessage>(HandleReportAgentStatus);
-		Receive<ReportInstanceStatusMessage>(HandleReportInstanceStatus);
-		Receive<ReportInstancePlayerCountsMessage>(HandleReportInstancePlayerCounts);
-		Receive<ReportInstanceEventMessage>(HandleReportInstanceEvent);
-		Receive<InstanceOutputMessage>(HandleInstanceOutput);
+		Receive<ReportAgentStatusMessage>(ReportAgentStatus);
+		Receive<ReportInstanceStatusMessage>(ReportInstanceStatus);
+		Receive<ReportInstancePlayerCountsMessage>(ReportInstancePlayerCounts);
+		Receive<ReportInstanceEventMessage>(ReportInstanceEvent);
+		Receive<InstanceOutputMessage>(InstanceOutput);
 	}
 	
-	private void HandleReportAgentStatus(ReportAgentStatusMessage message) {
+	private void ReportAgentStatus(ReportAgentStatusMessage message) {
 		agentManager.TellAgent(agentGuid, new AgentActor.UpdateStatsCommand(message.RunningInstanceCount, message.RunningInstanceMemory));
 	}
 	
-	private void HandleReportInstanceStatus(ReportInstanceStatusMessage message) {
+	private void ReportInstanceStatus(ReportInstanceStatusMessage message) {
 		agentManager.TellAgent(agentGuid, new AgentActor.UpdateInstanceStatusCommand(message.InstanceGuid, message.InstanceStatus));
 	}
 	
-	private void HandleReportInstancePlayerCounts(ReportInstancePlayerCountsMessage message) {
+	private void ReportInstancePlayerCounts(ReportInstancePlayerCountsMessage message) {
 		agentManager.TellAgent(agentGuid, new AgentActor.UpdateInstancePlayerCountsCommand(message.InstanceGuid, message.PlayerCounts));
 	}
 	
-	private void HandleReportInstanceEvent(ReportInstanceEventMessage message) {
+	private void ReportInstanceEvent(ReportInstanceEventMessage message) {
 		message.Event.Accept(eventLogManager.CreateInstanceEventVisitor(message.EventGuid, message.UtcTime, agentGuid, message.InstanceGuid));
 	}
 	
-	private void HandleInstanceOutput(InstanceOutputMessage message) {
+	private void InstanceOutput(InstanceOutputMessage message) {
 		instanceLogManager.ReceiveLines(message.InstanceGuid, message.Lines);
 	}
 }

Controller/Phantom.Controller.Services/Rpc/WebClientAuthProvider.cs

@@ -0,0 +1,10 @@
+using Phantom.Utils.Rpc;
+using Phantom.Utils.Rpc.Runtime.Server;
+
+namespace Phantom.Controller.Services.Rpc;
+
+public sealed class WebClientAuthProvider(AuthToken webAuthToken) : IRpcServerClientAuthProvider {
+	public Task<AuthSecret?> GetAuthSecret(Guid clientGuid) {
+		return Task.FromResult(clientGuid == webAuthToken.Guid ? webAuthToken.Secret : null);
+	}
+}

Controller/Phantom.Controller.Services/Rpc/WebClientRegistrar.cs

@@ -24,9 +24,9 @@ sealed class WebClientRegistrar(
 	AgentManager agentManager,
 	MinecraftVersions minecraftVersions,
 	EventLogManager eventLogManager
-) : IRpcServerClientRegistrar<IMessageToController, IMessageToWeb, RpcServerClientHandshake.NoValue> {
-	public IMessageReceiver<IMessageToController> Register(RpcServerToClientConnection<IMessageToController, IMessageToWeb> connection, RpcServerClientHandshake.NoValue handshakeResult) {
-		var name = "WebClient-" + connection.SessionId;
+) : IRpcServerClientRegistrar<IMessageToController, IMessageToWeb> {
+	public IMessageReceiver<IMessageToController> Register(RpcServerToClientConnection<IMessageToController, IMessageToWeb> connection) {
+		var name = "WebClient-" + connection.SessionGuid;
 		var init = new WebMessageHandlerActor.Init(connection, controllerState, instanceLogManager, userManager, roleManager, userRoleManager, userLoginManager, auditLogManager, agentManager, minecraftVersions, eventLogManager);
 		return new IMessageReceiver<IMessageToController>.Actor(actorSystem.ActorOf(WebMessageHandlerActor.Factory(init), name));
 	}

Controller/Phantom.Controller.Services/Rpc/WebMessageHandlerActor.cs

@@ -3,6 +3,7 @@ using Phantom.Common.Data;
 using Phantom.Common.Data.Java;
 using Phantom.Common.Data.Minecraft;
 using Phantom.Common.Data.Replies;
+using Phantom.Common.Data.Web.Agent;
 using Phantom.Common.Data.Web.AuditLog;
 using Phantom.Common.Data.Web.EventLog;
 using Phantom.Common.Data.Web.Instance;
@@ -63,31 +64,32 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 		var senderActorInit = new WebMessageDataUpdateSenderActor.Init(init.Connection.MessageSender, controllerState, init.InstanceLogManager);
 		Context.ActorOf(WebMessageDataUpdateSenderActor.Factory(senderActorInit), "DataUpdateSender");
 		
-		ReceiveAndReplyLater<LogInMessage, Optional<LogInSuccess>>(HandleLogIn);
-		Receive<LogOutMessage>(HandleLogOut);
+		ReceiveAndReplyLater<LogInMessage, Optional<LogInSuccess>>(LogIn);
+		Receive<LogOutMessage>(LogOut);
 		ReceiveAndReply<GetAuthenticatedUser, Optional<AuthenticatedUserInfo>>(GetAuthenticatedUser);
-		ReceiveAndReplyLater<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(HandleCreateOrUpdateAdministratorUser);
-		ReceiveAndReplyLater<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(HandleCreateUser);
-		ReceiveAndReplyLater<GetUsersMessage, ImmutableArray<UserInfo>>(HandleGetUsers);
-		ReceiveAndReplyLater<GetRolesMessage, ImmutableArray<RoleInfo>>(HandleGetRoles);
-		ReceiveAndReplyLater<GetUserRolesMessage, ImmutableDictionary<Guid, ImmutableArray<Guid>>>(HandleGetUserRoles);
-		ReceiveAndReplyLater<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(HandleChangeUserRoles);
-		ReceiveAndReplyLater<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(HandleDeleteUser);
-		ReceiveAndReplyLater<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(HandleCreateOrUpdateInstance);
-		ReceiveAndReplyLater<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(HandleLaunchInstance);
-		ReceiveAndReplyLater<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(HandleStopInstance);
-		ReceiveAndReplyLater<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(HandleSendCommandToInstance);
-		ReceiveAndReplyLater<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>(HandleGetMinecraftVersions);
-		ReceiveAndReply<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>(HandleGetAgentJavaRuntimes);
-		ReceiveAndReplyLater<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(HandleGetAuditLog);
-		ReceiveAndReplyLater<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(HandleGetEventLog);
+		ReceiveAndReplyLater<CreateOrUpdateAdministratorUserMessage, CreateOrUpdateAdministratorUserResult>(CreateOrUpdateAdministratorUser);
+		ReceiveAndReplyLater<CreateUserMessage, Result<CreateUserResult, UserActionFailure>>(CreateUser);
+		ReceiveAndReplyLater<GetUsersMessage, ImmutableArray<UserInfo>>(GetUsers);
+		ReceiveAndReplyLater<GetRolesMessage, ImmutableArray<RoleInfo>>(GetRoles);
+		ReceiveAndReplyLater<GetUserRolesMessage, ImmutableDictionary<Guid, ImmutableArray<Guid>>>(GetUserRoles);
+		ReceiveAndReplyLater<ChangeUserRolesMessage, Result<ChangeUserRolesResult, UserActionFailure>>(ChangeUserRoles);
+		ReceiveAndReplyLater<DeleteUserMessage, Result<DeleteUserResult, UserActionFailure>>(DeleteUser);
+		ReceiveAndReply<CreateOrUpdateAgentMessage, Result<CreateOrUpdateAgentResult, UserActionFailure>>(CreateOrUpdateAgentMessage);
+		ReceiveAndReply<GetAgentJavaRuntimesMessage, ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>>>(GetAgentJavaRuntimes);
+		ReceiveAndReplyLater<CreateOrUpdateInstanceMessage, Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>>(CreateOrUpdateInstance);
+		ReceiveAndReplyLater<LaunchInstanceMessage, Result<LaunchInstanceResult, UserInstanceActionFailure>>(LaunchInstance);
+		ReceiveAndReplyLater<StopInstanceMessage, Result<StopInstanceResult, UserInstanceActionFailure>>(StopInstance);
+		ReceiveAndReplyLater<SendCommandToInstanceMessage, Result<SendCommandToInstanceResult, UserInstanceActionFailure>>(SendCommandToInstance);
+		ReceiveAndReplyLater<GetMinecraftVersionsMessage, ImmutableArray<MinecraftVersion>>(GetMinecraftVersions);
+		ReceiveAndReplyLater<GetAuditLogMessage, Result<ImmutableArray<AuditLogItem>, UserActionFailure>>(GetAuditLog);
+		ReceiveAndReplyLater<GetEventLogMessage, Result<ImmutableArray<EventLogItem>, UserActionFailure>>(GetEventLog);
 	}
 	
-	private Task<Optional<LogInSuccess>> HandleLogIn(LogInMessage message) {
+	private Task<Optional<LogInSuccess>> LogIn(LogInMessage message) {
 		return userLoginManager.LogIn(message.Username, message.Password);
 	}
 	
-	private void HandleLogOut(LogOutMessage message) {
+	private void LogOut(LogOutMessage message) {
 		_ = userLoginManager.LogOut(message.UserGuid, message.SessionToken);
 	}
 	
@@ -95,83 +97,87 @@ sealed class WebMessageHandlerActor : ReceiveActor<IMessageToController> {
 		return userLoginManager.GetAuthenticatedUser(message.UserGuid, message.AuthToken);
 	}
 	
-	private Task<CreateOrUpdateAdministratorUserResult> HandleCreateOrUpdateAdministratorUser(CreateOrUpdateAdministratorUserMessage message) {
+	private Task<CreateOrUpdateAdministratorUserResult> CreateOrUpdateAdministratorUser(CreateOrUpdateAdministratorUserMessage message) {
 		return userManager.CreateOrUpdateAdministrator(message.Username, message.Password);
 	}
 	
-	private Task<Result<CreateUserResult, UserActionFailure>> HandleCreateUser(CreateUserMessage message) {
+	private Task<Result<CreateUserResult, UserActionFailure>> CreateUser(CreateUserMessage message) {
 		return userManager.Create(userLoginManager.GetLoggedInUser(message.AuthToken), message.Username, message.Password);
 	}
 	
-	private Task<ImmutableArray<UserInfo>> HandleGetUsers(GetUsersMessage message) {
+	private Task<ImmutableArray<UserInfo>> GetUsers(GetUsersMessage message) {
 		return userManager.GetAll();
 	}
 	
-	private Task<ImmutableArray<RoleInfo>> HandleGetRoles(GetRolesMessage message) {
+	private Task<ImmutableArray<RoleInfo>> GetRoles(GetRolesMessage message) {
 		return roleManager.GetAll();
 	}
 	
-	private Task<ImmutableDictionary<Guid, ImmutableArray<Guid>>> HandleGetUserRoles(GetUserRolesMessage message) {
+	private Task<ImmutableDictionary<Guid, ImmutableArray<Guid>>> GetUserRoles(GetUserRolesMessage message) {
 		return userRoleManager.GetUserRoles(message.UserGuids);
 	}
 	
-	private Task<Result<ChangeUserRolesResult, UserActionFailure>> HandleChangeUserRoles(ChangeUserRolesMessage message) {
+	private Task<Result<ChangeUserRolesResult, UserActionFailure>> ChangeUserRoles(ChangeUserRolesMessage message) {
 		return userRoleManager.ChangeUserRoles(userLoginManager.GetLoggedInUser(message.AuthToken), message.SubjectUserGuid, message.AddToRoleGuids, message.RemoveFromRoleGuids);
 	}
 	
-	private Task<Result<DeleteUserResult, UserActionFailure>> HandleDeleteUser(DeleteUserMessage message) {
+	private Task<Result<DeleteUserResult, UserActionFailure>> DeleteUser(DeleteUserMessage message) {
 		return userManager.DeleteByGuid(userLoginManager.GetLoggedInUser(message.AuthToken), message.SubjectUserGuid);
 	}
 	
-	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> HandleCreateOrUpdateInstance(CreateOrUpdateInstanceMessage message) {
+	private Result<CreateOrUpdateAgentResult, UserActionFailure> CreateOrUpdateAgentMessage(CreateOrUpdateAgentMessage message) {
+		return agentManager.CreateOrUpdateAgent(userLoginManager.GetLoggedInUser(message.AuthToken), message.AgentGuid, message.Configuration);
+	}
+	
+	private ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>> GetAgentJavaRuntimes(GetAgentJavaRuntimesMessage message) {
+		return controllerState.AgentJavaRuntimesByGuid;
+	}
+	
+	private Task<Result<CreateOrUpdateInstanceResult, UserInstanceActionFailure>> CreateOrUpdateInstance(CreateOrUpdateInstanceMessage message) {
 		return agentManager.DoInstanceAction<AgentActor.CreateOrUpdateInstanceCommand, CreateOrUpdateInstanceResult>(
+			userLoginManager.GetLoggedInUser(message.AuthToken),
 			Permission.CreateInstances,
-			message.AuthToken,
 			message.Configuration.AgentGuid,
 			loggedInUserGuid => new AgentActor.CreateOrUpdateInstanceCommand(loggedInUserGuid, message.InstanceGuid, message.Configuration)
 		);
 	}
 	
