From f9f47f3869e9ae1b5effa3e07877a18427cfafc7 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 2 Sep 2025 16:11:08 -0700
Subject: [PATCH 001/166] Convert to exitNodeComm function

---
 server/lib/exitNodeComms.ts |  2 +-
 server/lib/traefikConfig.ts | 27 ++++++---------------------
 2 files changed, 7 insertions(+), 22 deletions(-)

diff --git a/server/lib/exitNodeComms.ts b/server/lib/exitNodeComms.ts
index f79b718f..bcfbec3e 100644
--- a/server/lib/exitNodeComms.ts
+++ b/server/lib/exitNodeComms.ts
@@ -3,7 +3,7 @@ import logger from "@server/logger";
 import { ExitNode } from "@server/db";
 
 interface ExitNodeRequest {
-    remoteType: string;
+    remoteType?: string;
     localPath: string;
     method?: "POST" | "DELETE" | "GET" | "PUT";
     data?: any;
diff --git a/server/lib/traefikConfig.ts b/server/lib/traefikConfig.ts
index e16b93d2..8b133419 100644
--- a/server/lib/traefikConfig.ts
+++ b/server/lib/traefikConfig.ts
@@ -15,6 +15,7 @@ import {
     getValidCertificatesForDomains,
     getValidCertificatesForDomainsHybrid
 } from "./remoteCertificates";
+import { sendToExitNode } from "./exitNodeComms";
 
 export class TraefikConfigManager {
     private intervalId: NodeJS.Timeout | null = null;
@@ -403,27 +404,11 @@ export class TraefikConfigManager {
                     [exitNode] = await db.select().from(exitNodes).limit(1);
                 }
                 if (exitNode) {
-                    try {
-                        await axios.post(
-                            `${exitNode.reachableAt}/update-local-snis`,
-                            { fullDomains: Array.from(domains) },
-                            { headers: { "Content-Type": "application/json" } }
-                        );
-                    } catch (error) {
-                        // pull data out of the axios error to log
-                        if (axios.isAxiosError(error)) {
-                            logger.error("Error updating local SNI:", {
-                                message: error.message,
-                                code: error.code,
-                                status: error.response?.status,
-                                statusText: error.response?.statusText,
-                                url: error.config?.url,
-                                method: error.config?.method
-                            });
-                        } else {
-                            logger.error("Error updating local SNI:", error);
-                        }
-                    }
+                    await sendToExitNode(exitNode, {
+                        localPath: "/update-local-snis",
+                        method: "POST",
+                        data: { fullDomains: Array.from(domains) }
+                    });
                 } else {
                     logger.error(
                         "No exit node found. Has gerbil registered yet?"

From a21de9f1cbdc25aed45b7935de2697b289c6b83b Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 3 Sep 2025 17:34:16 -0700
Subject: [PATCH 002/166] Add niceId to resource

---
 server/db/pg/schema.ts     | 1 +
 server/db/sqlite/schema.ts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index 8e725ab1..624b4a61 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -71,6 +71,7 @@ export const resources = pgTable("resources", {
             onDelete: "cascade"
         })
         .notNull(),
+    niceId: text("niceId"), // TODO: SHOULD THIS BE NULLABLE?
     name: varchar("name").notNull(),
     subdomain: varchar("subdomain"),
     fullDomain: varchar("fullDomain"),
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 579ff7b4..971c1841 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -77,6 +77,7 @@ export const resources = sqliteTable("resources", {
             onDelete: "cascade"
         })
         .notNull(),
+    niceId: text("niceId"), // TODO: SHOULD THIS BE NULLABLE?
     name: text("name").notNull(),
     subdomain: text("subdomain"),
     fullDomain: text("fullDomain"),

From 459853ca997d01dc8658cbf672d83ab4ddd50531 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 11:18:42 -0700
Subject: [PATCH 003/166] move all components to components dir

---
 .../routers/resource/getResourceAuthInfo.ts   |   4 +-
 src/app/[orgId]/page.tsx                      |   4 +-
 .../settings/access/invitations/page.tsx      |   4 +-
 .../[orgId]/settings/access/roles/page.tsx    |   2 +-
 .../[orgId]/settings/access/users/page.tsx    |   4 +-
 src/app/[orgId]/settings/api-keys/page.tsx    |   4 +-
 .../settings/clients/[clientId]/layout.tsx    |   2 +-
 src/app/[orgId]/settings/clients/page.tsx     |   4 +-
 src/app/[orgId]/settings/domains/page.tsx     |   2 +-
 .../[resourceId]/authentication/page.tsx      |   4 +-
 .../resources/[resourceId]/general/page.tsx   |   4 +-
 .../resources/[resourceId]/layout.tsx         |   2 +-
 .../settings/resources/create/page.tsx        |   2 +-
 src/app/[orgId]/settings/resources/page.tsx   |   2 +-
 .../share-links/CreateShareLinkForm.tsx       |   4 +-
 .../settings/share-links/ShareLinksTable.tsx  |   4 +-
 src/app/[orgId]/settings/share-links/page.tsx |   4 +-
 .../settings/sites/[niceId]/layout.tsx        |   2 +-
 src/app/[orgId]/settings/sites/page.tsx       |   4 +-
 src/app/admin/api-keys/page.tsx               |   2 +-
 src/app/admin/idp/[idpId]/policies/page.tsx   |   2 +-
 src/app/admin/idp/page.tsx                    |   4 +-
 src/app/admin/users/AdminUsersTable.tsx       |   2 +-
 src/app/admin/users/page.tsx                  |   2 +-
 .../auth/idp/[idpId]/oidc/callback/page.tsx   |   2 +-
 src/app/auth/login/page.tsx                   |   2 +-
 .../auth/reset-password/ResetPasswordForm.tsx |  32 +-
 src/app/auth/reset-password/page.tsx          |   2 +-
 src/app/auth/resource/[resourceId]/page.tsx   |  10 +-
 src/app/auth/signup/page.tsx                  |   4 +-
 src/app/auth/verify-email/page.tsx            |   2 +-
 src/app/invite/page.tsx                       |   6 +-
 src/app/s/[accessToken]/page.tsx              |   2 +-
 .../AccessPageHeaderAndNav.tsx                |   0
 .../AccessToken.tsx                           |   0
 .../AccessTokenUsage.tsx                      |   0
 .../idp => components}/AdminIdpDataTable.tsx  |   0
 .../idp => components}/AdminIdpTable.tsx      |   2 +-
 .../AdminUsersDataTable.tsx                   |   0
 src/components/AdminUsersTable.tsx            | 269 +++++++++
 .../ApiKeysDataTable.tsx                      |   0
 .../api-keys => components}/ApiKeysTable.tsx  |   2 +-
 .../AutoLoginHandler.tsx                      |   0
 .../ClientInfoCard.tsx                        |   0
 .../ClientsDataTable.tsx                      |   0
 .../clients => components}/ClientsTable.tsx   |   2 +-
 .../CreateDomainForm.tsx                      |   0
 .../roles => components}/CreateRoleForm.tsx   |   0
 src/components/CreateShareLinkForm.tsx        | 549 ++++++++++++++++++
 .../CustomDomainInput.tsx                     |   0
 .../DashboardLoginForm.tsx                    |   0
 .../roles => components}/DeleteRoleForm.tsx   |   2 +-
 .../DomainsDataTable.tsx                      |   0
 .../domains => components}/DomainsTable.tsx   |   4 +-
 src/components/IdpCreateWizard.tsx            | 429 ++++++++++++++
 .../InvitationsDataTable.tsx                  |   0
 .../InvitationsTable.tsx                      |   4 +-
 .../InviteStatusCard.tsx                      |   0
 .../MemberResourcesPortal.tsx                 |   0
 .../OrgApiKeysDataTable.tsx                   |   0
 .../OrgApiKeysTable.tsx                       |   2 +-
 .../OrganizationLandingCard.tsx               |   0
 .../PolicyDataTable.tsx                       |   0
 .../policies => components}/PolicyTable.tsx   |   0
 .../RegenerateInvitationForm.tsx              |   0
 src/components/ResetPasswordForm.tsx          | 533 +++++++++++++++++
 .../ResourceAccessDenied.tsx                  |   0
 .../ResourceAuthPortal.tsx                    |   2 +-
 .../ResourceInfoBox.tsx                       |   0
 .../ResourceNotFound.tsx                      |   0
 .../ResourcesTable.tsx                        |   0
 .../roles => components}/RolesDataTable.tsx   |   0
 .../roles => components}/RolesTable.tsx       |   6 +-
 .../SetResourcePasswordForm.tsx               |   0
 .../SetResourcePincodeForm.tsx                |   0
 .../ShareLinksDataTable.tsx                   |   0
 .../ShareLinksSplash.tsx                      |   0
 src/components/ShareLinksTable.tsx            | 298 ++++++++++
 .../auth/signup => components}/SignupForm.tsx |   0
 .../[niceId] => components}/SiteInfoCard.tsx  |   0
 .../sites => components}/SitesDataTable.tsx   |   0
 .../sites => components}/SitesSplashCard.tsx  |   0
 .../sites => components}/SitesTable.tsx       |   2 +-
 .../users => components}/UsersDataTable.tsx   |   0
 .../users => components}/UsersTable.tsx       |   2 +-
 .../ValidateOidcToken.tsx                     |   0
 .../VerifyEmailForm.tsx                       |   2 +-
 87 files changed, 2163 insertions(+), 83 deletions(-)
 rename src/{app/[orgId]/settings/access => components}/AccessPageHeaderAndNav.tsx (100%)
 rename src/{app/auth/resource/[resourceId] => components}/AccessToken.tsx (100%)
 rename src/{app/[orgId]/settings/share-links => components}/AccessTokenUsage.tsx (100%)
 rename src/{app/admin/idp => components}/AdminIdpDataTable.tsx (100%)
 rename src/{app/admin/idp => components}/AdminIdpTable.tsx (99%)
 rename src/{app/admin/users => components}/AdminUsersDataTable.tsx (100%)
 create mode 100644 src/components/AdminUsersTable.tsx
 rename src/{app/admin/api-keys => components}/ApiKeysDataTable.tsx (100%)
 rename src/{app/admin/api-keys => components}/ApiKeysTable.tsx (98%)
 rename src/{app/auth/resource/[resourceId] => components}/AutoLoginHandler.tsx (100%)
 rename src/{app/[orgId]/settings/clients/[clientId] => components}/ClientInfoCard.tsx (100%)
 rename src/{app/[orgId]/settings/clients => components}/ClientsDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/clients => components}/ClientsTable.tsx (99%)
 rename src/{app/[orgId]/settings/domains => components}/CreateDomainForm.tsx (100%)
 rename src/{app/[orgId]/settings/access/roles => components}/CreateRoleForm.tsx (100%)
 create mode 100644 src/components/CreateShareLinkForm.tsx
 rename src/{app/[orgId]/settings/resources/[resourceId] => components}/CustomDomainInput.tsx (100%)
 rename src/{app/auth/login => components}/DashboardLoginForm.tsx (100%)
 rename src/{app/[orgId]/settings/access/roles => components}/DeleteRoleForm.tsx (99%)
 rename src/{app/[orgId]/settings/domains => components}/DomainsDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/domains => components}/DomainsTable.tsx (98%)
 create mode 100644 src/components/IdpCreateWizard.tsx
 rename src/{app/[orgId]/settings/access/invitations => components}/InvitationsDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/access/invitations => components}/InvitationsTable.tsx (97%)
 rename src/{app/invite => components}/InviteStatusCard.tsx (100%)
 rename src/{app/[orgId] => components}/MemberResourcesPortal.tsx (100%)
 rename src/{app/[orgId]/settings/api-keys => components}/OrgApiKeysDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/api-keys => components}/OrgApiKeysTable.tsx (98%)
 rename src/{app/[orgId] => components}/OrganizationLandingCard.tsx (100%)
 rename src/{app/admin/idp/[idpId]/policies => components}/PolicyDataTable.tsx (100%)
 rename src/{app/admin/idp/[idpId]/policies => components}/PolicyTable.tsx (100%)
 rename src/{app/[orgId]/settings/access/invitations => components}/RegenerateInvitationForm.tsx (100%)
 create mode 100644 src/components/ResetPasswordForm.tsx
 rename src/{app/auth/resource/[resourceId] => components}/ResourceAccessDenied.tsx (100%)
 rename src/{app/auth/resource/[resourceId] => components}/ResourceAuthPortal.tsx (99%)
 rename src/{app/[orgId]/settings/resources/[resourceId] => components}/ResourceInfoBox.tsx (100%)
 rename src/{app/auth/resource/[resourceId] => components}/ResourceNotFound.tsx (100%)
 rename src/{app/[orgId]/settings/resources => components}/ResourcesTable.tsx (100%)
 rename src/{app/[orgId]/settings/access/roles => components}/RolesDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/access/roles => components}/RolesTable.tsx (95%)
 rename src/{app/[orgId]/settings/resources/[resourceId]/authentication => components}/SetResourcePasswordForm.tsx (100%)
 rename src/{app/[orgId]/settings/resources/[resourceId]/authentication => components}/SetResourcePincodeForm.tsx (100%)
 rename src/{app/[orgId]/settings/share-links => components}/ShareLinksDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/share-links => components}/ShareLinksSplash.tsx (100%)
 create mode 100644 src/components/ShareLinksTable.tsx
 rename src/{app/auth/signup => components}/SignupForm.tsx (100%)
 rename src/{app/[orgId]/settings/sites/[niceId] => components}/SiteInfoCard.tsx (100%)
 rename src/{app/[orgId]/settings/sites => components}/SitesDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/sites => components}/SitesSplashCard.tsx (100%)
 rename src/{app/[orgId]/settings/sites => components}/SitesTable.tsx (99%)
 rename src/{app/[orgId]/settings/access/users => components}/UsersDataTable.tsx (100%)
 rename src/{app/[orgId]/settings/access/users => components}/UsersTable.tsx (99%)
 rename src/{app/auth/idp/[idpId]/oidc/callback => components}/ValidateOidcToken.tsx (100%)
 rename src/{app/auth/verify-email => components}/VerifyEmailForm.tsx (99%)

diff --git a/server/routers/resource/getResourceAuthInfo.ts b/server/routers/resource/getResourceAuthInfo.ts
index 191221f1..c775564b 100644
--- a/server/routers/resource/getResourceAuthInfo.ts
+++ b/server/routers/resource/getResourceAuthInfo.ts
@@ -32,6 +32,7 @@ export type GetResourceAuthInfoResponse = {
     url: string;
     whitelist: boolean;
     skipToIdpId: number | null;
+    orgId: string;
 };
 
 export async function getResourceAuthInfo(
@@ -88,7 +89,8 @@ export async function getResourceAuthInfo(
                 blockAccess: resource.blockAccess,
                 url,
                 whitelist: resource.emailWhitelistEnabled,
-                skipToIdpId: resource.skipToIdpId
+                skipToIdpId: resource.skipToIdpId,
+                orgId: resource.orgId
             },
             success: true,
             error: false,
diff --git a/src/app/[orgId]/page.tsx b/src/app/[orgId]/page.tsx
index 4740198b..4c3ac07b 100644
--- a/src/app/[orgId]/page.tsx
+++ b/src/app/[orgId]/page.tsx
@@ -1,8 +1,8 @@
 import { verifySession } from "@app/lib/auth/verifySession";
 import UserProvider from "@app/providers/UserProvider";
 import { cache } from "react";
-import OrganizationLandingCard from "./OrganizationLandingCard";
-import MemberResourcesPortal from "./MemberResourcesPortal";
+import OrganizationLandingCard from "../../components/OrganizationLandingCard";
+import MemberResourcesPortal from "../../components/MemberResourcesPortal";
 import { GetOrgOverviewResponse } from "@server/routers/org/getOrgOverview";
 import { internal } from "@app/lib/api";
 import { AxiosResponse } from "axios";
diff --git a/src/app/[orgId]/settings/access/invitations/page.tsx b/src/app/[orgId]/settings/access/invitations/page.tsx
index 665b9a43..d7fee322 100644
--- a/src/app/[orgId]/settings/access/invitations/page.tsx
+++ b/src/app/[orgId]/settings/access/invitations/page.tsx
@@ -1,13 +1,13 @@
 import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
-import InvitationsTable, { InvitationRow } from "./InvitationsTable";
+import InvitationsTable, { InvitationRow } from "../../../../../components/InvitationsTable";
 import { GetOrgResponse } from "@server/routers/org";
 import { cache } from "react";
 import OrgProvider from "@app/providers/OrgProvider";
 import UserProvider from "@app/providers/UserProvider";
 import { verifySession } from "@app/lib/auth/verifySession";
-import AccessPageHeaderAndNav from "../AccessPageHeaderAndNav";
+import AccessPageHeaderAndNav from "../../../../../components/AccessPageHeaderAndNav";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { getTranslations } from 'next-intl/server';
 
diff --git a/src/app/[orgId]/settings/access/roles/page.tsx b/src/app/[orgId]/settings/access/roles/page.tsx
index 8faedbf8..cffe4ed9 100644
--- a/src/app/[orgId]/settings/access/roles/page.tsx
+++ b/src/app/[orgId]/settings/access/roles/page.tsx
@@ -5,7 +5,7 @@ import { GetOrgResponse } from "@server/routers/org";
 import { cache } from "react";
 import OrgProvider from "@app/providers/OrgProvider";
 import { ListRolesResponse } from "@server/routers/role";
-import RolesTable, { RoleRow } from "./RolesTable";
+import RolesTable, { RoleRow } from "../../../../../components/RolesTable";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { getTranslations } from 'next-intl/server';
 
diff --git a/src/app/[orgId]/settings/access/users/page.tsx b/src/app/[orgId]/settings/access/users/page.tsx
index 4a1a1513..ad1214fd 100644
--- a/src/app/[orgId]/settings/access/users/page.tsx
+++ b/src/app/[orgId]/settings/access/users/page.tsx
@@ -2,13 +2,13 @@ import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { ListUsersResponse } from "@server/routers/user";
 import { AxiosResponse } from "axios";
-import UsersTable, { UserRow } from "./UsersTable";
+import UsersTable, { UserRow } from "../../../../../components/UsersTable";
 import { GetOrgResponse } from "@server/routers/org";
 import { cache } from "react";
 import OrgProvider from "@app/providers/OrgProvider";
 import UserProvider from "@app/providers/UserProvider";
 import { verifySession } from "@app/lib/auth/verifySession";
-import AccessPageHeaderAndNav from "../AccessPageHeaderAndNav";
+import AccessPageHeaderAndNav from "../../../../../components/AccessPageHeaderAndNav";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { getTranslations } from 'next-intl/server';
 
diff --git a/src/app/[orgId]/settings/api-keys/page.tsx b/src/app/[orgId]/settings/api-keys/page.tsx
index 188921e5..ca526a7d 100644
--- a/src/app/[orgId]/settings/api-keys/page.tsx
+++ b/src/app/[orgId]/settings/api-keys/page.tsx
@@ -2,7 +2,7 @@ import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import OrgApiKeysTable, { OrgApiKeyRow } from "./OrgApiKeysTable";
+import OrgApiKeysTable, { OrgApiKeyRow } from "../../../../components/OrgApiKeysTable";
 import { ListOrgApiKeysResponse } from "@server/routers/apiKeys";
 import { getTranslations } from 'next-intl/server';
 
@@ -15,7 +15,7 @@ export const dynamic = "force-dynamic";
 export default async function ApiKeysPage(props: ApiKeyPageProps) {
     const params = await props.params;
     const t = await getTranslations();
-    
+
     let apiKeys: ListOrgApiKeysResponse["apiKeys"] = [];
     try {
         const res = await internal.get<AxiosResponse<ListOrgApiKeysResponse>>(
diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
index d137b00c..84a5f78f 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
@@ -3,7 +3,7 @@ import { AxiosResponse } from "axios";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { GetClientResponse } from "@server/routers/client";
-import ClientInfoCard from "./ClientInfoCard";
+import ClientInfoCard from "../../../../../components/ClientInfoCard";
 import ClientProvider from "@app/providers/ClientProvider";
 import { redirect } from "next/navigation";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
diff --git a/src/app/[orgId]/settings/clients/page.tsx b/src/app/[orgId]/settings/clients/page.tsx
index 83cc11e3..994b1d56 100644
--- a/src/app/[orgId]/settings/clients/page.tsx
+++ b/src/app/[orgId]/settings/clients/page.tsx
@@ -1,10 +1,10 @@
 import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
-import { ClientRow } from "./ClientsTable";
+import { ClientRow } from "../../../../components/ClientsTable";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { ListClientsResponse } from "@server/routers/client";
-import ClientsTable from "./ClientsTable";
+import ClientsTable from "../../../../components/ClientsTable";
 
 type ClientsPageProps = {
     params: Promise<{ orgId: string }>;
diff --git a/src/app/[orgId]/settings/domains/page.tsx b/src/app/[orgId]/settings/domains/page.tsx
index c85fe10d..cb587d92 100644
--- a/src/app/[orgId]/settings/domains/page.tsx
+++ b/src/app/[orgId]/settings/domains/page.tsx
@@ -2,7 +2,7 @@ import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import DomainsTable, { DomainRow } from "./DomainsTable";
+import DomainsTable, { DomainRow } from "../../../../components/DomainsTable";
 import { getTranslations } from "next-intl/server";
 import { cache } from "react";
 import { GetOrgResponse } from "@server/routers/org";
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
index 9bb9919a..4705550e 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
@@ -27,8 +27,8 @@ import {
 } from "@app/components/ui/form";
 import { ListUsersResponse } from "@server/routers/user";
 import { Binary, Key } from "lucide-react";
-import SetResourcePasswordForm from "./SetResourcePasswordForm";
-import SetResourcePincodeForm from "./SetResourcePincodeForm";
+import SetResourcePasswordForm from "../../../../../../components/SetResourcePasswordForm";
+import SetResourcePincodeForm from "../../../../../../components/SetResourcePincodeForm";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import {
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
index ce8f29a7..e2bab1cb 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
@@ -54,7 +54,7 @@ import DomainPicker from "@app/components/DomainPicker";
 import { Globe } from "lucide-react";
 import { build } from "@server/build";
 import { finalizeSubdomainSanitize } from "@app/lib/subdomain-utils";
-import { DomainRow } from "../../../domains/DomainsTable";
+import { DomainRow } from "../../../../../../components/DomainsTable";
 import { toASCII, toUnicode } from "punycode";
 
 export default function GeneralForm() {
@@ -160,7 +160,7 @@ export default function GeneralForm() {
                 const rawDomains = res.data.data.domains as DomainRow[];
                 const domains = rawDomains.map((domain) => ({
                     ...domain,
-                    baseDomain: toUnicode(domain.baseDomain), 
+                    baseDomain: toUnicode(domain.baseDomain),
                 }));
                 setBaseDomains(domains);
                 setFormKey((key) => key + 1);
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/layout.tsx b/src/app/[orgId]/settings/resources/[resourceId]/layout.tsx
index f6d4b3c0..8a5d0997 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/layout.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/layout.tsx
@@ -12,7 +12,7 @@ import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { GetOrgResponse } from "@server/routers/org";
 import OrgProvider from "@app/providers/OrgProvider";
 import { cache } from "react";
-import ResourceInfoBox from "./ResourceInfoBox";
+import ResourceInfoBox from "../../../../../components/ResourceInfoBox";
 import { GetSiteResponse } from "@server/routers/site";
 import { getTranslations } from 'next-intl/server';
 
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 782b3135..c28f5a5f 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -90,7 +90,7 @@ import { ListTargetsResponse } from "@server/routers/target";
 import { DockerManager, DockerState } from "@app/lib/docker";
 import { parseHostTarget } from "@app/lib/parseHostTarget";
 import { toASCII, toUnicode } from 'punycode';
-import { DomainRow } from "../../domains/DomainsTable";
+import { DomainRow } from "../../../../../components/DomainsTable";
 
 const baseResourceFormSchema = z.object({
     name: z.string().min(1).max(255),
diff --git a/src/app/[orgId]/settings/resources/page.tsx b/src/app/[orgId]/settings/resources/page.tsx
index f8ef5397..b1b907e6 100644
--- a/src/app/[orgId]/settings/resources/page.tsx
+++ b/src/app/[orgId]/settings/resources/page.tsx
@@ -3,7 +3,7 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import ResourcesTable, {
     ResourceRow,
     InternalResourceRow
-} from "./ResourcesTable";
+} from "../../../../components/ResourcesTable";
 import { AxiosResponse } from "axios";
 import { ListResourcesResponse } from "@server/routers/resource";
 import { ListAllSiteResourcesByOrgResponse } from "@server/routers/siteResource";
diff --git a/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx b/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
index 18c989ab..e3ba3f17 100644
--- a/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
+++ b/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
@@ -58,14 +58,14 @@ import { CheckIcon, ChevronsUpDown } from "lucide-react";
 import { Checkbox } from "@app/components/ui/checkbox";
 import { GenerateAccessTokenResponse } from "@server/routers/accessToken";
 import { constructShareLink } from "@app/lib/shareLinks";
-import { ShareLinkRow } from "./ShareLinksTable";
+import { ShareLinkRow } from "@app/components/ShareLinksTable";
 import { QRCodeCanvas, QRCodeSVG } from "qrcode.react";
 import {
     Collapsible,
     CollapsibleContent,
     CollapsibleTrigger
 } from "@app/components/ui/collapsible";
-import AccessTokenSection from "./AccessTokenUsage";
+import AccessTokenSection from "@app/components/AccessTokenUsage";
 import { useTranslations } from "next-intl";
 import { toUnicode } from 'punycode';
 
diff --git a/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx b/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
index 41768255..2943311f 100644
--- a/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
+++ b/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { ShareLinksDataTable } from "./ShareLinksDataTable";
+import { ShareLinksDataTable } from "@app/components/ShareLinksDataTable";
 import {
     DropdownMenu,
     DropdownMenuContent,
@@ -31,7 +31,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
 import { ArrayElement } from "@server/types/ArrayElement";
 import { ListAccessTokensResponse } from "@server/routers/accessToken";
 import moment from "moment";
-import CreateShareLinkForm from "./CreateShareLinkForm";
+import CreateShareLinkForm from "@app/components/CreateShareLinkForm";
 import { constructShareLink } from "@app/lib/shareLinks";
 import { useTranslations } from "next-intl";
 
diff --git a/src/app/[orgId]/settings/share-links/page.tsx b/src/app/[orgId]/settings/share-links/page.tsx
index e4efabd9..be561acd 100644
--- a/src/app/[orgId]/settings/share-links/page.tsx
+++ b/src/app/[orgId]/settings/share-links/page.tsx
@@ -7,8 +7,8 @@ import { cache } from "react";
 import { GetOrgResponse } from "@server/routers/org";
 import OrgProvider from "@app/providers/OrgProvider";
 import { ListAccessTokensResponse } from "@server/routers/accessToken";
-import ShareLinksTable, { ShareLinkRow } from "./ShareLinksTable";
-import ShareableLinksSplash from "./ShareLinksSplash";
+import ShareLinksTable, { ShareLinkRow } from "../../../../components/ShareLinksTable";
+import ShareableLinksSplash from "../../../../components/ShareLinksSplash";
 import { getTranslations } from "next-intl/server";
 
 type ShareLinksPageProps = {
diff --git a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
index 597cc852..039deebb 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
@@ -6,7 +6,7 @@ import { redirect } from "next/navigation";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import SiteInfoCard from "./SiteInfoCard";
+import SiteInfoCard from "../../../../../components/SiteInfoCard";
 import { getTranslations } from "next-intl/server";
 
