diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml
index a4a65db4..324a8587 100644
--- a/.github/workflows/docker-image.yml
+++ b/.github/workflows/docker-image.yml
@@ -51,8 +51,9 @@ jobs:
         uses: actions/cache@v3
         with:
           path: /tmp/.buildx-cache
-          key: ${{ runner.os }}-buildx-${{ github.sha }}
+          key: ${{ runner.os }}-buildx-${{ github.ref_name }}-${{ hashFiles('docker/Dockerfile') }}
           restore-keys: |
+            ${{ runner.os }}-buildx-${{ github.ref_name }}-
             ${{ runner.os }}-buildx-
 
       - name: Login to Docker Registry
@@ -65,10 +66,14 @@ jobs:
       - name: Determine Docker image tag
         run: |
           echo "REPO_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
-          if [ "${{ github.event.inputs.tag_name }}" == "" ]; then
-            IMAGE_TAG="${{ github.ref_name }}-development-latest"
-          else
+          if [ "${{ github.event.inputs.tag_name }}" != "" ]; then
             IMAGE_TAG="${{ github.event.inputs.tag_name }}"
+          elif [ "${{ github.ref }}" == "refs/heads/main" ]; then
+            IMAGE_TAG="latest"
+          elif [ "${{ github.ref }}" == "refs/heads/development" ]; then
+            IMAGE_TAG="development-latest"
+          else
+            IMAGE_TAG="${{ github.ref_name }}-development-latest"
           fi
           echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV
 
@@ -95,12 +100,6 @@ jobs:
           rm -rf /tmp/.buildx-cache
           mv /tmp/.buildx-cache-new /tmp/.buildx-cache
 
-      - name: Notify via ntfy
-        if: success()
-        run: |
-          curl -d "Docker image build and push completed successfully for tag: ${{ env.IMAGE_TAG }}" \
-          https://ntfy.karmaa.site/termix-build
-
       - name: Delete all untagged image versions
         if: success()
         uses: quartx-analytics/ghcr-cleaner@v1
diff --git a/docker/Dockerfile b/docker/Dockerfile
index 70a55def..785bebc2 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -19,7 +19,17 @@ COPY . .
 # Build frontend
 RUN npm run build
 
-# Stage 3: Production dependencies
+# Stage 3: Build backend TypeScript
+FROM deps AS backend-builder
+WORKDIR /app
+
+# Copy source files
+COPY . .
+
+# Build backend TypeScript to JavaScript
+RUN npm run build:backend
+
+# Stage 4: Production dependencies
 FROM node:18-alpine AS production-deps
 WORKDIR /app
 
@@ -30,7 +40,7 @@ COPY package*.json ./
 RUN npm ci --only=production --ignore-scripts --force && \
     npm cache clean --force
 
-# Stage 4: Build native modules
+# Stage 5: Build native modules
 FROM node:18-alpine AS native-builder
 WORKDIR /app
 
@@ -41,13 +51,14 @@ RUN apk add --no-cache python3 make g++
 COPY package*.json ./
 
 # Install only the native modules we need
-RUN npm ci --only=production bcrypt better-sqlite3 --force && \
+RUN npm ci --only=production bcryptjs better-sqlite3 --force && \
     npm cache clean --force
 
-# Stage 5: Final image
+# Stage 6: Final image
 FROM node:18-alpine
 ENV DATA_DIR=/app/data \
-    PORT=8080
+    PORT=8080 \
+    NODE_ENV=production
 
 # Install dependencies in a single layer
 RUN apk add --no-cache nginx gettext su-exec && \
@@ -61,20 +72,24 @@ RUN chown -R nginx:nginx /usr/share/nginx/html
 
 # Setup backend
 WORKDIR /app
-COPY package*.json ./
 
 # Copy production dependencies and native modules
 COPY --from=production-deps /app/node_modules /app/node_modules
-COPY --from=native-builder /app/node_modules/bcrypt /app/node_modules/bcrypt
+COPY --from=native-builder /app/node_modules/bcryptjs /app/node_modules/bcryptjs
 COPY --from=native-builder /app/node_modules/better-sqlite3 /app/node_modules/better-sqlite3
 
-# Copy backend source
-COPY src/backend/ ./src/backend/
+# Copy compiled backend JavaScript
+COPY --from=backend-builder /app/dist/backend ./dist/backend
+
+# Copy package.json for scripts
+COPY package.json ./
+
 RUN chown -R node:node /app
 
 VOLUME ["/app/data"]
+
 # Expose ports
-EXPOSE ${PORT} 8081 8082 8083 8084 8085
+EXPOSE ${PORT} 8081 8082 8083 8084
 
 COPY docker/entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
index 403ac71c..5512ac4e 100644
--- a/docker/docker-compose.yml
+++ b/docker/docker-compose.yml
@@ -1,7 +1,7 @@
 services:
   termix:
     #image: ghcr.io/lukegus/termix:latest
-    image: ghcr.io/lukegus/termix:dev-0.3-development-latest
+    image: ghcr.io/lukegus/termix:dev-1.0-development-latest
     container_name: termix
     restart: unless-stopped
     ports:
diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index fad376b7..8fc5adfe 100644
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -4,9 +4,11 @@ set -e
 export PORT=${PORT:-8080}
 echo "Configuring web UI to run on port: $PORT"
 
+# Configure nginx with the correct port
 envsubst '${PORT}' < /etc/nginx/nginx.conf > /etc/nginx/nginx.conf.tmp
 mv /etc/nginx/nginx.conf.tmp /etc/nginx/nginx.conf
 