-	private Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> HandleLaunchInstance(LaunchInstanceMessage message) {
+	private Task<Result<LaunchInstanceResult, UserInstanceActionFailure>> LaunchInstance(LaunchInstanceMessage message) {
 		return agentManager.DoInstanceAction<AgentActor.LaunchInstanceCommand, LaunchInstanceResult>(
+			userLoginManager.GetLoggedInUser(message.AuthToken),
 			Permission.ControlInstances,
-			message.AuthToken,
 			message.AgentGuid,
 			loggedInUserGuid => new AgentActor.LaunchInstanceCommand(loggedInUserGuid, message.InstanceGuid)
 		);
 	}
 	
-	private Task<Result<StopInstanceResult, UserInstanceActionFailure>> HandleStopInstance(StopInstanceMessage message) {
+	private Task<Result<StopInstanceResult, UserInstanceActionFailure>> StopInstance(StopInstanceMessage message) {
 		return agentManager.DoInstanceAction<AgentActor.StopInstanceCommand, StopInstanceResult>(
+			userLoginManager.GetLoggedInUser(message.AuthToken),
 			Permission.ControlInstances,
-			message.AuthToken,
 			message.AgentGuid,
 			loggedInUserGuid => new AgentActor.StopInstanceCommand(loggedInUserGuid, message.InstanceGuid, message.StopStrategy)
 		);
 	}
 	
-	private Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> HandleSendCommandToInstance(SendCommandToInstanceMessage message) {
+	private Task<Result<SendCommandToInstanceResult, UserInstanceActionFailure>> SendCommandToInstance(SendCommandToInstanceMessage message) {
 		return agentManager.DoInstanceAction<AgentActor.SendCommandToInstanceCommand, SendCommandToInstanceResult>(
+			userLoginManager.GetLoggedInUser(message.AuthToken),
 			Permission.ControlInstances,
-			message.AuthToken,
 			message.AgentGuid,
 			loggedInUserGuid => new AgentActor.SendCommandToInstanceCommand(loggedInUserGuid, message.InstanceGuid, message.Command)
 		);
 	}
 	
-	private Task<ImmutableArray<MinecraftVersion>> HandleGetMinecraftVersions(GetMinecraftVersionsMessage message) {
+	private Task<ImmutableArray<MinecraftVersion>> GetMinecraftVersions(GetMinecraftVersionsMessage message) {
 		return minecraftVersions.GetVersions(CancellationToken.None);
 	}
 	
-	private ImmutableDictionary<Guid, ImmutableArray<TaggedJavaRuntime>> HandleGetAgentJavaRuntimes(GetAgentJavaRuntimesMessage message) {
-		return controllerState.AgentJavaRuntimesByGuid;
-	}
-	
-	private Task<Result<ImmutableArray<AuditLogItem>, UserActionFailure>> HandleGetAuditLog(GetAuditLogMessage message) {
+	private Task<Result<ImmutableArray<AuditLogItem>, UserActionFailure>> GetAuditLog(GetAuditLogMessage message) {
 		return auditLogManager.GetMostRecentItems(userLoginManager.GetLoggedInUser(message.AuthToken), message.Count);
 	}
 	
-	private Task<Result<ImmutableArray<EventLogItem>, UserActionFailure>> HandleGetEventLog(GetEventLogMessage message) {
+	private Task<Result<ImmutableArray<EventLogItem>, UserActionFailure>> GetEventLog(GetEventLogMessage message) {
 		return eventLogManager.GetMostRecentItems(userLoginManager.GetLoggedInUser(message.AuthToken), message.Count);
 	}
 }

Controller/Phantom.Controller.Services/Users/UserManager.cs

@@ -1,7 +1,6 @@
 using System.Collections.Immutable;
 using Phantom.Common.Data;
 using Phantom.Common.Data.Web.Users;
-using Phantom.Common.Data.Web.Users.CreateOrUpdateAdministratorUserResults;
 using Phantom.Controller.Database;
 using Phantom.Controller.Database.Entities;
 using Phantom.Controller.Database.Repositories;
@@ -57,12 +56,12 @@ sealed class UserManager {
 					wasCreated = true;
 				}
 				else {
-					return new CreationFailed(result.Error);
+					return new CreateOrUpdateAdministratorUserResult.CreationFailed(result.Error);
 				}
 			}
 			else {
 				if (userRepository.SetUserPassword(user, password).TryGetError(out var error)) {
-					return new UpdatingFailed(error);
+					return new CreateOrUpdateAdministratorUserResult.UpdatingFailed(error);
 				}
 				
 				auditLogWriter.AdministratorUserModified(user);
@@ -71,7 +70,7 @@ sealed class UserManager {
 			
 			var role = await new RoleRepository(db).GetByGuid(Role.Administrator.Guid);
 			if (role == null) {
-				return new AddingToRoleFailed();
+				return new CreateOrUpdateAdministratorUserResult.AddingToRoleFailed();
 			}
 			
 			await new UserRoleRepository(db).Add(user, role);
@@ -85,10 +84,10 @@ sealed class UserManager {
 				Logger.Information("Updated administrator user \"{Username}\" (GUID {Guid}).", username, user.UserGuid);
 			}
 			
-			return new Success(user.ToUserInfo());
+			return new CreateOrUpdateAdministratorUserResult.Success(user.ToUserInfo());
 		} catch (Exception e) {
 			Logger.Error(e, "Could not create or update administrator user \"{Username}\".", username);
-			return new UnknownError();
+			return new CreateOrUpdateAdministratorUserResult.UnknownError();
 		}
 	}
 	
@@ -104,7 +103,7 @@ sealed class UserManager {
 		try {
 			var result = await userRepository.CreateUser(username, password);
 			if (!result) {
-				return new Common.Data.Web.Users.CreateUserResults.CreationFailed(result.Error);
+				return new CreateUserResult.CreationFailed(result.Error);
 			}
 			
 			var user = result.Value;
@@ -113,10 +112,10 @@ sealed class UserManager {
 			await db.Ctx.SaveChangesAsync();
 			
 			Logger.Information("Created user \"{Username}\" (GUID {Guid}).", username, user.UserGuid);
-			return new Common.Data.Web.Users.CreateUserResults.Success(user.ToUserInfo());
+			return new CreateUserResult.Success(user.ToUserInfo());
 		} catch (Exception e) {
 			Logger.Error(e, "Could not create user \"{Username}\".", username);
-			return new Common.Data.Web.Users.CreateUserResults.UnknownError();
+			return new CreateUserResult.UnknownError();
 		}
 	}
 	

Controller/Phantom.Controller/AuthTokenFile.cs

@@ -0,0 +1,77 @@
+using Phantom.Common.Data;
+using Phantom.Utils.Cryptography;
+using Phantom.Utils.IO;
+using Phantom.Utils.Logging;
+using Phantom.Utils.Rpc;
+using Phantom.Utils.Rpc.Runtime.Tls;
+using Serilog;
+
+namespace Phantom.Controller;
+
+abstract class AuthTokenFile {
+	private static ILogger Logger { get; } = PhantomLogger.Create<AuthTokenFile>();
+	
+	private readonly string fileName;
+	private readonly RpcServerCertificate certificate;
+	
+	private AuthTokenFile(string name, RpcServerCertificate certificate) {
+		this.fileName = name + ".auth";
+		this.certificate = certificate;
+	}
+	
+	public async Task<ConnectionKey?> CreateOrLoad(string folderPath) {
+		string filePath = Path.Combine(folderPath, fileName);
+		
+		if (File.Exists(filePath)) {
+			try {
+				return await ReadKeyFiles(filePath);
+			} catch (IOException e) {
+				Logger.Fatal(e, "Error reading auth token file: {FileName}", fileName);
+				return null;
+			} catch (Exception) {
+				Logger.Fatal("Auth token file contains invalid data: {FileName}", fileName);
+				return null;
+			}
+		}
+		
+		try {
+			return await GenerateKeyFiles(filePath);
+		} catch (Exception e) {
+			Logger.Fatal(e, "Error creating auth token file: {FileName}", fileName);
+			return null;
+		}
+	}
+	
+	private async Task<ConnectionKey?> ReadKeyFiles(string filePath) {
+		var authToken = AuthToken.FromBytes(await ReadKeyFile(filePath));
+		Logger.Information("Loaded auth token file: {FileName}", fileName);
+		
+		var connectionKey = new ConnectionKey(certificate.Thumbprint, authToken);
+		LogConnectionKey(TokenGenerator.EncodeBytes(connectionKey.ToBytes().AsSpan()));
+		return connectionKey;
+	}
+	
+	private static Task<byte[]> ReadKeyFile(string filePath) {
+		Files.RequireMaximumFileSize(filePath, maximumBytes: 64);
+		return File.ReadAllBytesAsync(filePath);
+	}
+	
+	private async Task<ConnectionKey> GenerateKeyFiles(string filePath) {
+		var authToken = AuthToken.Generate();
+		
+		await Files.WriteBytesAsync(filePath, authToken.ToBytes().AsMemory(), FileMode.Create, Chmod.URW_GR);
+		Logger.Information("Created auth token file: {FileName}", fileName);
+		
+		var connectionKey = new ConnectionKey(certificate.Thumbprint, authToken);
+		LogConnectionKey(TokenGenerator.EncodeBytes(connectionKey.ToBytes().AsSpan()));
+		return connectionKey;
+	}
+	
+	protected abstract void LogConnectionKey(string commonKeyEncoded);
+	
+	internal sealed class Web(string name, RpcServerCertificate certificate) : AuthTokenFile(name, certificate) {
+		protected override void LogConnectionKey(string commonKeyEncoded) {
+			Logger.Information("Web key: {WebKey}", commonKeyEncoded);
+		}
+	}
+}

Controller/Phantom.Controller/CertificateFile.cs

@@ -0,0 +1,60 @@
+using Phantom.Utils.IO;
+using Phantom.Utils.Logging;
+using Phantom.Utils.Monads;
+using Phantom.Utils.Rpc.Runtime.Tls;
+using Serilog;
+
+namespace Phantom.Controller;
+
+sealed class CertificateFile(string name) {
+	private static ILogger Logger { get; } = PhantomLogger.Create<CertificateFile>();
+	
+	private readonly string fileName = name + ".pfx";
+	
+	public async Task<RpcServerCertificate?> CreateOrLoad(string folderPath) {
+		string filePath = Path.Combine(folderPath, fileName);
+		
+		if (File.Exists(filePath)) {
+			try {
+				return Read(filePath);
+			} catch (IOException e) {
+				Logger.Fatal(e, "Error reading certificate file: {FileName}", fileName);
+				return null;
+			} catch (Exception) {
+				Logger.Fatal("Certificate file contains invalid data: {FileName}", fileName);
+				return null;
+			}
+		}
+		
+		try {
+			return await Generate(filePath);
+		} catch (Exception e) {
+			Logger.Fatal(e, "Error creating certificate file: {FileName}", fileName);
+			return null;
+		}
+	}
+	
+	private RpcServerCertificate? Read(string filePath) {
+		switch (RpcServerCertificate.Load(filePath)) {
+			case Left<RpcServerCertificate, DisallowedAlgorithmError>(var rpcServerCertificate):
+				Logger.Information("Loaded certificate file: {FileName}", fileName);
+				return rpcServerCertificate;
+			
+			case Right<RpcServerCertificate, DisallowedAlgorithmError>(var error):
+				Logger.Fatal("Certificate file {FileName} was expected to use {ExpectedAlgorithmName}, instead it uses {ActualAlgorithmName}.", fileName, error.ExpectedAlgorithmName, error.ActualAlgorithmName);
+				return null;
+		}
+		
+		Logger.Fatal("Certificate file could not be loaded: {FileName}", fileName);
+		return null;
+	}
+	
+	private async Task<RpcServerCertificate> Generate(string filePath) {
+		byte[] certificateBytes = RpcServerCertificate.CreateAndExport("phantom-controller");
+		
+		await Files.WriteBytesAsync(filePath, certificateBytes, FileMode.Create, Chmod.URW_GR);
+		Logger.Information("Created certificate file: {FileName}", fileName);
+		
+		return RpcServerCertificate.Load(filePath).RequireLeft;
+	}
+}

Controller/Phantom.Controller/ConnectionKeyData.cs

@@ -1,6 +0,0 @@
-using Phantom.Utils.Rpc;
-using Phantom.Utils.Rpc.Runtime.Tls;
-
-namespace Phantom.Controller;
-
-readonly record struct ConnectionKeyData(RpcServerCertificate Certificate, AuthToken AuthToken);