 interface SettingsLayoutProps {
diff --git a/src/app/[orgId]/settings/sites/page.tsx b/src/app/[orgId]/settings/sites/page.tsx
index 10bcad53..a854083c 100644
--- a/src/app/[orgId]/settings/sites/page.tsx
+++ b/src/app/[orgId]/settings/sites/page.tsx
@@ -2,9 +2,9 @@ import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { ListSitesResponse } from "@server/routers/site";
 import { AxiosResponse } from "axios";
-import SitesTable, { SiteRow } from "./SitesTable";
+import SitesTable, { SiteRow } from "../../../../components/SitesTable";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import SitesSplashCard from "./SitesSplashCard";
+import SitesSplashCard from "../../../../components/SitesSplashCard";
 import { getTranslations } from "next-intl/server";
 
 type SitesPageProps = {
diff --git a/src/app/admin/api-keys/page.tsx b/src/app/admin/api-keys/page.tsx
index 22607f2f..e518911f 100644
--- a/src/app/admin/api-keys/page.tsx
+++ b/src/app/admin/api-keys/page.tsx
@@ -3,7 +3,7 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { ListRootApiKeysResponse } from "@server/routers/apiKeys";
-import ApiKeysTable, { ApiKeyRow } from "./ApiKeysTable";
+import ApiKeysTable, { ApiKeyRow } from "../../../components/ApiKeysTable";
 import { getTranslations } from "next-intl/server";
 
 type ApiKeyPageProps = {};
diff --git a/src/app/admin/idp/[idpId]/policies/page.tsx b/src/app/admin/idp/[idpId]/policies/page.tsx
index aadd6eb8..01b186bf 100644
--- a/src/app/admin/idp/[idpId]/policies/page.tsx
+++ b/src/app/admin/idp/[idpId]/policies/page.tsx
@@ -31,7 +31,7 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { z } from "zod";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { InfoIcon, ExternalLink, CheckIcon } from "lucide-react";
-import PolicyTable, { PolicyRow } from "./PolicyTable";
+import PolicyTable, { PolicyRow } from "../../../../../components/PolicyTable";
 import { AxiosResponse } from "axios";
 import { ListOrgsResponse } from "@server/routers/org";
 import {
diff --git a/src/app/admin/idp/page.tsx b/src/app/admin/idp/page.tsx
index 4db77785..fef0990c 100644
--- a/src/app/admin/idp/page.tsx
+++ b/src/app/admin/idp/page.tsx
@@ -2,7 +2,7 @@ import { internal } from "@app/lib/api";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import IdpTable, { IdpRow } from "./AdminIdpTable";
+import IdpTable, { IdpRow } from "../../../components/AdminIdpTable";
 import { getTranslations } from "next-intl/server";
 
 export default async function IdpPage() {
@@ -16,7 +16,7 @@ export default async function IdpPage() {
     } catch (e) {
         console.error(e);
     }
-    
+
     const t = await getTranslations();
 
     return (
diff --git a/src/app/admin/users/AdminUsersTable.tsx b/src/app/admin/users/AdminUsersTable.tsx
index 6c5e4613..8e75ff24 100644
--- a/src/app/admin/users/AdminUsersTable.tsx
+++ b/src/app/admin/users/AdminUsersTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { UsersDataTable } from "./AdminUsersDataTable";
+import { UsersDataTable } from "@app/components/AdminUsersDataTable";
 import { Button } from "@app/components/ui/button";
 import { ArrowRight, ArrowUpDown, MoreHorizontal } from "lucide-react";
 import { useRouter } from "next/navigation";
diff --git a/src/app/admin/users/page.tsx b/src/app/admin/users/page.tsx
index e9673374..bf6547a3 100644
--- a/src/app/admin/users/page.tsx
+++ b/src/app/admin/users/page.tsx
@@ -3,7 +3,7 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import { AxiosResponse } from "axios";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { AdminListUsersResponse } from "@server/routers/user/adminListUsers";
-import UsersTable, { GlobalUserRow } from "./AdminUsersTable";
+import UsersTable, { GlobalUserRow } from "../../../components/AdminUsersTable";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { InfoIcon } from "lucide-react";
 import { getTranslations } from "next-intl/server";
diff --git a/src/app/auth/idp/[idpId]/oidc/callback/page.tsx b/src/app/auth/idp/[idpId]/oidc/callback/page.tsx
index 1c0f8125..2ff8d09a 100644
--- a/src/app/auth/idp/[idpId]/oidc/callback/page.tsx
+++ b/src/app/auth/idp/[idpId]/oidc/callback/page.tsx
@@ -1,5 +1,5 @@
 import { cookies } from "next/headers";
-import ValidateOidcToken from "./ValidateOidcToken";
+import ValidateOidcToken from "@app/components/ValidateOidcToken";
 import { cache } from "react";
 import { priv } from "@app/lib/api";
 import { AxiosResponse } from "axios";
diff --git a/src/app/auth/login/page.tsx b/src/app/auth/login/page.tsx
index cad0ce58..e2505303 100644
--- a/src/app/auth/login/page.tsx
+++ b/src/app/auth/login/page.tsx
@@ -2,7 +2,7 @@ import { verifySession } from "@app/lib/auth/verifySession";
 import Link from "next/link";
 import { redirect } from "next/navigation";
 import { cache } from "react";
-import DashboardLoginForm from "./DashboardLoginForm";
+import DashboardLoginForm from "@app/components/DashboardLoginForm";
 import { Mail } from "lucide-react";
 import { pullEnv } from "@app/lib/pullEnv";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
diff --git a/src/app/auth/reset-password/ResetPasswordForm.tsx b/src/app/auth/reset-password/ResetPasswordForm.tsx
index 596afb99..3d456bd9 100644
--- a/src/app/auth/reset-password/ResetPasswordForm.tsx
+++ b/src/app/auth/reset-password/ResetPasswordForm.tsx
@@ -35,7 +35,7 @@ import {
     ResetPasswordResponse
 } from "@server/routers/auth";
 import { Loader2 } from "lucide-react";
-import { Alert, AlertDescription } from "../../../components/ui/alert";
+import { Alert, AlertDescription } from "@app/components/ui/alert";
 import { toast } from "@app/hooks/useToast";
 import { useRouter } from "next/navigation";
 import { formatAxiosError } from "@app/lib/api";
@@ -210,7 +210,7 @@ export default function ResetPasswordForm({
                     } catch (verificationError) {
                         console.error("Failed to send verification code:", verificationError);
                     }
-                    
+
                     if (redirect) {
                         router.push(`/auth/verify-email?redirect=${redirect}`);
                     } else {
@@ -254,8 +254,8 @@ export default function ResetPasswordForm({
                         {quickstart ? t('completeAccountSetup') : t('passwordReset')}
                     </CardTitle>
                     <CardDescription>
-                        {quickstart 
-                            ? t('completeAccountSetupDescription') 
+                        {quickstart
+                            ? t('completeAccountSetupDescription')
                             : t('passwordResetDescription')
                         }
                     </CardDescription>
@@ -282,8 +282,8 @@ export default function ResetPasswordForm({
                                                 </FormControl>
                                                 <FormMessage />
                                                 <FormDescription>
-                                                    {quickstart 
-                                                        ? t('accountSetupSent') 
+                                                    {quickstart
+                                                        ? t('accountSetupSent')
                                                         : t('passwordResetSent')
                                                     }
                                                 </FormDescription>
@@ -325,8 +325,8 @@ export default function ResetPasswordForm({
                                             render={({ field }) => (
                                                 <FormItem>
                                                     <FormLabel>
-                                                        {quickstart 
-                                                            ? t('accountSetupCode') 
+                                                        {quickstart
+                                                            ? t('accountSetupCode')
                                                             : t('passwordResetCode')
                                                         }
                                                     </FormLabel>
@@ -338,8 +338,8 @@ export default function ResetPasswordForm({
                                                     </FormControl>
                                                     <FormMessage />
                                                     <FormDescription>
-                                                        {quickstart 
-                                                            ? t('accountSetupCodeDescription') 
+                                                        {quickstart
+                                                            ? t('accountSetupCodeDescription')
                                                             : t('passwordResetCodeDescription')
                                                         }
                                                     </FormDescription>
@@ -354,8 +354,8 @@ export default function ResetPasswordForm({
                                         render={({ field }) => (
                                             <FormItem>
                                                 <FormLabel>
-                                                    {quickstart 
-                                                        ? t('passwordCreate') 
+                                                    {quickstart
+                                                        ? t('passwordCreate')
                                                         : t('passwordNew')
                                                     }
                                                 </FormLabel>
@@ -375,8 +375,8 @@ export default function ResetPasswordForm({
                                         render={({ field }) => (
                                             <FormItem>
                                                 <FormLabel>
-                                                    {quickstart 
-                                                        ? t('passwordCreateConfirm') 
+                                                    {quickstart
+                                                        ? t('passwordCreateConfirm')
                                                         : t('passwordNewConfirm')
                                                     }
                                                 </FormLabel>
@@ -490,8 +490,8 @@ export default function ResetPasswordForm({
                                     {isSubmitting && (
                                         <Loader2 className="mr-2 h-4 w-4 animate-spin" />
                                     )}
-                                    {quickstart 
-                                        ? t('accountSetupSubmit') 
+                                    {quickstart
+                                        ? t('accountSetupSubmit')
                                         : t('passwordResetSubmit')
                                     }
                                 </Button>
diff --git a/src/app/auth/reset-password/page.tsx b/src/app/auth/reset-password/page.tsx
index f06c7c4c..490f89f7 100644
--- a/src/app/auth/reset-password/page.tsx
+++ b/src/app/auth/reset-password/page.tsx
@@ -1,7 +1,7 @@
 import { verifySession } from "@app/lib/auth/verifySession";
 import { redirect } from "next/navigation";
 import { cache } from "react";
-import ResetPasswordForm from "./ResetPasswordForm";
+import ResetPasswordForm from "@app/components/ResetPasswordForm";
 import Link from "next/link";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { getTranslations } from "next-intl/server";
diff --git a/src/app/auth/resource/[resourceId]/page.tsx b/src/app/auth/resource/[resourceId]/page.tsx
index 347d3586..25580ee7 100644
--- a/src/app/auth/resource/[resourceId]/page.tsx
+++ b/src/app/auth/resource/[resourceId]/page.tsx
@@ -2,20 +2,20 @@ import {
     GetResourceAuthInfoResponse,
     GetExchangeTokenResponse
 } from "@server/routers/resource";
-import ResourceAuthPortal from "./ResourceAuthPortal";
+import ResourceAuthPortal from "@app/components/ResourceAuthPortal";
 import { internal, priv } from "@app/lib/api";
 import { AxiosResponse } from "axios";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { cache } from "react";
 import { verifySession } from "@app/lib/auth/verifySession";
 import { redirect } from "next/navigation";
-import ResourceNotFound from "./ResourceNotFound";
-import ResourceAccessDenied from "./ResourceAccessDenied";
-import AccessToken from "./AccessToken";
+import ResourceNotFound from "@app/components/ResourceNotFound";
+import ResourceAccessDenied from "@app/components/ResourceAccessDenied";
+import AccessToken from "@app/components/AccessToken";
 import { pullEnv } from "@app/lib/pullEnv";
 import { LoginFormIDP } from "@app/components/LoginForm";
 import { ListIdpsResponse } from "@server/routers/idp";
-import AutoLoginHandler from "./AutoLoginHandler";
+import AutoLoginHandler from "@app/components/AutoLoginHandler";
 
 export const dynamic = "force-dynamic";
 
diff --git a/src/app/auth/signup/page.tsx b/src/app/auth/signup/page.tsx
index 673e69bf..b4f4fddd 100644
--- a/src/app/auth/signup/page.tsx
+++ b/src/app/auth/signup/page.tsx
@@ -1,4 +1,4 @@
-import SignupForm from "@app/app/auth/signup/SignupForm";
+import SignupForm from "@app/components/SignupForm";
 import { verifySession } from "@app/lib/auth/verifySession";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { pullEnv } from "@app/lib/pullEnv";
@@ -11,7 +11,7 @@ import { getTranslations } from "next-intl/server";
 export const dynamic = "force-dynamic";
 
 export default async function Page(props: {
-    searchParams: Promise<{ 
+    searchParams: Promise<{
         redirect: string | undefined;
         email: string | undefined;
     }>;
diff --git a/src/app/auth/verify-email/page.tsx b/src/app/auth/verify-email/page.tsx
index 10ad809f..c549abf0 100644
--- a/src/app/auth/verify-email/page.tsx
+++ b/src/app/auth/verify-email/page.tsx
@@ -1,4 +1,4 @@
-import VerifyEmailForm from "@app/app/auth/verify-email/VerifyEmailForm";
+import VerifyEmailForm from "@app/components/VerifyEmailForm";
 import { verifySession } from "@app/lib/auth/verifySession";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { pullEnv } from "@app/lib/pullEnv";
diff --git a/src/app/invite/page.tsx b/src/app/invite/page.tsx
index 2e0c11e2..49c5a2c5 100644
--- a/src/app/invite/page.tsx
+++ b/src/app/invite/page.tsx
@@ -4,7 +4,7 @@ import { verifySession } from "@app/lib/auth/verifySession";
 import { AcceptInviteResponse } from "@server/routers/user";
 import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
-import InviteStatusCard from "./InviteStatusCard";
+import InviteStatusCard from "../../components/InviteStatusCard";
 import { formatAxiosError } from "@app/lib/api";
 import { getTranslations } from "next-intl/server";
 
@@ -72,14 +72,14 @@ export default async function InvitePage(props: {
     const type = cardType();
 
     if (!user && type === "user_does_not_exist") {
-        const redirectUrl = emailParam 
+        const redirectUrl = emailParam
             ? `/auth/signup?redirect=/invite?token=${params.token}&email=${encodeURIComponent(emailParam)}`
             : `/auth/signup?redirect=/invite?token=${params.token}`;
         redirect(redirectUrl);
     }
 
     if (!user && type === "not_logged_in") {
-        const redirectUrl = emailParam 
+        const redirectUrl = emailParam
             ? `/auth/login?redirect=/invite?token=${params.token}&email=${encodeURIComponent(emailParam)}`
             : `/auth/login?redirect=/invite?token=${params.token}`;
         redirect(redirectUrl);
diff --git a/src/app/s/[accessToken]/page.tsx b/src/app/s/[accessToken]/page.tsx
index d28ff7be..61299366 100644
--- a/src/app/s/[accessToken]/page.tsx
+++ b/src/app/s/[accessToken]/page.tsx
@@ -1,4 +1,4 @@
-import AccessToken from "@app/app/auth/resource/[resourceId]/AccessToken";
+import AccessToken from "@app/components/AccessToken";
 
 export default async function ResourceAuthPage(props: {
     params: Promise<{ accessToken: string }>;
diff --git a/src/app/[orgId]/settings/access/AccessPageHeaderAndNav.tsx b/src/components/AccessPageHeaderAndNav.tsx
similarity index 100%
rename from src/app/[orgId]/settings/access/AccessPageHeaderAndNav.tsx
rename to src/components/AccessPageHeaderAndNav.tsx
diff --git a/src/app/auth/resource/[resourceId]/AccessToken.tsx b/src/components/AccessToken.tsx
similarity index 100%
rename from src/app/auth/resource/[resourceId]/AccessToken.tsx
rename to src/components/AccessToken.tsx
diff --git a/src/app/[orgId]/settings/share-links/AccessTokenUsage.tsx b/src/components/AccessTokenUsage.tsx
similarity index 100%
rename from src/app/[orgId]/settings/share-links/AccessTokenUsage.tsx
rename to src/components/AccessTokenUsage.tsx
diff --git a/src/app/admin/idp/AdminIdpDataTable.tsx b/src/components/AdminIdpDataTable.tsx
similarity index 100%
rename from src/app/admin/idp/AdminIdpDataTable.tsx
rename to src/components/AdminIdpDataTable.tsx
diff --git a/src/app/admin/idp/AdminIdpTable.tsx b/src/components/AdminIdpTable.tsx
similarity index 99%
rename from src/app/admin/idp/AdminIdpTable.tsx
rename to src/components/AdminIdpTable.tsx
index fa7de6da..9c6c3ac4 100644
--- a/src/app/admin/idp/AdminIdpTable.tsx
+++ b/src/components/AdminIdpTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { IdpDataTable } from "./AdminIdpDataTable";
+import { IdpDataTable } from "@app/components/AdminIdpDataTable";
 import { Button } from "@app/components/ui/button";
 import { ArrowRight, ArrowUpDown, MoreHorizontal } from "lucide-react";
 import { useState } from "react";
diff --git a/src/app/admin/users/AdminUsersDataTable.tsx b/src/components/AdminUsersDataTable.tsx
similarity index 100%
rename from src/app/admin/users/AdminUsersDataTable.tsx
rename to src/components/AdminUsersDataTable.tsx
diff --git a/src/components/AdminUsersTable.tsx b/src/components/AdminUsersTable.tsx
new file mode 100644
index 00000000..8e75ff24
--- /dev/null
+++ b/src/components/AdminUsersTable.tsx
@@ -0,0 +1,269 @@
+"use client";
+
+import { ColumnDef } from "@tanstack/react-table";
+import { UsersDataTable } from "@app/components/AdminUsersDataTable";
+import { Button } from "@app/components/ui/button";
+import { ArrowRight, ArrowUpDown, MoreHorizontal } from "lucide-react";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
+import { toast } from "@app/hooks/useToast";
+import { formatAxiosError } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useTranslations } from "next-intl";
+import {
+    DropdownMenu,
+    DropdownMenuItem,
+    DropdownMenuContent,
+    DropdownMenuTrigger
+} from "@app/components/ui/dropdown-menu";
+
+export type GlobalUserRow = {
+    id: string;
+    name: string | null;
+    username: string;
+    email: string | null;
+    type: string;
+    idpId: number | null;
+    idpName: string;
+    dateCreated: string;
+    twoFactorEnabled: boolean | null;
+    twoFactorSetupRequested: boolean | null;
+};
+
+type Props = {
+    users: GlobalUserRow[];
+};
+
+export default function UsersTable({ users }: Props) {
+    const router = useRouter();
+    const t = useTranslations();
+
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const [selected, setSelected] = useState<GlobalUserRow | null>(null);
+    const [rows, setRows] = useState<GlobalUserRow[]>(users);
+
+    const api = createApiClient(useEnvContext());
+
+    const deleteUser = (id: string) => {
+        api.delete(`/user/${id}`)
+            .catch((e) => {
+                console.error(t("userErrorDelete"), e);
+                toast({
+                    variant: "destructive",
+                    title: t("userErrorDelete"),
+                    description: formatAxiosError(e, t("userErrorDelete"))
+                });
+            })
+            .then(() => {
+                router.refresh();
+                setIsDeleteModalOpen(false);
+
+                const newRows = rows.filter((row) => row.id !== id);
+
+                setRows(newRows);
+            });
+    };
+
+    const columns: ColumnDef<GlobalUserRow>[] = [
+        {
+            accessorKey: "id",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        ID
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "username",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("username")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "email",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("email")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "name",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("name")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "idpName",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("identityProvider")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "twoFactorEnabled",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("twoFactor")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const userRow = row.original;
+
+                return (
+                    <div className="flex flex-row items-center gap-2">
+                        <span>
+                            {userRow.twoFactorEnabled ||
+                            userRow.twoFactorSetupRequested ? (
+                                <span className="text-green-500">
+                                    {t("enabled")}
+                                </span>
+                            ) : (
+                                <span>{t("disabled")}</span>
+                            )}
+                        </span>
+                    </div>
+                );
+            }
+        },
+        {
+            id: "actions",
+            cell: ({ row }) => {
+                const r = row.original;
+                return (
+                    <>
+                        <div className="flex items-center justify-end gap-2">
+                            <DropdownMenu>
+                                <DropdownMenuTrigger asChild>
+                                    <Button
+                                        variant="ghost"
+                                        className="h-8 w-8 p-0"
+                                    >
+                                        <span className="sr-only">
+                                            Open menu
+                                        </span>
+                                        <MoreHorizontal className="h-4 w-4" />
+                                    </Button>
+                                </DropdownMenuTrigger>
+                                <DropdownMenuContent align="end">
+                                    <DropdownMenuItem
+                                        onClick={() => {
+                                            setSelected(r);
+                                            setIsDeleteModalOpen(true);
+                                        }}
+                                    >
+                                        {t("delete")}
+                                    </DropdownMenuItem>
+                                </DropdownMenuContent>
+                            </DropdownMenu>
+                            <Button
+                                variant={"secondary"}
+                                size="sm"
+                                onClick={() => {
+                                    router.push(`/admin/users/${r.id}`);
+                                }}
+                            >
+                                {t("edit")}
+                                <ArrowRight className="ml-2 w-4 h-4" />
+                            </Button>
+                        </div>
+                    </>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            {selected && (
+                <ConfirmDeleteDialog
+                    open={isDeleteModalOpen}
+                    setOpen={(val) => {
+                        setIsDeleteModalOpen(val);
+                        setSelected(null);
+                    }}
+                    dialog={
+                        <div className="space-y-4">
+                            <p>
+                                {t("userQuestionRemove", {
+                                    selectedUser:
+                                        selected?.email ||
+                                        selected?.name ||
+                                        selected?.username
+                                })}
+                            </p>
+
+                            <p>
+                                <b>{t("userMessageRemove")}</b>
+                            </p>
+
+                            <p>{t("userMessageConfirm")}</p>
+                        </div>
+                    }
+                    buttonText={t("userDeleteConfirm")}
+                    onConfirm={async () => deleteUser(selected!.id)}
+                    string={
+                        selected.email || selected.name || selected.username
+                    }
+                    title={t("userDeleteServer")}
+                />
+            )}
+
+            <UsersDataTable columns={columns} data={rows} />
+        </>
+    );
+}
diff --git a/src/app/admin/api-keys/ApiKeysDataTable.tsx b/src/components/ApiKeysDataTable.tsx
similarity index 100%
rename from src/app/admin/api-keys/ApiKeysDataTable.tsx
rename to src/components/ApiKeysDataTable.tsx
diff --git a/src/app/admin/api-keys/ApiKeysTable.tsx b/src/components/ApiKeysTable.tsx
similarity index 98%
rename from src/app/admin/api-keys/ApiKeysTable.tsx
rename to src/components/ApiKeysTable.tsx
index 02aead9e..99094651 100644
--- a/src/app/admin/api-keys/ApiKeysTable.tsx
+++ b/src/components/ApiKeysTable.tsx
@@ -18,7 +18,7 @@ import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import moment from "moment";
-import { ApiKeysDataTable } from "./ApiKeysDataTable";
+import { ApiKeysDataTable } from "@app/components/ApiKeysDataTable";
 import { useTranslations } from "next-intl";
 