+# Setup data directory
 mkdir -p /app/data
 chown -R node:node /app/data
 chmod 755 /app/data
@@ -19,12 +21,14 @@ echo "Starting backend services..."
 cd /app
 export NODE_ENV=production
 
+# Start the compiled TypeScript backend
 if command -v su-exec > /dev/null 2>&1; then
-  su-exec node node src/backend/starter.cjs
+  su-exec node node dist/backend/starter.js
 else
-  su -s /bin/sh node -c "node src/backend/starter.cjs"
+  su -s /bin/sh node -c "node dist/backend/starter.js"
 fi
 
 echo "All services started"
 
+# Keep container running
 tail -f /dev/null
\ No newline at end of file
diff --git a/docker/nginx.conf b/docker/nginx.conf
index f40f55ae..82f9570f 100644
--- a/docker/nginx.conf
+++ b/docker/nginx.conf
@@ -18,6 +18,15 @@ http {
             index index.html index.htm;
         }
 
+        location /ssh/db/ {
+            proxy_pass http://127.0.0.1:8081;
+            proxy_http_version 1.1;
+            proxy_set_header Host $host;
+            proxy_set_header X-Real-IP $remote_addr;
+            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+            proxy_set_header X-Forwarded-Proto $scheme;
+        }
+
         location /ssh/websocket {
             proxy_pass http://127.0.0.1:8082;
             proxy_http_version 1.1;
@@ -31,27 +40,19 @@ http {
             proxy_set_header X-Forwarded-Proto $scheme;
         }
 
-        location /ssh_tunnel/websocket {
+        location /ssh/tunnel/ {
             proxy_pass http://127.0.0.1:8083;
             proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "Upgrade";
             proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
-
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
         }
 
-        location /config_editor/websocket {
+        location /ssh/config_editor/ {
             proxy_pass http://127.0.0.1:8084;
             proxy_http_version 1.1;
-            proxy_set_header Upgrade $http_upgrade;
-            proxy_set_header Connection "Upgrade";
             proxy_set_header Host $host;
-            proxy_cache_bypass $http_upgrade;
-
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto $scheme;
diff --git a/src/apps/SSH/Tunnel/SSHTunnelObject.tsx b/src/apps/SSH/Tunnel/SSHTunnelObject.tsx
index 6b0c9140..96c14a26 100644
--- a/src/apps/SSH/Tunnel/SSHTunnelObject.tsx
+++ b/src/apps/SSH/Tunnel/SSHTunnelObject.tsx
@@ -59,7 +59,7 @@ interface SSHTunnelObjectProps {
     host: SSHHost;
     tunnelStatuses: Record<string, TunnelStatus>;
     tunnelActions: Record<string, boolean>;
-    onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<void>;
+    onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<any>;
 }
 
 export function SSHTunnelObject({ 
@@ -68,6 +68,7 @@ export function SSHTunnelObject({
     tunnelActions,
     onTunnelAction
 }: SSHTunnelObjectProps): React.ReactElement {
+
     const getTunnelStatus = (tunnelIndex: number): TunnelStatus | undefined => {
         const tunnel = host.tunnelConnections[tunnelIndex];
         const tunnelName = `${host.name || `${host.username}@${host.ip}`}_${tunnel.sourcePort}_${tunnel.endpointPort}`;
@@ -220,32 +221,34 @@ export function SSHTunnelObject({
                                                     </div>
                                                 </div>
                                             </div>
-                                            <div className="flex items-center gap-2 flex-shrink-0">
+                                            <div className="flex items-center gap-1 flex-shrink-0">
                                                 {tunnel.autoStart && (
                                                     <Badge variant="outline" className="text-xs px-2 py-1">
                                                         <Zap className="h-3 w-3 mr-1" />
                                                         Auto
                                                     </Badge>
                                                 )}
-                                                {/* Action Button */}
+                                                {/* Action Buttons */}
                                                 {!isActionLoading && (
-                                                    <>
+                                                    <div className="flex flex-col gap-1">
                                                         {isConnected ? (
-                                                            <Button
-                                                                size="sm"
-                                                                variant="outline"
-                                                                onClick={() => onTunnelAction('disconnect', host, tunnelIndex)}
-                                                                className="h-8 px-3 text-red-600 dark:text-red-400 border-red-500/30 dark:border-red-400/30 hover:bg-red-500/10 dark:hover:bg-red-400/10 hover:border-red-500/50 dark:hover:border-red-400/50"
-                                                            >
-                                                                <Square className="h-3 w-3 mr-1" />
-                                                                Disconnect
-                                                            </Button>
+                                                            <>
+                                                                <Button
+                                                                    size="sm"
+                                                                    variant="outline"
+                                                                    onClick={() => onTunnelAction('disconnect', host, tunnelIndex)}
+                                                                    className="h-7 px-2 text-red-600 dark:text-red-400 border-red-500/30 dark:border-red-400/30 hover:bg-red-500/10 dark:hover:bg-red-400/10 hover:border-red-500/50 dark:hover:border-red-400/50 text-xs"
+                                                                >
+                                                                    <Square className="h-3 w-3 mr-1" />
+                                                                    Disconnect
+                                                                </Button>
+                                                            </>
                                                         ) : isRetrying || isWaiting ? (
                                                             <Button
                                                                 size="sm"
                                                                 variant="outline"
                                                                 onClick={() => onTunnelAction('cancel', host, tunnelIndex)}
-                                                                className="h-8 px-3 text-orange-600 dark:text-orange-400 border-orange-500/30 dark:border-orange-400/30 hover:bg-orange-500/10 dark:hover:bg-orange-400/10 hover:border-orange-500/50 dark:hover:border-orange-400/50"
+                                                                className="h-7 px-2 text-orange-600 dark:text-orange-400 border-orange-500/30 dark:border-orange-400/30 hover:bg-orange-500/10 dark:hover:bg-orange-400/10 hover:border-orange-500/50 dark:hover:border-orange-400/50 text-xs"
                                                             >
                                                                 <X className="h-3 w-3 mr-1" />
                                                                 Cancel
@@ -256,20 +259,20 @@ export function SSHTunnelObject({
                                                                 variant="outline"
                                                                 onClick={() => onTunnelAction('connect', host, tunnelIndex)}
                                                                 disabled={isConnecting || isDisconnecting}
-                                                                className="h-8 px-3 text-green-600 dark:text-green-400 border-green-500/30 dark:border-green-400/30 hover:bg-green-500/10 dark:hover:bg-green-400/10 hover:border-green-500/50 dark:hover:border-green-400/50"
+                                                                className="h-7 px-2 text-green-600 dark:text-green-400 border-green-500/30 dark:border-green-400/30 hover:bg-green-500/10 dark:hover:bg-green-400/10 hover:border-green-500/50 dark:hover:border-green-400/50 text-xs"
                                                             >
                                                                 <Play className="h-3 w-3 mr-1" />
                                                                 Connect
                                                             </Button>
                                                         )}
-                                                    </>
+                                                    </div>
                                                 )}
                                                 {isActionLoading && (
                                                     <Button
                                                         size="sm"
                                                         variant="outline"
                                                         disabled
-                                                        className="h-8 px-3 text-muted-foreground border-border"
+                                                        className="h-7 px-2 text-muted-foreground border-border text-xs"
                                                     >
                                                         <Loader2 className="h-3 w-3 mr-1 animate-spin" />
                                                         {isConnected ? 'Disconnecting...' : isRetrying || isWaiting ? 'Canceling...' : 'Connecting...'}
diff --git a/src/apps/SSH/Tunnel/SSHTunnelViewer.tsx b/src/apps/SSH/Tunnel/SSHTunnelViewer.tsx
index e1d5ed55..b7fa8ebe 100644
--- a/src/apps/SSH/Tunnel/SSHTunnelViewer.tsx
+++ b/src/apps/SSH/Tunnel/SSHTunnelViewer.tsx
@@ -47,7 +47,7 @@ interface SSHTunnelViewerProps {
     hosts: SSHHost[];
     tunnelStatuses: Record<string, TunnelStatus>;
     tunnelActions: Record<string, boolean>;
-    onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<void>;
+    onTunnelAction: (action: 'connect' | 'disconnect' | 'cancel', host: SSHHost, tunnelIndex: number) => Promise<any>;
 }
 