Controller/Phantom.Controller/ConnectionKeyFiles.cs

@@ -1,114 +0,0 @@
-using Phantom.Common.Data;
-using Phantom.Utils.Cryptography;
-using Phantom.Utils.IO;
-using Phantom.Utils.Logging;
-using Phantom.Utils.Monads;
-using Phantom.Utils.Rpc;
-using Phantom.Utils.Rpc.Runtime.Tls;
-using Serilog;
-
-namespace Phantom.Controller;
-
-abstract class ConnectionKeyFiles {
-	private readonly ILogger logger;
-	private readonly string certificateFileName;
-	private readonly string authTokenFileName;
-	
-	private ConnectionKeyFiles(ILogger logger, string name) {
-		this.logger = logger;
-		this.certificateFileName = name + ".pfx";
-		this.authTokenFileName = name + ".auth";
-	}
-	
-	public async Task<ConnectionKeyData?> CreateOrLoad(string folderPath) {
-		string certificateFilePath = Path.Combine(folderPath, certificateFileName);
-		string authTokenFilePath = Path.Combine(folderPath, authTokenFileName);
-		
-		bool certificateFileExists = File.Exists(certificateFilePath);
-		bool authTokenFileExists = File.Exists(authTokenFilePath);
-		
-		if (certificateFileExists && authTokenFileExists) {
-			try {
-				return await ReadKeyFiles(certificateFilePath, authTokenFilePath);
-			} catch (IOException e) {
-				logger.Fatal(e, "Error reading connection key files.");
-				return null;
-			} catch (Exception) {
-				logger.Fatal("Connection key files contain invalid data.");
-				return null;
-			}
-		}
-		
-		if (certificateFileExists || authTokenFileExists) {
-			string existingKeyFilePath = certificateFileExists ? certificateFilePath : authTokenFilePath;
-			string missingKeyFileName = certificateFileExists ? authTokenFileName : certificateFileName;
-			logger.Fatal("Connection key file {ExistingKeyFilePath} exists but {MissingKeyFileName} does not. Please delete it to regenerate both files.", existingKeyFilePath, missingKeyFileName);
-			return null;
-		}
-		
-		logger.Information("Creating connection key files in: {FolderPath}", folderPath);
-		
-		try {
-			return await GenerateKeyFiles(certificateFilePath, authTokenFilePath);
-		} catch (Exception e) {
-			logger.Fatal(e, "Error creating connection key files.");
-			return null;
-		}
-	}
-	
-	private async Task<ConnectionKeyData?> ReadKeyFiles(string certificateFilePath, string authTokenFilePath) {
-		RpcServerCertificate certificate = null!;
-		
-		switch (RpcServerCertificate.Load(certificateFilePath)) {
-			case Left<RpcServerCertificate, DisallowedAlgorithmError>(var rpcServerCertificate):
-				certificate = rpcServerCertificate;
-				break;
-			
-			case Right<RpcServerCertificate, DisallowedAlgorithmError>(var error):
-				logger.Fatal("Certificate {CertificateFilePath} was expected to use {ExpectedAlgorithmName}, instead it uses {ActualAlgorithmName}.", certificateFilePath, error.ExpectedAlgorithmName, error.ActualAlgorithmName);
-				return null;
-		}
-		
-		var authToken = new AuthToken([..await ReadKeyFile(authTokenFilePath)]);
-		logger.Information("Loaded connection key files.");
-		
-		var connectionKey = new ConnectionKey(certificate.Thumbprint, authToken);
-		LogCommonKey(TokenGenerator.EncodeBytes(connectionKey.ToBytes()));
-		
-		return new ConnectionKeyData(certificate, authToken);
-	}
-	
-	private static Task<byte[]> ReadKeyFile(string filePath) {
-		Files.RequireMaximumFileSize(filePath, maximumBytes: 64);
-		return File.ReadAllBytesAsync(filePath);
-	}
-	
-	private async Task<ConnectionKeyData> GenerateKeyFiles(string certificateFilePath, string authTokenFilePath) {
-		var certificateBytes = RpcServerCertificate.CreateAndExport("phantom-controller");
-		var authToken = AuthToken.Generate();
-		
-		await Files.WriteBytesAsync(certificateFilePath, certificateBytes, FileMode.Create, Chmod.URW_GR);
-		await Files.WriteBytesAsync(authTokenFilePath, authToken.Bytes.ToArray(), FileMode.Create, Chmod.URW_GR);
-		logger.Information("Created new connection key files.");
-		
-		var certificate = RpcServerCertificate.Load(certificateFilePath).RequireLeft;
-		var connectionKey = new ConnectionKey(certificate.Thumbprint, authToken);
-		LogCommonKey(TokenGenerator.EncodeBytes(connectionKey.ToBytes()));
-		
-		return new ConnectionKeyData(certificate, authToken);
-	}
-	
-	protected abstract void LogCommonKey(string commonKeyEncoded);
-	
-	internal sealed class Agent() : ConnectionKeyFiles(PhantomLogger.Create<ConnectionKeyFiles, Agent>(), "agent") {
-		protected override void LogCommonKey(string commonKeyEncoded) {
-			logger.Information("Agent key: {AgentKey}", commonKeyEncoded);
-		}
-	}
-	
-	internal sealed class Web() : ConnectionKeyFiles(PhantomLogger.Create<ConnectionKeyFiles, Web>(), "web") {
-		protected override void LogCommonKey(string commonKeyEncoded) {
-			logger.Information("Web key: {WebKey}", commonKeyEncoded);
-		}
-	}
-}

Controller/Phantom.Controller/Program.cs

@@ -4,13 +4,14 @@ using Phantom.Common.Messages.Web;
 using Phantom.Controller;
 using Phantom.Controller.Database.Postgres;
 using Phantom.Controller.Services;
+using Phantom.Controller.Services.Rpc;
 using Phantom.Utils.IO;
 using Phantom.Utils.Logging;
 using Phantom.Utils.Rpc.Runtime.Server;
 using Phantom.Utils.Runtime;
 using Phantom.Utils.Tasks;
-using RpcAgentServer = Phantom.Utils.Rpc.Runtime.Server.RpcServer<Phantom.Common.Messages.Agent.IMessageToController, Phantom.Common.Messages.Agent.IMessageToAgent, Phantom.Common.Data.Agent.AgentInfo>;
-using RpcWebServer = Phantom.Utils.Rpc.Runtime.Server.RpcServer<Phantom.Common.Messages.Web.IMessageToController, Phantom.Common.Messages.Web.IMessageToWeb, Phantom.Utils.Rpc.Runtime.Server.RpcServerClientHandshake.NoValue>;
+using RpcAgentServer = Phantom.Utils.Rpc.Runtime.Server.RpcServer<Phantom.Common.Messages.Agent.IMessageToController, Phantom.Common.Messages.Agent.IMessageToAgent>;
+using RpcWebServer = Phantom.Utils.Rpc.Runtime.Server.RpcServer<Phantom.Common.Messages.Web.IMessageToController, Phantom.Common.Messages.Web.IMessageToWeb>;
 
 var shutdownCancellationTokenSource = new CancellationTokenSource();
 var shutdownCancellationToken = shutdownCancellationTokenSource.Token;
@@ -43,12 +44,17 @@ try {
 	string secretsPath = Path.GetFullPath("./secrets");
 	CreateFolderOrStop(secretsPath, Chmod.URWX_GRX);
 	
-	var agentKeyDataResult = await new ConnectionKeyFiles.Agent().CreateOrLoad(secretsPath);
-	if (agentKeyDataResult is not {} agentKeyData) {
+	var agentCertificate = await new CertificateFile("agent").CreateOrLoad(secretsPath);
+	if (agentCertificate == null) {
 		return 1;
 	}
 	
-	var webKeyDataResult = await new ConnectionKeyFiles.Web().CreateOrLoad(secretsPath);
+	var webCertificate = await new CertificateFile("web").CreateOrLoad(secretsPath);
+	if (webCertificate == null) {
+		return 1;
+	}
+	
+	var webKeyDataResult = await new AuthTokenFile.Web("web", webCertificate).CreateOrLoad(secretsPath);
 	if (webKeyDataResult is not {} webKeyData) {
 		return 1;
 	}
@@ -57,13 +63,12 @@ try {
 	
 	var dbContextFactory = new ApplicationDbContextFactory(sqlConnectionString);
 	
-	using var controllerServices = new ControllerServices(dbContextFactory, shutdownCancellationToken);
+	using var controllerServices = new ControllerServices(dbContextFactory, agentCertificate.Thumbprint, shutdownCancellationToken);
 	await controllerServices.Initialize();
 	
 	var agentConnectionParameters = new RpcServerConnectionParameters(
 		EndPoint: agentRpcServerHost,
-		Certificate: agentKeyData.Certificate,
-		AuthToken: agentKeyData.AuthToken,
+		Certificate: agentCertificate,
 		PingIntervalSeconds: 10,
 		MessageQueueCapacity: 50,
 		FrameQueueCapacity: 100,
@@ -72,17 +77,18 @@ try {
 	
 	var webConnectionParameters = new RpcServerConnectionParameters(
 		EndPoint: webRpcServerHost,
-		Certificate: webKeyData.Certificate,
-		AuthToken: webKeyData.AuthToken,
+		Certificate: webCertificate,
 		PingIntervalSeconds: 60,
 		MessageQueueCapacity: 250,
 		FrameQueueCapacity: 500,
 		MaxConcurrentlyHandledMessages: 100
 	);
 	
+	var webClientAuthProvider = new WebClientAuthProvider(webKeyData.AuthToken);
+	
 	var rpcServerTasks = new LinkedTasks<bool>([
-		new RpcAgentServer("Agent", agentConnectionParameters, AgentMessageRegistries.Definitions, controllerServices.AgentHandshake, controllerServices.AgentRegistrar).Run(shutdownCancellationToken),
-		new RpcWebServer("Web", webConnectionParameters, WebMessageRegistries.Definitions, new RpcServerClientHandshake.NoOp(), controllerServices.WebRegistrar).Run(shutdownCancellationToken),
+		new RpcAgentServer("Agent", agentConnectionParameters, AgentMessageRegistries.Registries, controllerServices.AgentAuthProvider, controllerServices.AgentHandshake, controllerServices.AgentRegistrar).Run(shutdownCancellationToken),
+		new RpcWebServer("Web", webConnectionParameters, WebMessageRegistries.Registries, webClientAuthProvider, new IRpcServerClientHandshake.NoOp(), controllerServices.WebRegistrar).Run(shutdownCancellationToken),
 	]);
 	
 	// If either RPC server crashes, stop the whole process.

Packages.props

@@ -1,35 +1,31 @@
 <Project>
   
   <ItemGroup>
-    <PackageReference Update="Microsoft.AspNetCore.Components.Authorization" Version="8.0.0" />
-    <PackageReference Update="Microsoft.AspNetCore.Components.Web"           Version="8.0.0" />
+    <PackageReference Update="Microsoft.AspNetCore.Components.Authorization" Version="9.0.9" />
+    <PackageReference Update="Microsoft.AspNetCore.Components.Web"           Version="9.0.9" />
   </ItemGroup>
   
   <ItemGroup>
-    <PackageReference Update="Microsoft.EntityFrameworkCore.Relational" Version="8.0.0" />
-    <PackageReference Update="Microsoft.EntityFrameworkCore.Tools"      Version="8.0.0" />
-    <PackageReference Update="Npgsql.EntityFrameworkCore.PostgreSQL"    Version="8.0.0" />
-    <PackageReference Update="System.Linq.Async"                        Version="6.0.1" />
+    <PackageReference Update="Microsoft.EntityFrameworkCore.Relational" Version="9.0.9" />
+    <PackageReference Update="Microsoft.EntityFrameworkCore.Tools"      Version="9.0.9" />
+    <PackageReference Update="Npgsql.EntityFrameworkCore.PostgreSQL"    Version="9.0.4" />
+    <PackageReference Update="System.Linq.Async"                        Version="6.0.3" />
   </ItemGroup>
   
   <ItemGroup>
-    <PackageReference Update="Kajabity.Tools.Java" Version="0.3.8607.38728" />
-  </ItemGroup>
-  
-  <ItemGroup>
-    <PackageReference Update="Akka"                       Version="1.5.17.1" />
+    <PackageReference Update="Akka" Version="1.5.51" />
   </ItemGroup>
   
   <ItemGroup>
     <PackageReference Update="BCrypt.Net-Next.StrongName" Version="4.0.3" />
-    <PackageReference Update="MemoryPack"                 Version="1.10.0" />
+    <PackageReference Update="MemoryPack"                 Version="1.21.4" />
   </ItemGroup>
   
   <ItemGroup>
-    <PackageReference Update="Serilog"               Version="3.1.1" />
-    <PackageReference Update="Serilog.AspNetCore"    Version="8.0.0" />
-    <PackageReference Update="Serilog.Sinks.Async"   Version="1.5.0" />
-    <PackageReference Update="Serilog.Sinks.Console" Version="5.0.1" />
+    <PackageReference Update="Serilog"               Version="4.3.0" />
+    <PackageReference Update="Serilog.AspNetCore"    Version="9.0.0" />
+    <PackageReference Update="Serilog.Sinks.Async"   Version="2.1.0" />
+    <PackageReference Update="Serilog.Sinks.Console" Version="6.0.0" />
   </ItemGroup>
   
   <ItemGroup>

PhantomPanel.sln

@@ -2,6 +2,8 @@
 Microsoft Visual Studio Solution File, Format Version 12.00
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Agent", "Agent", "{F5878792-64C8-4ECF-A075-66341FF97127}"
 EndProject
+Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Agent.Tests", "Agent.Tests", "{94C1E464-3F91-49EA-99FF-3A3082C54CE8}"
+EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Common", "Common", "{01CB1A81-8950-471C-BFDF-F135FDDB2C18}"
 EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Common.Tests", "Common.Tests", "{D781E00D-8563-4102-A0CD-477A679193B5}"
@@ -18,6 +20,8 @@ Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Phantom.Agent", "Agent\Phan
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Phantom.Agent.Minecraft", "Agent\Phantom.Agent.Minecraft\Phantom.Agent.Minecraft.csproj", "{9FE000D0-91AC-4CB4-8956-91CCC0270015}"
 EndProject
+Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Phantom.Agent.Minecraft.Tests", "Agent\Phantom.Agent.Minecraft.Tests\Phantom.Agent.Minecraft.Tests.csproj", "{065FFFA0-DFF4-43DB-AB3D-B92EE9848DDB}"
+EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Phantom.Agent.Services", "Agent\Phantom.Agent.Services\Phantom.Agent.Services.csproj", "{AEE8B77E-AB07-423F-9981-8CD829ACB834}"
 EndProject
 Project("{FAE04EC0-301F-11D3-BF4B-00C04F79EFBC}") = "Phantom.Common.Data", "Common\Phantom.Common.Data\Phantom.Common.Data.csproj", "{6C3DB1E5-F695-4D70-8F3A-78C2957274BE}"
@@ -74,6 +78,10 @@ Global
 		{9FE000D0-91AC-4CB4-8956-91CCC0270015}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{9FE000D0-91AC-4CB4-8956-91CCC0270015}.Release|Any CPU.ActiveCfg = Release|Any CPU
 		{9FE000D0-91AC-4CB4-8956-91CCC0270015}.Release|Any CPU.Build.0 = Release|Any CPU
+		{065FFFA0-DFF4-43DB-AB3D-B92EE9848DDB}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
+		{065FFFA0-DFF4-43DB-AB3D-B92EE9848DDB}.Debug|Any CPU.Build.0 = Debug|Any CPU
+		{065FFFA0-DFF4-43DB-AB3D-B92EE9848DDB}.Release|Any CPU.ActiveCfg = Release|Any CPU
+		{065FFFA0-DFF4-43DB-AB3D-B92EE9848DDB}.Release|Any CPU.Build.0 = Release|Any CPU
 		{AEE8B77E-AB07-423F-9981-8CD829ACB834}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{AEE8B77E-AB07-423F-9981-8CD829ACB834}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{AEE8B77E-AB07-423F-9981-8CD829ACB834}.Release|Any CPU.ActiveCfg = Release|Any CPU
@@ -158,6 +166,7 @@ Global
 	GlobalSection(NestedProjects) = preSolution
 		{418BE1BF-9F63-4B46-B4E4-DF64C3B3DDA7} = {F5878792-64C8-4ECF-A075-66341FF97127}
 		{9FE000D0-91AC-4CB4-8956-91CCC0270015} = {F5878792-64C8-4ECF-A075-66341FF97127}
+		{065FFFA0-DFF4-43DB-AB3D-B92EE9848DDB} = {94C1E464-3F91-49EA-99FF-3A3082C54CE8}
 		{AEE8B77E-AB07-423F-9981-8CD829ACB834} = {F5878792-64C8-4ECF-A075-66341FF97127}
 		{6C3DB1E5-F695-4D70-8F3A-78C2957274BE} = {01CB1A81-8950-471C-BFDF-F135FDDB2C18}
 		{95B55357-F8F0-48C2-A1C2-5EA997651783} = {01CB1A81-8950-471C-BFDF-F135FDDB2C18}

README.md

@@ -45,11 +45,13 @@ The Controller comprises 3 key areas:
 
 The configuration for these is set via environment variables.
 