 export type ApiKeyRow = {
diff --git a/src/app/auth/resource/[resourceId]/AutoLoginHandler.tsx b/src/components/AutoLoginHandler.tsx
similarity index 100%
rename from src/app/auth/resource/[resourceId]/AutoLoginHandler.tsx
rename to src/components/AutoLoginHandler.tsx
diff --git a/src/app/[orgId]/settings/clients/[clientId]/ClientInfoCard.tsx b/src/components/ClientInfoCard.tsx
similarity index 100%
rename from src/app/[orgId]/settings/clients/[clientId]/ClientInfoCard.tsx
rename to src/components/ClientInfoCard.tsx
diff --git a/src/app/[orgId]/settings/clients/ClientsDataTable.tsx b/src/components/ClientsDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/clients/ClientsDataTable.tsx
rename to src/components/ClientsDataTable.tsx
diff --git a/src/app/[orgId]/settings/clients/ClientsTable.tsx b/src/components/ClientsTable.tsx
similarity index 99%
rename from src/app/[orgId]/settings/clients/ClientsTable.tsx
rename to src/components/ClientsTable.tsx
index 7fa81622..fc7c7c84 100644
--- a/src/app/[orgId]/settings/clients/ClientsTable.tsx
+++ b/src/components/ClientsTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { ClientsDataTable } from "./ClientsDataTable";
+import { ClientsDataTable } from "@app/components/ClientsDataTable";
 import {
     DropdownMenu,
     DropdownMenuContent,
diff --git a/src/app/[orgId]/settings/domains/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
similarity index 100%
rename from src/app/[orgId]/settings/domains/CreateDomainForm.tsx
rename to src/components/CreateDomainForm.tsx
diff --git a/src/app/[orgId]/settings/access/roles/CreateRoleForm.tsx b/src/components/CreateRoleForm.tsx
similarity index 100%
rename from src/app/[orgId]/settings/access/roles/CreateRoleForm.tsx
rename to src/components/CreateRoleForm.tsx
diff --git a/src/components/CreateShareLinkForm.tsx b/src/components/CreateShareLinkForm.tsx
new file mode 100644
index 00000000..e3ba3f17
--- /dev/null
+++ b/src/components/CreateShareLinkForm.tsx
@@ -0,0 +1,549 @@
+"use client";
+
+import { Button } from "@app/components/ui/button";
+import {
+    Form,
+    FormControl,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@app/components/ui/form";
+import { Input } from "@app/components/ui/input";
+import {
+    Select,
+    SelectContent,
+    SelectItem,
+    SelectTrigger,
+    SelectValue
+} from "@app/components/ui/select";
+import { toast } from "@app/hooks/useToast";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { AxiosResponse } from "axios";
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { z } from "zod";
+import CopyTextBox from "@app/components/CopyTextBox";
+import {
+    Credenza,
+    CredenzaBody,
+    CredenzaClose,
+    CredenzaContent,
+    CredenzaDescription,
+    CredenzaFooter,
+    CredenzaHeader,
+    CredenzaTitle
+} from "@app/components/Credenza";
+import { useOrgContext } from "@app/hooks/useOrgContext";
+import { formatAxiosError } from "@app/lib/api";
+import { cn } from "@app/lib/cn";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { ListResourcesResponse } from "@server/routers/resource";
+import {
+    Popover,
+    PopoverContent,
+    PopoverTrigger
+} from "@app/components/ui/popover";
+import { CaretSortIcon } from "@radix-ui/react-icons";
+import {
+    Command,
+    CommandEmpty,
+    CommandGroup,
+    CommandInput,
+    CommandItem,
+    CommandList
+} from "@app/components/ui/command";
+import { CheckIcon, ChevronsUpDown } from "lucide-react";
+import { Checkbox } from "@app/components/ui/checkbox";
+import { GenerateAccessTokenResponse } from "@server/routers/accessToken";
+import { constructShareLink } from "@app/lib/shareLinks";
+import { ShareLinkRow } from "@app/components/ShareLinksTable";
+import { QRCodeCanvas, QRCodeSVG } from "qrcode.react";
+import {
+    Collapsible,
+    CollapsibleContent,
+    CollapsibleTrigger
+} from "@app/components/ui/collapsible";
+import AccessTokenSection from "@app/components/AccessTokenUsage";
+import { useTranslations } from "next-intl";
+import { toUnicode } from 'punycode';
+
+type FormProps = {
+    open: boolean;
+    setOpen: (open: boolean) => void;
+    onCreated?: (result: ShareLinkRow) => void;
+};
+
+export default function CreateShareLinkForm({
+    open,
+    setOpen,
+    onCreated
+}: FormProps) {
+    const { org } = useOrgContext();
+
+    const { env } = useEnvContext();
+    const api = createApiClient({ env });
+
+    const [link, setLink] = useState<string | null>(null);
+    const [accessTokenId, setAccessTokenId] = useState<string | null>(null);
+    const [accessToken, setAccessToken] = useState<string | null>(null);
+    const [loading, setLoading] = useState(false);
+    const [neverExpire, setNeverExpire] = useState(false);
+
+    const [isOpen, setIsOpen] = useState(false);
+    const t = useTranslations();
+
+    const [resources, setResources] = useState<
+        {
+            resourceId: number;
+            name: string;
+            resourceUrl: string;
+        }[]
+    >([]);
+
+    const formSchema = z.object({
+        resourceId: z.number({ message: t('shareErrorSelectResource') }),
+        resourceName: z.string(),
+        resourceUrl: z.string(),
+        timeUnit: z.string(),
+        timeValue: z.coerce.number().int().positive().min(1),
+        title: z.string().optional()
+    });
+
+    const timeUnits = [
+        { unit: "minutes", name: t('minutes') },
+        { unit: "hours", name: t('hours') },
+        { unit: "days", name: t('days') },
+        { unit: "weeks", name: t('weeks') },
+        { unit: "months", name: t('months') },
+        { unit: "years", name: t('years') }
+    ];
+
+    const form = useForm<z.infer<typeof formSchema>>({
+        resolver: zodResolver(formSchema),
+        defaultValues: {
+            timeUnit: "days",
+            timeValue: 30,
+            title: ""
+        }
+    });
+
+    useEffect(() => {
+        if (!open) {
+            return;
+        }
+
+        async function fetchResources() {
+            const res = await api
+                .get<
+                    AxiosResponse<ListResourcesResponse>
+                >(`/org/${org?.org.orgId}/resources`)
+                .catch((e) => {
+                    console.error(e);
+                    toast({
+                        variant: "destructive",
+                        title: t('shareErrorFetchResource'),
+                        description: formatAxiosError(
+                            e,
+                            t('shareErrorFetchResourceDescription')
+                        )
+                    });
+                });
+
+            if (res?.status === 200) {
+                setResources(
+                    res.data.data.resources
+                        .filter((r) => {
+                            return r.http;
+                        })
+                        .map((r) => ({
+                            resourceId: r.resourceId,
+                            name: r.name,
+                            resourceUrl: `${r.ssl ? "https://" : "http://"}${toUnicode(r.fullDomain || "")}/`
+                        }))
+                );
+            }
+        }
+
+        fetchResources();
+    }, [open]);
+
+    async function onSubmit(values: z.infer<typeof formSchema>) {
+        setLoading(true);
+
+        // convert time to seconds
+        let timeInSeconds = values.timeValue;
+        switch (values.timeUnit) {
+            case "minutes":
+                timeInSeconds *= 60;
+                break;
+            case "hours":
+                timeInSeconds *= 60 * 60;
+                break;
+            case "days":
+                timeInSeconds *= 60 * 60 * 24;
+                break;
+            case "weeks":
+                timeInSeconds *= 60 * 60 * 24 * 7;
+                break;
+            case "months":
+                timeInSeconds *= 60 * 60 * 24 * 30;
+                break;
+            case "years":
+                timeInSeconds *= 60 * 60 * 24 * 365;
+                break;
+        }
+
+        const res = await api
+            .post<AxiosResponse<GenerateAccessTokenResponse>>(
+                `/resource/${values.resourceId}/access-token`,
+                {
+                    validForSeconds: neverExpire ? undefined : timeInSeconds,
+                    title:
+                        values.title ||
+                        t('shareLink', {resource: (values.resourceName || "Resource" + values.resourceId)})
+                }
+            )
+            .catch((e) => {
+                console.error(e);
+                toast({
+                    variant: "destructive",
+                    title: t('shareErrorCreate'),
+                    description: formatAxiosError(
+                        e,
+                        t('shareErrorCreateDescription')
+                    )
+                });
+            });
+
+        if (res && res.data.data.accessTokenId) {
+            const token = res.data.data;
+            const link = constructShareLink(token.accessToken);
+            setLink(link);
+
+            setAccessToken(token.accessToken);
+            setAccessTokenId(token.accessTokenId);
+
+            const resource = resources.find(
+                (r) => r.resourceId === values.resourceId
+            );
+
+            onCreated?.({
+                accessTokenId: token.accessTokenId,
+                resourceId: token.resourceId,
+                resourceName: values.resourceName,
+                title: token.title,
+                createdAt: token.createdAt,
+                expiresAt: token.expiresAt
+            });
+        }
+
+        setLoading(false);
+    }
+
+    function getSelectedResourceName(id: number) {
+        const resource = resources.find((r) => r.resourceId === id);
+        return `${resource?.name}`;
+    }
+
+    return (
+        <>
+            <Credenza
+                open={open}
+                onOpenChange={(val) => {
+                    setOpen(val);
+                    setLink(null);
+                    setLoading(false);
+                    form.reset();
+                }}
+            >
+                <CredenzaContent>
+                    <CredenzaHeader>
+                        <CredenzaTitle>{t('shareCreate')}</CredenzaTitle>
+                        <CredenzaDescription>
+                            {t('shareCreateDescription')}
+                        </CredenzaDescription>
+                    </CredenzaHeader>
+                    <CredenzaBody>
+                        <div className="space-y-4">
+                            {!link && (
+                                <Form {...form}>
+                                    <form
+                                        onSubmit={form.handleSubmit(onSubmit)}
+                                        className="space-y-4"
+                                        id="share-link-form"
+                                    >
+                                        <FormField
+                                            control={form.control}
+                                            name="resourceId"
+                                            render={({ field }) => (
+                                                <FormItem className="flex flex-col">
+                                                    <FormLabel>
+                                                        {t('resource')}
+                                                    </FormLabel>
+                                                    <Popover>
+                                                        <PopoverTrigger asChild>
+                                                            <FormControl>
+                                                                <Button
+                                                                    variant="outline"
+                                                                    role="combobox"
+                                                                    className={cn(
+                                                                        "justify-between",
+                                                                        !field.value &&
+                                                                            "text-muted-foreground"
+                                                                    )}
+                                                                >
+                                                                    {field.value
+                                                                        ? getSelectedResourceName(
+                                                                              field.value
+                                                                          )
+                                                                        : t('resourceSelect')}
+                                                                    <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
+                                                                </Button>
+                                                            </FormControl>
+                                                        </PopoverTrigger>
+                                                        <PopoverContent className="p-0">
+                                                            <Command>
+                                                                <CommandInput placeholder={t('resourceSearch')} />
+                                                                <CommandList>
+                                                                    <CommandEmpty>
+                                                                        {t('resourcesNotFound')}
+                                                                    </CommandEmpty>
+                                                                    <CommandGroup>
+                                                                        {resources.map(
+                                                                            (
+                                                                                r
+                                                                            ) => (
+                                                                                <CommandItem
+                                                                                    value={`${r.name}:${r.resourceId}`}
+                                                                                    key={
+                                                                                        r.resourceId
+                                                                                    }
+                                                                                    onSelect={() => {
+                                                                                        form.setValue(
+                                                                                            "resourceId",
+                                                                                            r.resourceId
+                                                                                        );
+                                                                                        form.setValue(
+                                                                                            "resourceName",
+                                                                                            r.name
+                                                                                        );
+                                                                                        form.setValue(
+                                                                                            "resourceUrl",
+                                                                                            r.resourceUrl
+                                                                                        );
+                                                                                    }}
+                                                                                >
+                                                                                    <CheckIcon
+                                                                                        className={cn(
+                                                                                            "mr-2 h-4 w-4",
+                                                                                            r.resourceId ===
+                                                                                                field.value
+                                                                                                ? "opacity-100"
+                                                                                                : "opacity-0"
+                                                                                        )}
+                                                                                    />
+                                                                                    {`${r.name}`}
+                                                                                </CommandItem>
+                                                                            )
+                                                                        )}
+                                                                    </CommandGroup>
+                                                                </CommandList>
+                                                            </Command>
+                                                        </PopoverContent>
+                                                    </Popover>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+
+                                        <FormField
+                                            control={form.control}
+                                            name="title"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t('shareTitleOptional')}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input {...field} />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+
+                                        <div className="space-y-4">
+                                            <div className="space-y-2">
+                                                <FormLabel>{t('expireIn')}</FormLabel>
+                                                <div className="grid grid-cols-2 gap-4">
+                                                    <FormField
+                                                        control={form.control}
+                                                        name="timeUnit"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <Select
+                                                                    onValueChange={
+                                                                        field.onChange
+                                                                    }
+                                                                    defaultValue={field.value.toString()}
+                                                                >
+                                                                    <FormControl>
+                                                                        <SelectTrigger className="w-full">
+                                                                            <SelectValue placeholder={t('selectDuration')} />
+                                                                        </SelectTrigger>
+                                                                    </FormControl>
+                                                                    <SelectContent>
+                                                                        {timeUnits.map(
+                                                                            (
+                                                                                option
+                                                                            ) => (
+                                                                                <SelectItem
+                                                                                    key={
+                                                                                        option.unit
+                                                                                    }
+                                                                                    value={
+                                                                                        option.unit
+                                                                                    }
+                                                                                >
+                                                                                    {
+                                                                                        option.name
+                                                                                    }
+                                                                                </SelectItem>
+                                                                            )
+                                                                        )}
+                                                                    </SelectContent>
+                                                                </Select>
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
+
+                                                    <FormField
+                                                        control={form.control}
+                                                        name="timeValue"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <FormControl>
+                                                                    <Input
+                                                                        type="number"
+                                                                        min={1}
+                                                                        {...field}
+                                                                    />
+                                                                </FormControl>
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
+                                                </div>
+                                            </div>
+
+                                            <div className="flex items-center space-x-2">
+                                                <Checkbox
+                                                    id="terms"
+                                                    checked={neverExpire}
+                                                    onCheckedChange={(val) =>
+                                                        setNeverExpire(
+                                                            val as boolean
+                                                        )
+                                                    }
+                                                />
+                                                <label
+                                                    htmlFor="terms"
+                                                    className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
+                                                >
+                                                    {t('neverExpire')}
+                                                </label>
+                                            </div>
+
+                                            <p className="text-sm text-muted-foreground">
+                                                {t('shareExpireDescription')}
+                                            </p>
+                                        </div>
+                                    </form>
+                                </Form>
+                            )}
+                            {link && (
+                                <div className="max-w-md space-y-4">
+                                    <p>
+                                        {t('shareSeeOnce')}
+                                    </p>
+                                    <p>
+                                        {t('shareAccessHint')}
+                                    </p>
+
+                                    <div className="h-[250px] w-full mx-auto flex items-center justify-center">
+                                        <QRCodeCanvas value={link} size={200} />
+                                    </div>
+
+                                    <Collapsible
+                                        open={isOpen}
+                                        onOpenChange={setIsOpen}
+                                        className="space-y-2"
+                                    >
+                                        <div className="mx-auto">
+                                            <CopyTextBox
+                                                text={link}
+                                                wrapText={false}
+                                            />
+                                        </div>
+                                        <div className="flex items-center justify-between space-x-4">
+                                            <CollapsibleTrigger asChild>
+                                                <Button
+                                                    variant="text"
+                                                    size="sm"
+                                                    className="p-0 flex items-center justify-between w-full"
+                                                >
+                                                    <h4 className="text-sm font-semibold">
+                                                        {t('shareTokenUsage')}
+                                                    </h4>
+                                                    <div>
+                                                        <ChevronsUpDown className="h-4 w-4" />
+                                                        <span className="sr-only">
+                                                            {t('toggle')}
+                                                        </span>
+                                                    </div>
+                                                </Button>
+                                            </CollapsibleTrigger>
+                                        </div>
+                                        <CollapsibleContent className="space-y-2">
+                                            {accessTokenId && accessToken && (
+                                                <div className="space-y-2">
+                                                    <div className="mx-auto">
+                                                        <AccessTokenSection
+                                                            tokenId={
+                                                                accessTokenId
+                                                            }
+                                                            token={accessToken}
+                                                            resourceUrl={form.getValues(
+                                                                "resourceUrl"
+                                                            )}
+                                                        />
+                                                    </div>
+                                                </div>
+                                            )}
+                                        </CollapsibleContent>
+                                    </Collapsible>
+                                </div>
+                            )}
+                        </div>
+                    </CredenzaBody>
+                    <CredenzaFooter>
+                        <CredenzaClose asChild>
+                            <Button variant="outline">{t('close')}</Button>
+                        </CredenzaClose>
+                        <Button
+                            type="button"
+                            onClick={form.handleSubmit(onSubmit)}
+                            loading={loading}
+                            disabled={link !== null || loading}
+                        >
+                            {t('createLink')}
+                        </Button>
+                    </CredenzaFooter>
+                </CredenzaContent>
+            </Credenza>
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/CustomDomainInput.tsx b/src/components/CustomDomainInput.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/[resourceId]/CustomDomainInput.tsx
rename to src/components/CustomDomainInput.tsx
diff --git a/src/app/auth/login/DashboardLoginForm.tsx b/src/components/DashboardLoginForm.tsx
similarity index 100%
rename from src/app/auth/login/DashboardLoginForm.tsx
rename to src/components/DashboardLoginForm.tsx
diff --git a/src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx b/src/components/DeleteRoleForm.tsx
similarity index 99%
rename from src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx
rename to src/components/DeleteRoleForm.tsx
index f3042f71..3516851b 100644
--- a/src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx
+++ b/src/components/DeleteRoleForm.tsx
@@ -34,7 +34,7 @@ import {
     SelectTrigger,
     SelectValue
 } from "@app/components/ui/select";
-import { RoleRow } from "./RolesTable";
+import { RoleRow } from "@app/components/RolesTable";
 import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
diff --git a/src/app/[orgId]/settings/domains/DomainsDataTable.tsx b/src/components/DomainsDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/domains/DomainsDataTable.tsx
rename to src/components/DomainsDataTable.tsx
diff --git a/src/app/[orgId]/settings/domains/DomainsTable.tsx b/src/components/DomainsTable.tsx
similarity index 98%
rename from src/app/[orgId]/settings/domains/DomainsTable.tsx
rename to src/components/DomainsTable.tsx
index 84bc8bc6..5bafe935 100644
--- a/src/app/[orgId]/settings/domains/DomainsTable.tsx
+++ b/src/components/DomainsTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { DomainsDataTable } from "./DomainsDataTable";
+import { DomainsDataTable } from "@app/components/DomainsDataTable";
 import { Button } from "@app/components/ui/button";
 import { ArrowUpDown } from "lucide-react";
 import { useState } from "react";
@@ -12,7 +12,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
 import { Badge } from "@app/components/ui/badge";
 import { useRouter } from "next/navigation";
 import { useTranslations } from "next-intl";
-import CreateDomainForm from "./CreateDomainForm";
+import CreateDomainForm from "@app/components/CreateDomainForm";
 import { useToast } from "@app/hooks/useToast";
 import { useOrgContext } from "@app/hooks/useOrgContext";
 