 export function SSHTunnelViewer({ 
diff --git a/src/apps/SSH/ssh-axios.ts b/src/apps/SSH/ssh-axios.ts
index 31178126..b522c7f3 100644
--- a/src/apps/SSH/ssh-axios.ts
+++ b/src/apps/SSH/ssh-axios.ts
@@ -83,50 +83,59 @@ interface TunnelStatus {
 
 // Determine the base URL based on environment
 const isLocalhost = window.location.hostname === 'localhost' || window.location.hostname === '127.0.0.1';
-const baseURL = isLocalhost ? 'http://localhost:8081' : window.location.origin;
 
-// Create axios instance with base configuration
-const api = axios.create({
-    baseURL,
+// Create separate axios instances for different services
+const sshHostApi = axios.create({
+    baseURL: isLocalhost ? 'http://localhost:8081' : window.location.origin,
     headers: {
         'Content-Type': 'application/json',
     },
 });
 
-// Create tunnel API instance
 const tunnelApi = axios.create({
+    baseURL: isLocalhost ? 'http://localhost:8083' : window.location.origin,
     headers: {
         'Content-Type': 'application/json',
     },
 });
 
+const configEditorApi = axios.create({
+    baseURL: isLocalhost ? 'http://localhost:8084' : window.location.origin,
+    headers: {
+        'Content-Type': 'application/json',
+    }
+})
+
 function getCookie(name: string): string | undefined {
     const value = `; ${document.cookie}`;
     const parts = value.split(`; ${name}=`);
     if (parts.length === 2) return parts.pop()?.split(';').shift();
 }
 
-// Add request interceptor to include JWT token
-api.interceptors.request.use((config) => {
-    const token = getCookie('jwt'); // Adjust based on your token storage
+// Add request interceptor to include JWT token for SSH Host API
+sshHostApi.interceptors.request.use((config) => {
+    const token = getCookie('jwt');
     if (token) {
         config.headers.Authorization = `Bearer ${token}`;
     }
     return config;
 });
 
+// Add request interceptor to include JWT token for Tunnel API
 tunnelApi.interceptors.request.use((config) => {
-    const token = getCookie('jwt'); // Adjust based on your token storage
+    const token = getCookie('jwt');
     if (token) {
         config.headers.Authorization = `Bearer ${token}`;
     }
     return config;
 });
 
+// Host-related functions (use port 8081 for localhost)
+
 // Get all SSH hosts
 export async function getSSHHosts(): Promise<SSHHost[]> {
     try {
-        const response = await api.get('/ssh/host');
+        const response = await sshHostApi.get('/ssh/db/host');
         return response.data;
     } catch (error) {
         console.error('Error fetching SSH hosts:', error);
@@ -181,7 +190,7 @@ export async function createSSHHost(hostData: SSHHostData): Promise<SSHHost> {
             formData.append('data', JSON.stringify(dataWithoutFile));
 