-### Agent & Web Keys
+### Secrets
 
-When the Controller starts for the first time, it will generate two certificate files (`agent.pfx` and `web.pfx`), which are used for TLS communication, and two authentication token files (`agent.auth` and `web.auth`). These files must only be accessible to the Controller itself.
+Each Agent requires its own **Agent Key**, and the Web server requires a **Web Key**. These must be passed to the services in an environment variable or a file.
 
-On every start, the Controller prints the **Agent Key** and **Web Key** to standard output. These keys contain the authentication token, which lets the Controller validate the identity of the connecting service, and a certificate signature, which lets the connecting service validate the identity of the Controller. The keys must be passed to the Agent and Web services using an environment variable or a file.
+When the Controller starts for the first time, it will generate two certificate files (`agent.pfx` and `web.pfx`), which are used for TLS communication, and a Web authentication token file (`web.auth`). These files must only be accessible to the Controller itself.
+
+Since there is only one Web server, there is only one **Web Key**, which is generated from the Web certificate and authentication token files. The Controller prints the **Web Key** to standard output on every start. Agents and their **Agent Keys** are managed through the Web interface, and their authentication tokens are stored in the database.
 
 ### Storage
 
@@ -86,9 +88,8 @@ Use volumes to persist either the whole `/data` folder, or just `/data/data` if
 * **Controller Communication**
   - `CONTROLLER_HOST` is the hostname of the Controller.
   - `CONTROLLER_PORT` is the Agent RPC port of the Controller. Default: `9401`
-  - `AGENT_NAME` is the display name of the Agent. Emoji are allowed.
-  - `AGENT_KEY` is the [Agent Key](#agent--web-keys). Mutually exclusive with `AGENT_KEY_FILE`.
-  - `AGENT_KEY_FILE` is a path to a file containing the [Agent Key](#agent--web-keys). Mutually exclusive with `AGENT_KEY`.
+  - `AGENT_KEY` is the [Agent Key](#secrets). Mutually exclusive with `AGENT_KEY_FILE`.
+  - `AGENT_KEY_FILE` is a path to a file containing the [Agent Key](#secrets). Mutually exclusive with `AGENT_KEY`.
 * **Agent Configuration**
   - `MAX_INSTANCES` is the number of instances that can be created.
   - `MAX_MEMORY` is the maximum amount of RAM that can be distributed among all instances. Use a positive integer with an optional suffix 'M' for MB, or 'G' for GB. Examples: `4096M`, `16G`
@@ -109,8 +110,8 @@ Use volumes to persist the whole `/data` folder.
 * **Controller Communication**
   - `CONTROLLER_HOST` is the hostname of the Controller.
   - `CONTROLLER_PORT` is the Web RPC port of the Controller. Default: `9402`
-  - `WEB_KEY` is the [Web Key](#agent--web-keys). Mutually exclusive with `WEB_KEY_FILE`.
-  - `WEB_KEY_FILE` is a path to a file containing the [Web Key](#agent--web-keys). Mutually exclusive with `WEB_KEY`.
+  - `WEB_KEY` is the [Web Key](#secrets). Mutually exclusive with `WEB_KEY_FILE`.
+  - `WEB_KEY_FILE` is a path to a file containing the [Web Key](#secrets). Mutually exclusive with `WEB_KEY`.
 * **Web Server**
   - `WEB_SERVER_HOST` is the host. Default: `0.0.0.0`
   - `WEB_SERVER_PORT` is the port. Default: `9400`
@@ -130,7 +131,7 @@ If the environment variable is omitted, the log level is set to `VERBOSE` for De
 
 # Development
 
-The repository includes a [Rider](https://www.jetbrains.com/rider/) projects with several run configurations. The `.workdir` folder in the root of the repository is used for storage. Here's how to get started:
+The repository includes a [Rider](https://www.jetbrains.com/rider/) projects with several run configurations. The `.workdir` folder in the root of the repository is used for storage, including secret files intended for development use only. Here's how to get started:
 
 1. You will need a local PostgreSQL instance. If you have [Docker](https://www.docker.com/), you can enter the `Docker` folder in this repository, and run `docker compose up`. Otherwise, you will need to set it up manually with the following configuration:
    - Host: `localhost`
@@ -139,12 +140,11 @@ The repository includes a [Rider](https://www.jetbrains.com/rider/) projects wit
    - Password: `development`
    - Database: `postgres`
 2. Install one or more Java versions into the `~/.jdks` folder (`%USERPROFILE%\.jdks` on Windows).
-3. Open the project in [Rider](https://www.jetbrains.com/rider/) and use one of the provided run configurations:
-   - `Controller` starts the Controller.
-   - `Web` starts the Web server.
-   - `Agent 1`, `Agent 2`, `Agent 3` start one of the Agents.
-   - `Controller + Web + Agent` starts the Controller and Agent 1.
-   - `Controller + Web + Agent x3` starts the Controller and Agent 1, 2, and 3.
+3. Open the project in [Rider](https://www.jetbrains.com/rider/).
+4. Launch the `Controller` and `Web` run configurations.
+5. Open the website and create an account.
+6. Create 1-3 Agents on the website. For each, create a `.workdir/AgentX/key` file containing the respective Agent Key.
+7. Launch any of the `Agent 1`, `Agent 2`, `Agent 3` run configurations.
 
 ## Bootstrap
 

Utils/Phantom.Utils.Rpc/AuthSecret.cs

@@ -0,0 +1,30 @@
+using System.Collections.Immutable;
+using System.Security.Cryptography;
+
+namespace Phantom.Utils.Rpc;
+
+public sealed class AuthSecret {
+	public const int Length = 12;
+	
+	public ImmutableArray<byte> Bytes { get; }
+	
+	public AuthSecret(ImmutableArray<byte> bytes) {
+		if (bytes.Length != Length) {
+			throw new ArgumentOutOfRangeException(nameof(bytes), "Invalid auth secret length: " + bytes.Length + ". Auth secret must be exactly " + Length + " bytes.");
+		}
+		
+		this.Bytes = bytes;
+	}
+	
+	internal bool FixedTimeEquals(AuthSecret provided) {
+		return FixedTimeEquals(provided.Bytes.AsSpan());
+	}
+	
+	internal bool FixedTimeEquals(ReadOnlySpan<byte> other) {
+		return CryptographicOperations.FixedTimeEquals(Bytes.AsSpan(), other);
+	}
+	
+	public static AuthSecret Generate() {
+		return new AuthSecret([..RandomNumberGenerator.GetBytes(Length)]);
+	}
+}

Utils/Phantom.Utils.Rpc/AuthToken.cs

@@ -1,30 +1,35 @@
 using System.Collections.Immutable;
-using System.Security.Cryptography;
 
 namespace Phantom.Utils.Rpc;
 
-public sealed class AuthToken {
-	public const int Length = 12;
+public sealed record AuthToken(Guid Guid, AuthSecret Secret) {
+	public const int Length = Serialization.GuidBytes + AuthSecret.Length;
 	
-	public ImmutableArray<byte> Bytes { get; }
+	public ImmutableArray<byte> ToBytes() {
+		Span<byte> buffer = stackalloc byte[Length];
+		ToBytes(buffer);
+		return [..buffer];
+	}
 	
-	public AuthToken(ImmutableArray<byte> bytes) {
+	public void ToBytes(Span<byte> buffer) {
+		Serialization.WriteGuid(buffer, Guid);
+		Secret.Bytes.CopyTo(buffer[Serialization.GuidBytes..]);
+	}
+	
+	public static AuthToken FromBytes(ReadOnlySpan<byte> bytes) {
 		if (bytes.Length != Length) {
-			throw new ArgumentOutOfRangeException(nameof(bytes), "Invalid token length: " + bytes.Length + ". Token length must be exactly " + Length + " bytes.");
+			throw new ArgumentOutOfRangeException(nameof(bytes), "Invalid auth token length: " + bytes.Length + ". Auth token must be exactly " + Length + " bytes.");
 		}
 		
-		this.Bytes = bytes;
-	}
-	
-	internal bool FixedTimeEquals(AuthToken providedAuthToken) {
-		return FixedTimeEquals(providedAuthToken.Bytes.AsSpan());
-	}
-	
-	public bool FixedTimeEquals(ReadOnlySpan<byte> other) {
-		return CryptographicOperations.FixedTimeEquals(Bytes.AsSpan(), other);
+		var guidSpan = bytes[..Serialization.GuidBytes];
+		var secretSpan = bytes[Serialization.GuidBytes..];
+		
+		var guid = new Guid(guidSpan);
+		var secret = new AuthSecret([..secretSpan]);
+		return new AuthToken(guid, secret);
 	}
 	
 	public static AuthToken Generate() {
-		return new AuthToken([..RandomNumberGenerator.GetBytes(Length)]);
+		return new AuthToken(Guid.NewGuid(), AuthSecret.Generate());
 	}
 }

Utils/Phantom.Utils.Rpc/Frame/Types/MessageFrame.cs

@@ -3,7 +3,7 @@ using Phantom.Utils.Rpc.Runtime;
 
 namespace Phantom.Utils.Rpc.Frame.Types;
 
-sealed record MessageFrame(uint MessageId, ushort RegistryCode, ReadOnlyMemory<byte> SerializedMessage) : IFrame {
+sealed record MessageFrame(uint MessageId, byte MessageTypeCode, ReadOnlyMemory<byte> SerializedMessage) : IFrame {
 	public const int MaxMessageBytes = 1024 * 1024 * 8;
 	
 	public ReadOnlyMemory<byte> FrameType => IFrame.TypeMessage;
@@ -13,19 +13,19 @@ sealed record MessageFrame(uint MessageId, ushort RegistryCode, ReadOnlyMemory<b
 		CheckMessageLength(serializedMessageLength);
 		
 		await stream.WriteUnsignedInt(MessageId, cancellationToken);
-		await stream.WriteUnsignedShort(RegistryCode, cancellationToken);
+		await stream.WriteByte(MessageTypeCode, cancellationToken);
 		await stream.WriteUnsignedInt(serializedMessageLength, cancellationToken);
 		await stream.WriteBytes(SerializedMessage, cancellationToken);
 	}
 	
 	public static async Task<MessageFrame> Read(RpcStream stream, CancellationToken cancellationToken) {
 		var messageId = await stream.ReadUnsignedInt(cancellationToken);
-		var registryCode = await stream.ReadUnsignedShort(cancellationToken);
+		var messageTypeCode = await stream.ReadByte(cancellationToken);
 		var serializedMessageLength = await stream.ReadUnsignedInt(cancellationToken);
 		CheckMessageLength(serializedMessageLength);
 		var serializedMessage = await stream.ReadBytes(serializedMessageLength, cancellationToken);
 		
-		return new MessageFrame(messageId, registryCode, serializedMessage);
+		return new MessageFrame(messageId, messageTypeCode, serializedMessage);
 	}
 	
 	private static void CheckMessageLength(uint messageLength) {

Utils/Phantom.Utils.Rpc/Handshake/RpcAuthResult.cs

@@ -0,0 +1,7 @@
+namespace Phantom.Utils.Rpc.Handshake;
+
+enum RpcAuthResult : byte {
+	UnknownClient = 0,
+	InvalidSecret = 1,
+	Success = 255,
+}

Utils/Phantom.Utils.Rpc/Handshake/RpcFinalHandshakeResult.cs

@@ -1,4 +1,4 @@
-namespace Phantom.Utils.Rpc.Runtime;
+namespace Phantom.Utils.Rpc.Handshake;
 
 enum RpcFinalHandshakeResult : byte {
 	Error = 0,

Utils/Phantom.Utils.Rpc/Handshake/RpcSessionRegistrationResult.cs

@@ -0,0 +1,6 @@
+namespace Phantom.Utils.Rpc.Handshake;
+
+enum RpcSessionRegistrationResult : byte {
+	AlreadyClosed = 0,
+	Success = 255,
+}

Utils/Phantom.Utils.Rpc/Message/IMessageDefinitions.cs

@@ -1,6 +0,0 @@
-namespace Phantom.Utils.Rpc.Message;
-
-public interface IMessageDefinitions<TClientToServerMessage, TServerToClientMessage> {
-	MessageRegistry<TServerToClientMessage> ToClient { get; }
-	MessageRegistry<TClientToServerMessage> ToServer { get; }
-}