diff --git a/src/components/IdpCreateWizard.tsx b/src/components/IdpCreateWizard.tsx
new file mode 100644
index 00000000..beeeff1c
--- /dev/null
+++ b/src/components/IdpCreateWizard.tsx
@@ -0,0 +1,429 @@
+"use client";
+
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionBody,
+    SettingsSectionDescription,
+    SettingsSectionForm,
+    SettingsSectionGrid,
+    SettingsSectionHeader,
+    SettingsSectionTitle
+} from "@app/components/Settings";
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@app/components/ui/form";
+import { z } from "zod";
+import { useForm } from "react-hook-form";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { Input } from "@app/components/ui/input";
+import { Checkbox } from "@app/components/ui/checkbox";
+import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
+import { InfoIcon, ExternalLink } from "lucide-react";
+import { StrategySelect } from "@app/components/StrategySelect";
+import { SwitchInput } from "@app/components/SwitchInput";
+import { Badge } from "@app/components/ui/badge";
+import { useTranslations } from "next-intl";
+
+type CreateIdpFormValues = {
+    name: string;
+    type: "oidc";
+    clientId: string;
+    clientSecret: string;
+    authUrl: string;
+    tokenUrl: string;
+    identifierPath: string;
+    emailPath?: string;
+    namePath?: string;
+    scopes: string;
+    autoProvision: boolean;
+};
+
+type IdpCreateWizardProps = {
+    onSubmit: (data: CreateIdpFormValues) => void | Promise<void>;
+    defaultValues?: Partial<CreateIdpFormValues>;
+    loading?: boolean;
+};
+
+export function IdpCreateWizard({ onSubmit, defaultValues, loading = false }: IdpCreateWizardProps) {
+    const t = useTranslations();
+
+    const createIdpFormSchema = z.object({
+        name: z.string().min(2, { message: t('nameMin', {len: 2}) }),
+        type: z.enum(["oidc"]),
+        clientId: z.string().min(1, { message: t('idpClientIdRequired') }),
+        clientSecret: z.string().min(1, { message: t('idpClientSecretRequired') }),
+        authUrl: z.string().url({ message: t('idpErrorAuthUrlInvalid') }),
+        tokenUrl: z.string().url({ message: t('idpErrorTokenUrlInvalid') }),
+        identifierPath: z
+            .string()
+            .min(1, { message: t('idpPathRequired') }),
+        emailPath: z.string().optional(),
+        namePath: z.string().optional(),
+        scopes: z.string().min(1, { message: t('idpScopeRequired') }),
+        autoProvision: z.boolean().default(false)
+    });
+
+    interface ProviderTypeOption {
+        id: "oidc";
+        title: string;
+        description: string;
+    }
+
+    const providerTypes: ReadonlyArray<ProviderTypeOption> = [
+        {
+            id: "oidc",
+            title: "OAuth2/OIDC",
+            description: t('idpOidcDescription')
+        }
+    ];
+
+    const form = useForm<CreateIdpFormValues>({
+        resolver: zodResolver(createIdpFormSchema),
+        defaultValues: {
+            name: "",
+            type: "oidc",
+            clientId: "",
+            clientSecret: "",
+            authUrl: "",
+            tokenUrl: "",
+            identifierPath: "sub",
+            namePath: "name",
+            emailPath: "email",
+            scopes: "openid profile email",
+            autoProvision: false,
+            ...defaultValues
+        }
+    });
+
+    const handleSubmit = (data: CreateIdpFormValues) => {
+        onSubmit(data);
+    };
+
+    return (
+        <SettingsContainer>
+            <SettingsSection>
+                <SettingsSectionHeader>
+                    <SettingsSectionTitle>
+                        {t('idpTitle')}
+                    </SettingsSectionTitle>
+                    <SettingsSectionDescription>
+                        {t('idpCreateSettingsDescription')}
+                    </SettingsSectionDescription>
+                </SettingsSectionHeader>
+                <SettingsSectionBody>
+                    <SettingsSectionForm>
+                        <Form {...form}>
+                            <form
+                                className="space-y-4"
+                                id="create-idp-form"
+                                onSubmit={form.handleSubmit(handleSubmit)}
+                            >
+                                <FormField
+                                    control={form.control}
+                                    name="name"
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <FormLabel>{t('name')}</FormLabel>
+                                            <FormControl>
+                                                <Input {...field} disabled={loading} />
+                                            </FormControl>
+                                            <FormDescription>
+                                                {t('idpDisplayName')}
+                                            </FormDescription>
+                                            <FormMessage />
+                                        </FormItem>
+                                    )}
+                                />
+
+                                <div className="flex items-start mb-0">
+                                    <SwitchInput
+                                        id="auto-provision-toggle"
+                                        label={t('idpAutoProvisionUsers')}
+                                        defaultChecked={form.getValues(
+                                            "autoProvision"
+                                        )}
+                                        onCheckedChange={(checked) => {
+                                            form.setValue(
+                                                "autoProvision",
+                                                checked
+                                            );
+                                        }}
+                                        disabled={loading}
+                                    />
+                                </div>
+                                <span className="text-sm text-muted-foreground">
+                                    {t('idpAutoProvisionUsersDescription')}
+                                </span>
+                            </form>
+                        </Form>
+                    </SettingsSectionForm>
+                </SettingsSectionBody>
+            </SettingsSection>
+
+            <SettingsSection>
+                <SettingsSectionHeader>
+                    <SettingsSectionTitle>
+                        {t('idpType')}
+                    </SettingsSectionTitle>
+                    <SettingsSectionDescription>
+                        {t('idpTypeDescription')}
+                    </SettingsSectionDescription>
+                </SettingsSectionHeader>
+                <SettingsSectionBody>
+                    <StrategySelect
+                        options={providerTypes}
+                        defaultValue={form.getValues("type")}
+                        onChange={(value) => {
+                            form.setValue("type", value as "oidc");
+                        }}
+                        cols={3}
+                    />
+                </SettingsSectionBody>
+            </SettingsSection>
+
+            {form.watch("type") === "oidc" && (
+                <SettingsSectionGrid cols={2}>
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t('idpOidcConfigure')}
+                            </SettingsSectionTitle>
+                            <SettingsSectionDescription>
+                                {t('idpOidcConfigureDescription')}
+                            </SettingsSectionDescription>
+                        </SettingsSectionHeader>
+                        <SettingsSectionBody>
+                            <Form {...form}>
+                                <form
+                                    className="space-y-4"
+                                    id="create-idp-form"
+                                    onSubmit={form.handleSubmit(handleSubmit)}
+                                >
+                                    <FormField
+                                        control={form.control}
+                                        name="clientId"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpClientId')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} disabled={loading} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpClientIdDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    <FormField
+                                        control={form.control}
+                                        name="clientSecret"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpClientSecret')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        type="password"
+                                                        {...field}
+                                                        disabled={loading}
+                                                    />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpClientSecretDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    <FormField
+                                        control={form.control}
+                                        name="authUrl"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpAuthUrl')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        placeholder="https://your-idp.com/oauth2/authorize"
+                                                        {...field}
+                                                        disabled={loading}
+                                                    />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpAuthUrlDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    <FormField
+                                        control={form.control}
+                                        name="tokenUrl"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpTokenUrl')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        placeholder="https://your-idp.com/oauth2/token"
+                                                        {...field}
+                                                        disabled={loading}
+                                                    />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpTokenUrlDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+
+                            <Alert variant="neutral">
+                                <InfoIcon className="h-4 w-4" />
+                                <AlertTitle className="font-semibold">
+                                    {t('idpOidcConfigureAlert')}
+                                </AlertTitle>
+                                <AlertDescription>
+                                    {t('idpOidcConfigureAlertDescription')}
+                                </AlertDescription>
+                            </Alert>
+                        </SettingsSectionBody>
+                    </SettingsSection>
+
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t('idpToken')}
+                            </SettingsSectionTitle>
+                            <SettingsSectionDescription>
+                                {t('idpTokenDescription')}
+                            </SettingsSectionDescription>
+                        </SettingsSectionHeader>
+                        <SettingsSectionBody>
+                            <Form {...form}>
+                                <form
+                                    className="space-y-4"
+                                    id="create-idp-form"
+                                    onSubmit={form.handleSubmit(handleSubmit)}
+                                >
+                                    <Alert variant="neutral">
+                                        <InfoIcon className="h-4 w-4" />
+                                        <AlertTitle className="font-semibold">
+                                            {t('idpJmespathAbout')}
+                                        </AlertTitle>
+                                        <AlertDescription>
+                                            {t('idpJmespathAboutDescription')}{" "}
+                                            <a
+                                                href="https://jmespath.org"
+                                                target="_blank"
+                                                rel="noopener noreferrer"
+                                                className="text-primary hover:underline inline-flex items-center"
+                                            >
+                                                {t('idpJmespathAboutDescriptionLink')}{" "}
+                                                <ExternalLink className="ml-1 h-4 w-4" />
+                                            </a>
+                                        </AlertDescription>
+                                    </Alert>
+
+                                    <FormField
+                                        control={form.control}
+                                        name="identifierPath"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpJmespathLabel')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} disabled={loading} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpJmespathLabelDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    <FormField
+                                        control={form.control}
+                                        name="emailPath"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpJmespathEmailPathOptional')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} disabled={loading} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpJmespathEmailPathOptionalDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    <FormField
+                                        control={form.control}
+                                        name="namePath"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpJmespathNamePathOptional')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} disabled={loading} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpJmespathNamePathOptionalDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    <FormField
+                                        control={form.control}
+                                        name="scopes"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('idpOidcConfigureScopes')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} disabled={loading} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t('idpOidcConfigureScopesDescription')}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+                        </SettingsSectionBody>
+                    </SettingsSection>
+                </SettingsSectionGrid>
+            )}
+        </SettingsContainer>
+    );
+}
diff --git a/src/app/[orgId]/settings/access/invitations/InvitationsDataTable.tsx b/src/components/InvitationsDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/access/invitations/InvitationsDataTable.tsx
rename to src/components/InvitationsDataTable.tsx
diff --git a/src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx b/src/components/InvitationsTable.tsx
similarity index 97%
rename from src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx
rename to src/components/InvitationsTable.tsx
index dfb3d263..a97220f2 100644
--- a/src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx
+++ b/src/components/InvitationsTable.tsx
@@ -9,10 +9,10 @@ import {
 } from "@app/components/ui/dropdown-menu";
 import { Button } from "@app/components/ui/button";
 import { MoreHorizontal } from "lucide-react";
-import { InvitationsDataTable } from "./InvitationsDataTable";
+import { InvitationsDataTable } from "@app/components/InvitationsDataTable";
 import { useState } from "react";
 import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
-import RegenerateInvitationForm from "./RegenerateInvitationForm";
+import RegenerateInvitationForm from "@app/components/RegenerateInvitationForm";
 import { useOrgContext } from "@app/hooks/useOrgContext";
 import { toast } from "@app/hooks/useToast";
 import { createApiClient } from "@app/lib/api";
diff --git a/src/app/invite/InviteStatusCard.tsx b/src/components/InviteStatusCard.tsx
similarity index 100%
rename from src/app/invite/InviteStatusCard.tsx
rename to src/components/InviteStatusCard.tsx
diff --git a/src/app/[orgId]/MemberResourcesPortal.tsx b/src/components/MemberResourcesPortal.tsx
similarity index 100%
rename from src/app/[orgId]/MemberResourcesPortal.tsx
rename to src/components/MemberResourcesPortal.tsx
diff --git a/src/app/[orgId]/settings/api-keys/OrgApiKeysDataTable.tsx b/src/components/OrgApiKeysDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/api-keys/OrgApiKeysDataTable.tsx
rename to src/components/OrgApiKeysDataTable.tsx
diff --git a/src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx b/src/components/OrgApiKeysTable.tsx
similarity index 98%
rename from src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx
rename to src/components/OrgApiKeysTable.tsx
index b503241f..bfe8dfab 100644
--- a/src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx
+++ b/src/components/OrgApiKeysTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { ColumnDef } from "@tanstack/react-table";
-import { OrgApiKeysDataTable } from "./OrgApiKeysDataTable";
+import { OrgApiKeysDataTable } from "@app/components/OrgApiKeysDataTable";
 import {
     DropdownMenu,
     DropdownMenuContent,
diff --git a/src/app/[orgId]/OrganizationLandingCard.tsx b/src/components/OrganizationLandingCard.tsx
similarity index 100%
rename from src/app/[orgId]/OrganizationLandingCard.tsx
rename to src/components/OrganizationLandingCard.tsx
diff --git a/src/app/admin/idp/[idpId]/policies/PolicyDataTable.tsx b/src/components/PolicyDataTable.tsx
similarity index 100%
rename from src/app/admin/idp/[idpId]/policies/PolicyDataTable.tsx
rename to src/components/PolicyDataTable.tsx
diff --git a/src/app/admin/idp/[idpId]/policies/PolicyTable.tsx b/src/components/PolicyTable.tsx
similarity index 100%
rename from src/app/admin/idp/[idpId]/policies/PolicyTable.tsx
rename to src/components/PolicyTable.tsx
diff --git a/src/app/[orgId]/settings/access/invitations/RegenerateInvitationForm.tsx b/src/components/RegenerateInvitationForm.tsx
similarity index 100%
rename from src/app/[orgId]/settings/access/invitations/RegenerateInvitationForm.tsx
rename to src/components/RegenerateInvitationForm.tsx
diff --git a/src/components/ResetPasswordForm.tsx b/src/components/ResetPasswordForm.tsx
new file mode 100644
index 00000000..faafccf4
--- /dev/null
+++ b/src/components/ResetPasswordForm.tsx
@@ -0,0 +1,533 @@
+"use client";
+
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useForm } from "react-hook-form";
+import { z } from "zod";
+import { useState } from "react";
+import { Button } from "@/components/ui/button";
+import {
+    Card,
+    CardContent,
+    CardDescription,
+    CardHeader,
+    CardTitle
+} from "@/components/ui/card";
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+import {
+    InputOTP,
+    InputOTPGroup,
+    InputOTPSlot
+} from "@/components/ui/input-otp";
+import { AxiosResponse } from "axios";
+import {
+    RequestPasswordResetBody,
+    RequestPasswordResetResponse,
+    ResetPasswordBody,
+    ResetPasswordResponse
+} from "@server/routers/auth";
+import { Loader2 } from "lucide-react";
+import { Alert, AlertDescription } from "./ui/alert";
+import { toast } from "@app/hooks/useToast";
+import { useRouter } from "next/navigation";
+import { formatAxiosError } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { REGEXP_ONLY_DIGITS_AND_CHARS } from "input-otp";
+import { passwordSchema } from "@server/auth/passwordSchema";
+import { cleanRedirect } from "@app/lib/cleanRedirect";
+import { useTranslations } from "next-intl";
+
+const requestSchema = z.object({
+    email: z.string().email()
+});
+
+export type ResetPasswordFormProps = {
+    emailParam?: string;
+    tokenParam?: string;
+    redirect?: string;
+    quickstart?: boolean;
+};
+
+export default function ResetPasswordForm({
+    emailParam,
+    tokenParam,
+    redirect,
+    quickstart
+}: ResetPasswordFormProps) {
+    const router = useRouter();
+
+    const [error, setError] = useState<string | null>(null);
+    const [successMessage, setSuccessMessage] = useState<string | null>(null);
+    const [isSubmitting, setIsSubmitting] = useState(false);
+    const t = useTranslations();
+
+    function getState() {
+        if (emailParam && !tokenParam) {
+            return "request";
+        }
+
+        if (emailParam && tokenParam) {
+            return "reset";
+        }
+
+        return "request";
+    }
+
+    const [state, setState] = useState<"request" | "reset" | "mfa">(getState());
+
+    const api = createApiClient(useEnvContext());
+
+    const formSchema = z
+        .object({
+            email: z.string().email({ message: t('emailInvalid') }),
+            token: z.string().min(8, { message: t('tokenInvalid') }),
+            password: passwordSchema,
+            confirmPassword: passwordSchema
+        })
+        .refine((data) => data.password === data.confirmPassword, {
+            path: ["confirmPassword"],
+            message: t('passwordNotMatch')
+        });
+
+    const mfaSchema = z.object({
+        code: z.string().length(6, { message: t('pincodeInvalid') })
+    });
+
+    const form = useForm<z.infer<typeof formSchema>>({
+        resolver: zodResolver(formSchema),
+        defaultValues: {
+            email: emailParam || "",
+            token: tokenParam || "",
+            password: "",
+            confirmPassword: ""
+        }
+    });
+
+    const mfaForm = useForm<z.infer<typeof mfaSchema>>({
+        resolver: zodResolver(mfaSchema),
+        defaultValues: {
+            code: ""
+        }
+    });
+
+    const requestForm = useForm<z.infer<typeof requestSchema>>({
+        resolver: zodResolver(requestSchema),
+        defaultValues: {
+            email: emailParam || ""
+        }
+    });
+
+    async function onRequest(data: z.infer<typeof requestSchema>) {
+        const { email } = data;
+
+        setIsSubmitting(true);
+
+        const res = await api
+            .post<AxiosResponse<RequestPasswordResetResponse>>(
+                "/auth/reset-password/request",
+                {
+                    email
+                } as RequestPasswordResetBody
+            )
+            .catch((e) => {
+                setError(formatAxiosError(e, t('errorOccurred')));
+                console.error(t('passwordErrorRequestReset'), e);
+                setIsSubmitting(false);
+            });
+
+        if (res && res.data?.data) {
+            setError(null);
+            setState("reset");
+            setIsSubmitting(false);
+            form.setValue("email", email);
+        }
+    }
+
+    async function onReset(data: any) {
+        setIsSubmitting(true);
+
+        const { password, email, token } = form.getValues();
+        const { code } = mfaForm.getValues();
+
+        const res = await api
+            .post<AxiosResponse<ResetPasswordResponse>>(
+                "/auth/reset-password",
+                {
+                    email,
+                    token,
+                    newPassword: password,
+                    code
+                } as ResetPasswordBody
+            )
+            .catch((e) => {
+                setError(formatAxiosError(e, t('errorOccurred')));
+                console.error(t('passwordErrorReset'), e);
+                setIsSubmitting(false);
+            });
+
+        console.log(res);
+
+        if (res) {
+            setError(null);
+
+            if (res.data.data?.codeRequested) {
+                setState("mfa");
+                setIsSubmitting(false);
+                mfaForm.reset();
+                return;
+            }
+
+            setSuccessMessage(quickstart ? t('accountSetupSuccess') : t('passwordResetSuccess'));
+
+            // Auto-login after successful password reset
+            try {
+                const loginRes = await api.post("/auth/login", {
+                    email: form.getValues("email"),
+                    password: form.getValues("password")
+                });
+
+                if (loginRes.data.data?.codeRequested) {
+                    if (redirect) {
+                        router.push(`/auth/login?redirect=${redirect}`);
+                    } else {
+                        router.push("/auth/login");
+                    }
+                    return;
+                }
+
+                if (loginRes.data.data?.emailVerificationRequired) {
+                    try {
+                        await api.post("/auth/verify-email/request");
+                    } catch (verificationError) {
+                        console.error("Failed to send verification code:", verificationError);
+                    }
+
+                    if (redirect) {
+                        router.push(`/auth/verify-email?redirect=${redirect}`);
+                    } else {
+                        router.push("/auth/verify-email");
+                    }
+                    return;
+                }
+
+                // Login successful, redirect
+                setTimeout(() => {
+                    if (redirect) {
+                        const safe = cleanRedirect(redirect);
+                        router.push(safe);
+                    } else {
+                        router.push("/");
+                    }
+                    setIsSubmitting(false);
+                }, 1500);
+
+            } catch (loginError) {
+                // Auto-login failed, but password reset was successful
+                console.error("Auto-login failed:", loginError);
+                setTimeout(() => {
+                    if (redirect) {
+                        const safe = cleanRedirect(redirect);
+                        router.push(safe);
+                    } else {
+                        router.push("/login");
+                    }
+                    setIsSubmitting(false);
+                }, 1500);
+            }
+        }
+    }
+
+    return (
+        <div>
+            <Card className="w-full max-w-md">
+                <CardHeader>
+                    <CardTitle>
+                        {quickstart ? t('completeAccountSetup') : t('passwordReset')}
+                    </CardTitle>
+                    <CardDescription>
+                        {quickstart
+                            ? t('completeAccountSetupDescription')
+                            : t('passwordResetDescription')
+                        }
+                    </CardDescription>
+                </CardHeader>
+                <CardContent>
+                    <div className="space-y-4">
+                        {state === "request" && (
+                            <Form {...requestForm}>
+                                <form
+                                    onSubmit={requestForm.handleSubmit(
+                                        onRequest
+                                    )}
+                                    className="space-y-4"
+                                    id="form"
+                                >
+                                    <FormField
+                                        control={requestForm.control}
+                                        name="email"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>{t('email')}</FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} />
+                                                </FormControl>
+                                                <FormMessage />
+                                                <FormDescription>
+                                                    {quickstart
+                                                        ? t('accountSetupSent')
+                                                        : t('passwordResetSent')
+                                                    }
+                                                </FormDescription>
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+                        )}
+
+                        {state === "reset" && (
+                            <Form {...form}>
+                                <form
+                                    onSubmit={form.handleSubmit(onReset)}
+                                    className="space-y-4"
+                                    id="form"
+                                >
+                                    <FormField
+                                        control={form.control}
+                                        name="email"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>{t('email')}</FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        {...field}
+                                                        disabled
+                                                    />
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+
+                                    {!tokenParam && (
+                                        <FormField
+                                            control={form.control}
+                                            name="token"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {quickstart
+                                                            ? t('accountSetupCode')
+                                                            : t('passwordResetCode')
+                                                        }
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            type="password"
+                                                            {...field}
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                    <FormDescription>
+                                                        {quickstart
+                                                            ? t('accountSetupCodeDescription')
+                                                            : t('passwordResetCodeDescription')
+                                                        }
+                                                    </FormDescription>
+                                                </FormItem>
+                                            )}
+                                        />
+                                    )}
+
+                                    <FormField
+                                        control={form.control}
+                                        name="password"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {quickstart
+                                                        ? t('passwordCreate')
+                                                        : t('passwordNew')
+                                                    }
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        type="password"
+                                                        {...field}
+                                                    />
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                    <FormField
+                                        control={form.control}
+                                        name="confirmPassword"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {quickstart
+                                                        ? t('passwordCreateConfirm')
+                                                        : t('passwordNewConfirm')
+                                                    }
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        type="password"
+                                                        {...field}
+                                                    />
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+                        )}
+
+                        {state === "mfa" && (
+                            <Form {...mfaForm}>
+                                <form
+                                    onSubmit={mfaForm.handleSubmit(onReset)}
+                                    className="space-y-4"
+                                    id="form"
+                                >
+                                    <FormField
+                                        control={mfaForm.control}
+                                        name="code"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t('pincodeAuth')}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <div className="flex justify-center">
+                                                        <InputOTP
+                                                            maxLength={6}
+                                                            {...field}
+                                                            pattern={
+                                                                REGEXP_ONLY_DIGITS_AND_CHARS
+                                                            }
+                                                        >
+                                                            <InputOTPGroup>
+                                                                <InputOTPSlot
+                                                                    index={0}
+                                                                />
+                                                                <InputOTPSlot
+                                                                    index={1}
+                                                                />
+                                                                <InputOTPSlot
+                                                                    index={2}
+                                                                />
+                                                                <InputOTPSlot
+                                                                    index={3}
+                                                                />
+                                                                <InputOTPSlot
+                                                                    index={4}
+                                                                />
+                                                                <InputOTPSlot
+                                                                    index={5}
+                                                                />
+                                                            </InputOTPGroup>
+                                                        </InputOTP>
+                                                    </div>
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+                        )}
+
+                        {error && (
+                            <Alert variant="destructive">
+                                <AlertDescription>{error}</AlertDescription>
+                            </Alert>
+                        )}
+
+                        {successMessage && (
+                            <Alert variant="success">
+                                <AlertDescription>
+                                    {successMessage}
+                                </AlertDescription>
+                            </Alert>
+                        )}
+
+                        <div className="space-y-4">
+                            {(state === "reset" || state === "mfa") && (
+                                <Button
+                                    type="submit"
+                                    form="form"
+                                    className="w-full"
+                                    disabled={isSubmitting}
+                                >
+                                    {isSubmitting && (
+                                        <Loader2 className="mr-2 h-4 w-4 animate-spin" />
+                                    )}
+                                    {state === "reset"
+                                        ? (quickstart ? t('completeSetup') : t('passwordReset'))
+                                        : t('pincodeSubmit2')}
+                                </Button>
+                            )}
+
+                            {state === "request" && (
+                                <Button
+                                    type="submit"
+                                    form="form"
+                                    className="w-full"
+                                    disabled={isSubmitting}
+                                >
+                                    {isSubmitting && (
+                                        <Loader2 className="mr-2 h-4 w-4 animate-spin" />
+                                    )}
+                                    {quickstart
+                                        ? t('accountSetupSubmit')
+                                        : t('passwordResetSubmit')
+                                    }
+                                </Button>
+                            )}
+
+                            {state === "mfa" && (
+                                <Button
+                                    type="button"
+                                    className="w-full"
+                                    variant="outline"
+                                    onClick={() => {
+                                        setState("reset");
+                                        mfaForm.reset();
+                                    }}
+                                >
+                                    {t('passwordBack')}
+                                </Button>
+                            )}
+
+                            {(state === "mfa" || state === "reset") && (
+                                <Button
+                                    type="button"
+                                    className="w-full"
+                                    variant="outline"
+                                    onClick={() => {
+                                        setState("request");
+                                        form.reset();
+                                    }}
+                                >
+                                    {t('backToEmail')}
+                                </Button>
+                            )}
+                        </div>
+                    </div>
+                </CardContent>
+            </Card>
+        </div>
+    );
+}
diff --git a/src/app/auth/resource/[resourceId]/ResourceAccessDenied.tsx b/src/components/ResourceAccessDenied.tsx
similarity index 100%
rename from src/app/auth/resource/[resourceId]/ResourceAccessDenied.tsx
rename to src/components/ResourceAccessDenied.tsx
diff --git a/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx b/src/components/ResourceAuthPortal.tsx
similarity index 99%
rename from src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
rename to src/components/ResourceAuthPortal.tsx
index 6f14f915..1ab131e3 100644
--- a/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
+++ b/src/components/ResourceAuthPortal.tsx
@@ -38,7 +38,7 @@ import {
     AuthWithPasswordResponse,
     AuthWithWhitelistResponse
 } from "@server/routers/resource";
-import ResourceAccessDenied from "./ResourceAccessDenied";
+import ResourceAccessDenied from "@app/components/ResourceAccessDenied";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx
rename to src/components/ResourceInfoBox.tsx
diff --git a/src/app/auth/resource/[resourceId]/ResourceNotFound.tsx b/src/components/ResourceNotFound.tsx
similarity index 100%
rename from src/app/auth/resource/[resourceId]/ResourceNotFound.tsx
rename to src/components/ResourceNotFound.tsx
diff --git a/src/app/[orgId]/settings/resources/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/ResourcesTable.tsx
rename to src/components/ResourcesTable.tsx
diff --git a/src/app/[orgId]/settings/access/roles/RolesDataTable.tsx b/src/components/RolesDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/access/roles/RolesDataTable.tsx
rename to src/components/RolesDataTable.tsx
diff --git a/src/app/[orgId]/settings/access/roles/RolesTable.tsx b/src/components/RolesTable.tsx
similarity index 95%
rename from src/app/[orgId]/settings/access/roles/RolesTable.tsx
rename to src/components/RolesTable.tsx
index 40260fb7..e92e71b6 100644
--- a/src/app/[orgId]/settings/access/roles/RolesTable.tsx
+++ b/src/components/RolesTable.tsx
@@ -13,10 +13,10 @@ import { useState } from "react";
 import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { useOrgContext } from "@app/hooks/useOrgContext";
 import { toast } from "@app/hooks/useToast";
-import { RolesDataTable } from "./RolesDataTable";
+import { RolesDataTable } from "@app/components/RolesDataTable";
 import { Role } from "@server/db";
-import CreateRoleForm from "./CreateRoleForm";
-import DeleteRoleForm from "./DeleteRoleForm";
+import CreateRoleForm from "@app/components/CreateRoleForm";
+import DeleteRoleForm from "@app/components/DeleteRoleForm";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useTranslations } from "next-intl";
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/authentication/SetResourcePasswordForm.tsx b/src/components/SetResourcePasswordForm.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/[resourceId]/authentication/SetResourcePasswordForm.tsx
rename to src/components/SetResourcePasswordForm.tsx
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/authentication/SetResourcePincodeForm.tsx b/src/components/SetResourcePincodeForm.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/[resourceId]/authentication/SetResourcePincodeForm.tsx
rename to src/components/SetResourcePincodeForm.tsx
diff --git a/src/app/[orgId]/settings/share-links/ShareLinksDataTable.tsx b/src/components/ShareLinksDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/share-links/ShareLinksDataTable.tsx
rename to src/components/ShareLinksDataTable.tsx
diff --git a/src/app/[orgId]/settings/share-links/ShareLinksSplash.tsx b/src/components/ShareLinksSplash.tsx
similarity index 100%
rename from src/app/[orgId]/settings/share-links/ShareLinksSplash.tsx
rename to src/components/ShareLinksSplash.tsx
diff --git a/src/components/ShareLinksTable.tsx b/src/components/ShareLinksTable.tsx
new file mode 100644
index 00000000..2943311f
--- /dev/null
+++ b/src/components/ShareLinksTable.tsx
@@ -0,0 +1,298 @@
+"use client";
+
+import { ColumnDef } from "@tanstack/react-table";
+import { ShareLinksDataTable } from "@app/components/ShareLinksDataTable";
+import {
+    DropdownMenu,
+    DropdownMenuContent,
+    DropdownMenuItem,
+    DropdownMenuTrigger
+} from "@app/components/ui/dropdown-menu";
+import { Button } from "@app/components/ui/button";
+import {
+    Copy,
+    ArrowRight,
+    ArrowUpDown,
+    MoreHorizontal,
+    Check,
+    ArrowUpRight,
+    ShieldOff,
+    ShieldCheck
+} from "lucide-react";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+// import CreateResourceForm from "./CreateResourceForm";
+import { useState } from "react";
+import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
+import { formatAxiosError } from "@app/lib/api";
+import { toast } from "@app/hooks/useToast";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { ArrayElement } from "@server/types/ArrayElement";
+import { ListAccessTokensResponse } from "@server/routers/accessToken";
+import moment from "moment";
+import CreateShareLinkForm from "@app/components/CreateShareLinkForm";
+import { constructShareLink } from "@app/lib/shareLinks";
+import { useTranslations } from "next-intl";
+
+export type ShareLinkRow = {
+    accessTokenId: string;
+    resourceId: number;
+    resourceName: string;
+    title: string | null;
+    createdAt: number;
+    expiresAt: number | null;
+};
+
+type ShareLinksTableProps = {
+    shareLinks: ShareLinkRow[];
+    orgId: string;
+};
+
+export default function ShareLinksTable({
+    shareLinks,
+    orgId
+}: ShareLinksTableProps) {
+    const router = useRouter();
+    const t = useTranslations();
+
+    const api = createApiClient(useEnvContext());
+
+    const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
+    const [rows, setRows] = useState<ShareLinkRow[]>(shareLinks);
+
+    function formatLink(link: string) {
+        return link.substring(0, 20) + "..." + link.substring(link.length - 20);
+    }
+
+    async function deleteSharelink(id: string) {
+        await api.delete(`/access-token/${id}`).catch((e) => {
+            toast({
+                title: t("shareErrorDelete"),
+                description: formatAxiosError(e, t("shareErrorDeleteMessage"))
+            });
+        });
+
+        const newRows = rows.filter((r) => r.accessTokenId !== id);
+        setRows(newRows);
+
+        toast({
+            title: t("shareDeleted"),
+            description: t("shareDeletedDescription")
+        });
+    }
+
+    const columns: ColumnDef<ShareLinkRow>[] = [
+        {
+            accessorKey: "resourceName",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("resource")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const r = row.original;
+                return (
+                    <Link href={`/${orgId}/settings/resources/${r.resourceId}`}>
+                        <Button variant="outline" size="sm">
+                            {r.resourceName}
+                            <ArrowUpRight className="ml-2 h-4 w-4" />
+                        </Button>
+                    </Link>
+                );
+            }
+        },
+        {
+            accessorKey: "title",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("title")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        // {
+        //     accessorKey: "domain",
+        //     header: "Link",
+        //     cell: ({ row }) => {
+        //         const r = row.original;
+        //
+        //         const link = constructShareLink(
+        //             r.resourceId,
+        //             r.accessTokenId,
+        //             r.tokenHash
+        //         );
+        //
+        //         return (
+        //             <div className="flex items-center">
+        //                 <Link
+        //                     href={link}
+        //                     target="_blank"
+        //                     rel="noopener noreferrer"
+        //                     className="hover:underline mr-2"
+        //                 >
+        //                     {formatLink(link)}
+        //                 </Link>
+        //                 <Button
+        //                     variant="ghost"
+        //                     className="h-6 w-6 p-0"
+        //                     onClick={() => {
+        //                         navigator.clipboard.writeText(link);
+        //                         const originalIcon = document.querySelector(
+        //                             `#icon-${r.accessTokenId}`
+        //                         );
+        //                         if (originalIcon) {
+        //                             originalIcon.classList.add("hidden");
+        //                         }
+        //                         const checkIcon = document.querySelector(
+        //                             `#check-icon-${r.accessTokenId}`
+        //                         );
+        //                         if (checkIcon) {
+        //                             checkIcon.classList.remove("hidden");
+        //                             setTimeout(() => {
+        //                                 checkIcon.classList.add("hidden");
+        //                                 if (originalIcon) {
+        //                                     originalIcon.classList.remove(
+        //                                         "hidden"
+        //                                     );
+        //                                 }
+        //                             }, 2000);
+        //                         }
+        //                     }}
+        //                 >
+        //                     <Copy
+        //                         id={`icon-${r.accessTokenId}`}
+        //                         className="h-4 w-4"
+        //                     />
+        //                     <Check
+        //                         id={`check-icon-${r.accessTokenId}`}
+        //                         className="hidden text-green-500 h-4 w-4"
+        //                     />
+        //                     <span className="sr-only">Copy link</span>
+        //                 </Button>
+        //             </div>
+        //         );
+        //     }
+        // },
+        {
+            accessorKey: "createdAt",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("created")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const r = row.original;
+                return moment(r.createdAt).format("lll");
+            }
+        },
+        {
+            accessorKey: "expiresAt",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("expires")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const r = row.original;
+                if (r.expiresAt) {
+                    return moment(r.expiresAt).format("lll");
+                }
+                return t("never");
+            }
+        },
+        {
+            id: "delete",
+            cell: ({ row }) => {
+                const resourceRow = row.original;
+                return (
+                    <div className="flex items-center justify-end space-x-2">
+                        {/* <DropdownMenu> */}
+                        {/*     <DropdownMenuTrigger asChild> */}
+                        {/*         <Button variant="ghost" className="h-8 w-8 p-0"> */}
+                        {/*             <span className="sr-only"> */}
+                        {/*                 {t("openMenu")} */}
+                        {/*             </span> */}
+                        {/*             <MoreHorizontal className="h-4 w-4" /> */}
+                        {/*         </Button> */}
+                        {/*     </DropdownMenuTrigger> */}
+                        {/*     <DropdownMenuContent align="end"> */}
+                        {/*         <DropdownMenuItem */}
+                        {/*             onClick={() => { */}
+                        {/*                 deleteSharelink( */}
+                        {/*                     resourceRow.accessTokenId */}
+                        {/*                 ); */}
+                        {/*             }} */}
+                        {/*         > */}
+                        {/*             <button className="text-red-500"> */}
+                        {/*                 {t("delete")} */}
+                        {/*             </button> */}
+                        {/*         </DropdownMenuItem> */}
+                        {/*     </DropdownMenuContent> */}
+                        {/* </DropdownMenu> */}
+                        <Button
+                            variant="secondary"
+                            size="sm"
+                            onClick={() =>
+                                deleteSharelink(row.original.accessTokenId)
+                            }
+                        >
+                            {t("delete")}
+                        </Button>
+                    </div>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            <CreateShareLinkForm
+                open={isCreateModalOpen}
+                setOpen={setIsCreateModalOpen}
+                onCreated={(val) => {
+                    setRows([val, ...rows]);
+                }}
+            />
+
+            <ShareLinksDataTable
+                columns={columns}
+                data={rows}
+                createShareLink={() => {
+                    setIsCreateModalOpen(true);
+                }}
+            />
+        </>
+    );
+}
diff --git a/src/app/auth/signup/SignupForm.tsx b/src/components/SignupForm.tsx
similarity index 100%
rename from src/app/auth/signup/SignupForm.tsx
rename to src/components/SignupForm.tsx
diff --git a/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx b/src/components/SiteInfoCard.tsx
similarity index 100%
rename from src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx
rename to src/components/SiteInfoCard.tsx
diff --git a/src/app/[orgId]/settings/sites/SitesDataTable.tsx b/src/components/SitesDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/sites/SitesDataTable.tsx
rename to src/components/SitesDataTable.tsx
diff --git a/src/app/[orgId]/settings/sites/SitesSplashCard.tsx b/src/components/SitesSplashCard.tsx
similarity index 100%
rename from src/app/[orgId]/settings/sites/SitesSplashCard.tsx
rename to src/components/SitesSplashCard.tsx
diff --git a/src/app/[orgId]/settings/sites/SitesTable.tsx b/src/components/SitesTable.tsx
similarity index 99%
rename from src/app/[orgId]/settings/sites/SitesTable.tsx
rename to src/components/SitesTable.tsx
index 8387ab7c..f9ac8c0d 100644
--- a/src/app/[orgId]/settings/sites/SitesTable.tsx
+++ b/src/components/SitesTable.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { Column, ColumnDef } from "@tanstack/react-table";
-import { SitesDataTable } from "./SitesDataTable";
+import { SitesDataTable } from "@app/components/SitesDataTable";
 import {
     DropdownMenu,
     DropdownMenuContent,
diff --git a/src/app/[orgId]/settings/access/users/UsersDataTable.tsx b/src/components/UsersDataTable.tsx
similarity index 100%
rename from src/app/[orgId]/settings/access/users/UsersDataTable.tsx
rename to src/components/UsersDataTable.tsx
diff --git a/src/app/[orgId]/settings/access/users/UsersTable.tsx b/src/components/UsersTable.tsx
similarity index 99%
rename from src/app/[orgId]/settings/access/users/UsersTable.tsx
rename to src/components/UsersTable.tsx
index 61567e15..7a93f1ef 100644
--- a/src/app/[orgId]/settings/access/users/UsersTable.tsx
+++ b/src/components/UsersTable.tsx
@@ -9,7 +9,7 @@ import {
 } from "@app/components/ui/dropdown-menu";
 import { Button } from "@app/components/ui/button";
 import { ArrowRight, ArrowUpDown, Crown, MoreHorizontal } from "lucide-react";
-import { UsersDataTable } from "./UsersDataTable";
+import { UsersDataTable } from "@app/components/UsersDataTable";
 import { useState } from "react";
 import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { useOrgContext } from "@app/hooks/useOrgContext";
diff --git a/src/app/auth/idp/[idpId]/oidc/callback/ValidateOidcToken.tsx b/src/components/ValidateOidcToken.tsx
similarity index 100%
rename from src/app/auth/idp/[idpId]/oidc/callback/ValidateOidcToken.tsx
rename to src/components/ValidateOidcToken.tsx
diff --git a/src/app/auth/verify-email/VerifyEmailForm.tsx b/src/components/VerifyEmailForm.tsx
similarity index 99%
rename from src/app/auth/verify-email/VerifyEmailForm.tsx
rename to src/components/VerifyEmailForm.tsx
index e9761eef..9cf48a2f 100644
--- a/src/app/auth/verify-email/VerifyEmailForm.tsx
+++ b/src/components/VerifyEmailForm.tsx
@@ -30,7 +30,7 @@ import {
 import { AxiosResponse } from "axios";
 import { VerifyEmailResponse } from "@server/routers/auth";
 import { ArrowRight, IdCard, Loader2 } from "lucide-react";
-import { Alert, AlertDescription } from "../../../components/ui/alert";
+import { Alert, AlertDescription } from "./ui/alert";
 import { toast } from "@app/hooks/useToast";
 import { useRouter } from "next/navigation";
 import { formatAxiosError } from "@app/lib/api";

From e8585f2a66ddaa753c117f50137a9b632b894d50 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 11:27:06 -0700
Subject: [PATCH 004/166] remove special char domain placeholders