             // Submit with FormData
-            const response = await api.post('/ssh/host', formData, {
+            const response = await sshHostApi.post('/ssh/db/host', formData, {
                 headers: {
                     'Content-Type': 'multipart/form-data',
                 },
@@ -190,7 +199,7 @@ export async function createSSHHost(hostData: SSHHostData): Promise<SSHHost> {
             return response.data;
         } else {
             // Submit with JSON
-            const response = await api.post('/ssh/host', submitData);
+            const response = await sshHostApi.post('/ssh/db/host', submitData);
             return response.data;
         }
     } catch (error) {
@@ -239,7 +248,7 @@ export async function updateSSHHost(hostId: number, hostData: SSHHostData): Prom
             delete dataWithoutFile.key;
             formData.append('data', JSON.stringify(dataWithoutFile));
 
-            const response = await api.put(`/ssh/host/${hostId}`, formData, {
+            const response = await sshHostApi.put(`/ssh/db/host/${hostId}`, formData, {
                 headers: {
                     'Content-Type': 'multipart/form-data',
                 },
@@ -247,7 +256,7 @@ export async function updateSSHHost(hostId: number, hostData: SSHHostData): Prom
 
             return response.data;
         } else {
-            const response = await api.put(`/ssh/host/${hostId}`, submitData);
+            const response = await sshHostApi.put(`/ssh/db/host/${hostId}`, submitData);
             return response.data;
         }
     } catch (error) {
@@ -259,7 +268,7 @@ export async function updateSSHHost(hostId: number, hostData: SSHHostData): Prom
 // Delete SSH host
 export async function deleteSSHHost(hostId: number): Promise<any> {
     try {
-        const response = await api.delete(`/ssh/host/${hostId}`);
+        const response = await sshHostApi.delete(`/ssh/db/host/${hostId}`);
         return response.data;
     } catch (error) {
         console.error('Error deleting SSH host:', error);
@@ -270,7 +279,7 @@ export async function deleteSSHHost(hostId: number): Promise<any> {
 // Get SSH host by ID
 export async function getSSHHostById(hostId: number): Promise<SSHHost> {
     try {
-        const response = await api.get(`/ssh/host/${hostId}`);
+        const response = await sshHostApi.get(`/ssh/db/host/${hostId}`);
         return response.data;
     } catch (error) {
         console.error('Error fetching SSH host:', error);
@@ -278,14 +287,12 @@ export async function getSSHHostById(hostId: number): Promise<SSHHost> {
     }
 }
 
-// Tunnel-related functions
+// Tunnel-related functions (use port 8083 for localhost)
 
 // Get all tunnel statuses (per-tunnel)
 export async function getTunnelStatuses(): Promise<Record<string, TunnelStatus>> {
     try {
-        // Determine the tunnel API URL based on environment
-        const tunnelUrl = isLocalhost ? 'http://localhost:8083/status' : `${baseURL}/ssh_tunnel/status`;
-        const response = await tunnelApi.get(tunnelUrl);
+        const response = await tunnelApi.get('/ssh/tunnel/status');
         return response.data || {};
     } catch (error) {
         console.error('Error fetching tunnel statuses:', error);
@@ -302,9 +309,7 @@ export async function getTunnelStatusByName(tunnelName: string): Promise<TunnelS
 // Connect tunnel (per-tunnel)
 export async function connectTunnel(tunnelConfig: TunnelConfig): Promise<any> {
     try {
-        // Determine the tunnel API URL based on environment
-        const tunnelUrl = isLocalhost ? 'http://localhost:8083/connect' : `${baseURL}/ssh_tunnel/connect`;
-        const response = await tunnelApi.post(tunnelUrl, tunnelConfig);
+        const response = await tunnelApi.post('/ssh/tunnel/connect', tunnelConfig);
         return response.data;
     } catch (error) {
         console.error('Error connecting tunnel:', error);
@@ -315,9 +320,7 @@ export async function connectTunnel(tunnelConfig: TunnelConfig): Promise<any> {
 // Disconnect tunnel (per-tunnel)
 export async function disconnectTunnel(tunnelName: string): Promise<any> {
     try {
-        // Determine the tunnel API URL based on environment
-        const tunnelUrl = isLocalhost ? 'http://localhost:8083/disconnect' : `${baseURL}/ssh_tunnel/disconnect`;
-        const response = await tunnelApi.post(tunnelUrl, { tunnelName });
+        const response = await tunnelApi.post('/ssh/tunnel/disconnect', { tunnelName });
         return response.data;
     } catch (error) {
         console.error('Error disconnecting tunnel:', error);
@@ -327,9 +330,7 @@ export async function disconnectTunnel(tunnelName: string): Promise<any> {
 
 export async function cancelTunnel(tunnelName: string): Promise<any> {
     try {
-        // Determine the tunnel API URL based on environment
-        const tunnelUrl = isLocalhost ? 'http://localhost:8083/cancel' : `${baseURL}/ssh_tunnel/cancel`;
-        const response = await tunnelApi.post(tunnelUrl, { tunnelName });
+        const response = await tunnelApi.post('/ssh/tunnel/cancel', { tunnelName });
         return response.data;
     } catch (error) {
         console.error('Error canceling tunnel:', error);
@@ -337,4 +338,6 @@ export async function cancelTunnel(tunnelName: string): Promise<any> {
     }
 }
 