Utils/Phantom.Utils.Rpc/Message/MessageRegistries.cs

@@ -0,0 +1,15 @@
+namespace Phantom.Utils.Rpc.Message;
+
+public readonly record struct MessageRegistries<TClientToServerMessage, TServerToClientMessage>(
+	MessageRegistry<TServerToClientMessage> ToClient,
+	MessageRegistry<TClientToServerMessage> ToServer
+) {
+	internal WithMapping CreateMapping() {
+		return new WithMapping(ToClient.CreateMapping(), ToServer.CreateMapping());
+	}
+	
+	internal readonly record struct WithMapping(
+		MessageRegistry<TServerToClientMessage>.WithMapping ToClient,
+		MessageRegistry<TClientToServerMessage>.WithMapping ToServer
+	);
+}

Utils/Phantom.Utils.Rpc/Message/MessageRegistry.cs

@@ -1,75 +1,106 @@
-using System.Diagnostics.CodeAnalysis;
+using System.Collections.Immutable;
 using Phantom.Utils.Actor;
 using Phantom.Utils.Logging;
-using Phantom.Utils.Rpc.Frame.Types;
+using Phantom.Utils.Rpc.Runtime;
 using Serilog;
 
 namespace Phantom.Utils.Rpc.Message;
 
 public sealed class MessageRegistry<TMessageBase>(string loggerName) {
 	private readonly ILogger logger = PhantomLogger.Create<MessageRegistry<TMessageBase>>(loggerName);
-	private readonly Dictionary<Type, ushort> typeToCodeMapping = new ();
-	private readonly Dictionary<ushort, Registration> codeToRegistrationMapping = new ();
+	private readonly List<MessageInfo> messageInfoList = [];
 	
-	private readonly record struct Registration(Type MessageType, Func<uint, ReadOnlyMemory<byte>, MessageHandler<TMessageBase>, CancellationToken, Task> Handler);
+	private readonly record struct MessageInfo(Type Type, MessageTypeName TypeName, DeserializeAndHandleFunc Action);
 	
-	public void Add<TMessage>(ushort code) where TMessage : TMessageBase {
-		Type messageType = typeof(TMessage);
-		
-		if (HasReplyType(messageType)) {
+	internal delegate Task DeserializeAndHandleFunc(uint messageId, ReadOnlyMemory<byte> serializedMessage, MessageHandler<TMessageBase> handler, CancellationToken cancellationToken);
+	
+	public void Add<TMessage>() where TMessage : TMessageBase {
+		if (HasReplyType(typeof(TMessage))) {
 			throw new ArgumentException("This overload is for messages without a reply.");
 		}
 		
-		typeToCodeMapping.Add(messageType, code);
-		codeToRegistrationMapping.Add(code, new Registration(messageType, DeserializationHandler<TMessage>));
+		AddImpl(typeof(TMessage), DeserializationHandler<TMessage>);
 	}
 	
-	public void Add<TMessage, TReply>(ushort code) where TMessage : TMessageBase, ICanReply<TReply> {
-		Type messageType = typeof(TMessage);
-		
-		typeToCodeMapping.Add(messageType, code);
-		codeToRegistrationMapping.Add(code, new Registration(messageType, DeserializationHandler<TMessage, TReply>));
+	public void Add<TMessage, TReply>() where TMessage : TMessageBase, ICanReply<TReply> {
+		AddImpl(typeof(TMessage), DeserializationHandler<TMessage, TReply>);
 	}
 	
-	private bool HasReplyType(Type messageType) {
+	private void AddImpl(Type messageType, DeserializeAndHandleFunc action) {
+		messageInfoList.Add(new MessageInfo(messageType, new MessageTypeName(messageType.Name), action));
+	}
+	
+	private static bool HasReplyType(Type messageType) {
 		string replyInterfaceName = typeof(ICanReply<object>).FullName!;
 		replyInterfaceName = replyInterfaceName[..(replyInterfaceName.IndexOf('`') + 1)];
 		
 		return messageType.GetInterfaces().Any(type => type.FullName is {} name && name.StartsWith(replyInterfaceName, StringComparison.Ordinal));
 	}
 	
-	internal bool TryGetType(MessageFrame frame, [NotNullWhen(true)] out Type? type) {
-		if (codeToRegistrationMapping.TryGetValue(frame.RegistryCode, out var registration)) {
-			type = registration.MessageType;
-			return true;
-		}
-		else {
-			type = null;
-			return false;
-		}
-	}
-	
-	internal MessageFrame CreateFrame<TMessage>(uint messageId, TMessage message) where TMessage : TMessageBase {
-		if (typeToCodeMapping.TryGetValue(typeof(TMessage), out ushort code)) {
-			return new MessageFrame(messageId, code, MessageSerialization.Serialize(message));
-		}
-		else {
-			throw new ArgumentException("Unknown message type: " + typeof(TMessage));
-		}
-	}
-	
-	internal async Task Handle(MessageFrame frame, MessageHandler<TMessageBase> handler, CancellationToken cancellationToken) {
-		uint messageId = frame.MessageId;
+	internal WithMapping CreateMapping() {
+		var messageTypeNames = ImmutableArray.CreateBuilder<MessageTypeName>();
+		var messageTypeMapping = new MessageTypeMapping<TMessageBase>.Builder();
 		
-		if (codeToRegistrationMapping.TryGetValue(frame.RegistryCode, out var registration)) {
-			await registration.Handler(messageId, frame.SerializedMessage, handler, cancellationToken);
+		int nextMessageCode = 0;
+		
+		foreach ((Type messageType, MessageTypeName messageTypeName, DeserializeAndHandleFunc action) in messageInfoList) {
+			if (nextMessageCode == byte.MaxValue) {
+				throw new InvalidOperationException("Trying to register too many messages (" + (nextMessageCode + 1) + ").");
+			}
+			
+			messageTypeNames.Add(messageTypeName);
+			messageTypeMapping.Add((byte) nextMessageCode++, messageType, action);
 		}
-		else {
-			logger.Error("Unknown message code {Code} for message {MessageId}.", frame.RegistryCode, messageId);
-			await handler.SendError(messageId, MessageError.UnknownMessageRegistryCode, cancellationToken);
+		
+		return new WithMapping(messageTypeNames.ToImmutable(), messageTypeMapping.Build(loggerName));
+	}
+	
+	internal sealed class WithMapping(ImmutableArray<MessageTypeName> messageTypeNames, MessageTypeMapping<TMessageBase> mapping) {
+		public MessageTypeMapping<TMessageBase> Mapping => mapping;
+		
+		public async ValueTask Write(RpcStream stream, CancellationToken cancellationToken) {
+			foreach (MessageTypeName typeName in messageTypeNames) {
+				await typeName.Write(stream, cancellationToken);
+			}
+			
+			await MessageTypeName.WriteEnd(stream, cancellationToken);
 		}
 	}
 	
+	internal async ValueTask<ReadMappingResult> ReadMapping(RpcStream stream, CancellationToken cancellationToken) {
+		var messageTypeNameToInfoMapping = messageInfoList.ToImmutableDictionary(static item => item.TypeName, static item => item);
+		
+		var messageTypeMapping = new MessageTypeMapping<TMessageBase>.Builder();
+		var supportedMessages = ImmutableSortedDictionary.CreateBuilder<byte, MessageTypeName>();
+		var unsupportedMessages = ImmutableSortedDictionary.CreateBuilder<byte, MessageTypeName>();
+		
+		byte nextMessageCode = 0;
+		
+		while (await MessageTypeName.Read(stream, cancellationToken) is {} messageTypeName) {
+			if (nextMessageCode == byte.MaxValue) {
+				throw new InvalidOperationException("Trying to register too many messages (" + (nextMessageCode + 1) + ").");
+			}
+			
+			if (messageTypeNameToInfoMapping.TryGetValue(messageTypeName, out var messageInfo)) {
+				messageTypeMapping.Add(nextMessageCode, messageInfo.Type, messageInfo.Action);
+				supportedMessages.Add(nextMessageCode, messageTypeName);
+			}
+			else {
+				unsupportedMessages.Add(nextMessageCode, messageTypeName);
+			}
+			
+			++nextMessageCode;
+		}
+		
+		return new ReadMappingResult(messageTypeMapping.Build(loggerName), supportedMessages.ToImmutable(), unsupportedMessages.ToImmutable());
+	}
+	
+	internal readonly record struct ReadMappingResult(
+		MessageTypeMapping<TMessageBase> TypeMapping,
+		ImmutableSortedDictionary<byte, MessageTypeName> SupportedMessages,
+		ImmutableSortedDictionary<byte, MessageTypeName> UnsupportedMessages
+	);
+	
 	private async Task DeserializationHandler<TMessage>(uint messageId, ReadOnlyMemory<byte> serializedMessage, MessageHandler<TMessageBase> handler, CancellationToken cancellationToken) where TMessage : TMessageBase {
 		TMessage message;
 		try {

Utils/Phantom.Utils.Rpc/Message/MessageSender.cs

@@ -142,13 +142,16 @@ public sealed class MessageSender<TMessageBase> {
 		messageReplyTracker.FailReply(frame.ReplyingToMessageId, MessageErrorException.From(frame.Error));
 	}
 	
-	internal async Task Close() {
+	internal async Task Close(TimeSpan timeout) {
 		messageQueue.Writer.TryComplete();
 		
 		try {
-			await messageQueueTask.WaitAsync(TimeSpan.FromSeconds(15));
+			await messageQueueTask.WaitAsync(timeout);
 		} catch (TimeoutException) {
-			logger.Warning("Could not finish processing message queue before timeout, forcibly shutting it down.");
+			if (timeout != TimeSpan.Zero) {
+				logger.Warning("Could not finish processing message queue before timeout, forcibly shutting it down.");
+			}
+			
 			await shutdownCancellationTokenSource.CancelAsync();
 			await messageQueueTask.ConfigureAwait(ConfigureAwaitOptions.SuppressThrowing);
 		} catch (Exception) {

Utils/Phantom.Utils.Rpc/Message/MessageTypeMapping.cs

@@ -0,0 +1,68 @@
+using System.Collections.Frozen;
+using System.Diagnostics.CodeAnalysis;
+using Phantom.Utils.Logging;
+using Phantom.Utils.Rpc.Frame.Types;
+using Serilog;
+
+namespace Phantom.Utils.Rpc.Message;
+
+sealed class MessageTypeMapping<TMessageBase> {
+	private readonly ILogger logger;
+	
+	private readonly FrozenDictionary<Type, byte> messageTypeToTypeCodeMapping;
+	private readonly FrozenDictionary<byte, Registration> messageTypeCodeToRegistrationMapping;
+	
+	private MessageTypeMapping(string loggerName, FrozenDictionary<Type, byte> messageTypeToTypeCodeMapping, FrozenDictionary<byte, Registration> messageTypeCodeToRegistrationMapping) {
+		this.logger = PhantomLogger.Create<MessageTypeMapping<TMessageBase>>(loggerName);
+		this.messageTypeToTypeCodeMapping = messageTypeToTypeCodeMapping;
+		this.messageTypeCodeToRegistrationMapping = messageTypeCodeToRegistrationMapping;
+	}
+	
+	private readonly record struct Registration(Type MessageType, MessageRegistry<TMessageBase>.DeserializeAndHandleFunc Action);
+	
+	public bool TryGetType(MessageFrame frame, [NotNullWhen(true)] out Type? type) {
+		if (messageTypeCodeToRegistrationMapping.TryGetValue(frame.MessageTypeCode, out var registration)) {
+			type = registration.MessageType;
+			return true;
+		}
+		else {
+			type = null;
+			return false;
+		}
+	}
+	
+	public MessageFrame CreateFrame<TMessage>(uint messageId, TMessage message) where TMessage : TMessageBase {
+		if (messageTypeToTypeCodeMapping.TryGetValue(typeof(TMessage), out byte messageTypeCode)) {
+			return new MessageFrame(messageId, messageTypeCode, MessageSerialization.Serialize(message));
+		}
+		else {
+			throw new ArgumentException("Unknown message type: " + typeof(TMessage));
+		}
+	}
+	
+	public async Task Handle(MessageFrame frame, MessageHandler<TMessageBase> handler, CancellationToken cancellationToken) {
+		uint messageId = frame.MessageId;
+		
+		if (messageTypeCodeToRegistrationMapping.TryGetValue(frame.MessageTypeCode, out var registration)) {
+			await registration.Action(messageId, frame.SerializedMessage, handler, cancellationToken);
+		}
+		else {
+			logger.Error("Unknown message code {Code} for message {MessageId}.", frame.MessageTypeCode, messageId);
+			await handler.SendError(messageId, MessageError.UnknownMessageRegistryCode, cancellationToken);
+		}
+	}
+	
+	public sealed class Builder {
+		private readonly Dictionary<Type, byte> messageTypeToTypeCodeMapping = new ();
+		private readonly Dictionary<byte, Registration> messageTypeCodeToRegistrationMapping = new ();
+		
+		public void Add(byte messageTypeCode, Type messageType, MessageRegistry<TMessageBase>.DeserializeAndHandleFunc action) {
+			messageTypeToTypeCodeMapping.Add(messageType, messageTypeCode);
+			messageTypeCodeToRegistrationMapping.Add(messageTypeCode, new Registration(messageType, action));
+		}
+		
+		public MessageTypeMapping<TMessageBase> Build(string loggerName) {
+			return new MessageTypeMapping<TMessageBase>(loggerName, messageTypeToTypeCodeMapping.ToFrozenDictionary(), messageTypeCodeToRegistrationMapping.ToFrozenDictionary());
+		}
+	}
+}

Utils/Phantom.Utils.Rpc/Message/MessageTypeMappings.cs

@@ -0,0 +1,6 @@
+namespace Phantom.Utils.Rpc.Message;
+
+readonly record struct MessageTypeMappings<TClientToServerMessage, TServerToClientMessage>(
+	MessageTypeMapping<TServerToClientMessage> ToClient,
+	MessageTypeMapping<TClientToServerMessage> ToServer
+);