---
 messages/bg-BG.json                 | 2 +-
 messages/cs-CZ.json                 | 2 +-
 messages/de-DE.json                 | 2 +-
 messages/en-US.json                 | 2 +-
 messages/es-ES.json                 | 2 +-
 messages/fr-FR.json                 | 2 +-
 messages/it-IT.json                 | 2 +-
 messages/ko-KR.json                 | 2 +-
 messages/pl-PL.json                 | 2 +-
 messages/ru-RU.json                 | 2 +-
 messages/tr-TR.json                 | 2 +-
 src/components/CreateDomainForm.tsx | 4 ++--
 12 files changed, 13 insertions(+), 13 deletions(-)

diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index d17c99f3..a388c4d9 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Update Available",
     "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
     "domainPickerEnterDomain": "Domain",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Enter the full domain of the resource to see available options.",
     "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
     "domainPickerTabAll": "All",
diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index 727d9a5e..eae522ee 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Update Available",
     "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
     "domainPickerEnterDomain": "Domain",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Enter the full domain of the resource to see available options.",
     "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
     "domainPickerTabAll": "All",
diff --git a/messages/de-DE.json b/messages/de-DE.json
index 54d14c8d..e97ca32d 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Update verfügbar",
     "newtUpdateAvailableInfo": "Eine neue Version von Newt ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für das beste Erlebnis.",
     "domainPickerEnterDomain": "Domain",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, oder einfach myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Geben Sie die vollständige Domäne der Ressource ein, um verfügbare Optionen zu sehen.",
     "domainPickerDescriptionSaas": "Geben Sie eine vollständige Domäne, Subdomäne oder einfach einen Namen ein, um verfügbare Optionen zu sehen",
     "domainPickerTabAll": "Alle",
diff --git a/messages/en-US.json b/messages/en-US.json
index d238f73c..90426d84 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Update Available",
     "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
     "domainPickerEnterDomain": "Domain",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Enter the full domain of the resource to see available options.",
     "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
     "domainPickerTabAll": "All",
diff --git a/messages/es-ES.json b/messages/es-ES.json
index fe8c52d1..a4fb0646 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Nueva actualización disponible",
     "newtUpdateAvailableInfo": "Hay una nueva versión de Newt disponible. Actualice a la última versión para la mejor experiencia.",
     "domainPickerEnterDomain": "Dominio",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.miDominio.com, o solo myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Ingresa el dominio completo del recurso para ver las opciones disponibles.",
     "domainPickerDescriptionSaas": "Ingresa un dominio completo, subdominio o simplemente un nombre para ver las opciones disponibles",
     "domainPickerTabAll": "Todo",
diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 7f51a9c8..a7d4a74f 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Mise à jour disponible",
     "newtUpdateAvailableInfo": "Une nouvelle version de Newt est disponible. Veuillez mettre à jour vers la dernière version pour une meilleure expérience.",
     "domainPickerEnterDomain": "Domaine",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, ou simplement myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Entrez le domaine complet de la ressource pour voir les options disponibles.",
     "domainPickerDescriptionSaas": "Entrez un domaine complet, un sous-domaine ou juste un nom pour voir les options disponibles",
     "domainPickerTabAll": "Tous",
diff --git a/messages/it-IT.json b/messages/it-IT.json
index 9b935609..489a5bcd 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Aggiornamento Disponibile",
     "newtUpdateAvailableInfo": "È disponibile una nuova versione di Newt. Si prega di aggiornare all'ultima versione per la migliore esperienza.",
     "domainPickerEnterDomain": "Dominio",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, o semplicemente myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Inserisci il dominio completo della risorsa per vedere le opzioni disponibili.",
     "domainPickerDescriptionSaas": "Inserisci un dominio completo, un sottodominio o semplicemente un nome per vedere le opzioni disponibili",
     "domainPickerTabAll": "Tutti",
diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index 2b9e7b1c..616456da 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "업데이트 가능",
     "newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
     "domainPickerEnterDomain": "도메인",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, 또는 그냥 myapp",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com",
     "domainPickerDescription": "리소스의 전체 도메인을 입력하여 사용 가능한 옵션을 확인하십시오.",
     "domainPickerDescriptionSaas": "전체 도메인, 서브도메인 또는 이름을 입력하여 사용 가능한 옵션을 확인하십시오.",
     "domainPickerTabAll": "모두",
diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index 1aee50f2..5a8a1437 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Dostępna aktualizacja",
     "newtUpdateAvailableInfo": "Nowa wersja Newt jest dostępna. Prosimy o aktualizację do najnowszej wersji dla najlepszej pracy.",
     "domainPickerEnterDomain": "Domena",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com lub po prostu myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Wpisz pełną domenę zasobu, aby zobaczyć dostępne opcje.",
     "domainPickerDescriptionSaas": "Wprowadź pełną domenę, subdomenę lub po prostu nazwę, aby zobaczyć dostępne opcje",
     "domainPickerTabAll": "Wszystko",
diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index ffcbe8dc..284f4e63 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Доступно обновление",
     "newtUpdateAvailableInfo": "Доступна новая версия Newt. Пожалуйста, обновитесь до последней версии для лучшего опыта.",
     "domainPickerEnterDomain": "Домен",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, или просто myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Введите полный домен ресурса, чтобы увидеть доступные опции.",
     "domainPickerDescriptionSaas": "Введите полный домен, поддомен или просто имя, чтобы увидеть доступные опции",
     "domainPickerTabAll": "Все",
diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index 2253dab2..16ed968d 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Güncelleme Mevcut",
     "newtUpdateAvailableInfo": "Newt'in yeni bir versiyonu mevcut. En iyi deneyim için lütfen en son sürüme güncelleyin.",
     "domainPickerEnterDomain": "Domain",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com veya sadece myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Mevcut seçenekleri görmek için kaynağın tam etki alanını girin.",
     "domainPickerDescriptionSaas": "Mevcut seçenekleri görmek için tam etki alanı, alt etki alanı veya sadece bir isim girin",
     "domainPickerTabAll": "Tümü",
diff --git a/src/components/CreateDomainForm.tsx b/src/components/CreateDomainForm.tsx
index e609a8ac..77fdea9c 100644
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -238,7 +238,7 @@ export default function CreateDomainForm({
                                             <FormLabel>{t("domain")}</FormLabel>
                                             <FormControl>
                                                 <Input
-                                                    placeholder="example.com, café.com, 日本.com"
+                                                    placeholder="example.com"
                                                     {...field}
                                                 />
                                             </FormControl>
@@ -604,4 +604,4 @@ export default function CreateDomainForm({
             </CredenzaContent>
         </Credenza>
     );
-}
\ No newline at end of file
+}

From eba7f55a6280ccf8cc85fa6068bc6edc2f4e7965 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 15:15:10 -0700
Subject: [PATCH 005/166] fix delete idp user

---
 src/components/UsersTable.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/UsersTable.tsx b/src/components/UsersTable.tsx
index 7a93f1ef..a5526303 100644
--- a/src/components/UsersTable.tsx
+++ b/src/components/UsersTable.tsx
@@ -146,7 +146,7 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                                                     </DropdownMenuItem>
                                                 </Link>
                                                 {`${userRow.username}-${userRow.idpId}` !==
-                                                    `${user?.username}-${userRow.idpId}` && (
+                                                    `${user?.username}-${user?.idpId}` && (
                                                     <DropdownMenuItem
                                                         onClick={() => {
                                                             setIsDeleteModalOpen(

From 52b465b2890b890f664d7db40edf57857c298453 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 4 Sep 2025 14:00:25 -0700
Subject: [PATCH 006/166] Fix typo in response

---
 server/routers/site/pickSiteDefaults.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts
index 2e705c56..58d44744 100644
--- a/server/routers/site/pickSiteDefaults.ts
+++ b/server/routers/site/pickSiteDefaults.ts
@@ -139,7 +139,7 @@ export async function pickSiteDefaults(
             },
             success: true,
             error: false,
-            message: "Organization retrieved successfully",
+            message: "Site defaults chosen successfully",
             status: HttpCode.OK
         });
     } catch (error) {

From 16cbe9bb69fb6c1b4e08d210bdc2f32449c364b1 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 4 Sep 2025 14:00:57 -0700
Subject: [PATCH 007/166] Add transaction type

---
 server/db/pg/driver.ts     | 1 +
 server/db/sqlite/driver.ts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/server/db/pg/driver.ts b/server/db/pg/driver.ts
index 9625867d..c7c292f0 100644
--- a/server/db/pg/driver.ts
+++ b/server/db/pg/driver.ts
@@ -50,3 +50,4 @@ function createDb() {
 
 export const db = createDb();
 export default db;
+export type Transaction = Parameters<Parameters<typeof db["transaction"]>[0]>[0];
\ No newline at end of file
diff --git a/server/db/sqlite/driver.ts b/server/db/sqlite/driver.ts
index 124bd885..6369c268 100644
--- a/server/db/sqlite/driver.ts
+++ b/server/db/sqlite/driver.ts
@@ -18,6 +18,7 @@ function createDb() {
 
 export const db = createDb();
 export default db;
+export type Transaction = Parameters<Parameters<typeof db["transaction"]>[0]>[0];
 
 function checkFileExists(filePath: string): boolean {
     try {

From c1ba993ac844a9fb6946cca88282ab12de6f0a81 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 15:23:51 -0700
Subject: [PATCH 008/166] scope user id check to idp in create idp user

---
 server/routers/user/createOrgUser.ts | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/server/routers/user/createOrgUser.ts b/server/routers/user/createOrgUser.ts
index 4419772a..5193e8fa 100644
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -141,7 +141,12 @@ export async function createOrgUser(
                 const [existingUser] = await trx
                     .select()
                     .from(users)
-                    .where(eq(users.username, username));
+                    .where(
+                        and(
+                            eq(users.username, username),
+                            eq(users.idpId, idpId)
+                        )
+                    );
 
                 if (existingUser) {
                     const [existingOrgUser] = await trx

From be2c91415a44c40483f1f09ccc0e0ffc02833c53 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 17:45:54 -0700
Subject: [PATCH 009/166] add oidc variant

---
 server/db/pg/schema.ts     | 1 +
 server/db/sqlite/schema.ts | 1 +
 2 files changed, 2 insertions(+)

diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index 624b4a61..cf2deb24 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -459,6 +459,7 @@ export const idpOidcConfig = pgTable("idpOidcConfig", {
     idpId: integer("idpId")
         .notNull()
         .references(() => idp.idpId, { onDelete: "cascade" }),
+    variant: varchar("variant").notNull().default("generic"),
     clientId: varchar("clientId").notNull(),
     clientSecret: varchar("clientSecret").notNull(),
     authUrl: varchar("authUrl").notNull(),
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 971c1841..d29c36b2 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -595,6 +595,7 @@ export const idpOidcConfig = sqliteTable("idpOidcConfig", {
     idpOauthConfigId: integer("idpOauthConfigId").primaryKey({
         autoIncrement: true
     }),
+    variant: text("variant").notNull().default("generic"),
     idpId: integer("idpId")
         .notNull()
         .references(() => idp.idpId, { onDelete: "cascade" }),

From adc57375f2ad3fc5f36fbc259ec1248a32253ae2 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 4 Sep 2025 17:59:59 -0700
Subject: [PATCH 010/166] Pass in db to pickPort

---
 server/routers/target/createTarget.ts | 2 +-
 server/routers/target/helpers.ts      | 6 +++---
 server/routers/target/updateTarget.ts | 2 +-
 3 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/routers/target/createTarget.ts b/server/routers/target/createTarget.ts
index 7a3acd55..f58c236e 100644
--- a/server/routers/target/createTarget.ts
+++ b/server/routers/target/createTarget.ts
@@ -161,7 +161,7 @@ export async function createTarget(
                 );
             }
 
-            const { internalPort, targetIps } = await pickPort(site.siteId!);
+            const { internalPort, targetIps } = await pickPort(site.siteId!, db);
 
             if (!internalPort) {
                 return next(
diff --git a/server/routers/target/helpers.ts b/server/routers/target/helpers.ts
index 4935d28a..13b2ee46 100644
--- a/server/routers/target/helpers.ts
+++ b/server/routers/target/helpers.ts
@@ -1,10 +1,10 @@
-import { db } from "@server/db";
+import { db, Transaction } from "@server/db";
 import { resources, targets } from "@server/db";
 import { eq } from "drizzle-orm";
 
 const currentBannedPorts: number[] = [];
 
-export async function pickPort(siteId: number): Promise<{
+export async function pickPort(siteId: number, trx: Transaction | typeof db): Promise<{
     internalPort: number;
     targetIps: string[];
 }> {
@@ -12,7 +12,7 @@ export async function pickPort(siteId: number): Promise<{
     const targetIps: string[] = [];
     const targetInternalPorts: number[] = [];
 
-    const targetsRes = await db
+    const targetsRes = await trx
         .select()
         .from(targets)
         .where(eq(targets.siteId, siteId));
diff --git a/server/routers/target/updateTarget.ts b/server/routers/target/updateTarget.ts
index 67d9a8df..47300619 100644
--- a/server/routers/target/updateTarget.ts
+++ b/server/routers/target/updateTarget.ts
@@ -153,7 +153,7 @@ export async function updateTarget(
             );
         }
 
-        const { internalPort, targetIps } = await pickPort(site.siteId!);
+        const { internalPort, targetIps } = await pickPort(site.siteId!, db);
 
         if (!internalPort) {
             return next(

From dba4918edfa6798dd54d77c53ea25462b35f23be Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 18:02:29 -0700
Subject: [PATCH 011/166] add optional icon to strategy select

---
 src/components/StrategySelect.tsx | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/components/StrategySelect.tsx b/src/components/StrategySelect.tsx
index b431b96c..374d1bae 100644
--- a/src/components/StrategySelect.tsx
+++ b/src/components/StrategySelect.tsx
@@ -2,13 +2,14 @@
 
 import { cn } from "@app/lib/cn";
 import { RadioGroup, RadioGroupItem } from "./ui/radio-group";
-import { useState } from "react";
+import { useState, ReactNode } from "react";
 
 export interface StrategyOption<TValue extends string> {
-    id: TValue;
+id: TValue;
     title: string;
     description: string;
     disabled?: boolean;
+    icon?: ReactNode;
 }
 
 interface StrategySelectProps<TValue extends string> {
@@ -58,10 +59,17 @@ export function StrategySelect<TValue extends string>({
                         disabled={option.disabled}
                         className="absolute left-4 top-5 h-4 w-4 border-primary text-primary"
                     />
-                    <div className="pl-7">
-                        <div className="font-medium">{option.title}</div>
-                        <div className="text-sm text-muted-foreground">
-                            {option.description}
+                    <div className="flex items-center gap-3 pl-7">
+                        {option.icon && (
+                            <div className="flex-shrink-0 flex items-center justify-center">
+                                {option.icon}
+                            </div>
+                        )}
+                        <div className="flex-1">
+                            <div className="font-medium">{option.title}</div>
+                            <div className="text-sm text-muted-foreground">
+                                {option.description}
+                            </div>
                         </div>
                     </div>
                 </label>

From ce320ca2cf452bb8f7963a0210d7cce55ce9d23f Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 4 Sep 2025 20:17:59 -0700
Subject: [PATCH 012/166] increase telemetry report interval

---
 server/db/pg/schema.ts     | 2 +-
 server/db/sqlite/schema.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index cf2deb24..c0b81146 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -459,7 +459,7 @@ export const idpOidcConfig = pgTable("idpOidcConfig", {
     idpId: integer("idpId")
         .notNull()
         .references(() => idp.idpId, { onDelete: "cascade" }),
-    variant: varchar("variant").notNull().default("generic"),
+    variant: varchar("variant").notNull().default("oidc"),
     clientId: varchar("clientId").notNull(),
     clientSecret: varchar("clientSecret").notNull(),
     authUrl: varchar("authUrl").notNull(),
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index d29c36b2..ce32d8a6 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -595,7 +595,7 @@ export const idpOidcConfig = sqliteTable("idpOidcConfig", {
     idpOauthConfigId: integer("idpOauthConfigId").primaryKey({
         autoIncrement: true
     }),
-    variant: text("variant").notNull().default("generic"),
+    variant: text("variant").notNull().default("oidc"),
     idpId: integer("idpId")
         .notNull()
         .references(() => idp.idpId, { onDelete: "cascade" }),

From d55e4ef498aa6d95cc2f77129e7bf53fae820572 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 5 Sep 2025 11:23:43 -0700
Subject: [PATCH 013/166] Update build process

---
 docker-compose.yml | 1 -
 esbuild.mjs        | 4 ++--
 package.json       | 2 +-
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index 09b150d7..469f9b4c 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -13,7 +13,6 @@ services:
     environment:
       - NODE_ENV=development
       - ENVIRONMENT=dev
-      - DB_TYPE=pg
     volumes:
       # Mount source code for hot reload
       - ./src:/app/src
diff --git a/esbuild.mjs b/esbuild.mjs
index d76c0753..8086a77e 100644
--- a/esbuild.mjs
+++ b/esbuild.mjs
@@ -52,7 +52,7 @@ esbuild
         bundle: true,
         outfile: argv.out,
         format: "esm",
-        minify: true,
+        minify: false,
         banner: {
             js: banner,
         },
@@ -63,7 +63,7 @@ esbuild
                 packagePath: getPackagePaths(),
             }),
         ],
-        sourcemap: "external",
+        sourcemap: "inline",
         target: "node22",
     })
     .then(() => {
diff --git a/package.json b/package.json
index 2c1c3fca..95344201 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
         "db:clear-migrations": "rm -rf server/migrations",
         "build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs",
         "build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs",
-        "start": "DB_TYPE=sqlite NODE_OPTIONS=--enable-source-maps NODE_ENV=development ENVIRONMENT=prod sh -c 'node dist/migrations.mjs && node dist/server.mjs'",
+        "start": "NODE_OPTIONS=--enable-source-maps ENVIRONMENT=prod node dist/migrations.mjs && node dist/server.mjs",
         "email": "email dev --dir server/emails/templates --port 3005",
         "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
     },

From 49d10eed33269c60b74d072fcfc4aa04f575583f Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 5 Sep 2025 11:25:13 -0700
Subject: [PATCH 014/166] Remove source map support

---
 package-lock.json | 4 +++-
 package.json      | 1 -
 server/index.ts   | 1 -
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 2d8db128..bcced536 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -83,7 +83,6 @@
                 "react-icons": "^5.5.0",
                 "rebuild": "0.1.2",
                 "semver": "^7.7.2",
-                "source-map-support": "0.5.21",
                 "swagger-ui-express": "^5.0.1",
                 "tailwind-merge": "3.3.1",
                 "tw-animate-css": "^1.3.7",
@@ -6193,6 +6192,7 @@
             "version": "1.1.2",
             "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.2.tgz",
             "integrity": "sha512-E+XQCRwSbaaiChtv6k6Dwgc+bx+Bs6vuKJHHl5kox/BaKbhiXzqQOwK4cO22yElGp2OCmjwVhT3HmxgyPGnJfQ==",
+            "dev": true,
             "license": "MIT"
         },
         "node_modules/bytes": {
@@ -15571,6 +15571,7 @@
             "version": "0.6.1",
             "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
             "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+            "dev": true,
             "license": "BSD-3-Clause",
             "engines": {
                 "node": ">=0.10.0"
@@ -15589,6 +15590,7 @@
             "version": "0.5.21",
             "resolved": "https://registry.npmjs.org/source-map-support/-/source-map-support-0.5.21.tgz",
             "integrity": "sha512-uBHU3L3czsIyYXKX88fdrGovxdSCoTGDRZ6SYXtSRxLZUzHg5P/66Ht6uoUlHu9EZod+inXhKo3qQgwXUT/y1w==",
+            "dev": true,
             "license": "MIT",
             "dependencies": {
                 "buffer-from": "^1.0.0",
diff --git a/package.json b/package.json
index 95344201..83479b23 100644
--- a/package.json
+++ b/package.json
@@ -100,7 +100,6 @@
         "react-icons": "^5.5.0",
         "rebuild": "0.1.2",
         "semver": "^7.7.2",
-        "source-map-support": "0.5.21",
         "swagger-ui-express": "^5.0.1",
         "tailwind-merge": "3.3.1",
         "tw-animate-css": "^1.3.7",
diff --git a/server/index.ts b/server/index.ts
index fb2ad396..5210ba5d 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -1,6 +1,5 @@
 #! /usr/bin/env node
 import "./extendZod.ts";
-import 'source-map-support/register.js'
 
 import { runSetupFunctions } from "./setup";
 import { createApiServer } from "./apiServer";

From 956db6ba2ea406e13245977f5d9fd1a6ba1e9a81 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 5 Sep 2025 11:45:42 -0700
Subject: [PATCH 015/166] Update start command one more time

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 83479b23..0d4b8732 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
         "db:clear-migrations": "rm -rf server/migrations",
         "build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs",
         "build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs",
-        "start": "NODE_OPTIONS=--enable-source-maps ENVIRONMENT=prod node dist/migrations.mjs && node dist/server.mjs",
+        "start": "ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod node --enable-source-maps dist/server.mjs",
         "email": "email dev --dir server/emails/templates --port 3005",
         "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
     },

From 35facd1d4ce750b8762a3dd5068f11098f0fbd15 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 5 Sep 2025 11:51:44 -0700
Subject: [PATCH 016/166] Add node env for react email issue back

---
 package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package.json b/package.json
index 0d4b8732..671034eb 100644
--- a/package.json
+++ b/package.json
@@ -21,7 +21,7 @@
         "db:clear-migrations": "rm -rf server/migrations",
         "build:sqlite": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsSqlite.ts -o dist/migrations.mjs",
         "build:pg": "mkdir -p dist && next build && node esbuild.mjs -e server/index.ts -o dist/server.mjs && node esbuild.mjs -e server/setup/migrationsPg.ts -o dist/migrations.mjs",
-        "start": "ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod node --enable-source-maps dist/server.mjs",
+        "start": "ENVIRONMENT=prod node dist/migrations.mjs && ENVIRONMENT=prod NODE_ENV=development node --enable-source-maps dist/server.mjs",
         "email": "email dev --dir server/emails/templates --port 3005",
         "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
     },

From 5fd411a54ee19e160c238f01dfada882ef341ade Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Fri, 5 Sep 2025 16:14:01 -0700
Subject: [PATCH 017/166] add idp auto provision override on user