-export { api };
\ No newline at end of file
+// Config-related functions (use port 8084 for localhost)
+
+export { sshHostApi, tunnelApi, configEditorApi };
\ No newline at end of file
diff --git a/src/backend/config_editor/config_editor.ts b/src/backend/config_editor/config_editor.ts
index 8d04dce2..f6e4d6e0 100644
--- a/src/backend/config_editor/config_editor.ts
+++ b/src/backend/config_editor/config_editor.ts
@@ -6,11 +6,9 @@ import { Client as SSHClient } from 'ssh2';
 import chalk from "chalk";
 
 const app = express();
-const PORT = 8084;
 
 app.use(cors({
-    origin: 'http://localhost:5173',
-    credentials: true,
+    origin: '*',
     methods: ['GET', 'POST', 'PUT', 'DELETE', 'OPTIONS'],
     allowedHeaders: ['Content-Type', 'Authorization']
 }));
@@ -287,4 +285,5 @@ process.on('SIGTERM', () => {
     process.exit(0);
 });
 
+const PORT = 8084;
 app.listen(PORT, () => {});
\ No newline at end of file
diff --git a/src/backend/database/db/index.ts b/src/backend/database/db/index.ts
index 7328beba..9f739349 100644
--- a/src/backend/database/db/index.ts
+++ b/src/backend/database/db/index.ts
@@ -31,12 +31,14 @@ const logger = {
     }
 };
 
-const dbDir = path.resolve('./db/data');
+const dataDir = process.env.DATA_DIR || './db/data';
+const dbDir = path.resolve(dataDir);
 if (!fs.existsSync(dbDir)) {
     fs.mkdirSync(dbDir, { recursive: true });
 }
 
-const sqlite = new Database('./db/data/db.sqlite');
+const dbPath = path.join(dataDir, 'db.sqlite');
+const sqlite = new Database(dbPath);
 
 // Create tables using Drizzle schema
 sqlite.exec(`
diff --git a/src/backend/database/routes/ssh.ts b/src/backend/database/routes/ssh.ts
index a44a9643..bfee9e31 100644
--- a/src/backend/database/routes/ssh.ts
+++ b/src/backend/database/routes/ssh.ts
@@ -90,7 +90,7 @@ function isLocalhost(req: Request) {
 }
 
 // Internal-only endpoint for autostart (no JWT)
-router.get('/host/internal', async (req: Request, res: Response) => {
+router.get('/db/host/internal', async (req: Request, res: Response) => {
     if (!isLocalhost(req) && req.headers['x-internal-request'] !== '1') {
         logger.warn('Unauthorized attempt to access internal SSH host endpoint');
         return res.status(403).json({ error: 'Forbidden' });
@@ -116,7 +116,7 @@ router.get('/host/internal', async (req: Request, res: Response) => {
 
 // Route: Create SSH data (requires JWT)
 // POST /ssh/host
-router.post('/host', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
+router.post('/db/host', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
     let hostData: any;
     
     // Check if this is a multipart form data request (file upload)
@@ -191,7 +191,7 @@ router.post('/host', authenticateJWT, upload.single('key'), async (req: Request,
 
 // Route: Update SSH data (requires JWT)
 // PUT /ssh/host/:id
-router.put('/host/:id', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
+router.put('/db/host/:id', authenticateJWT, upload.single('key'), async (req: Request, res: Response) => {
     let hostData: any;
     
     // Check if this is a multipart form data request (file upload)
@@ -268,7 +268,7 @@ router.put('/host/:id', authenticateJWT, upload.single('key'), async (req: Reque
 
 // Route: Get SSH data for the authenticated user (requires JWT)
 // GET /ssh/host
-router.get('/host', authenticateJWT, async (req: Request, res: Response) => {
+router.get('/db/host', authenticateJWT, async (req: Request, res: Response) => {
     const userId = (req as any).userId;
     if (!isNonEmptyString(userId)) {
         logger.warn('Invalid userId for SSH data fetch');
@@ -298,7 +298,7 @@ router.get('/host', authenticateJWT, async (req: Request, res: Response) => {
 
 // Route: Get SSH host by ID (requires JWT)
 // GET /ssh/host/:id
-router.get('/host/:id', authenticateJWT, async (req: Request, res: Response) => {
+router.get('/db/host/:id', authenticateJWT, async (req: Request, res: Response) => {
     const { id } = req.params;
     const userId = (req as any).userId;
     
@@ -337,7 +337,7 @@ router.get('/host/:id', authenticateJWT, async (req: Request, res: Response) =>
 
 // Route: Get all unique folders for the authenticated user (requires JWT)
 // GET /ssh/folders
-router.get('/folders', authenticateJWT, async (req: Request, res: Response) => {
+router.get('/db/folders', authenticateJWT, async (req: Request, res: Response) => {
     const userId = (req as any).userId;
     if (!isNonEmptyString(userId)) {
         logger.warn('Invalid userId for SSH folder fetch');
@@ -367,7 +367,7 @@ router.get('/folders', authenticateJWT, async (req: Request, res: Response) => {
 
 // Route: Delete SSH host by id (requires JWT)
 // DELETE /ssh/host/:id
-router.delete('/host/:id', authenticateJWT, async (req: Request, res: Response) => {
+router.delete('/db/host/:id', authenticateJWT, async (req: Request, res: Response) => {
     const userId = (req as any).userId;
     const { id } = req.params;
     if (!isNonEmptyString(userId) || !id) {
diff --git a/src/backend/ssh_tunnel/ssh_tunnel.ts b/src/backend/ssh_tunnel/ssh_tunnel.ts
index f0039775..31cf1617 100644
--- a/src/backend/ssh_tunnel/ssh_tunnel.ts
+++ b/src/backend/ssh_tunnel/ssh_tunnel.ts
@@ -50,7 +50,7 @@ const verificationTimers = new Map<string, NodeJS.Timeout>(); // timer keys -> t
 const activeRetryTimers = new Map<string, NodeJS.Timeout>(); // tunnelName -> retry timer
 const countdownIntervals = new Map<string, NodeJS.Timeout>(); // tunnelName -> countdown interval
 const retryExhaustedTunnels = new Set<string>(); // tunnelNames
-const remoteClosureEvents = new Map<string, number>(); // tunnelName -> count
+
 const tunnelConfigs = new Map<string, TunnelConfig>(); // tunnelName -> tunnelConfig
 const activeTunnelProcesses = new Map<string, ChildProcess>(); // tunnelName -> ChildProcess
 