Utils/Phantom.Utils.Rpc/Message/MessageTypeName.cs

@@ -0,0 +1,58 @@
+using System.Text;
+using Phantom.Utils.Rpc.Runtime;
+
+namespace Phantom.Utils.Rpc.Message;
+
+sealed class MessageTypeName {
+	private readonly string stringValue;
+	private readonly ReadOnlyMemory<byte> serializedBytes;
+	
+	public MessageTypeName(string name) {
+		this.stringValue = name;
+		this.serializedBytes = Encoding.ASCII.GetBytes(name);
+		
+		if (serializedBytes.Length is 0 or > byte.MaxValue) {
+			throw new ArgumentOutOfRangeException(nameof(name), "Message name must be between 0 and " + byte.MaxValue + " bytes.");
+		}
+	}
+	
+	private MessageTypeName(ReadOnlyMemory<byte> serializedBytes) {
+		this.stringValue = Encoding.ASCII.GetString(serializedBytes.Span);
+		this.serializedBytes = serializedBytes;
+	}
+	
+	public async ValueTask Write(RpcStream stream, CancellationToken cancellationToken) {
+		await stream.WriteByte((byte) serializedBytes.Length, cancellationToken);
+		await stream.WriteBytes(serializedBytes, cancellationToken);
+	}
+	
+	public static async ValueTask WriteEnd(RpcStream stream, CancellationToken cancellationToken) {
+		await stream.WriteByte(value: 0, cancellationToken);
+	}
+	
+	public static async ValueTask<MessageTypeName?> Read(RpcStream stream, CancellationToken cancellationToken) {
+		byte serializedBytesLength = await stream.ReadByte(cancellationToken);
+		if (serializedBytesLength == 0) {
+			return null;
+		}
+		
+		var serializedBytes = await stream.ReadBytes(serializedBytesLength, cancellationToken);
+		return new MessageTypeName(serializedBytes);
+	}
+	
+	public override bool Equals(object? obj) {
+		if (ReferenceEquals(this, obj)) {
+			return true;
+		}
+		
+		return obj is MessageTypeName other && stringValue == other.stringValue;
+	}
+	
+	public override int GetHashCode() {
+		return stringValue.GetHashCode();
+	}
+	
+	public override string ToString() {
+		return stringValue;
+	}
+}

Utils/Phantom.Utils.Rpc/Runtime/Client/RpcClient.cs

@@ -7,21 +7,25 @@ using Serilog;
 namespace Phantom.Utils.Rpc.Runtime.Client;
 
 public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> : IRpcConnectionProvider, IDisposable {
-	public static async Task<RpcClient<TClientToServerMessage, TServerToClientMessage>?> Connect(string loggerName, RpcClientConnectionParameters connectionParameters, IMessageDefinitions<TClientToServerMessage, TServerToClientMessage> messageDefinitions, CancellationToken cancellationToken) {
-		RpcClientToServerConnector connector = new RpcClientToServerConnector(loggerName, connectionParameters);
-		RpcClientToServerConnector.Connection? connection = await connector.ConnectWithRetries(maxAttempts: 10, cancellationToken);
-		return connection == null ? null : new RpcClient<TClientToServerMessage, TServerToClientMessage>(loggerName, connectionParameters, connector, connection, messageDefinitions);
+	public static async Task<RpcClient<TClientToServerMessage, TServerToClientMessage>?> Connect(
+		string loggerName,
+		RpcClientConnectionParameters connectionParameters,
+		MessageRegistries<TClientToServerMessage, TServerToClientMessage> messageRegistries,
+		CancellationToken cancellationToken
+	) {
+		var connector = new RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>(loggerName, connectionParameters, messageRegistries);
+		var connection = await connector.ConnectWithRetries(maxAttempts: 10, cancellationToken);
+		return connection == null ? null : new RpcClient<TClientToServerMessage, TServerToClientMessage>(loggerName, connectionParameters, connector, connection);
 	}
 	
 	private readonly string loggerName;
 	private readonly ILogger logger;
 	
 	private readonly RpcCommonConnectionParameters connectionParameters;
-	private readonly RpcClientToServerConnector connector;
-	private readonly IMessageDefinitions<TClientToServerMessage, TServerToClientMessage> messageDefinitions;
+	private readonly RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage> connector;
 	private readonly IRpcFrameSenderProvider<TClientToServerMessage>.Mutable frameSenderProvider = new ();
 	
-	private RpcClientToServerConnector.Connection currentConnection;
+	private RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>.Connection currentConnection;
 	private readonly SemaphoreSlim currentConnectionSemaphore = new (1);
 	
 	private Task? listenerTask;
@@ -30,14 +34,18 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 	
 	public MessageSender<TClientToServerMessage> MessageSender { get; }
 	
-	private RpcClient(string loggerName, RpcCommonConnectionParameters connectionParameters, RpcClientToServerConnector connector, RpcClientToServerConnector.Connection connection, IMessageDefinitions<TClientToServerMessage, TServerToClientMessage> messageDefinitions) {
+	private RpcClient(
+		string loggerName,
+		RpcCommonConnectionParameters connectionParameters,
+		RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage> connector,
+		RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>.Connection connection
+	) {
 		this.loggerName = loggerName;
 		this.logger = PhantomLogger.Create<RpcClient<TClientToServerMessage, TServerToClientMessage>>(loggerName);
 		
 		this.connectionParameters = connectionParameters;
 		this.connector = connector;
 		this.currentConnection = connection;
-		this.messageDefinitions = messageDefinitions;
 		
 		this.MessageSender = new MessageSender<TClientToServerMessage>(loggerName, connectionParameters, frameSenderProvider);
 	}
@@ -46,7 +54,7 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 		return (await GetConnection(cancellationToken)).Stream;
 	}
 	
-	private async Task<RpcClientToServerConnector.Connection> GetConnection(CancellationToken cancellationToken) {
+	private async Task<RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>.Connection> GetConnection(CancellationToken cancellationToken) {
 		await currentConnectionSemaphore.WaitAsync(cancellationToken);
 		try {
 			if (!currentConnection.Socket.Connected) {
@@ -70,7 +78,7 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 	private async Task Listen(IMessageReceiver<TServerToClientMessage> messageReceiver) {
 		CancellationToken cancellationToken = shutdownCancellationTokenSource.Token;
 		
-		RpcClientToServerConnector.Connection? connection = null;
+		RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>.Connection? connection = null;
 		SessionState? sessionState = null;
 		
 		try {
@@ -125,7 +133,7 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 			}
 		} finally {
 			if (sessionState.HasValue) {
-				await sessionState.Value.TryShutdown(logger, sendSessionTermination: cancellationToken.IsCancellationRequested);
+				await ShutdownSessionState(sessionState.Value);
 			}
 			
 			if (connection != null) {
@@ -138,10 +146,10 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 		}
 	}
 	
-	private SessionState NewSessionState(RpcClientToServerConnector.Connection connection, IMessageReceiver<TServerToClientMessage> messageReceiver) {
-		var frameSender = new RpcFrameSender<TClientToServerMessage>(loggerName, connectionParameters, this, messageDefinitions.ToServer, connection.PingInterval);
+	private SessionState NewSessionState(RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>.Connection connection, IMessageReceiver<TServerToClientMessage> messageReceiver) {
+		var frameSender = new RpcFrameSender<TClientToServerMessage>(loggerName, connectionParameters, this, connection.MessageTypeMappings.ToServer, connection.PingInterval);
 		var messageHandler = new MessageHandler<TServerToClientMessage>(messageReceiver, frameSender);
-		var frameReader = new RpcFrameReader<TClientToServerMessage, TServerToClientMessage>(loggerName, connectionParameters, messageDefinitions.ToClient, messageHandler, MessageSender, frameSender);
+		var frameReader = new RpcFrameReader<TClientToServerMessage, TServerToClientMessage>(loggerName, connectionParameters, connection.MessageTypeMappings.ToClient, messageHandler, MessageSender, frameSender);
 		
 		frameSenderProvider.SetNewValue(frameSender);
 		messageReceiver.OnSessionRestarted();
@@ -149,8 +157,17 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 		return new SessionState(frameSender, frameReader);
 	}
 	
+	private async Task ShutdownSessionState(SessionState sessionState) {
+		if (connector.IsEnabled) {
+			await sessionState.TryShutdown(logger, sendSessionTermination: shutdownCancellationTokenSource.IsCancellationRequested);
+		}
+		else {
+			await sessionState.TryShutdownNow(logger);
+		}
+	}
+	
 	private readonly record struct SessionState(RpcFrameSender<TClientToServerMessage> FrameSender, RpcFrameReader<TClientToServerMessage, TServerToClientMessage> FrameReader) {
-		public void Update(ILogger logger, RpcClientToServerConnector.Connection connection) {
+		public void Update(ILogger logger, RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>.Connection connection) {
 			TimeSpan currentPingInterval = FrameSender.PingInterval;
 			if (currentPingInterval != connection.PingInterval) {
 				logger.Warning("Server requested a different ping interval ({ServerPingInterval}s) than currently set ({ClientPingInterval}s), but ping interval cannot be updated for existing sessions.", connection.PingInterval.TotalSeconds, currentPingInterval.TotalSeconds);
@@ -178,7 +195,7 @@ public sealed class RpcClient<TClientToServerMessage, TServerToClientMessage> :
 		logger.Information("Shutting down client...");
 		
 		try {
-			await MessageSender.Close();
+			await MessageSender.Close(connector.IsEnabled ? TimeSpan.FromSeconds(15) : TimeSpan.Zero);
 		} catch (Exception e) {
 			logger.Error(e, "Caught exception while closing message sender.");
 		}

Utils/Phantom.Utils.Rpc/Runtime/Client/RpcClientToServerConnector.cs

@@ -1,30 +1,40 @@
-using System.Net.Security;
+using System.Diagnostics.CodeAnalysis;
+using System.Net.Security;
 using System.Net.Sockets;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using Phantom.Utils.Collections;
 using Phantom.Utils.Logging;
+using Phantom.Utils.Rpc.Handshake;
+using Phantom.Utils.Rpc.Message;
 using Phantom.Utils.Rpc.Runtime.Tls;
 using Serilog;
+using Serilog.Events;
 
 namespace Phantom.Utils.Rpc.Runtime.Client;
 
-sealed class RpcClientToServerConnector {
+[SuppressMessage("ReSharper", "StaticMemberInGenericType")]
+sealed class RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage> {
 	private static readonly TimeSpan InitialRetryDelay = TimeSpan.FromMilliseconds(500);
 	private static readonly TimeSpan MaximumRetryDelay = TimeSpan.FromSeconds(30);
 	private static readonly TimeSpan DisconnectTimeout = TimeSpan.FromSeconds(10);
 	
 	private readonly ILogger logger;
-	private readonly Guid sessionId;
 	private readonly RpcClientConnectionParameters parameters;
+	private readonly MessageRegistries<TClientToServerMessage, TServerToClientMessage> messageRegistries;
+	private readonly Guid sessionGuid;
 	private readonly SslClientAuthenticationOptions sslOptions;
 	
+	private bool wasRejectedDueToClosedSession = false;
 	private bool loggedCertificateValidationError = false;
 	
-	public RpcClientToServerConnector(string loggerName, RpcClientConnectionParameters parameters) {
-		this.logger = PhantomLogger.Create<RpcClientToServerConnector>(loggerName);
-		this.sessionId = Guid.NewGuid();
+	internal bool IsEnabled => !wasRejectedDueToClosedSession;
+	
+	public RpcClientToServerConnector(string loggerName, RpcClientConnectionParameters parameters, MessageRegistries<TClientToServerMessage, TServerToClientMessage> messageRegistries) {
+		this.logger = PhantomLogger.Create<RpcClientToServerConnector<TClientToServerMessage, TServerToClientMessage>>(loggerName);
 		this.parameters = parameters;
+		this.messageRegistries = messageRegistries;
+		this.sessionGuid = Guid.NewGuid();
 		
 		this.sslOptions = new SslClientAuthenticationOptions {
 			AllowRenegotiation = false,
@@ -51,7 +61,7 @@ sealed class RpcClientToServerConnector {
 			
 			cancellationToken.ThrowIfCancellationRequested();
 			
-			if (attempt >= maxAttempts) {
+			if (attempt >= maxAttempts || wasRejectedDueToClosedSession) {
 				break;
 			}
 			
@@ -77,6 +87,11 @@ sealed class RpcClientToServerConnector {
 			
 			cancellationToken.ThrowIfCancellationRequested();
 			
+			if (wasRejectedDueToClosedSession) {
+				logger.Warning("A restart will be required to start a new session!");
+				await Task.Delay(Timeout.InfiniteTimeSpan, cancellationToken);
+			}
+			
 			logger.Warning("Retrying in {Seconds}s.", nextAttemptDelay.TotalSeconds.ToString("F1"));
 			nextAttemptDelay = await WaitForRetry(nextAttemptDelay, cancellationToken);
 		}
@@ -114,7 +129,7 @@ sealed class RpcClientToServerConnector {
 			
 			if (await AuthenticateAndPerformHandshake(stream, cancellationToken) is {} result) {
 				logger.Information("Connected to {Host}:{Port}.", parameters.Host, parameters.Port);
-				return new Connection(clientSocket, stream, result.IsNewSession, result.PingInterval);
+				return new Connection(clientSocket, stream, result.IsNewSession, result.PingInterval, result.MessageTypeMappings);
 			}
 		} catch (Exception e) {
 			logger.Error(e, "Caught unhandled exception.");
@@ -130,6 +145,30 @@ sealed class RpcClientToServerConnector {
 		return null;
 	}
 	