---
 messages/en-US.json                           |  10 +-
 public/idp/azure.png                          | Bin 0 -> 66912 bytes
 public/idp/google.png                         | Bin 0 -> 47408 bytes
 server/auth/actions.ts                        |   3 +-
 server/db/pg/schema.ts                        |   3 +-
 server/db/sqlite/schema.ts                    |  20 +-
 server/routers/external.ts                    |   8 +
 server/routers/idp/listIdps.ts                |  16 +-
 server/routers/integration.ts                 |  18 +-
 server/routers/user/createOrgUser.ts          |  18 +-
 server/routers/user/getOrgUser.ts             |  10 +-
 server/routers/user/index.ts                  |   1 +
 server/routers/user/listUsers.ts              |   5 +-
 server/routers/user/updateOrgUser.ts          | 112 ++++
 .../users/[userId]/access-controls/page.tsx   |  97 ++-
 .../settings/access/users/create/page.tsx     | 576 ++++++++++--------
 .../[orgId]/settings/access/users/page.tsx    |   1 +
 src/app/auth/login/page.tsx                   |   3 +-
 src/components/AdminIdpTable.tsx              |  16 +-
 src/components/IdpTypeBadge.tsx               |  62 ++
 src/components/LoginForm.tsx                  |  49 +-
 src/components/PermissionsSelectBox.tsx       |   4 +-
 src/components/UsersTable.tsx                 |  12 +
 23 files changed, 732 insertions(+), 312 deletions(-)
 create mode 100644 public/idp/azure.png
 create mode 100644 public/idp/google.png
 create mode 100644 server/routers/user/updateOrgUser.ts
 create mode 100644 src/components/IdpTypeBadge.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 90426d84..bd43a9c0 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "An error occurred while adding user to the role.",
     "userSaved": "User saved",
     "userSavedDescription": "The user has been updated.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Manage what this user can access and do in the organization",
     "accessControlsSubmit": "Save Access Controls",
     "roles": "Roles",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Connected",
     "idpErrorConnectingTo": "There was a problem connecting to {name}. Please contact your administrator.",
     "idpErrorNotFound": "IdP not found",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Invalid Invite",
     "inviteInvalidDescription": "The invite link is invalid.",
     "inviteErrorWrongUser": "Invite is not for this user",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Professional Edition Required",
     "licenseTierProfessionalRequiredDescription": "This feature is only available in the Professional Edition.",
     "actionGetOrg": "Get Organization",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Update Organization",
     "actionUpdateUser": "Update User",
     "actionGetUser": "Get User",
@@ -1496,5 +1502,7 @@
         "convertButton": "Convert This Node to Managed Self-Hosted"
     },
     "internationaldomaindetected": "International Domain Detected",
-    "willbestoredas": "Will be stored as:"
+    "willbestoredas": "Will be stored as:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }
diff --git a/public/idp/azure.png b/public/idp/azure.png
new file mode 100644
index 0000000000000000000000000000000000000000..d6ec5bafe4d58244fc898b1a443eb976e33d8b3c
GIT binary patch
literal 66912
zcmeFZ`9IX%|3ChmhRHT%lx$fVp^_}alx(Ah78I!{MA?@igb*|BV@q1>A<7oA%Q`Aa
zcG>rmHCy&&%=n%eUa$B2{mb_+_*`AL+jZ4-&6#t~W4k}@kNXjzf8h+0Ly!Z4Amq8T
z_)8GP0{)c+Vncv`5QU{5GJa>Psiz4+IiZ{zH(9~&#VpTW(t{u$NeCi6f}nNqN2GBG
z@{og|zZMX5G7^ILZpW4wsDl51xTSLj4{b7jC6uSU1pg;=4zGFnZqF3W`_(~Pzp)Uy
ze^|lNK&Eg&J4uF{EuZxK(OXuw0|Cx5{a1Lp<Z{h-&z8G4mXDRqmM;t_kHxuP93-gL
z2Y+{;{_L-G!z#Psl1xsI1()UhhFe@cB_^DwPMNqkEL}3`j2393C4DGS$U|eq(U#tE
zQtI*U2VbWvDEOn+tg04h)hm1lc7PrJzrX(94gCMzz=g!A9T179tHRdePsv+?W~zxp
z$a{~F>)BarP4LO%ZQ93rvTxr0n*957gAkTQ=y;|hk<;=^yX9SePmQ>zgu1M<fk#K`
zW-Y&*9Akk(jlDjve-#?MH!*i#W~@!6!Y=KTk8Y-Xl0yE$g@qKvUz22t*TasrR}ciE
z2`c+tHmOmbR^k8qJgWS<)__2|caorY2)XQhRa;|yVAF-rn3UQ&^kzNLaq@}v?MWMf
zzLIO&$5bzNn7M^z_%1zG$R|jv2tYhXT&2@fgKBQduO}KT1P7`f(Ohk=ELl54@#<#9
z+&c?F{NURzWKW;o{8*$T({(fW-dX&B^eu#u)PT*juIdw5^TZNdsPo5@<7HQ|6>Cem
z6PYgIpY?>+AgI#j_h5mXI8R`$xb|Y{{Ti>GHrRWi@4$K>g^;eqx-U?O9~8fYK1Ndx
z9C5LG(~4~<Nn)XOZ{jyI+ga?0<;v8&z}hFr%dZyR@F;fjqrOi({qUX~MD~{o#Jq91
zs+{q*PZZ%Z7&=fsXP~YRL0n*2x2`;?uJxwVMIXX8KcI>|JvtoTCBd?*S;m)pP9Q34
zshJ!1lDjE|{>Fu7?(bt)1{|$!W6~f9PdS}PS$MZ}Mtfw%e>E$_oVWe?Zb1lwLr?<$
z@6DH=eHCAAHjwGp7r6?9vYS336O>uA9T2f=Z+5j=^<Hs_;8b6nRH&itfVk<{0Q#bm
zMrQTB^((T@>r(^rgnysmkOesS@R#rydh632X`8l5^Un%SRd{1#nxPZaczO?Xy%o}~
zpKrR(Io#*?F`QGw?O~htlQl6IH|_C0oB7o48pHJY&DGCJG0O_vTTY<xr!SOFJjOm*
z;Hx#<an;P_g%IQzUYCNzRb?D2+E}?CGC4BT>l~hGRPkmvFVqt6=$f1mePz)lLiZnW
z^@neVsMT$Vxv#}<%0(Mb<@eNz2GuCrvU*>HCp^uT%|=$n()#}n9xoqhnE#t2tnkU2
zQ&bN6q9NL1?$luDFg!^A6&*rEr$6}&0s#g=&vjP^H+IH+tEWFUC{8kq^}<5Yn+`@o
zIN$RLh5qGb%g4QbB<l>;KSh$pn=Y(Im@IT6p8j3AHycRU!zHq1K;u~7$&^8!Cq9(3
zs~s2610`6}s5H&22kIfJZ^CC^8}+*-ovl0!gIZ?ajk}CRRgPy7eVVHMxIociI6#(D
z>4=8^<>0kMvXfo8!=Pl1uOOuM$nOUMYIyQFyojQ8V<EtR9kEjYg4j0iCJz3Mw!Yfl
zM|<eyLPx+kA&b`}GYHDA?J!ZNvCEIv*;Y}`o{Z1m?Q%tB^U@W=jPwas!MTNbqST7U
z0m?>wyw0D+qYt43I|9Lp_veSl1+VNp8f>q*1pAMa5Tn*RxfHgx#WuGoy2+=sehn4i
zAz+&H$OE18Q6Pq`q$Kk1UthaekJNhg%@-T<7~+wos8%insW!;J^?I^UBE`?pLGW*R
zC++Si(YhH1y^FuO1G;;NzS-)MCQtMn{nRD#bJkL*vioG?hV$?hz8^xH7b)TeOOyQk
z&^1TLI!^aPL-AG`LI!KcHOg#SHyg!RNa?3Rc{|cnXhLuOex*MC{CAzvxFT47x#vs`
z%6sOby0ndJ*k{=D$NUmQ=F9$9<>#X&iK+`iTxX$5;KQkMV}0wsodGp|Xr6a1QxyfU
z*tMeC33GK>*?Y@D!XoZ$&`glOESi4KVHdu^k3vtHSi#_6%t(3=>(x3-seSbO21?-k
z+tru7EIHwN>&HXp@?v?Hg*UUNl@JQWo37q#vzt5NtYT?m9$JegX70zR-f~>SI<wS>
z?oK)5t)<Qf&j_S<3Yzo24*C;75bA-h=KIhIP)V%FiS-6b#KiY_t1@V@qvNWyb(1*#
z+^1|*2jyP(9~<&#PG(Nyz1cf~^u1hP+R0|s)C(z|3&d$1-0M9jOF6VOVUIwP3==7C
zsLg}lYd#cRh#&ZhLonTo<96ej&DH|+Jmr1(`mQ3_9lwv^SV+x1Q2+IMy}kFug0H{{
z2*07$(=@v2*-z1>glZz0->2@rAj<Xh?Z#tr+pVDGirWQ9Tw@`OoUS{qA(rC5F860=
zy7YR$Dzz{k&OUO{g`O;6^Bm61lqpWFk2kMq`4@b^U3k}B;DHkDg~D5*r<8dQcD{Z5
zc+z;$yAx<S?Je3RPTh8$c(Zcrb5BjP7brIlp*OQ;4_jW>o4GASBG>#Jepj|39LE9i
za?`WO{vRAYEj5H%HmOS*C;a3eiZY9fs%2Wv;^w}vhBUnIzGTg&2#KJj6=(SP&AkVm
z;QCj*M^tv#{v2j`$iA_MhTr&55`VnbVs&#kXscL=xHdM#`xo%98RdNQ5g<U<BH7;T
zo9sa(peF4c;msI(Qud7qqYA1RoP(Rjy7x>KCHv%NyN5=sudq26)5HF;BI%iAtHnOs
zK@j$Xl8MNK3AJaNzrJ6JS8j;h;q{mz%?Mkwz9wOTy_xQ^pws}r{C8i^YlG?@QZu_K
zv)W1?e>eLZCxrWyeds%7(+{!llZ1A_s?lAIm8@%5=u4$U1&?Fq{LByDj_vu<>=HP>
zUiE+yk0qIACn0f{M}~LPuLZLUn3DLXlfdm>Z7=f|Ya9Gk2WMLISrU3hG0phLVzoan
z0d5={`)WeUzwy@&m2YqUvo~7%{>9gO;mof%^d|H8<^V5xzR~V&Y!%nPcSu}8-Rwb6
zV3FD%qMMO01lHd1!xbqMk?M#=yAWqJ;wu7Wd6~KSQ{WSdz{S3z7+72(ET3SKi-idG
z@JOF2SNr+~Of@9m^A_xHrrk;RA$IE~ZeNy24V*cj_3Do#{AUb{Gx*p{M7BZ14;od#
zM!)QnJ0qy_f~d-y(O2$V4!-Hn#XM7%Yh&i-$aMp6vvr;M>BQqfSdw~pUN+KV=<OMP
zJN;LMh1WfJ=2nty#OME-Z;nkkt_{JM4(k5pb8u$Md;k)fxXW7Bt8fKu&wuE!eQca{
zh9;|)28w9zh)uM-$Igu0N{Qtu_Tbu?v#7q6htQpAp>E(CW>xnxE|o@!9Z7C^{=+XH
zhN~WG<ZW^BXgD@Amg{(9Ex4g;{8QT8V-`jbLT9>`TbDY6Y9w+z?%kS;`=wXw1Ru}8
z?Jh*p&XBz-R2elQC6bJU6k0m2ez<_9t9O>!Nbm`lSdIEr#4-!jFRlVBRO7Rg>OXkt
zuaC10$?}};vdza;-RfC1491ddk`juMzkbB)Sc2I8r?<Fg?&Fj3&>LY6XN9)v<%!R6
zYWK;-n5FrEm#`j9Q!n3_7mn}C2dKcW6ojTEm-T$hcYZH!bN6EOdS+JlH=3zu!(1P$
zI9l7|H~~~CP%M8zCd85n8rscO(q&)TAEmVzJFzG=t;%pLDNpt-5?b#teZRH){f3K0
z6@R~c{rJXP)ZBvUP}%!m-&UOTQuVD0e#14ss7N~Y14`+I;=<P#xgPG`&%=nz1M7N!
zjUGMOc8ctnmbqwDIc8-kqh-!M4v{@{h=u)8`FjFXT{EoS17ORkD#}l4@l^C4{KlXC
z%cuIwX_}ZyJ|SjGI6BhT&F8Ei#<^hr(o-HjL>`ZOc4}p$MD=8LK9&^Ug3z~bxmZQ{
z!uY(Q)`l-df28ca$IIjYBz7__ro%2#b2wLEfrA+ItkXCs!%Q!IY)|sCY_0=5a%~NB
zDL&eU8{E|4XJjHTo-#psbxc-Kl7EDAH`6n*xqeNgvv+;HS;w#U_Zfa)@e#ze#TfrY
zBoGMDt-FG_E06x060AF82~`>$oFP*cQ?8h*h^>@%^iM2ONaIlA7~iqgKNXj?4xaV>
zqi*Ji*xQ5P_E7m+K!8&23X&*^@nquT758qXvAuJl-wPXF8jAkHZKbtvRN%7_q4<mL
zNfa`cbVH)rzZMtY8<mPom@atJ1NqMdAJx-U;78FOGg2ByqQ)SZm~s03k&6I9GJN*K
zr@sT5yv1tnVX;N$5~R^59o~L2*j%1I`Vol>Zbtli_|I!QEWs7(kXOI^#;e$Ee>SLV
zIXy~9YdBWqyow42XUH+Ggg$wH-^E2mNG21+=Ybw5cCROXL%J-!E~~hWOx$1S92Hp-
z_K=mCL5v>=z7$LB4i$LrA64}Rend?~xa&g&|MA`RNyuLjlvnS6up=bCWX%qdSB*3m
zBShyyJ*?g%w=m|>n|GR?qxz%Vu1j?nvA?4j;l6*^2$OIqAxw2663T795VR|Mu%v*e
zqSmH8M`uh?w5y#{L;lA~ZFI!xb5}j6%R3v`cA~bjU=+bU#)T)0(9O2OVuKSQKx&~q
zJtJTIV^d&vip_C4!y13RTBMx`@DmFQRZVvAY<&}x%#)xfn&vH`HcvR+5R9VB?cBSy
zm>-X$8`;Ja1Ltsnj~7&2{y`$|gN0mx+r`GPX4!)!23wodWP_wGC}2@ZW<laZ=BzEV
z+Q2pTJ<bQ=hkzhlTA4pJ4u$Fto4x)spWUht!ELK{?!0L$g8S^O6uYAAAgBa*NfGZ?
zu<POf&6>bG{UNL0Rh*;Wbkb`w{@}JMf`ojI>p}xM_kE>6LdJB;#f(KmHkwGCQfJGJ
zTZt(!MM9D`KaW~3bf*AGqC$H!Gc&Kg!Eg9wbq4`+VFPrDj~?z~TI<y#LCp1^(Gttn
zUIe~6`_71=C2-%1lW2OD%n#BD0_4`A8tF%8y{78@K=b-FM%W1^4g$x`5dR?913V2l
zO#)Z=pUtA{3No*ZL;Hhd`rPe~k6*hH!Izrlrx%MQJr%J|7=2s(zl;SSk}KQ8H=^|A
z7Ucfmtu-u?vCbQ*WT(PY)S`{&2?sRlu%u(v4+{r>Q%sH|B%Nz^Qq0gp*u7jGvxgo#
zX8mN8uXx8S-6{?31{>O9GP3Bl#SSKDN*uG&{$Bg$v_pNTT`%wAgI=hFrf02GGMIxD
z)6U1m)RRWBq=*|YzFB@3$hZ;ckEXYC)7k@9zo#i5%3K1`1CDg0_M6I#nG4=Ihv+OY
z*QFNVZK&QrO@pI8b~c8xIvtnq=txBi#wr&m7Qs|?ImB|tZ~sp`1%Rcx$pa;{&z3^U
z7R;)J(~QMpRPa`(OC}uSPHNEISMTVZ6q`6nwS$i@`3uj|I-L~nfSiy{W=X8Gfe<*!
z=nr?4@Ku9j(E+PcAG$Nl_g`Nz*mZ-M%k^IkTos=5&@7MiPEEd>roC}sR1H24R$9#~
zjNTb-L5+^%lJoud{OEqaD9y>(aj7A5Bru#t`_TFAin901T2g%Xq3XU^{OJf4je;qA
zD5rLkdtrC}QU%P>A=pQdR9ht;s&HEi1gXD9gc%04nc;9%yvTH+Neauk<<AvuV|<>0
z<0V;5?`6Moo$W(3mz~8E{bH?faRf;4k6(e2P-QMme*_Dm=~H7r9VLh2PdA9em+lM4
zhB0fi*le-sA<G;sw*xk~eFVsLUz>V($U+f_RM%zK=Eb_?N0ohV#TAH)hY|;Kx6;L)
zxh4W{y5)ZsIMdj>Hle3Il6={L(uRfUZC=-V!Eq=7;GNTEdPEnx?R(^}w;b;vaEg0d
zr+DC4F_9ksrteFX0JGG%B|1NGHVO;78(7GK5qpUx9n{HE^^vW}Z7M^G{k4Z|ktCcV
zNDyi9YEwmwoBYivuJ{d|bnm-%Ii5ncHq87`LrAo}gg<5(4fAV|2?C}lRG-dy!<rAf
z(^r8(RDP-ZZbc_c5dc>2Zt5Tdm$Od%PpPbVoLRI<zlti(X_~lh8@B&XoG-0GInM!3
zE)F@jhxJ+^EF<lAebXKd_cA1jO#H?u7<=Z5vPXBDQ<HwUpE%9L-?)yp24S>9Y`@T`
z6|>IR78eLzx+_#UUk+VR+jw63-(mwk`)O2D=|8S8EVpxi!)$+^99)sUp{OTBa^Qm<
zlc(=HTek0hFi0Ru$n1af(h6SV+z-T){$qq9VWm^su4MHi+=S>A6L>E>VIp?8Q?mJt
z5H4M>#i}>*j1Vb58n$P*ngiwkMn|b}9%`-m<K~~mwb-;RPsmGZuQ`SiIO6~9a06r(
z#qTh+=2Ss|3}ib+Y;YF{(C%v;2wYV>&D00nz3@kGF)prcVDmhRYd3*xTrCgwznAg~
z3xyQ>X;vw8=fjRxxSg^wzsLR=#emdTxB*J>OYLUcE|DbNuKYh5@lp=X+4V1;=M#3E
zy98S+gx&chkWlDy)<pPPK1|j0XY2pC4w2}H75y~xw3Y96^;UOQvHNm~4jwU;nXRKi
zJAVZC=g0lTUTBD7-g;#tOH!+hQK&>v@~mn94FL1|(T)y+UT)h9_$#Hl9==}86CWDI
zWmnQ8;#(2rD}<vq2^OPzCie2AAb(Yzi}IWM78taZr0^TGtl~B5{$Rk9Gb)M?c3@-Y
zSWpdhf5EYL?lGigyFGSsPs6(r&A%fIevl$TgZdNkFK>SjI0av+a$D?qO#rFij;21Y
zU!El1Ucc4Yx5cEq_<Vmo)mV6QR+1j$;UeZbE6_ZEc)pr=`4|B@(qB%VInM3m3^(?s
z1U$t!z{Q5l^Pg%q9Nv4-i0YSGJa$Uc?yuMF(XC6#cUKe_8Ms!QG!*Iz|2#tEaDkKQ
zrG<RGZibbq(~b`C6G{j2n#zCW{3k6@h7u`D<Ec+lw#%eoBV|P6#=*qdB`?k^LmGNG
zYJA;j2cmhp0QCcEZ^x3}U1aQFYE<7nofpM8PQFn3Z29t;yolQfCjKKmIy&(ymE7iY
zV_(trUpl>(OGErSP#59k7%uXG<yOM^J}jxRH(go=%3U7>SOUeaXG$Ox<cbZ=x;L0k
zk2w&hB;ZOqr6(S4g_avlwd2~s4=%leIetC;Qf$D;i7DCE`LLRv!Ge4kOYRAIiIjNX
z0Rxa^MO#A0Kjw}{?9y59E<rHyq_W#UqehuAK5H^F+6)7Ku{iTxjzvKiG2Dx2Ufz@e
z&g~Vi*LxHocjdPZZ%4bN(L=MR8)!lFV>;$51ER6_WNh7-Nrrr`|7ic~DSqn@0?pD`
z(XU7BDtttw1QJ?qQD!-P9D5+2_Z%k+VEF@wZi6Q3+oJ=h%^_7ThYLCAtYxacyCiDU
z_)J|%+cwT4b-k2HN}>fg@9br{H7K26FQhc?bRwghRZu=^It7`q_OZVQx|12!0`UI(
zG<#)Qy=>;?efSL&jZFU==s)4Y*8+TyLD;&U7%Lp~4GAohQn^Bi5qO@DOz3pX(?JZk
zBAVBCwx?oAXU@}gK@Lu_LDTUY3;A5(q3+sQ-c1ivZZru9GxM-dGuy+`d4nnIC>Y3i
z2m7j*M{f0D5~#f^gNW>C$k>k(a7IL>6``N_zsv+HO<mHvywkB%IcdvMF6=7d6zw7z
zf#-{1_oow8&y&soBs8^SS|Or6ncdZ&04+@jM6G?pJeKA})5-pLqK6j6N_O3Z9l4!O
znnPq%=>L#tH;){_axM&x^9I&N0hfq`C8>$X*!c-TsLj7^x>W!G#f57=X#Y?)*(0h~
z5r9!)qNzLY<o6vu@a8x?&<SowgzHs=^sIf<_D~XN?m#5SOgwac#(=Ls&a8|ygLFm_
zRB|tf|3G66q#tzQ`7fHvn+ZlmEn)?pgG_3q^VXjFppp2q@s_%edTcJzVl=;gV}md1
z$p7sBmBhM9`0Q8!XuW_ne#x6S(`e?XFzM;Gaqo=ON-U|Sl<K8}z~{5E7<?f3<R@VJ
zWfT4}s&ac;6j=kcc~8l=nz~l&SfR0I)A)~>5t{vR9QFMj_KUhkuac2C6TTL7D_hUr
z376w=#r41bh6Uv=VqL%Op(UU6YbO~%Y}7%+h|0N_CNOJ@{3Ia8ybXMPxnk+L7kNKO
ziz^&w2NBJV{nHVf;?Apl;sO@8@?najqgLw^=8O9eGrh_mPcc5aZW8(g2K>qb_?2Sb
zMED@}3d;NG9znHM-foZt{?H2Sg$nfQ<Mj}C{3l<Z;moQq!wXfO4z1#&MI9pXJmyhK
zxsE~+MIDwUheU0yBPe6kR+rzpTb*598{$DJ$2Efq8<GwH8Rw^8agp6%inn$QMnl{N
zQGG>}G)9S4a`?|_B&KZJpU1#<FtcrIRmLjW>bDK<)DOZHkfvoVRj+3&3ncU`j)9I&
z+o*w5Jr%2~vE=^SfikNkzK)`?a%q_?=hc2c(Xz#nkz-5$?3U$iDdMHplq=MeMAAr?
zPf-8`kSwY=q^5X+>NWj|vnS+1I}6F+wc&2HFYW#=05$>4O?qoL=wGq8E~;x@Ex>Ft
z6Xq53{k_;7%8D*D`Lae^X+?J&IeX2VCkTB+pm}33VLF-U*Z{TTqGws<a%M@7badG4
zX7RvCpoElw_T~|f8wSTrE8Iy*<?VObZE$HToQLv|3BB=(g)-TN;Ryua-ogc^52W)a
zG-O*Zs*Z%~yZu#pI(}v`LUtV^5O{3bR@{r7S&1%35sGLLML{(tGKRwv8P{Katoe(D
zrnB#q9%#O!K^i6Qcn!i=t55kF21P{E!Mz+`S@>wS5Go}*R?oDJ{<Yw9)O%K)4WtuB
ztG!0U4nnvXgJvi0*z&^`*~v%?x6MC1$7Im!Z+K{?(<`MQk<dC!F-qGVNV*eL<E*o{
z`0)p4z8~yYtq4N62&vuqPD$qhBi9;g(u}CQVu#mAG$*gx8s-@k$6z!V9)^?XE?L-}
zr5~mvd}&zuBV*g^SW;@+shy`20CKDkfnQXcXB%oP0U&(OoUFy6_0sskyVENd%|3%R
zK@N02ZjsHw*RyKeZ+Jut(F!>KsusxuBCC+%MS$xYnE5%70&CmuOTEj{*B62kDIa-V
z3kIKp#rQ6{<F@b<j@6){7rOm}tLDo=I}-yGK+bt5+J`+-&wu)K5L~)JJ<EUuH;wGi
zi6=^)&Iz>q8d+M!&&%xcQ#njL=@B2ahV>+_?cNsyJM8dt*YW<zf)IdR6gOoiv80iG
zPYrjEH6uu3(>gyHwG!N$M90RHN#Y4_UJQ(3eiDc9y&XE}=hiW>=vzzY;t|bF*ziGw
z9IeWb$EF2A8lQF40yob1WMSL>C)=<O=OL%<*=_VX^9M<Bg~M)7m&{YY*E3#!La8aK
zDSN9jB`*BLH5I~ig-<kZvJ9ljvL%8kPQ`eW)gcA!$^9dX&fA7N@_DqEKB<JBm-aNe
zmMrib&HEgH?mDkt7jsDuAyO4!+S+oP%V;GIM^kI7zJ{Vta@^q~uTu4aAH@Lj@?$am
zsbQy_IP*UKZB|;g<&0Yn*x(|hH`Fe{qCJrEFJZI-*xC6MnCjfCM+*yN`hKITc7IU^
z$)VXx4U(@6n3n)i<c~=9jX2XJB;e6nxyh#3<a@K9LbQrtiv4VI8J*T{oA+n-+)b%K
zFlxqHqQ=X&HC^LLT*7-SBZHW+y;`SSMEhKTUO%Z(m`u8i;|YmNN8)@`kz#IIbLVG^