@@ -129,7 +129,6 @@ interface TunnelStatus {
     errorType?: ErrorType;
     manualDisconnect?: boolean;
     retryExhausted?: boolean;
-    isRemoteRetry?: boolean;
 }
 
 interface VerificationData {
@@ -299,7 +298,6 @@ function cleanupTunnelResources(tunnelName: string): void {
 function resetRetryState(tunnelName: string): void {
     retryCounters.delete(tunnelName);
     retryExhaustedTunnels.delete(tunnelName);
-    remoteClosureEvents.delete(tunnelName);
 
     if (activeRetryTimers.has(tunnelName)) {
         clearTimeout(activeRetryTimers.get(tunnelName)!);
@@ -320,7 +318,7 @@ function resetRetryState(tunnelName: string): void {
     });
 }
 
-function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null, shouldRetry = true, isRemoteClosure = false): void {
+function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null, shouldRetry = true): void {
     if (tunnelVerifications.has(tunnelName)) {
         try {
             const verification = tunnelVerifications.get(tunnelName);
@@ -344,24 +342,7 @@ function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null,
         return;
     }
 
-    if (isRemoteClosure) {
-        const currentCount = remoteClosureEvents.get(tunnelName) || 0;
-        remoteClosureEvents.set(tunnelName, currentCount + 1);
 
-        broadcastTunnelStatus(tunnelName, {
-            connected: false,
-            status: CONNECTION_STATES.FAILED,
-            reason: "Remote host disconnected"
-        });
-
-        if (currentCount === 0) {
-            retryCounters.delete(tunnelName);
-        }
-    }
-
-    if (isRemoteClosure && retryExhaustedTunnels.has(tunnelName)) {
-        retryExhaustedTunnels.delete(tunnelName);
-    }
 
     if (retryExhaustedTunnels.has(tunnelName)) {
         broadcastTunnelStatus(tunnelName, {
@@ -380,15 +361,6 @@ function handleDisconnect(tunnelName: string, tunnelConfig: TunnelConfig | null,
         const maxRetries = tunnelConfig.maxRetries || 3;
         const retryInterval = tunnelConfig.retryInterval || 5000;
 
-        if (isRemoteClosure) {
-            const currentCount = remoteClosureEvents.get(tunnelName) || 0;
-            remoteClosureEvents.set(tunnelName, currentCount + 1);
-
-            if (currentCount === 0) {
-                retryCounters.delete(tunnelName);
-            }
-        }
-
         let retryCount = (retryCounters.get(tunnelName) || 0) + 1;
 
         if (retryCount > maxRetries) {
@@ -523,51 +495,87 @@ function verifyTunnelConnection(tunnelName: string, tunnelConfig: TunnelConfig,
                 setupPingInterval(tunnelName, tunnelConfig);
             }
         } else {
-            logger.error(`Verification failed for '${tunnelName}': ${failureReason}`);
-
-            if (!manualDisconnects.has(tunnelName)) {
-                broadcastTunnelStatus(tunnelName, {
-                    connected: false,
-                    status: CONNECTION_STATES.FAILED,
-                    reason: failureReason
-                });
+            logger.warn(`Verification failed for '${tunnelName}': ${failureReason}`);
+            
+            // With the new verification approach, we're testing connectivity to the endpoint machine
+            // A failure might just mean the service isn't running on that port, not that the tunnel is broken
+            // Only disconnect if it's a critical error (command failed, connection error, or timeout)
+            if (failureReason.includes('command failed') || failureReason.includes('connection error') || failureReason.includes('timeout')) {
+                if (!manualDisconnects.has(tunnelName)) {
+                    broadcastTunnelStatus(tunnelName, {
+                        connected: false,
+                        status: CONNECTION_STATES.FAILED,
+                        reason: failureReason
+                    });
+                }
+                activeTunnels.delete(tunnelName);
+                handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName));
+            } else {
+                // For connection refused or other non-critical errors, assume the tunnel is working
+                // The service might just not be running on the target port
+                logger.info(`Assuming tunnel '${tunnelName}' is working despite verification warning: ${failureReason}`);
+                cleanupVerification(true); // Treat as successful to prevent disconnect
             }
-
-            activeTunnels.delete(tunnelName);
-            handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName));
         }
     }
 
     function attemptVerification() {
-        const testCmd = `nc -z localhost ${tunnelConfig.sourcePort}`;
+        // Test the actual tunnel by trying to connect to the endpoint port
+        // This verifies that the tunnel is actually working
+        // With -R forwarding, the endpointPort should be listening on the endpoint machine
+        // We need to check if the port is accessible from the source machine to the endpoint machine
+        const testCmd = `timeout 3 bash -c 'nc -z ${tunnelConfig.endpointIP} ${tunnelConfig.endpointPort}'`;
 
         verificationConn.exec(testCmd, (err, stream) => {
             if (err) {
+                logger.error(`Verification command failed for '${tunnelName}': ${err.message}`);
                 cleanupVerification(false, `Verification command failed: ${err.message}`);
                 return;
             }
 
             let output = '';
+            let errorOutput = '';
+            
             stream.on('data', (data: Buffer) => {
                 output += data.toString();
             });
 