+	private bool ValidateServerCertificate(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors) {
+		if (certificate == null || sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNotAvailable)) {
+			logger.Error("Could not establish a secure connection, server did not provide a certificate.");
+		}
+		else if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch)) {
+			logger.Error("Could not establish a secure connection, server certificate has the wrong name: {Name}", certificate.Subject);
+		}
+		else if (!parameters.CertificateThumbprint.Check(certificate)) {
+			logger.Error("Could not establish a secure connection, server certificate does not match.");
+		}
+		else if (TlsSupport.CheckAlgorithm((X509Certificate2) certificate) is {} error) {
+			logger.Error("Could not establish a secure connection, server certificate rejected because it uses {ActualAlgorithmName} instead of {ExpectedAlgorithmName}.", error.ActualAlgorithmName, error.ExpectedAlgorithmName);
+		}
+		else if ((sslPolicyErrors & ~SslPolicyErrors.RemoteCertificateChainErrors) != SslPolicyErrors.None) {
+			logger.Error("Could not establish a secure connection, server certificate validation failed.");
+		}
+		else {
+			return true;
+		}
+		
+		loggedCertificateValidationError = true;
+		return false;
+	}
+	
 	private async Task<ConnectionResult?> AuthenticateAndPerformHandshake(RpcStream stream, CancellationToken cancellationToken) {
 		try {
 			loggedCertificateValidationError = false;
@@ -159,14 +198,64 @@ sealed class RpcClientToServerConnector {
 		await stream.WriteAuthToken(parameters.AuthToken, cancellationToken);
 		await stream.Flush(cancellationToken);
 		
-		if (await stream.ReadByte(cancellationToken) != 1) {
-			logger.Error("Server rejected authorization token.");
+		var authResult = (RpcAuthResult) await stream.ReadByte(cancellationToken);
+		switch (authResult) {
+			case RpcAuthResult.Success:
+				break;
+			
+			case RpcAuthResult.UnknownClient:
+				logger.Error("Server rejected unknown client.");
+				return null;
+			
+			case RpcAuthResult.InvalidSecret:
+				logger.Error("Server rejected unauthorized client.");
+				return null;
+			
+			default:
+				logger.Error("Server rejected client authorization with unknown error code: {ErrorCode}", authResult);
+				return null;
+		}
+		
+		await stream.WriteGuid(sessionGuid, cancellationToken);
+		await stream.Flush(cancellationToken);
+		
+		var sessionRegistrationResult = (RpcSessionRegistrationResult) await stream.ReadByte(cancellationToken);
+		switch (sessionRegistrationResult) {
+			case RpcSessionRegistrationResult.Success:
+				break;
+			
+			case RpcSessionRegistrationResult.AlreadyClosed:
+				wasRejectedDueToClosedSession = true;
+				logger.Fatal("Server rejected client session because it was already closed.");
+				return null;
+			
+			default:
+				logger.Error("Server rejected client session with unknown error code: {ErrorCode}", sessionRegistrationResult);
+				return null;
+		}
+		
+		var pingInterval = await ReadPingInterval(stream, cancellationToken);
+		if (pingInterval == null) {
 			return null;
 		}
 		
-		await stream.WriteGuid(sessionId, cancellationToken);
-		await stream.Flush(cancellationToken);
+		var mappedMessageDefinitions = await ReadMessageMappings(stream, cancellationToken);
 		
+		await parameters.Handshake.Perform(stream, cancellationToken);
+		
+		var finalHandshakeResult = (RpcFinalHandshakeResult) await stream.ReadByte(cancellationToken);
+		switch (finalHandshakeResult) {
+			case RpcFinalHandshakeResult.NewSession:
+			case RpcFinalHandshakeResult.ReusedSession:
+				return new ConnectionResult(finalHandshakeResult == RpcFinalHandshakeResult.NewSession, pingInterval.Value, mappedMessageDefinitions);
+			
+			default:
+				logger.Error("Server rejected client handshake with unknown error code: {ErrorCode}", finalHandshakeResult);
+				return null;
+		}
+	}
+	
+	private async Task<TimeSpan?> ReadPingInterval(RpcStream stream, CancellationToken cancellationToken) {
 		ushort pingIntervalSeconds = await stream.ReadUnsignedShort(cancellationToken);
 		if (pingIntervalSeconds == 0) {
 			logger.Error("Server sent invalid ping interval.");
@@ -174,42 +263,30 @@ sealed class RpcClientToServerConnector {
 		}
 		
 		logger.Debug("Server requested a ping interval of {PingInterval}s.", pingIntervalSeconds);
-		
-		await parameters.Handshake.Perform(stream, cancellationToken);
-		
-		var finalHandshakeResult = (RpcFinalHandshakeResult) await stream.ReadByte(cancellationToken);
-		if (finalHandshakeResult == RpcFinalHandshakeResult.Error) {
-			logger.Error("Server rejected client due to unknown error.");
-			return null;
-		}
-		
-		return new ConnectionResult(finalHandshakeResult == RpcFinalHandshakeResult.NewSession, TimeSpan.FromSeconds(pingIntervalSeconds));
+		return TimeSpan.FromSeconds(pingIntervalSeconds);
 	}
 	
-	private readonly record struct ConnectionResult(bool IsNewSession, TimeSpan PingInterval);
+	private async Task<MessageTypeMappings<TClientToServerMessage, TServerToClientMessage>> ReadMessageMappings(RpcStream stream, CancellationToken cancellationToken) {
+		var toClient = await ReadMessageMapping(messageRegistries.ToClient, stream, cancellationToken);
+		var toServer = await ReadMessageMapping(messageRegistries.ToServer, stream, cancellationToken);
+		
+		return new MessageTypeMappings<TClientToServerMessage, TServerToClientMessage>(toClient, toServer);
+	}
 	
-	private bool ValidateServerCertificate(object sender, X509Certificate? certificate, X509Chain? chain, SslPolicyErrors sslPolicyErrors) {
-		if (certificate == null || sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNotAvailable)) {
-			logger.Error("Could not establish a secure connection, server did not provide a certificate.");
-		}
-		else if (sslPolicyErrors.HasFlag(SslPolicyErrors.RemoteCertificateNameMismatch)) {
-			logger.Error("Could not establish a secure connection, server certificate has the wrong name: {Name}", certificate.Subject);
-		}
-		else if (!parameters.CertificateThumbprint.Check(certificate)) {
-			logger.Error("Could not establish a secure connection, server certificate does not match.");
-		}
-		else if (TlsSupport.CheckAlgorithm((X509Certificate2) certificate) is {} error) {
-			logger.Error("Could not establish a secure connection, server certificate rejected because it uses {ActualAlgorithmName} instead of {ExpectedAlgorithmName}.", error.ActualAlgorithmName, error.ExpectedAlgorithmName);
-		}
-		else if ((sslPolicyErrors & ~SslPolicyErrors.RemoteCertificateChainErrors) != SslPolicyErrors.None) {
-			logger.Error("Could not establish a secure connection, server certificate validation failed.");
-		}
-		else {
-			return true;
+	private async Task<MessageTypeMapping<TMessageBase>> ReadMessageMapping<TMessageBase>(MessageRegistry<TMessageBase> messageRegistry, RpcStream stream, CancellationToken cancellationToken) {
+		var result = await messageRegistry.ReadMapping(stream, cancellationToken);
+		
+		if (logger.IsEnabled(LogEventLevel.Debug)) {
+			foreach ((byte messageTypeCode, MessageTypeName messageTypeName) in result.SupportedMessages) {
+				logger.Debug("Server requested code {MessageCode} for message {MessageBaseTypeName}:{MessageTypeName}.", messageTypeCode, typeof(TMessageBase).Name, messageTypeName);
+			}
 		}
 		
-		loggedCertificateValidationError = true;
-		return false;
+		foreach ((byte messageTypeCode, MessageTypeName messageTypeName) in result.UnsupportedMessages) {
+			logger.Warning("Server requested code {MessageCode} for message {MessageBaseTypeName}:{MessageTypeName} that the client does not support.", messageTypeCode, typeof(TMessageBase).Name, messageTypeName);
+		}
+		
+		return result.TypeMapping;
 	}
 	
 	private static async Task DisconnectSocket(Socket socket, RpcStream? stream) {
@@ -221,7 +298,9 @@ sealed class RpcClientToServerConnector {
 		await socket.DisconnectAsync(reuseSocket: false, timeoutTokenSource.Token);
 	}
 	
-	internal sealed record Connection(Socket Socket, RpcStream Stream, bool IsNewSession, TimeSpan PingInterval) : IAsyncDisposable {
+	private readonly record struct ConnectionResult(bool IsNewSession, TimeSpan PingInterval, MessageTypeMappings<TClientToServerMessage, TServerToClientMessage> MessageTypeMappings);
+	
+	internal sealed record Connection(Socket Socket, RpcStream Stream, bool IsNewSession, TimeSpan PingInterval, MessageTypeMappings<TClientToServerMessage, TServerToClientMessage> MessageTypeMappings) : IAsyncDisposable {
 		public async Task Disconnect() {
 			await DisconnectSocket(Socket, Stream);
 		}

Utils/Phantom.Utils.Rpc/Runtime/RpcFrameReader.cs

@@ -9,7 +9,7 @@ namespace Phantom.Utils.Rpc.Runtime;
 sealed class RpcFrameReader<TSentMessage, TReceivedMessage>(
 	string loggerName,
 	RpcCommonConnectionParameters connectionParameters,
-	MessageRegistry<TReceivedMessage> messageRegistry,
+	MessageTypeMapping<TReceivedMessage> messageTypeMapping,
 	MessageHandler<TReceivedMessage> messageHandler,
 	MessageSender<TSentMessage> messageSender,
 	RpcFrameSender<TSentMessage> frameSender
@@ -38,7 +38,7 @@ sealed class RpcFrameReader<TSentMessage, TReceivedMessage>(
 			return;
 		}
 		
-		if (messageRegistry.TryGetType(frame, out var messageType)) {
+		if (messageTypeMapping.TryGetType(frame, out var messageType)) {
 			logger.Debug("Received message {MesageId} of type {MessageType} ({Bytes} B).", frame.MessageId, messageType.Name, frame.SerializedMessage.Length);
 		}
 		
@@ -58,7 +58,7 @@ sealed class RpcFrameReader<TSentMessage, TReceivedMessage>(
 	
 	private async Task HandleMessage(MessageFrame frame, CancellationToken cancellationToken) {
 		try {
-			await messageRegistry.Handle(frame, messageHandler, cancellationToken);
+			await messageTypeMapping.Handle(frame, messageHandler, cancellationToken);
 		} finally {
 			messageHandlingSemaphore.Release();
 		}

Utils/Phantom.Utils.Rpc/Runtime/RpcFrameSender.cs

@@ -12,7 +12,7 @@ namespace Phantom.Utils.Rpc.Runtime;
 sealed class RpcFrameSender<TMessageBase> : IMessageReplySender {
 	private readonly ILogger logger;
 	private readonly IRpcConnectionProvider connectionProvider;
-	private readonly MessageRegistry<TMessageBase> messageRegistry;
+	private readonly MessageTypeMapping<TMessageBase> messageTypeMapping;
 	private readonly MessageReceiveTracker messageReceiveTracker = new ();
 	
 	private readonly Channel<IFrame> frameQueue;
@@ -27,10 +27,10 @@ sealed class RpcFrameSender<TMessageBase> : IMessageReplySender {
 	
 	internal TimeSpan PingInterval { get; }
 	
-	internal RpcFrameSender(string loggerName, RpcCommonConnectionParameters connectionParameters, IRpcConnectionProvider connectionProvider, MessageRegistry<TMessageBase> messageRegistry, TimeSpan pingInterval) {
+	internal RpcFrameSender(string loggerName, RpcCommonConnectionParameters connectionParameters, IRpcConnectionProvider connectionProvider, MessageTypeMapping<TMessageBase> messageTypeMapping, TimeSpan pingInterval) {
 		this.logger = PhantomLogger.Create<RpcFrameSender<TMessageBase>>(loggerName);
 		this.connectionProvider = connectionProvider;
-		this.messageRegistry = messageRegistry;
+		this.messageTypeMapping = messageTypeMapping;
 		
 		this.frameQueue = Channel.CreateBounded<IFrame>(new BoundedChannelOptions(connectionParameters.FrameQueueCapacity) {
 			AllowSynchronousContinuations = false,
@@ -50,7 +50,7 @@ sealed class RpcFrameSender<TMessageBase> : IMessageReplySender {
 	}
 	
 	public async ValueTask SendMessage<TMessage>(uint messageId, TMessage message, CancellationToken cancellationToken) where TMessage : TMessageBase {
-		var frame = messageRegistry.CreateFrame(messageId, message);
+		var frame = messageTypeMapping.CreateFrame(messageId, message);
 		logger.Debug("Sending message {MesageId} of type {MessageType} ({MessageBytes} B).", messageId, typeof(TMessage).Name, frame.SerializedMessage.Length);
 		await SendFrame(frame, cancellationToken);
 	}

Utils/Phantom.Utils.Rpc/Runtime/RpcStream.cs

@@ -7,8 +7,6 @@ namespace Phantom.Utils.Rpc.Runtime;
 