zkO|$!b}n$-okfX>?ftJfVn6yfY3P~P)ia%`(&UTw`0qENd1qPQ6}Q9}Iyg4mQW<ix
zj9q>R5M11Pv7*fwH|_9$w{O-^{ZA2MhVaGiJSlFZXM~%jT1q|Xf=lLvQ9PgrBeKjL
z+3*0=>hV>{2}k!py5$F6QkP35P6Cgj^JoE&3d;$b6*z6}bf>Q^Qj8hPcfS{&X)L~R
z`IvGNN~f%@V%mnZeBftH67}5GLBmuXKKOxKT0Qo{6TQ&oD}b%wYSCm=LljuaK)+!$
z@igBB(<Uw$BRVQog2Qs`{DK9ZU;p>rPY^f!SLr6QKMv9SmAeM?Xn5=OF^!1oDW}I;
z%(N86$h_DOo3V%AY_o_>V7$sL@3p)yH4@g(H*HDD*Eolx9-`R#=}EUFeD^$P2e*5q
zFc-;6fU*MUUmQGLHA<z|G2L2Z`XxNE*VXwy?B|V~rQd{EzObN|6Mr~jVAl#@Rc3xt
z?wZuINA0Qt73|@6+uU2iPFIP#+P*c=WE5sE9-55l-PH#HEAob0&V>+H=!sX)3KZae
z*HsOmwJW|%l8@HY&fP4M_3)rGJkopJKCP+#?vZssAu$?ehc>4nj?KJB>DvU*-7n*J
z^|WT{@uIDg&-H|GvTp_)`Mx{D$*cX{qVNDemq&n?Xdd2F1eN()pbDPoU&_|vk~!|8
zQae3BPY|&9vQ^+!P4<Njh@tsLlS0+7@ccFXH@Age=ED{*E#LR_j(JCbGBt{9_@Y~P
zmlP^#8tnlcn8x4iaWQ5YF?)32a>l<|Vrx@O#E<EEfEVBp)ThxL89RG>>Wx5xD;Db}
z(BS0PW2xcg<MC69Ghb*QPZ*c6J=|DtNBzc7loO+u5MRe+ZdogeeRH&5OeqdjYzFo?
z*}KBUFJHu${^mooWWtd&moZV``MnC|&PLp&NSvjAf~KPoNnT-Y+>#cw%Lq@rsWg_)
zS(XK0NTNp4ZyT!>>(H13lDn7~q%qgKu48v#&DsdrYIi-U3jp}8>Z84oj{rx`EMM~n
zz=h7rXlrK2?qUn?g?I!(bB*$f>d<AFZ%k@ke88i3)Y4GYVsvY7Gn&=LZnl<V^^jh9
z@N$mRhTuuip5F_^{lt>kk`fxYBG*Rpaut=WqyE#G49-R`04}E+dDB802#&x_#SR;;
z><SF)&1~yX&u6a!#PCx>eIin<akAiLwo7@*N7tgHwHwgenqf<7NmHR2;Ah)oTaW!K
z0ojvGKSe=%{oKB(gS|K6C<d1sb4>6m7KkcmxZMrBc(`6}h(HlCU$q9Oa+I$KX|YsI
zN)hqSXW5D|SSj1-RO8<+KaB8Nh0Z7BJ;X6=%<vzRtIkmo{3s94FrX_R-D8cgYD3(<
zn&GwT*hytQXb;y{ru8l4D$1V&?MXbN@tXB&7}46W6n=x;?uKuNw5Xj%=eBmQ8wEoJ
zWm-6;ht|FIByijB>RO>_7ZLt<1h|~ST#cpjv?&9`b9QNw{cW{~H_TDI?o8Ts4?A-&
zwq1pH8}-n+4M8C}pSfx>kYdR-7ut8d?eF~g#~%7XRUVo(>wzRi{PJ(Jo~vS3L!%^{
zQZ!xODBD{-a#aqqwa(K~)9NNR%ik-U%@4vS4%QcZPfM&TS@#yi>8NPOd<OmLzm1^W
zyYp5vhCX2E5&$}6|4t__z_@ap+Ac2pe=qgU3ZYtrCq5o5y~RQnKE7MG4e@;09@6WL
z@({wc&MG<-hnwwhL0IUHrNH(|tZRKrbR+<V0YwY<*D9H|Z3m?5_<N7~Lrm*u*xssZ
zW00;%q$;knl(+$hQUXe^<Sdu<AVG!d1UI(at4M3ULxEZfLCYiZ<Ieeu|2?1-pgafe
zy*%o?!G_^rUewM}%aekJ@|K8q`+j>LZPi)y@*zYRp3@*eX7%^;ZjyfKa{O8hdTKQ{
zoK}&%2)GNzn1z<ro%ewz%xAED#G|%UKXJ61<3{l=8yt4>2pC>6qU}YOEdZ##cGLzA
zy{ZOi3%&3iSTE<MRX5Vg7Uo?<`zxz<Fq8E4LZ>J?AYLyV|6I*Q{@7m!X0IL&1{13m
zlr{qNb6t`28Vi|$6sfpO7H4#(VAx}jR|FtrhWT+tHw=c8d7K!jNXu^B5;^$#p5N>d
z0VRp?<1`;NWWsmqnE_)tZ6TbYpvCh0hq-q*Uel!jp4o{9lRAoH7U0N7-$rdGe3jz6
z-^(YphQp`E&PT!~@b?g-BuUfw<&z`%{g{M@|3U{5Vlvd}Hu2E+qPC_j1^J^d#OcRo
zZ1F_-(!@yGy~*XBp#-ZZFh(-65KejcO&I;+lQ{|__Ez8*UWinfb^NDl^RXS2>9J1)
zC{#UM_oJ&;=TNjvz-sBIc(cSF#-ZY0{ti|6%FOxMuINs$%P34jjKD89A>79%muvM!
zoj*SyEvz?>ZhFl$-;5%z@$cyI28};R7J#We8TdiK`oY%s^Nxl3+a!^#eDcusBxf6(
zDJuTH^79g8Ld^Z<-+%pE$N0fQ4Q}W?p=wtjoUFNa=PsxkL_Fnv>6bX#y*j1Md$%wc
zB=d3|jg7gy0&7pIjF$4s!5`#l95l`!2RL)d)35Zx4$6dkFiny4eLvrMFjXU);j1Xd
zzh{3MRaMYb6FK23k@n2OZhTNT;?E|l-K;|lOfbj3ys+glmPB4E%7@_vL|O>Y!kK5a
z8(~RcOwSmiQkZ<LpX%0Rrg9gPX>}M*R>=1{iK#pt-2fqZoKix7&V@1)&ShtQ+oLkG
zkE>b0b&Q7*KN4hr!!??dbID&7sUo>Q%<DY#=9|T^CrThdN}mvk@qNKDelWN6AiU2J
zK0fb5DDk$?5hB$9+F5Mo{KqIVWkp*n@1NI%^ic8~R`qggZ=@^p7_W$8?0dBL$is6l
z(b<<hxQQy61o-%dWcueQ!=8B}-!tKewWKpB+WW1P0LsCuoVVL0_*H#JFOm4cpgc!b
zCP?7<!!rqH*pGfHW?+HrU-Qd)>bEo*9sVs(RN^4Rs1&aT?ZvO1^!{PxdLSbO72teq
z23Ow!^w)0k)q0YZ%7=)W8FZ@AOiGG<q2Zp7?wQYBh^72r)c<xiu-{Lnil(N=`V1RX
znPmaWc4Z*dZXf-apVo%b0OD)d^DUnzT^f6mRLo{wPukFZ_$;O~|4mL0bSdM*WPGk2
z+}KaB@{9Dxn!ev($#m1Lh>;v}ne5U}`p=2JhMR2K#iZVo^Lh(_mK){$r*uj+*V$ii
z<5onr!w%h18WT@Uq4AUj1_x}TL>%wjbX~t^BgU+<-!R-WJYjE7Jyx*6<=f4sHL9@v
zy|FTHIBkLG>O<U4zHtR~q8gV*Ay?Bo-2ZciBR9)D)EAB^3I1mvZ#DGl520;HTB6q<
zL=>7unR~b0*f&|5fyDKm2QxNfRo6?SyF^Yc@@2mT4DMc#%gls@wm-bLE?IabPD<N3
zTf4v#ftQ}lVDYVsIvtbM_1)M!ivXc!-}l_wp}Xjg!2xJAmFQsJvUCc}$z}6Lcbl$E
zPjE&CFkNG>*FUy>o&hza*XiY#Y;eJcD2v=}J+uD1cnFp=1V~Sk^mpD5dO;Rptb(pG
z%lR_+zMpiUE$I4*wofmk*dRtv=xW#Dg|6m0^zW<Ayz+OGtM6ra6Uvc+4|<?|7vf%Z
zN9;mtQ~UJsl!xFpDMgm2uV_b+x4!*Lb&JLc^WZXB^ZS7U&!Z}vl0Y{0P0#Ynu;^TA
zDna7@6v4RXWVIJT(qX2I<meE7`QDG4RHI`y+B+CY>-pw=OM^4-XIC|BaGu{@bs?Hf
za*jvA-aNWT?Og<X;l?KD5b+y9EhosOw;oe;N@1r{H!prWt1p_-|2de2k<i76=bURx
z;5k$qoOdrjrgm^Pw`U|m6R#i^0rEIikrcqLO#2eV2vUDWh{T14h_G4>1ny*fKSXf)
zG=kv^sP&b}J`k%2f6*XCJq*svZXbM~Wwzx7S95Z!0hraG4G7Rnnkq6OSedAK<T07@
z@XMe?NL^P=CdBJKTd?_ORia*(88B{1*uBpJ&o*SG%fWvZ!0bLGG=2b$5!;$41}E-}
z?&?PwJD$hq!*o>(%@5{Z4&a_Ex~pM=UdQaEKMwG()~;ZE#KWICeamL+enj8qsJcbI
zytQ&bAi-~MJm6t2BMk)2jV{4Zb?-q5j*flaJr=)$2i|dJF=dc<%J!+&W{=i3=UMY~
z!IS>`Te{C1q4v?#t~c`Vqb~4qYo6F8sKeP3P;-W%Y7U{}ht9s|p7YXQEq&)IAhgEU
zOgmjRQ$DD?cHQO>GiIU;jf(3U{%BtTqeSU}A9$|`P_zeiVwT;TOTH>4&NzeOGPB3>
z%ls%6zai7t6wa9VfO}TYT3$I3+~K%Ad%+!RjWAd#N`x?#ffJTbr|-N)CbWv?e^rBD
zpW$mRM<%GN$>cSukC6ak3mv~mk?v{|A=B|n3tL?uDOh=|u&GQNKk%pXYVoGA=F3$6
z5ObpJebL^_<ABGhGsz#o%Z>jV0tBqzxB4~COMqt+-b+7bZ(6NQXI-2-5O=NKbRll%
z#qzi)4yNzhC>|{PK&ks43HufaD^J`IlzH*qXurl|awzRDXn7p*wAzmm#9eok1a2?a
zZq8GW7r=DY*CQk4>K9Jen7zMUFsR8Wg$p@hCRG}Z(QS`PVzyU)a>`TUmN6;u8&{1N
zNBWU&wQ~vYu%r`+s`Cm7GBAA&HSv^qzd|b}gC6g1lpU|eO_S_xGKZhu=1H(l-E&V}
zxW$bk67A&S3X#zc^S3gb;LT(sPaw&l>cJjbbaS!c4?Yh#BPy-`7&Z6t0t2bYV*~kU
z$t%siodvruR0IeB$t8$!#2F6Z$;=@+_>^}q;O@$$!lVh1ruMgk7?#T~1lfdpAjMkl
z=5{P}r3Gj0Hb}Q(23`9V{6=w)i&?{a?F~!R6XZ4qQ)qc<`2&B%hD2~FwQ);}{)cz~
zY9i=+TB&E32~b!v>AaukRhu|($us}wc*&2N%-bJIEp1h`+Hf=CqBPpg+9xbfz~Xza
z!+deNHgDn&7QdrX33Zcsz_*J<8PhyTQE$bhYbUmNXo{fa*9tOGH>+%v`qIT_bSp^W
zeC~RAqIoe1pNgiJ6iKN8sfFt25@v551$o$CuoB>cTYs0-ZGJP59HUVUMpDJ;InOq3
zKHTOy7bR4`^OWtwRG!CxQ!M(!Tiv@~pL)<Z8wKEt&Ie5d0Sa0321I%uBaJ*J`=js_
zqr^eu<+XU>l0Y!XVWhHWKp|IT&Ku@6EPF{F9_ZaWJbBg3?*(b1H1bvNKmpQXWc2X_
zvlUSEdVQ*DQ1kcfi)w49VRMoiz+tBJxLHvmCx)q-BMq0-jhjUUwkbSzlV~6f1Jn_=
zMwiSZfFait+&mVV08nba@;;ajab4jsqB84?ny8RJ5Eo_i9c|xcq;Z030?({Bo<zdl
zN5OuYsis8P9@98ina??$n!=L0yzgJwb&V8|Bnd!Kw$2x&+mE8P@1vo~{vQD<1Je_w
z5B|XdTucu_W2e`@>S!$zmd9@lhL95LNp}cP%PrN0Smm=tA=ipvXMGt+!U4<*7&e+D
z6N7nUbOx7pOC7V6WNJ9LW3Hc`DKuQUdVu%&h-V?7Bz#P!53jy#&?)WTBWAp?@}(CN
z(Ga`om$rIN!{|;BFDRMdNbR5_z2+(gI}T^6)6O2;UpH}}itCWGN>ky)%3MXyfkes%
zHN4ot$V@bht9g8-9<ZnFENp!Htk=`x8LYJTgjV&Fki@|eGO=v7(rimi?b_wpD_YS{
zE^C+R2gqnj?L|2OXg5|DjHZb~r3Em2dkJF>piBDkeR)J>LaN#<<Db{LKML5u!<BzP
zN3!b$#k0Zd;*G{&1d|wDi9IcI@0pwpPP8}bpFLE9ej)MIFV#%44e&qQ1tG4^l9Bny
zU+nA=;kj=X-L;C0xAKNTU%S6Fo`{e>{+}FKwzlXjdq>s=_u!int#=uW)_=h>-b^mv
z6RfO7ZuATs0!)g@4lz?xpoxq>wP<9#$eBp_nP^_MyJc{>+G|UzaL018QKRD2<zq|W
zz8kp6hsl2`CcCkI4XM@n?!Rp2L^8aaln7AI0a%O8j#!^5d7ammjfr2=0HimvbmE?C
z8rS_-?MQL|%VC3MR)9BS;+mFi*8t>dwien0B#&jrm>$2m*%=oe-rh35^6RW8i(tAM
zbB`Vc1wA{o)1=+`83QhiSw18aMIPPXW&xV7=!W<lcqI>i;bPe%O_jdL)6Di(7@!7Q
z22GZbyX+-gly^p`@{(C{{5_7FV`<}jc;b64%2^LQaq?zUpG5Vlh%cNWdO7<w{0;GL
z0lDml3fL3(fn25b!wF-p5YKeUF!ip7h_IhKrF~G5eFJ3iBlmSxms724KVL0~0Ra1)
zFUXOH!PuimaNys}tlo`pTsxUK;#6om51v&XzJG&c=#-SaXHw=O4_SJ>)U=?JWsmQ)
z)vkOON5JN!)-1lfm{|zB{a+&j0xe&hDE@A%br5q1xA5dmNSB8@4IHqYU5v1q+f|pD
zzq9J@3-ivEu;lM>;QRb2`E(G>sjmy(??CrJ$s)uZH^&mTkIM$$N;sL%0*xipwH`MV
z(TW`L!$ure+aqDt&Mrn01KvWuU~1Uo5&ca&f1~W=ZWkS~d_aN=v1J0B5<2a!(^t%b
z+6)XvqUqrwPdiN)%3pTMwZa%zXV-Dj(!1=i4XL13<98amUk&b4z1}%h0&@Nvqh5zy
zk;mfSoX?KE$A-V$ln<+y?UI=yueuiuGKK=Zs#slde(OYLKxZqc==1i!o;@iC@9VbF
zql85NTIm@f80Nz==oiEz0?O_u)B=d1eHxr@|4rMd|2bWJ^c5@JW&Tkb)3?wu&eSAF
ztznPwbccG9YLRUS&&45B#=9MgA5Pt(m6Qen7*57QNw&dIYwq}YAt2RJ=VXrflgh!I
z-w>poTu1*U-z*gm8H@<Ce{3-w+B|oqz)_{a8iS)6YXf^qe$Z4JB2WSRxm<J&tDtMh
zW3fJVQOD9b3-}O<n6+$TgfXI;i3&;TZ?k)^ZJXk7S3FgcQ{~}qgURZDRj3DH)3mtg
z%7b<l_lb!hanikZp0?<=&~M4R$Rii>L|6DwDiUfj4<0|gs3N|uH?r(*pft(Q*2>Sp
zDjBnfyy-B`EI#pw6B%I9^~|CqD0C8KH`m)WUnrloxN=XBlu^uAX*I9~dT#*a3p|wq
zSBeRW)9@Pdu~BDK8vUEWf_38eBVo$Yn|tf*;#I_}sdf*5%CDCo-wRz$V$~x+7d6B~
zy1Va5&Tf}*Q2OMsJ1hY%WbC6h*Y+ZJdf&ve!sSY?+x99{Ao2r+GhCI(cR%izJ(NyZ
z;X2!i$j;4R7gF&41tn_i6n>cfp^(88-f3uXNiMbDS|~8rV{mQOC@iSIt>enw7dXw{
zC@==-y;HF--%zo7R%x98{B#_6!S{7LhKeD089ijK3j??;L-}t*{bSiU%$&Lnj(IB0
z;PF(^o)QNe+-R-Fn01LvuSC<J%>8ER`N3n$z44OGb4U|CQk1!>^iq_-nYIh@jP_3c
z%QKK>7{XXzN)$*l4DBzk)txfQ>b{Bi!mI}Z`oFNFK!z#-rWf}U>f*+2_T2$2I+n$!
z02Zk)>8tj?>=m#YVc@=T9CM_!NW%^h$p&LUr^j79A{0%$tnNXyJbXh5eja#`v3`}O
zB*@I`g+O%z(B}8^`lZU8#E5)8&`WawS%pPI+6vu!A!JW)6gzX3*K8gcvZw%oUjYIZ
zmVjB&P~u!n)$jsq*zX!o7ihNH5$iu%3;<ZxGN1H%aZkL<)*Zzh#|SoWo$B>XY8(vZ
z?rVeQ!Bp<S;7U0ED(=t#3NB~K`+?`1zj2SxD?%Zu*6)!P-&pi{#oy}AsNk6T3_dh{
zq&;?Sms~D27l?Kru`wF^BbB4>vKtBH*!UoF71!-fu9|m9vB?nK^&(uN3w6-GCDp1j
zebs!;c0T7!KMw%W;LXXmy|}8u&(ZGv)Lv}7`#ij!%uG-_?D&((^qYuPM}#rp8?#R*
zBt>?<zKmP&{oZY3RvLfVdUS2f+TNko85BJV|IIT1F*8(UtkaM<Pqf7=0Tg52yxN#D
zBfPhzmy@qH680<-_U6WQeIeZbmtym>Z@5@OPV`FvexO_9ZP*X^&a!>9;vjWA1;cOw
z0VO{1brU1Y8AbvICsVauV0TX<#~P;VdtNXys^QX~K3u56?(W+I<<~Vy_jXS%fo?9e
zTYSUp=YJyXp%R~00p;tFLgy~ezuGq142S%MNgLW!X1A8|DEMeYO75yYm>gPdj0Iyx
z@;JpIm|*G`g4IC&ddz2K@0P2|JX#n~Fm4?UJTO{V0Mbq7LNZBzP9Mq5GyXP_mz8B4
zLmK^e_cI`EPe$zrFdWreG=BnT4=`94rRiEreCby5U^ru*S|Vk-smO)+uNWnHmbuh{
z-hJl9=kSHsWM9a`Yh_CRv_d}SN<|c8!pk-8*IZ-=cuhA10xjc{J41%GtHac%O5*}+
z%veOBf205p<D&19+4F}}MQup^){cQzxaU(e-@p|#m@`BnYzr?osT<&|m%l|=&9$Z7
z0}RaOEj$m3*u+rbneffco=auu_&^!?_sn-jh+WIG3nTTF>vpbF`$5?Y_FPqp?C8xG
zg+NVX)KhZJHsl#5r5-$t$lUvX>}4V}7y7l)k+}Htq~v+#u~0F|qb~cxWIP+&<=`1d
zJw~2(S;u>~{Qa}wcKFce!JhzeypfCn?0geL#{s5A5nEw)0l#6XhZ4jHX?)RTXBz)h
zNbvRJ-c?-L*>-vch1J9ychJ30UxY`h-Icq>B)c99Z=a`>Z!WaxB<N}wvpdn5Vi$Z>
z-`|0<EC(Bs^oYX)zsxyxekt(uX)^xaRL&PI;!NW1mf2uN4%BYAa0bZuJG^etr;~&t
z<rpze+UXP(O#{TTr*DN3E2c91K`(2*<RP`jR_Ld5k`@7?E_?9(pExQ9(Do*+q~}*d
zeI#=a@ZgEr8Sq}^3KqW3JtnMFTv(n^hh*Ud?}A#6C2RT$RUWu@!Zq;<g9_3<2<F=i
zk!M~!YV)oHkX|xyI%(3h?9aebqFWHf{d7Ia?fg%c_uu^p&DJUlE^y;N=kNtE#VCLf
z)U+9+k)W-!_=B^w+dB8tf8~VK$1-<v^TO_E;ahi3i!hRnEk;ZW$P<(k{9c#OkCz_|
z-FFm>GZnxzC~Q#tzga<=7Z`QDxVrL8lrr-^zCM!NFMSGs3$f~iIH-ucW$#NUuN`RB
zZ+@kY1Ii@#GtX+iNPnN&2LujHMO(hw4|LYir!lqlOk3_B*=T8U;=;QeyN>TU&X}%f
z{rZq>UTD~DHi${rN*KnHXgjCYoW<7Ppg^-wmkMTdv5CRsGM)Dps%)5G=XU7hCo_uZ
z$y%N;&qif=I8V^><>OPG!$I2NnQAxqi?kB-rp^c;4}-SMM{Sord9@cPHW&>ents?p
zgx#^^p}<~7%zQd)?zQ=ytCDN{tKwM;o;&v*;B*ucdehN`Ip6{2ncssQi0n}j2Krh!
zV;=rE!u;69MfU=Y!5!pP6=Sesg;xj%7(Id73w54w8H*?IgvB`R4U2>wi-9SFStj>z
zrZwZ;#UysQAFy5;w()k&JqWoR7jyZSKqs`F=YSeG{Sa^QMEY!O-xpmDhQIH><!UkK
zX&~_9M#8%P0<NBP_P*(5Fl!CV;`!6^;7!jCz^XQr!A0RWGCwe8nAHf>X6*99ZM{XT
z%_U~+@l2yC>RBCl;|`Jpp5w>8_!`T@+wWQzZf<r<u`cs0=pE;tN<mt9n>7$1&X4<F
zK2DMy!*~PLU<E5+jk3Y0@9~u2HnM<>x_qd!F1+H$_etr?!_&cNuIm&x;AiGU%xXJo
zL{Iixh|T!1fM!8#YJ=}TM*FPgx7tIAQGF`F%ed?lxYJK(xx;?Du>g{RXoGuxV`Z!b
z(OjoH-h*!TC*CJp;fAmzoFrAAq4NazkGK<%_vS-g{9KL)2wN%lkrU^gwq4WD1b)Q}
zB$z$+zvw#P(Y==d$xtS_r$bBbCpa__g28kp_g}5F0&$f*3Gbf&Pxn(~?G(vit3j5_
zj*}^(w_xSxHL3Y3Hn=9O*thT3)JNve1>aX6NLp)mtex?EukqI(=2r;&Uv5b8&`P^E
z9_Vr*zNwyRrlXSk!_CkNmkX1>ah-iTm3e{n4zPAnqKWv@W1v@1;?6H{3OS2NUGA#3
znG+?S6$2n%TCa0h@}%hz0018{6wvpaxVUy5-NrcBq(n>Qj}Rt-Ot_P!g}Y9j*drTb
zDMY$c8Yo)uv0#nb<{+3+#TNdJf-V0(^kWYYG(R6n|1v7OYumk#g&@UYTbE@a9pl;O
z8%OT5$jkc1_3sB)v-%CgOW@V3Xo)J!qTw6;0^(G*6XK|lXu85&7bv^%t+Kmk&db#)
zHFBGhzR3*w5cBcRw<E}0V6Z3;H^smeLuSI;Bg?M00gbLl!zd1<v(ndjz_kmA6tXLB
z1n^chjQ1>Px=3)yb+d>Wt0$}s47ZObunX1xl`EAb(5!RYaXzsQNMq)G)O?#D!b!(0
z^&R>#&Mcqq&cCV`QMD_|27|h_t!3yTNX!u?4D`%#U2JMHYFW9K!X^(_Jr2(gmAEy4
zNdWpYC5kf!nZLHe9uEXRO=gUIngq5$e}?S$rwvlv<S{Z#>rd468Sj4`zDju<@f0ip
z7~Mix6>2^@<H;wFCGe1C?QUh^CNdmJvfg9iuvszR%aBi7Z7J_T64}$HHEWT)b)L7k
zs?T3~6bXB+1ovU5DPDvdpJQd2E0hU2*GzW@0^Mcv$-j+Pt|`I7B~z@H-$&HOlz|b-
zwu;{&IHW^^KZ!A%0x|D&^Xs_nF@?n00wWa2t^~wlD<WZzqc9Vh(2r~G*jqVV@%_lb
z6F_z&yUzKd4^XnH#eYNxe5W^0__Je<F;7Oio`gMuRuX#TW>eB}!wZHHD*|r;SWUnn
z-Lv@09-u#ig~@$K-3l2$Ufc;do%*fdsOqWHEI(En>B=;=uoZX1f*LPLK!3bq<^xjf
z^Gg;dN4PQF*52Xz1<K;7iRfNI2G8+!>%#{JBXQde$j@t(h266I!X}Rz4Mf5QVqo4t
zw6r@cuF;O%4z6_)j4RPVx#O#l`oB-1OsnP(o6K5o{L!hfumdDh5|2PCvhVevmjI@6
zDDBP<8yrA(=X^GeoJCTBBL0pNKl&$pno)WK<liR2$z;mXP@{y0P8DT18q-^MofEkg
z0s2{4tp-nD7p>Tk-n{I6@B$W<535@B`)-9xNnsz4CVCxb^8xL3=B$$t2?5^8%A~{-
z2i|@LB%TjIv++5o($PNbHZVFA<nBzZ2mQKQ+##2GXsm&>qX(Mrs#fiR!lU{qgZDKx
zs|JZJ=Ff-0WJ|N5*ri@+cC90=69b1cPh`yD;Pv|B7mz$15q3I%)w|Q@9pHBBX2bCh
z?)F9+2vxROQmY=_JbeA=0_rRSjx#x%y(JOtEWe#?EEp+W|B0!g<+Z)LF$pC$xTjj@
z!MM+wCj-Cyu&{L9ix`S0KzZ&8)Vi^wYY73XCbFQv$6#-DnhsR+GajY^596?{8;>v3
z#D6U8ic5_Y__eU1_~Th?RnT7G^C^L1iO-h7y8}6n62SRP`393UzGRWMwqcwtuRY)~
zJt*wE2P4mLv_mg^EbEVXn0a6lI6`@Ydm8yKg2$we=N;kXYZ(an4pAVI2-OhjM_9!C
zJ-}$3m>l+0Z=Hv5!uDR?NSzS+{FUopCwPjPE14%YM?lO2{m8nPRne(O-3R1>YP%h8
zSKs(!!ZyCZ1jMpeDv0HFexZFX^-;M%$-)pW@)u66CoxpQ{ewL9kVXTfS4bXiM<n<i
zZ5==~-?>5@Y3t5J;(Fo{*&iWR1Lh+l?d{F*(riZJF_cg9(G-nk8yhR;6_Y#C`=`&Z
zih^_5;7S88y1_{Y(;&T-qRW6^ztQ>m-#7@RU!+Lwa?|$H3^Ub*u9{Hg!948h>KWP(
zmOd_S#!Ux`DJp~?xey`%f~ezJ5Exfw0oLij5QYG6&YEqRe_2?>kzW94m>S(d1}Tuq
z=P9BMSowIPhFxU;*7B0(L!e@UzlR%=Rp``@=`|`HsS@>2JtUMI-gC}rWuRK==gF7-
zi2^dMR<{<JEFw#R1nPMOQ2tUj6U|v#%wOmHE(EHpBR2pAy&q7}7>40$49(l?&D69G
z+CVnA-wU>Y-$`fR_XCi1)Yo({Tr?OWj(q=BZ|}Kgzr%2+$VG<0d(g*q>_rLqxdv_x
z&e|J)n(Yn&)|TParq<yB?khybwm84Vd4BqQBT<SyU*^R*A>4vF$f;*%Q(#Ar*4E3$
z{W$Z#3^;RU!*X8U#)fg>&-cW5_WP!xyiFWH9}RA+YVopf(DVgPhaM?*yNm}vo$!;h
zw*U{_+X^*CLLhl8$$kr1Rk@By1cY=FPa-7>(9vFij(&n*6c}&2^RG+uP+<?iTF<}k
zH>C>p%@rAxPVJjE)jkX~WydvR?+vlDPwIdmhyC|hbTA3|(g492bH|iD-rD7!fsDO8
zvkCx~OC_|4C3}mZ?|XL3&;SdTso^g~0=m{in2Q=_HBSLen6VWlmw{IMX=!8vBZ=aw
zo%qXFrqS~qeY}SmcfHTBuZ;i+zxP-tOo4{Z;M}|4%>|&LS|NZuwtM*4I-@gW9tz$f
z`Wc9dGhaqv44JuuD~)%)%naNz$$xAPJS(W`R}V2i&7E`h7!bDPAT9p>kdiP>w@sEN
zuSRU)+>qKc8@@mFw|XG4KQGI=&C=1|xDHhu3@Xa`IB`22OA<kwiof#v2<W9Q87(lk
z)Sz7+RCz%rUIUoqV|AC<Q2f-<Jp(e#lG~l_(J5+v03C5%{6+b3_`PLG4n??|Bm8V>
zNc63u;Wk9}EI?~x4%&-=W)@pFj58UyyL24Li-VDjU{FYSd(z>e(iJ&)dNcZYia-Lp
zWU8P{M(a_bwIVWM3NTc8LHL8b3gB6@|NJ?2KECNrBRu$-4@6!Ds?}{g)U%y46qM5h
zW4M5~)swgu?~mU8NJ<?%bK~`F|AU0EpgY82^F%Dk$1FLHUi@Y~kW9H<K;d98)uYsF
zi^t@vOP$0R5w#bLs5YtX=y}PpM+(3)mGdSN7g$pZ?d=-w_P%hod@7%bdV&M5Pp68`
zn4`e>)yM{%$-S@1<?hPyQ1fr~%rmX;Il4>xuN)k_H~U;>O3je{Hkf#<(<^Ahv3C~j
zrIU*#Ma65#gnZLN)88|-e2k6Uv=nFCu9WJHxej>k{s9EzFc*?cFo0zX9(3e+Y2hJM