+            stream.stderr?.on('data', (data: Buffer) => {
+                errorOutput += data.toString();
+            });
+
             stream.on('close', (code: number) => {
-                if (code === 0 && code !== undefined) {
+                logger.debug(`Verification for '${tunnelName}' completed with code ${code}, output: '${output}', error: '${errorOutput}'`);
+                if (code === 0) {
                     cleanupVerification(true);
                 } else {
-                    cleanupVerification(false, `Port ${tunnelConfig.sourcePort} is not accessible`);
+                    // Check if it's a timeout or connection refused
+                    const isTimeout = errorOutput.includes('timeout') || errorOutput.includes('Connection timed out');
+                    const isConnectionRefused = errorOutput.includes('Connection refused') || errorOutput.includes('No route to host');
+                    
+                    let failureReason = `Cannot connect to ${tunnelConfig.endpointIP}:${tunnelConfig.endpointPort}`;
+                    if (isTimeout) {
+                        failureReason = `Tunnel verification timeout - cannot reach ${tunnelConfig.endpointIP}:${tunnelConfig.endpointPort}`;
+                    } else if (isConnectionRefused) {
+                        failureReason = `Connection refused to ${tunnelConfig.endpointIP}:${tunnelConfig.endpointPort} - tunnel may not be established`;
+                    }
+                    
+                    cleanupVerification(false, failureReason);
                 }
             });
 
             stream.on('error', (err: Error) => {
+                logger.error(`Verification stream error for '${tunnelName}': ${err.message}`);
                 cleanupVerification(false, `Verification stream error: ${err.message}`);
             });
         });
     }
 
     verificationConn.on('ready', () => {
-        attemptVerification();
+        // Add a small delay to allow the tunnel to fully establish
+        setTimeout(() => {
+            attemptVerification();
+        }, 2000);
     });
 
     verificationConn.on('error', (err: Error) => {
@@ -724,19 +732,15 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
     if (retryAttempt === 0) {
         retryExhaustedTunnels.delete(tunnelName);
         retryCounters.delete(tunnelName);
-        remoteClosureEvents.delete(tunnelName);
     }
 
-    const isRetryAfterRemoteClosure = remoteClosureEvents.get(tunnelName) && retryAttempt > 0;
-
     // Only set status to CONNECTING if we're not already in WAITING state
     const currentStatus = connectionStatus.get(tunnelName);
     if (!currentStatus || currentStatus.status !== CONNECTION_STATES.WAITING) {
         broadcastTunnelStatus(tunnelName, {
             connected: false,
             status: CONNECTION_STATES.CONNECTING,
-            retryCount: retryAttempt > 0 ? retryAttempt : undefined,
-            isRemoteRetry: !!isRetryAfterRemoteClosure
+            retryCount: retryAttempt > 0 ? retryAttempt : undefined
         });
     }
 
@@ -780,9 +784,6 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
         }
 
         const errorType = classifyError(err.message);
-        const isRemoteHostClosure = err.message.toLowerCase().includes("closed by remote host") ||
-            err.message.toLowerCase().includes("connection reset by peer") ||
-            err.message.toLowerCase().includes("broken pipe");
 
         if (!manualDisconnects.has(tunnelName)) {
             broadcastTunnelStatus(tunnelName, {
@@ -795,18 +796,12 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
 
         activeTunnels.delete(tunnelName);
 
-        if (isRemoteHostClosure && retryExhaustedTunnels.has(tunnelName)) {
-            retryExhaustedTunnels.delete(tunnelName);
-        }
-
-        const shouldNotRetry = !isRemoteHostClosure && (
-            errorType === ERROR_TYPES.AUTH ||
+        const shouldNotRetry = errorType === ERROR_TYPES.AUTH ||
             errorType === ERROR_TYPES.PORT ||
             errorType === ERROR_TYPES.PERMISSION ||
-            manualDisconnects.has(tunnelName)
-        );
+            manualDisconnects.has(tunnelName);
 
-        handleDisconnect(tunnelName, tunnelConfig, !shouldNotRetry, isRemoteHostClosure);
+        handleDisconnect(tunnelName, tunnelConfig, !shouldNotRetry);
     });
 
     conn.on("close", () => {
@@ -843,9 +838,9 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
         if (tunnelConfig.endpointAuthMethod === "key" && tunnelConfig.endpointSSHKey) {
             // For SSH key authentication, we need to create a temporary key file
             const keyFilePath = `/tmp/tunnel_key_${tunnelName.replace(/[^a-zA-Z0-9]/g, '_')}`;
-            tunnelCmd = `echo '${tunnelConfig.endpointSSHKey}' > ${keyFilePath} && chmod 600 ${keyFilePath} && ssh -i ${keyFilePath} -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -L ${tunnelConfig.sourcePort}:localhost:${tunnelConfig.endpointPort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker} && rm -f ${keyFilePath}`;
+            tunnelCmd = `echo '${tunnelConfig.endpointSSHKey}' > ${keyFilePath} && chmod 600 ${keyFilePath} && ssh -i ${keyFilePath} -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker} && rm -f ${keyFilePath}`;
         } else {
-            tunnelCmd = `sshpass -p '${tunnelConfig.endpointPassword || ''}' ssh -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -L ${tunnelConfig.sourcePort}:localhost:${tunnelConfig.endpointPort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker}`;
+            tunnelCmd = `sshpass -p '${tunnelConfig.endpointPassword || ''}' ssh -N -o StrictHostKeyChecking=no -o ExitOnForwardFailure=yes -o ServerAliveInterval=30 -o ServerAliveCountMax=3 -R ${tunnelConfig.endpointPort}:localhost:${tunnelConfig.sourcePort} ${tunnelConfig.endpointUsername}@${tunnelConfig.endpointIP} ${tunnelMarker}`;
         }
 