 [SuppressMessage("ReSharper", "MemberCanBeInternal")]
 public sealed class RpcStream : IAsyncDisposable {
-	private const int GuidBytes = 16;
-	
 	private readonly SslStream stream;
 	
 	internal RpcStream(SslStream stream) {
@@ -76,25 +74,19 @@ public sealed class RpcStream : IAsyncDisposable {
 	}
 	
 	public ValueTask WriteGuid(Guid guid, CancellationToken cancellationToken) {
-		static void Write(Span<byte> span, Guid guid) {
-			if (!guid.TryWriteBytes(span)) {
-				throw new ArgumentException("Span is not large enough to write a GUID.", nameof(span));
-			}
-		}
-		
-		return WriteValue(guid, size: GuidBytes, Write, cancellationToken);
+		return WriteValue(guid, Serialization.GuidBytes, Serialization.WriteGuid, cancellationToken);
 	}
 	
 	public ValueTask<Guid> ReadGuid(CancellationToken cancellationToken) {
-		return ReadValue(static span => new Guid(span), size: GuidBytes, cancellationToken);
+		return ReadValue(static span => new Guid(span), Serialization.GuidBytes, cancellationToken);
 	}
 	
 	public ValueTask WriteAuthToken(AuthToken authToken, CancellationToken cancellationToken) {
-		return stream.WriteAsync(authToken.Bytes.AsMemory(), cancellationToken);
+		return WriteValue(authToken, AuthToken.Length, static (span, value) => value.ToBytes(span), cancellationToken);
 	}
 	
 	public ValueTask<AuthToken> ReadAuthToken(CancellationToken cancellationToken) {
-		return ReadValue(static span => new AuthToken([..span]), AuthToken.Length, cancellationToken);
+		return ReadValue(AuthToken.FromBytes, AuthToken.Length, cancellationToken);
 	}
 	
 	public ValueTask WriteBytes(ReadOnlyMemory<byte> bytes, CancellationToken cancellationToken) {

Utils/Phantom.Utils.Rpc/Runtime/Server/IRpcServerClientAuthProvider.cs

@@ -0,0 +1,5 @@
+namespace Phantom.Utils.Rpc.Runtime.Server;
+
+public interface IRpcServerClientAuthProvider {
+	Task<AuthSecret?> GetAuthSecret(Guid clientGuid);
+}

Utils/Phantom.Utils.Rpc/Runtime/Server/IRpcServerClientHandshake.cs

@@ -1,17 +1,11 @@
-using Phantom.Utils.Monads;
+namespace Phantom.Utils.Rpc.Runtime.Server;
 
-namespace Phantom.Utils.Rpc.Runtime.Server;
-
-public interface IRpcServerClientHandshake<T> {
-	Task<Either<T, Exception>> Perform(bool isNewSession, RpcStream stream, CancellationToken cancellationToken);
-}
-
-public static class RpcServerClientHandshake {
-	public readonly record struct NoValue;
+public interface IRpcServerClientHandshake {
+	Task Perform(bool isNewSession, RpcStream stream, Guid clientGuid, CancellationToken cancellationToken);
 	
-	public sealed record NoOp : IRpcServerClientHandshake<NoValue> {
-		public Task<Either<NoValue, Exception>> Perform(bool isNewSession, RpcStream stream, CancellationToken cancellationToken) {
-			return Task.FromResult<Either<NoValue, Exception>>(Either.Left(new NoValue()));
+	sealed record NoOp : IRpcServerClientHandshake {
+		public Task Perform(bool isNewSession, RpcStream stream, Guid clientGuid, CancellationToken cancellationToken) {
+			return Task.CompletedTask;
 		}
 	}
 }

Utils/Phantom.Utils.Rpc/Runtime/Server/IRpcServerClientRegistrar.cs

@@ -2,6 +2,6 @@
 
 namespace Phantom.Utils.Rpc.Runtime.Server;
 
-public interface IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage, THandshakeResult> {
-	IMessageReceiver<TClientToServerMessage> Register(RpcServerToClientConnection<TClientToServerMessage, TServerToClientMessage> connection, THandshakeResult handshakeResult);
+public interface IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage> {
+	IMessageReceiver<TClientToServerMessage> Register(RpcServerToClientConnection<TClientToServerMessage, TServerToClientMessage> connection);
 }

Utils/Phantom.Utils.Rpc/Runtime/Server/RpcServer.cs

@@ -3,24 +3,43 @@ using System.Net.Security;
 using System.Net.Sockets;
 using System.Security.Cryptography.X509Certificates;
 using Phantom.Utils.Logging;
-using Phantom.Utils.Monads;
+using Phantom.Utils.Rpc.Handshake;
 using Phantom.Utils.Rpc.Message;
 using Phantom.Utils.Rpc.Runtime.Tls;
 using Serilog;
 
 namespace Phantom.Utils.Rpc.Runtime.Server;
 
-public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage, THandshakeResult>(
-	string loggerName,
-	RpcServerConnectionParameters connectionParameters,
-	IMessageDefinitions<TClientToServerMessage, TServerToClientMessage> messageDefinitions,
-	IRpcServerClientHandshake<THandshakeResult> clientHandshake,
-	IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage, THandshakeResult> clientRegistrar
-) {
-	private readonly ILogger logger = PhantomLogger.Create<RpcServer<TClientToServerMessage, TServerToClientMessage, THandshakeResult>>(loggerName);
-	private readonly RpcServerClientSessions<TServerToClientMessage> clientSessions = new (loggerName, connectionParameters, messageDefinitions.ToClient);
+public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage> {
+	private readonly string loggerName;
+	private readonly ILogger logger;
+	private readonly RpcServerConnectionParameters connectionParameters;
+	private readonly MessageRegistries<TClientToServerMessage, TServerToClientMessage>.WithMapping messageRegistries;
+	private readonly IRpcServerClientAuthProvider clientAuthProvider;
+	private readonly IRpcServerClientHandshake clientHandshake;
+	private readonly IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage> clientRegistrar;
+	
+	private readonly RpcServerClientSessions<TServerToClientMessage> clientSessions;
 	private readonly List<Client> clients = [];
 	
+	public RpcServer(
+		string loggerName,
+		RpcServerConnectionParameters connectionParameters,
+		MessageRegistries<TClientToServerMessage, TServerToClientMessage> messageRegistries,
+		IRpcServerClientAuthProvider clientAuthProvider,
+		IRpcServerClientHandshake clientHandshake,
+		IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage> clientRegistrar
+	) {
+		this.loggerName = loggerName;
+		this.logger = PhantomLogger.Create<RpcServer<TClientToServerMessage, TServerToClientMessage>>(loggerName);
+		this.connectionParameters = connectionParameters;
+		this.messageRegistries = messageRegistries.CreateMapping();
+		this.clientAuthProvider = clientAuthProvider;
+		this.clientHandshake = clientHandshake;
+		this.clientRegistrar = clientRegistrar;
+		this.clientSessions = new RpcServerClientSessions<TServerToClientMessage>(loggerName, connectionParameters, this.messageRegistries.ToClient.Mapping);
+	}
+	
 	public async Task<bool> Run(CancellationToken shutdownToken) {
 		EndPoint endPoint = connectionParameters.EndPoint;
 		
@@ -36,7 +55,8 @@ public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage, TH
 		
 		var serverData = new SharedData(
 			connectionParameters,
-			messageDefinitions.ToServer,
+			messageRegistries,
+			clientAuthProvider,
 			clientHandshake,
 			clientRegistrar,
 			clientSessions
@@ -94,9 +114,10 @@ public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage, TH
 	
 	private readonly record struct SharedData(
 		RpcServerConnectionParameters ConnectionParameters,
-		MessageRegistry<TClientToServerMessage> MessageRegistry,
-		IRpcServerClientHandshake<THandshakeResult> ClientHandshake,
-		IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage, THandshakeResult> ClientRegistrar,
+		MessageRegistries<TClientToServerMessage, TServerToClientMessage>.WithMapping MessageDefinitions,
+		IRpcServerClientAuthProvider ClientAuthProvider,
+		IRpcServerClientHandshake ClientHandshake,
+		IRpcServerClientRegistrar<TClientToServerMessage, TServerToClientMessage> ClientRegistrar,
 		RpcServerClientSessions<TServerToClientMessage> ClientSessions
 	);
 	
@@ -128,7 +149,7 @@ public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage, TH
 			SslServerAuthenticationOptions sslOptions,
 			CancellationToken shutdownToken
 		) {
-			this.logger = PhantomLogger.Create<RpcServer<TClientToServerMessage, TServerToClientMessage, THandshakeResult>, Client>(PhantomLogger.ConcatNames(serverLoggerName, GetAddressDescriptor(socket)));
+			this.logger = PhantomLogger.Create<RpcServer<TClientToServerMessage, TServerToClientMessage>, Client>(PhantomLogger.ConcatNames(serverLoggerName, GetAddressDescriptor(socket)));
 			this.sharedData = sharedData;
 			this.socket = socket;
 			this.sslOptions = sslOptions;
@@ -213,26 +234,36 @@ public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage, TH
 			}
 			
 			try {
-				var suppliedAuthToken = await stream.ReadAuthToken(cancellationToken);
-				if (!sharedData.ConnectionParameters.AuthToken.FixedTimeEquals(suppliedAuthToken)) {
-					logger.Warning("Rejected client, invalid authorization token.");
-					await stream.WriteByte(value: 0, cancellationToken);
-					await stream.Flush(cancellationToken);
+				var clientAuthToken = await stream.ReadAuthToken(cancellationToken);
+				
+				RpcAuthResult authResult = await CheckAuthorization(clientAuthToken);
+				await stream.WriteByte(value: (byte) authResult, cancellationToken);
+				await stream.Flush(cancellationToken);
+				
+				if (authResult != RpcAuthResult.Success) {
 					return null;
 				}
-				else {
-					await stream.WriteByte(value: 1, cancellationToken);
-					await stream.Flush(cancellationToken);
+				
+				var clientGuid = clientAuthToken.Guid;
+				var sessionGuid = await stream.ReadGuid(cancellationToken);
+				var session = await sharedData.ClientSessions.GetOrCreateSession(clientGuid, sessionGuid);
+				
+				RpcSessionRegistrationResult sessionRegistrationResult = session == null ? RpcSessionRegistrationResult.AlreadyClosed : RpcSessionRegistrationResult.Success;
+				await stream.WriteByte(value: (byte) sessionRegistrationResult, cancellationToken);
+				await stream.Flush(cancellationToken);
+				
+				if (session == null) {
+					return null;
 				}
 				
 				await stream.WriteUnsignedShort(sharedData.ConnectionParameters.PingIntervalSeconds, cancellationToken);
+				await sharedData.MessageDefinitions.ToClient.Write(stream, cancellationToken);
+				await sharedData.MessageDefinitions.ToServer.Write(stream, cancellationToken);
 				await stream.Flush(cancellationToken);
 				
-				var sessionId = await stream.ReadGuid(cancellationToken);
-				var session = sharedData.ClientSessions.GetOrCreateSession(sessionId);
-				
-				EstablishedConnection? establishedConnection = await FinalizeHandshake(stream, session, cancellationToken);
 				RpcFinalHandshakeResult finalHandshakeResult;
+				
+				var establishedConnection = await FinalizeHandshake(stream, clientGuid, session, cancellationToken);
 				if (establishedConnection == null) {
 					finalHandshakeResult = RpcFinalHandshakeResult.Error;
 				}
@@ -256,28 +287,42 @@ public sealed class RpcServer<TClientToServerMessage, TServerToClientMessage, TH
 			}
 		}
 		
-		private async Task<EstablishedConnection?> FinalizeHandshake(RpcStream stream, RpcServerClientSession<TServerToClientMessage> session, CancellationToken cancellationToken) {
-			logger.Information("Client connected with session {SessionId}, new logger name: {LoggerName}", session.SessionId, session.LoggerName);
-			logger = PhantomLogger.Create<RpcServer<TClientToServerMessage, TServerToClientMessage, THandshakeResult>, Client>(session.LoggerName);
+		private async Task<RpcAuthResult> CheckAuthorization(AuthToken clientAuthToken) {
+			var clientGuid = clientAuthToken.Guid;
 			
-			switch (await sharedData.ClientHandshake.Perform(session.IsNew, stream, cancellationToken)) {
-				case Left<THandshakeResult, Exception>(var handshakeResult):
-					try {
-						var connection = new RpcServerToClientConnection<TClientToServerMessage, TServerToClientMessage>(sharedData.ConnectionParameters, sharedData.MessageRegistry, session, stream);
-						var messageReceiver = sharedData.ClientRegistrar.Register(connection, handshakeResult);
-						
-						return new EstablishedConnection(session, connection, messageReceiver);
-					} catch (Exception e) {
-						logger.Error(e, "Could not register client.");
-						return null;
-					}
+			var expectedAuthSecret = await sharedData.ClientAuthProvider.GetAuthSecret(clientGuid);
+			if (expectedAuthSecret == null) {
+				logger.Warning("Rejected client, unknown client: {ClientGuid}", clientGuid);
+				return RpcAuthResult.UnknownClient;
+			}
+			else if (!expectedAuthSecret.FixedTimeEquals(clientAuthToken.Secret)) {
+				logger.Warning("Rejected client, invalid authorization secret.");
+				return RpcAuthResult.InvalidSecret;
+			}
+			else {
+				return RpcAuthResult.Success;
+			}
+		}
+		
+		private async Task<EstablishedConnection?> FinalizeHandshake(RpcStream stream, Guid clientGuid, RpcServerClientSession<TServerToClientMessage> session, CancellationToken cancellationToken) {
+			logger.Information("Client {ClientGuid} connected with session {SessionGuid}, new logger name: {LoggerName}", clientGuid, session.SessionGuid, session.LoggerName);
+			logger = PhantomLogger.Create<RpcServer<TClientToServerMessage, TServerToClientMessage>, Client>(session.LoggerName);
+			
+			try {
+				await sharedData.ClientHandshake.Perform(session.IsNew, stream, clientGuid, cancellationToken);
+			} catch (Exception e) {
+				logger.Error(e, "Could not finish application handshake.");
+				return null;
+			}
+			
+			try {
+				var connection = new RpcServerToClientConnection<TClientToServerMessage, TServerToClientMessage>(sharedData.ConnectionParameters, sharedData.MessageDefinitions.ToServer.Mapping, session, stream);
+				var messageReceiver = sharedData.ClientRegistrar.Register(connection);
 				
-				case Right<THandshakeResult, Exception>(var exception):
-					logger.Error(exception, "Could not finish application handshake.");
-					return null;
-				
-				default:
-					return null;
+				return new EstablishedConnection(session, connection, messageReceiver);
+			} catch (Exception e) {
+				logger.Error(e, "Could not register client.");
+				return null;
 			}
 		}