         conn.exec(tunnelCmd, (err, stream) => {
@@ -913,11 +908,11 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
                 }
 
                 if (!activeRetryTimers.has(tunnelName) && !retryExhaustedTunnels.has(tunnelName)) {
-                    handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName), isLikelyRemoteClosure);
+                    handleDisconnect(tunnelName, tunnelConfig, !manualDisconnects.has(tunnelName));
                 } else if (retryExhaustedTunnels.has(tunnelName) && isLikelyRemoteClosure) {
                     retryExhaustedTunnels.delete(tunnelName);
                     retryCounters.delete(tunnelName);
-                    handleDisconnect(tunnelName, tunnelConfig, true, true);
+                    handleDisconnect(tunnelName, tunnelConfig, true);
                 }
             });
 
@@ -931,53 +926,7 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
 
             stream.stderr.on("data", (data) => {
                 const errorMsg = data.toString().trim();
-
-                const isNonRetryableError = errorMsg.includes("Permission denied") ||
-                    errorMsg.includes("Authentication failed") ||
-                    errorMsg.includes("failed for listen port") ||
-                    errorMsg.includes("address already in use") ||
-                    errorMsg.includes("bind: Address already in use") ||
-                    errorMsg.includes("channel 0: open failed") ||
-                    errorMsg.includes("remote port forwarding failed");
-
-                const isRemoteHostClosure = errorMsg.includes("closed by remote host") ||
-                    errorMsg.includes("connection reset by peer") ||
-                    errorMsg.includes("broken pipe");
-
-                if (isNonRetryableError || isRemoteHostClosure) {
-                    if (activeRetryTimers.has(tunnelName)) {
-                        return;
-                    }
-
-                    if (retryExhaustedTunnels.has(tunnelName)) {
-                        if (isRemoteHostClosure) {
-                            retryExhaustedTunnels.delete(tunnelName);
-                            retryCounters.delete(tunnelName);
-                        } else {
-                            return;
-                        }
-                    }
-
-                    activeTunnels.delete(tunnelName);
-
-                    if (!manualDisconnects.has(tunnelName)) {
-                        broadcastTunnelStatus(tunnelName, {
-                            connected: false,
-                            status: CONNECTION_STATES.FAILED,
-                            errorType: classifyError(errorMsg),
-                            reason: errorMsg
-                        });
-                    }
-
-                    const errorType = classifyError(errorMsg);
-                    const shouldNotRetry = !isRemoteHostClosure && (
-                        errorType === ERROR_TYPES.AUTH ||
-                        errorType === ERROR_TYPES.PORT ||
-                        errorType === ERROR_TYPES.PERMISSION
-                    );
-
-                    handleDisconnect(tunnelName, tunnelConfig, !shouldNotRetry, isRemoteHostClosure);
-                }
+                logger.debug(`Tunnel stderr for '${tunnelName}': ${errorMsg}`);
             });
         });
     });
@@ -1071,8 +1020,7 @@ function connectSSHTunnel(tunnelConfig: TunnelConfig, retryAttempt = 0): void {
             broadcastTunnelStatus(tunnelName, {
                 connected: false,
                 status: CONNECTION_STATES.CONNECTING,
-                retryCount: retryAttempt > 0 ? retryAttempt : undefined,
-                isRemoteRetry: !!isRetryAfterRemoteClosure
+                retryCount: retryAttempt > 0 ? retryAttempt : undefined
             });
         }
 
@@ -1182,11 +1130,11 @@ function killRemoteTunnelByMarker(tunnelConfig: TunnelConfig, tunnelName: string
 }
 
 // Express API endpoints
-app.get('/status', (req, res) => {
+app.get('/ssh/tunnel/status', (req, res) => {
     res.json(getAllTunnelStatus());
 });
 
-app.get('/status/:tunnelName', (req, res) => {
+app.get('/ssh/tunnel/status/:tunnelName', (req, res) => {
     const {tunnelName} = req.params;
     const status = connectionStatus.get(tunnelName);
 
@@ -1197,7 +1145,7 @@ app.get('/status/:tunnelName', (req, res) => {
     res.json({name: tunnelName, status});
 });
 
-app.post('/connect', (req, res) => {
+app.post('/ssh/tunnel/connect', (req, res) => {
     const tunnelConfig: TunnelConfig = req.body;
 
     if (!tunnelConfig || !tunnelConfig.name) {
@@ -1221,7 +1169,7 @@ app.post('/connect', (req, res) => {
     res.json({message: 'Connection request received', tunnelName});
 });
 
-app.post('/disconnect', (req, res) => {
+app.post('/ssh/tunnel/disconnect', (req, res) => {
     const {tunnelName} = req.body;
 
     if (!tunnelName) {
@@ -1254,7 +1202,7 @@ app.post('/disconnect', (req, res) => {
     res.json({message: 'Disconnect request received', tunnelName});
 });
 
-app.post('/cancel', (req, res) => {
+app.post('/ssh/tunnel/cancel', (req, res) => {
     const {tunnelName} = req.body;
 
     if (!tunnelName) {
@@ -1298,7 +1246,7 @@ app.post('/cancel', (req, res) => {
 async function initializeAutoStartTunnels(): Promise<void> {
     try {
         // Fetch hosts with auto-start tunnel connections from the new internal endpoint
-        const response = await axios.get('http://localhost:8081/ssh/host/internal', {
+        const response = await axios.get('http://localhost:8081/ssh/db/host/internal', {
             headers: {
                 'Content-Type': 'application/json',
                 'X-Internal-Request': '1'