zFg6)ee}CjD_dy4^@%0yJQt?Mz<}XxH+M+>%@B-PZj$cT7n4vvp_^U*W7j4BWsAjU9
z7ceX$kuZ64!NY~6^)j6HK$H2#v&YqyYo}SccY^j*3g{Tp0O$J1>;@3_gP|ffO(HY|
z(8!s9Mt;cjwL7Q2{W&CTLlTwn@cnwnYw@D`7*GZ#)QQHh_}=+Qj2J=B3IRO^&`{cg
zpQAA!Us=ima5{rV08rN6NwIBd7|polSMG?bsP2(8g=((USb=7H)U@*M>C`TFAd*>%
zz@g(0H4h>0q-uiRf4IICio2%}59r#>OW*+pae%Ruhf``z<dnP}7b9t%{gT{Ibju`{
zHTp1<1ow*j)Pcf3<mIVks%tNFi=VaO2kF9W?>&s>l`xAn3J}I}|Hp8`{6Zfq*85Yk
ztR;6c62!UTfUumqJL)FOxe18XvXFt-@7M?A=p3DmCg8#2^8z5xyyw^4US(&0SpW5e
zxvF?bv9hC*i*w@FZGZtpR#@z1hT@Qs0{=g%t~;LUzkQQZij1;n6h%n(2-S%eDx@;Y
z-m>>O?PF6(w#drfnMY-1bdrp$QwSw{uXBF)=bU<;=lAk@eZT$V<2~<j-Pe7+`~G}8
zkk#U34b+1-Uk9}EZQ?O@_tSgJsZkdn3_^od{#t>_FSP@Uj7l|u0O9#a@by?KT>!uW
z{lkuYzR}IiO=Kwf6?y$R9F$x>E^CajNbW>TbUoLRym`WvXL-lJ@yNG9FG5k*Yw>d_
zInz`uEo1k9{oLn_om};U1A2;+oBb5-Hh{_Qh+SpUeDU&ls@qHIm(=CYkr_7HUP#-V
zHJqq3o*5>1abubc^DT4VWbL#bpn{t2buPCOkl7e<hc1|k;ERU9;F4_CK*;^DmrGWF
znCs0fnW*2P)%!|6d1S;7_o~S_N;sg@3^3qwLZTy$O`z81$}aKodw?u2Hyr4(e{~1G
zMJo2vl7j7A4RqiriKpaVlka*03Vd-Km2a=@V3AHyvQi((q_!C_UMWcufnF@8`8W`B
zP)F^E9YkY*PfKv?l)OJ#(AsxG&`!et?&AEaR0(;dBpz~wUcUuH^0uS3dB5v`Q<@#U
z`EAFCq(57VU9eI$Mur{z?vj`;ysFr8SLP5iuf#D9=o>)7UM_R<>50KT(SJwO0*vOb
zgEzxp<iv3bz=B0TpR}bqUE}!mbp+ej@Q;`^M=F*Q257maVKooEd}{sS(ESHk+*t&k
zhA7S2!To4EHtXfk0KW{)<vH@Dyf6Nv0lKeluiwhwYlXQ(``l-|(_%zr*nTrm<z0WJ
z=WRzS>%gRb9KrnEy~$P6r4WIQ9N`VE2-7K_Om=Mt>&N7?%KT8&e8pA~F%idm`6~`<
zt*`Wtop8@S^sbBQ)-&p-&fN8q$<H=^aVn25|L^3|+9n3`tp3`E`_q23dSfdMxAKwo
zuAjnRJ9qeV-;wO4-<zhD@A+OIJsd<AbsI!gE}t@iwut}S=7LXslZQ6^dK^4W<(wYB
zoFsd-1M&FUwFiQ(b;?Tnr6Enl>wB`|nbFre?sCf()yb#c(d+#b0A&Xz2#N7m|KHr$
zWStFhKgM>y{6+p!4&S7j;1k44fAbvA-x{rz`xO|z{PNvTwtHC?>R+JwA0MRO2%!Fr
zfb*vzx0^_g*;sNXF8anCq-Q2QMUa88qNtN2{PyAIlwi;-R%b}r=4k^-3aqj}kw@P=
z=Jnmtjku-G`?UlE<t@{;gSY$!*?|S6j(>UJnU0D{U(K*@C%&8b6xt|E6N@^Xfp*LF
z4{v_)&0p~CRn(_>ownPwX0+~6pNjH(yqFdOVqWuV2k{P<LPVlu)E#5uHUYH)OJLs%
zj6@V((gz=YE0u6if3b%lK7!B^%80l?NPvpo>j}Y)#^@%eHA&ib2-5k^_vRKGoK&yc
zLn>?Ju&t`R4b%L_Zt^@m``Et!UPOSc!nOoKX~2hzd>gSXlWURKKgZ9RA;aq1P!xXq
zBU$5Azs{x~zDNF70{v$Nt4A8#J2C>)elG~o8}vi@{mN5qfHzn2k7XbsG?0NH0^_^t
z3{qrnLYKFY6D!)0;qqHps91c1$0+4a13+R&m)zP@7*b}R%8bv(kq$0rK%nxbXv)YZ
z7^65qTewk?O|!X=jRzY@I){VOrd=wbPj7KNc0G*WY8*MeR~)~FF00D3=W-zXk-NcD
zMzX9P>e7+@AsRn?`2mNlJTA~O+I|%uOlNkzpUTAl0-K1iYmYN(Ye-ZSVK0M!Y6Z=R
z_ytO(<ccK%<)S<fD@U8d#Mj`~JKr9@`|+*8&@<IrCjgHvUG>yZWe~WdmK}UiK!ZlA
z1Bt9J_3HG5Tooj;@^ORMhk5a0|9ni36g3jRW*v^#mK-`RX!r$x3i0Gd(1s9GKC^J0
zbDE<YyFCchd_yfquch9d@`9lbGzv)BCArWFg)T$k?%JtvM`?v=O{u;oNBk*IInvU;
zC9WWIh3|~i)Fpc~GR^XC1tqQSojkhmz@{th61RGr5VgML%J<VZRXkb)cb!ENR&t)#
z2l^qp9*9y7EtNVenLb>0X^S7ZVmX}Or{&n70ApukJL}=)mq`0%)N1FKLE6HFjqK*t
z0dc4+nO;NIOIj`g<R3W7ttNgFRIBdABH@mD`b#c4C+4WI^<<YEE84ZoZViJmTH%0F
zwKH_7IG@Z)Y%Xoe&OX*!z^ubyLuk^5O+HyfQhzT*l}a!ro8GudFNqQU=A2t<UpZ=G
zDPJwC^Ve_<tJm+P&pIPoZy=rWK`yDbD-e(;-T+LNXQ%@Fqx}&W@^TAI`LL$h%p4iw
zHu|3_uQ9`vOM*eP2QEm85*gsu7<=KW^9gZUa?Uzc_>)~A8q=2d>k}4QaHnOfeC?c^
zXg;fFBq>};ngpaW2pUfjT1o{LJsTGmWhm)4*QbF1#2C>NvMhg?qONTakd4h{-HNl~
z-iK5}GhYmFG(cc<@?cy?NXk##vrR^U4Kb08Fb{}`_8t8c0m33Z1<5%>t)WOFm%?K6
zX`Y<mcy(a3<5Q)cd(mo~1x88Ij=I{{CP3gR2&!Vov<^lI6}xOj-?v^aA~{5{+(kuJ
zz1D*UxzY39Z1WMzbrcW*v)6?<X)PCw^^nKCqt6QF{N5^T|J(6vw5}mD(9(#hosS=Q
zp5&|=R90VZ-xOD4aapJzePqjQf8-bxY>@V%MUTTO;cLxfFYN1lfL47LiH-_xM*c_?
zEdEsMbI=N7s)2E|LV7{8?^h+`i}BD07*{HOi0K%y`V@m%I)gyu$7X)~R9o1j<hdno
zF?)@r2_qv9FfSZ*M+Ofe(f)Vo{By&|s{J`8|H*C5*U|bk&;m^lT-AmmO%!mFEq_EC
zY-|c<ZkC+8*bqgNap_{&g(dEZ)sn_=)Gi_7{5VRfwH;Z!dP87aTgRiugsnUFAx`YQ
z{l#jF%uMQ1=Ns@%dp27gT2!s29(O(Qaw)d#>2oZ)C>0us*Oh>KJvtYaQ|IQoPa1{H
zQSv5_9Q0*k83*n}b6&}~(nQ~4GH2aG8#!LmUI_wH0n^#EtWha$+z2ZSIy#UFmmNY^
z3^<v4>4#%G6O!81G;r`PUR8hLMEkt_5>UA$GYMj=iJ`R9jz=wqXqhT)wMIy}oQ3_g
zg)UofkMk(Axn1Yq#Iqe^*4*zYaZDddA__3D&7)T+mKcL}sNJs1OC4`2OZ}iDogxF2
zmG80Se&<XNn*q;^0!PrHSUJgC^^*2p@NYX98?b>4HpP*G1_iLs*`6yy%lqt?K1be2
z8~U#ZK>q3dM@ed1WD7Q!w;lnbYN$!V<4El*vlux{H@^@7BOtU@PmRK{B7m(dGS?j(
zx$?g$wW76*7^T5qY+yR5qy^GH_a1CJe1c2RZ?!tFnk0wmQ7et5YQx=9xqD_jf^YiN
zuZn9y3a*8&7qVIAC7Yrk?OT+4`1eB}UPO>O<(Sval=84hI_x1W@IVgJH}(180GIU;
zK;x6HAk1Me%ufIxdIs^KVMUM)Z-sR-8qaqKO-P#~R(9^b%Uv6Qj+YBq5##s<eAZW5
zCVc}G6k2>soM<9JS>>Ver+-sHU-BfWn?0taNpm!5Urb9Gr0d<Z!Z{;NCapm}DS&Hl
zTg23q&*Hm4=-p$}Nqk!Q;fc7OU^tJB(X}@~t+;y_@?cfDuN;&BXwbT=dFGVPIj0r_
zvFq>Xk9u<hT~?YV*ap(q{7(jJWj|#GhH05B?|@lQ_%JrQ+hN_c%3Hn2@H8`&<3PNv
z!qLJ1JG7eAVq%5BqGAT_cxIP_U`B9PFk-1xUs9hdqkesG^Xk;3r>rSW5PGy8!O<LO
zUMjhK4?Tlg%0y`5pezQkg^Zlt+2wxTb{^zB4!)3o(}?OvHoArk9|t1JeW?Vvys32o
z+z-5)-o+`s(4~4)te_a>j1)QFBa4jreRyQHq3`n*3R%M?CM*pdScmm7wN+|0rw-!0
za!$Iw4DP*${Xoa|eJs8h#5km%?OtKcNaj)I=*vri>Pngt3`Slqv~@+SZl$%cT>u#m
zkAC)#tT9&7>?IMvpRK{g?l|AYFegI{EYAn7^WZ@j%gy`x0|FY{^<(#%fpY@|X&aDt
zO#q#!*^RzEb~Fgv4OS>^;hcC?nz$8a!b+X>8uj#@o2VU*)vru)C9N3w1vVi#|3)JG
zDhait*#mNp$F+1m{(1F)Q<Pb=?mOk4Wq|-4A0Ym%^el)SQIrcE_KL#R^?EWqf`j-y
ziTd+9`pKe?-^!_N-uG72<^x4cDd0ubxTWp|GJ}ZBwJ1Q=>0958ppPvDrki1-F(;lO
z=g}p&KXwh>L3axIlv(xn-kk$JE2@4zAW(Dsg(dVG*_TeMK6&?T5`Brg{(z4A|DR^&
zq_gqWLXL;kFE8vcg973a1;=0#5|4PVDQeJ-hg)Hq4vt(eqjt|quVpZ^yJcnSE0w`=
zcdYH#(`$gBg(73>?3>&Uxc;GwoWJwj8A?Pi*fCdra=c0&(c<^ZMTw$qsfsxstevze
zosYqRikL0TH|O<!{8b8vV25l>z?)}SoVB@7=f(W$-`pamZK33K0)bY$H0y=RBqQ5K
zh~NrO&t)FdNt=Q6`<WvsIWQ`essW3Hs!vjw{uEh-5;>CwXO~1krSCHZW2ui?d}CYp
zAkVtU9xOJMSaZ5C)4XHEV8~m%N%LxJDT6@jH~`JQzy(lsgW36aCQ81zbTJwzJ9i?n
zI8Ae*_}P-je=+mTn_jEQIE2|9{q{XFAlvpvwvEK$Gs@29BNpmvj#N)?bE^yJM)12_
zK6Nwq-@){glRIe?#4MHCTQec1X@YMjPtK0^{an8HUc{_{VSBWoQ)F|$&Y#Yrqk~5F
zr_!|}bO1PFFY_pv=^#lAVibde0-rS-+NQ}B#>XB(&gD;$AsH{Ig+aa7&2(U%I!0yY
zDO3cQN2+||9Bi2<@u8D_v`jYxx8yKQgSqW>a|w@re{|h-4%jVHfXSy7Ma{2Pwi$A=
zQY_0KOA4HxzjDp!C&X5#e_5&9e#m&pY7O?p`q91IU){5}G;bXcgtoCo-?H^U+IPRZ
zsE&8~qqe5IjUFL~JSi-U2Zf%k@axql_^*expFr+m?qNONw(E5I@95`dzb$pTaRJ;F
zjSfC1yY5@swTS{fkuD|B$+{s#G$5T=Z#d9cN`^ZCw|hA$|Fc&AMjAP$s{gWh_YHJl
zU<w9oPS6CK-pz2N8VY@~U!D$I@=>vZIw5eTa%*?l|88E|Td35ZEd@mk1Vdmew(LzN
z1qU1bDx++lW#gj?>ZKbow8e6qDf4Yp)eHhQb~JsaDQp5G&N<_vC`9Vg!QnXzPzIuV
z{YU%aV{MUJa^u_$X)nXqNr?Sdk)@H@wwH!NL3KctZ$|h2DSR$;h*s$8s2s|;Dya@Q
zG3Z7@w!+ZqoSR>H8{s^|)&+>z@6*<PNllEUR%MJ&xSlXBv7HU=vQDGlp6qLIq`_XK
zS%M{b8PkRH&&N^!y=@%i+g2zBSt9G3w97K&)xF(iOxiX$H^#d^%Nhzf?U<*0Vw3kd
z&5WVG{w(DICzH>CcP1Y(D{>g=c~S{*?s!_x?}L60eK*!rFq?2Xb0IBJT&Npu#VHcm
ztP+s5@=U1KnwF?8JBp-uI#!r{j#N_Z!Q<6yUOZj)Q{hn92v{F`rsIiNlL%ybQk~8T
z{P?oZkvk9^sZb*#yfUo<Ss?$DG)m%Dy4>m$t6#GGXtU&o<Wqcj=Le|XKk|w7S^4(z
z{~yU8CeWhr`)qWC)F@)zjwWhV&s6K7hQ~98o8X|k4AP&6;8}QSAFQ}X8z#j=xmuVe
zZkC-1npITz&i?<24Z_3*;{Z@!J`f|dNdBIIThIG7gd}k^&`o8y37YOs-)FT?<~|CA
zIMjAtI?1%!Arrf^pM_;|BT(?<^4K#LiSD7Rh$9AJN?c|t!CNZHFWO9oLgPwVa`Ufx
z#%!hjG5$X1cYNWm!fToRz!K^CGQgjkR9<#AZ`zS6WZ%ifcF8{mSKuR2I=~m_;ttf<
z(yHmD;L%suxHV?|s<Cz5&b3H|#caK>b6odUd-N@c;wI>*-u<@6&rCrkgW7WZ`tP1G
z%tGrb+gh0zZe`(TyE<|bF22gJI__5X06qcbXxtvt&Cpt6ukI~wjOSXB5BGzf4wFFK
zuVl4uXlSW<hn>V%f&f=iFwqY3Nb!_1DXSD@=YJ-&=y^`O@kHD>L~KUMO(xkI@_o$*
zR{&ODIw7rx&!BQw<YbZ%Z*7;>iBX*c_bZT$UGtNXdjo_i-I6zdQy}ji!gi(sHtNzo
zU1cP&03=tYvdJ{t?z-5tnTor2fH3ra6<js8=gKXmu@TS})1f(f7NMh<c0&hp34~s1
zJ!dokdG8H3es}pGlD%B9yB#?<j@Fl^QGxCpY9P&eJ3ftWvZXm6M-MqwN}{RQ^havP
zfqYAv@4qsS7~K+e5ID5qCPCgfh%Hl>v;HRE3IQs?831KvMz8{{(0MWoW_gjxjkCl1
zLG>W^gf_Rj8<*L7a<l;`w4B^t>Z;t&1p+B8B4j@fDkr_UUO`exmro#AL#}n(5ZV)A
zc`K0@|B9uwfG1o&H-YYp2Wl!TKw^jJ<+yGAJBVf-8<@W`k)u@E51t%?)7u@+Z%3w@
z3+`y_MIeSfujpKZlMo!ljP~_F?}g#R(-(Q|X>5ECe_xWupEtiN_3Sh-0V)+VQMl7f
z?6}mu=e9<#9H5x*V8!ih4(T|OuPZQ}ui}vf|F%DIr~KB`mJH@Nzc`2EPK$op&r8A5
zj#O$o+xLJ?psot+EE{0bOQu?-xgxR*Z~!Vx)@L?{#RUtzt{q)GOx;eE+<{@!8g%AX
zf6CbRflO?pn0jCz?dsi%%c=7m8EU_boWO-shq!cI$LOW&)uij6&1z&@VT5l)udLrL
z$DP|W-{l6X3V-%seH}l4p*^wKUcw@Ad})h{d0UYkxR$yIH8Ei^hjMxZdUex+CnaW~
zqyblJ^qZV#0wdeo#H%^2uR%bgFrqpvQR{w^Bh~a{^{@7Nz22<1(++j%sIji!hA8(x
z)2gs>2>r<SAPHeLw>;7EB6#I-_#~cfWdWC4e@*fEsAqWvb;HeQIFiQIVO)m|k9#`O
z4N##h7UpU4$f?^KvQvYZ_JlD+8<++(7TL$XLVUoOTd_?3;9VpyNePB&_Tizs#Qg;S
zEh3Y9cF{{Y%r9&7vE@p|3W?t=^LU&c^g@GzSTbI2R~d+#KuX^Z;viRqs!v^gf$UUL
zJaytqUXzLbh8*TCzsu+O+652@kh*=eON~_7M$<6-9<EunlmvsiAkoM92N_|%x(k`s
zb1j|P8DHkghO?GP!O^UeGt&LZ1yEMW0xLElp#`1dKP^k+_r0o(nXL*3EemN}tnbKO
z6#DvJxE9t>$H6@_7kX}RN_wkxxm^$0#^O`W9E2H}5cu5pRu#1Z$FHi7wc-G~c#JBn
zx-(sRITOP1G4&^)-m-cL1gLKo<mKrnf?Y$JVT}2>WtoAS4(B=Yko5@3Yoq!eGDFsr
zG*4BayQtMC5}N!apQ)cyPD~XVpi-*IsAMoxv^9HwB_r9lSa3w*!~e`RJ%T}~ih{Ib
z+WXcTxQ8WE**90R<dA4itpoEM%GmAq>Yh=@y;rlbW1d`-xd*)zT9S$W3wI4wQPt7A
zfJF&qH*`dE(<2;@DpA!c7dhnL{I7lu^%WODJQO4=BYz4@H*bz|?<nfc<~7M+9*C`D
z_`XzvzZ_(nP^g>!Joh*lII@JuDY?)+lzS3;LditBY49c|^*1-=fS!S*IBGs;bAP~&
z5*N&;oA~5MrZ$1wrgeV?xCF}_4<Ly;H9*TGahdcC8`v0dH|F+j@CQR2F@w7ViEI&J
z<B!^BrWxa?h4YaC1{9sPc4CU!Cw5F=aaaSKx_qNGv}QhZ9o$Y2n3<CJh=KC!^n116
z?!z5fHd^~$Hg>^t6_WaAm!J`$qWfK8pD{4JG1Wy@uNJj+_y#_;vmzE0CwU>o{MQmQ
zxOH&s#%`^AK%uWan?6vxrL=EBK^wDjE29>tc7rH|y)kon%QP(ZC3<BOy||I>#(yx%
zT+TNC%yU>$9q2`eNQ%gIhC;<i;V+-%WD=@aEr_7_jn-uQ^0J*aOnyiQ$P&xSDKA?n
ztvJngyN{|H*T$N?m03+m2>jUx?_zLBnR@CUJt7eba0&P5mtgFgp^Ds7iPzPV-128H
zn;{4CTG9Ib-oPuUPx$LJcgWW9V8zwE^k!|^EUUViZfWNVwtEt@z0h50=xX*e<DRJ1
z-QR73EWy~X4WZSN8z7fD@Z0Q0jUX_M-*RWmxev^JF5-Uq4!Os#m7RC>D_?w!xXfz_
zc>dTYAZOU)NBg>8WBSl=dWqR=Re^HQde*9K{;RXD>iP{Y4=m!=nw|5uev6R&hgZ*y
zoi7(nx3D}7VCpQ=5}G{v_zi{q7I_~4d~Z3TDOMf$YUW=0KZ@>4IA;pK^euNX2bx5!
zNFMJlG+g+e-iOPTvn@-no>`-dG|w_`7b~a2wUqtOY7`T$uvR`JS9dTCxyc+=o!EqD
z8>J6n&~W1;zUy4+|Ms!UE_tADn)Y7Y9aAsR*x&Pm|7zQpKQ#6M`*|x2|D6i&bI{b_
zBJVozIZx<Av$KWpKIEQaZx#BAe5=#ZM=t71YBuMPiz4ZKB-<UJ!rtH$(DvK+H8sex
zWYI<7Pi@zG^|NpOil`u}hw`{;+(asq$^wvh#nisCdLDZmqFZ%;jpiqzQHhla?<uF@
z_)&$S1OtopB<lXDB<eUP<EtO39Gy?wtn!UOe?$5==a1RCy7ngJFn6DNUsy|AU)Wt+
z7^*lQce>*w?*PBQ(?dFO<kQFHe*KC^Sr|%)1ORckgDSZKgdnP!v`g%?-0+x}NoV6k
z7;Frkah^6b*g5|8_e(L#y!oM>^RB!1GozJx=|c>F{7&ul;rUGf_p<@q*FaW)X)!)(
zYkzS-GL*oBziIG^*+g-g>E<0P=&QKwAv;nl6Mo?HK+WXJ=J+<x?LAppSX-XN?U({|
zMc1uB&&6{7?3R7kkCL_j$O0N-=g@7x!{{iunmRoI{S6!?X<ygr;L@oB?PcFJ>g*SP
zz%5VC21Yt4`$2x~b4$IM&^v)Uve0@t#v`r}n4REs96~RF*KnTiD^z^^O1Xd+ZOePW
z5b+-Q4snc5z(h~i;-W0^!htPL=(Qrw*f)5-u_~1wu+ul*))lxjZap)*tSu|#w=X#z
z>d-gdz4&_#npWcE#pxLW9>$W_HDd9is#iFYOF~}T2u0DQGCYGF>xw;Yv){PE%NOs2
zn|)5p#CqVdrWJajdv^8BmWX`v;sIu#y2vy>Kmqj&5q$Df2ytcfFvUO`_uZZKl`0l;
z{&A0TP#<tc>Ts)9c$5XMmMwY;1AgsfH2GzV5M1N0^qBgN-i8)+1JgF!-t;80@2%R0
z*vBjEY6(l4>xnVw%}H9}w}@?wau__}8iI8=e$D8cIqe!fvZ~M2B|wHfX2NBqx?mc8
zxg-&~g;5RdI*qswXpRhjE~M*|EIkpyU{J84SsZ91@ivxI0y$Ed&pzFV9eHB}9I0$F
z8RP94Q{CfTPBIM<%U;Bp)i;@bppFz4qfHufMl*To5`XqAqBBzQO92hAH`({kAvxZ|
zNoO=@eIoIoATn>EaW=ySR<fB@hxCBfkt!fBXYtw2%g>8a-u<pJFNJfzj$>6+i22iZ
zV3-gCmSZ;eN^1vLZPP!GtJZ#uwdKWx@ej11*b%$^D2!XfGwb|&RVl>rwNq8JQ&sm<
z^$;aQIa3@7+u8$f%NYc2#9iR|C7&V3=l4RJ5>OFli+;>@6ZhxbR8u)zak2}E7;MyZ
zmpGX}kayap4cX}sN1F4iL#BbBOdl5Ae&4hxt+tiMe`F|Ht=e)xNO0jGGun`s9)-?0
zBCrv_y3L87M`l?wveh{sCMf(NzCpo;R?k@73ikl1i?viarUgKgUf3gPobu+udr&k<
z`N+g174`_n9Q8=AnN61Q?cwJDY5tLbxYP5j@s>-gNmwg|4R2M0?608UNkipYT~try
z@%)V>>4h8bM#|xqk7?1}YII9oz3gL6M5(H~KD#rWwoCv0qmT2Y)%jNU@3QZdNyRmQ
z_^em`P}XEO(MIFNi}$?k-iQbJbUAuo$YV-m-B)&umlz48E}kxdpLNrpT?^qaoN(B3
zB|brKJu9uAf`eUx=kWP*>=bCWTmvK*WU%IMOFzF#86F}WJ8(EveqA)5a`#3Yf+0J-
z)=w1|69Q`CJ?uDP!I14~;gViXq#Wx%1P;E@DJz6OoF+%gPSv%0?W1_RKQ(OYNP8Zm
z6MIyYC{~QTuNb*^yyqAEXm9kvvj(JIoh|gE!VJ^GYmA3BLT-Y9=I%j;{1p-Zk{>QM
zzvQgyketCI^p>af4a%tyllz(bnQ_F~9HEAh^h=hO1{q0nuL8ZA&&nsRKF6v!g_Xnk
z3gr@lq<!_$QbkQ{FtlUUQ<<@=M}PC(3^3FmYr2R%PZ<lx@@oI{Ni|3sQZ6v;w6&$N
z`8s8KASyj{<)b$<5V6r8FAkk^gj{VT?vjaCg}n5_5Bp{j{B2r#*hAKIsa!8?i_1?G
znVJU=?O?w59^Ab7?2o_Jawfzs`?^-GJykx>U3#Pg-Or7=z<Q;bp*7fa^DcS!=+!Q`
zO0Yh~Svg)05u@Z{>7__iEN}i(?euAZ{~{<16wWscs%;a6ZaNb2PO78{jrO`T;bLGh
zu9_p=@7)Ksry<vak?32rHIsbfnb%V`l@3tQwgIkZPT}R^oL<T$&M+%>oJ4FR$v}AT
zHdzVeW;Ucoo@X0hF)WLZ@H?+F8cPL^`CGk5R$J<fF5!sa*}z|yDQl#6UrmcMZY+uV
z^hNxko80Orlw*A?aEHPqt(0^$m)J`vA&1elWcK(yGaHN?0*+*HHN7mlvC-heY`ad!
zhomAa_`4lLE9MT`DV<grTI1nNoE+5wxs^m>C;C+6^0=CN+ar8%%ZC8|0|?gLgh;(H
zZ=a&`>!3!?_ST)QW>s_&c9`jscjVrqPQ!qi*Kl6>G2ed^ZU6g`?8><Nz$bT*u#^bU
zNBvfuj;{>}BB!BWp`us)YUK0d>rx~9v)Ju>Z8-m>9aas<M43a6PqRebYj{rsdIgn7
zt<<FkTFiHC`k}im3XCu8E(OGsduRT3Vyv<U+R5)I$J*0|+N_94Nh?Z#@wVT2ULuEK
zXPNR#W*V@u9z2+$x<|Xo_7L;LN?r0*!Lb)X)rw*uL0cErB*Uk;9f2dEOyWtB@{R%8
zsKB0OWi7xdEk|!P5E_esRHDCBk*5Zr3rzS;JxIE!nWBbcvgZ(gRS(fs%{XvvnvdQn
zQEbyte-3&j%8oL1f`VZQ)@`G({1=w1c#uAT=gW#QD(!m>!(>O#RG7|}fy9dya$M`A
zuW(1pQc9!k7(j(~!IM_gv%NF%EMlB4a?xh)KgNa!y*$Jfx`2yMp5<Nnizc-O2Aj&0
z0***+27rA(-zG9!1Ij``cW2q)ETdkMp;L;b&cn&v-hTCKc6+$XXLcxg*nQ@b-Iz!?
z?=0*<_7l)<4%|G4-u&VDJV**+Qt$T1otqLYQL8Tmfy~b%P2*21Ef7wWKop$2sQTqK
z4baR9L8K>*HcY&$x`WZVl#R3u_;iG^<o)&0p0{huUjB&KOC%VXdV_D$OrgQ&^W4D?
ze}}r)BR%k!&dhvXtPn9Q8Rh%9eQg<OV?0<UVsFj2o8#6hGn{{oOn?ULR19Y9NO5st
zSgCjQ*WQM3o`lh@U9|eUPE@!KjL8{X3a~Gyq%w$-U5rFh;MK3gn;*p|_zp^`m1_@H
zzW#e!EklUXq~iyI0gHv>^<8KxaJ0ZgT(I}1I7|`w`O~KX{<CW9g8u!&w`-)|s|907
z2o(MKLt}siYOArxxF=>VLbb-kt9$K7?@3)+D5DZ+{nAwJ@GqO`3%}6MT^bsnyQw5~
zc;mRl`L~yI1axW~Am@+<1gCk0tu}K9UGtGu&HXRLAy!ouLAqCG?NloJ3BT&?Xo35V
z?4KH4T3Y$_$DC##EuM(b9jpkGfagwvmXNldEYjkZ7n-!5y821SxfXQHiJ!H1+21QZ
z1eR2DsajxTAOa-2Ae_MH<W_IuO@#z!=g*KSEoQU_D}t<bsii{ft2L2F7=&}tH!oHn
zO6IIsZ8N<88_Fnu9>4f^F0GkKFO3#I74Z0+lD4Xca-&tsZm-JBCdwjR)FVoTbP;=>
z<ujx(OKANOw`Y`fw>3ijo<SbW_(Z<e)o~Y%rz2DgdoCBob4nu{W=^HRH;oi5AhffW
zelXT(`Hj|$OD$n@Ceu{Zev!ZOr+z_JiyB*jnfMhs#CT!@O+l!021+P!+iJ|(CMSl?
z8jOsO-9sumKyexpM$yeVH9|e-vyIA?mC{oOODYm1P3YdlAUWKvo(ZFc6Jids-Ju|g
z@v%C8qqWW1VjQ_<;Rkx!U*bf?9t%>2GpV^Q;_vun<XRc^SMCy#IwRsckF~&{0YrwI
zBT<9mS{MvAM|pcfA*q5d<hu!fc|?Zq>*-s3rDd${cAUOX9H0ud-Rc@#C62x-R%?9X
z>7Xhh$Y_=GpZO3k1`&JG@&H?c2^m>|L)b7tja~c~pqb7NY@FTUrmoA@vtDL*dJDb0
z`D*lM(0)Wx(J`-btea_m_K6t5hg2jl{Qx<5nsguLoc{fGa;w^hUQeH=>bcNszc*8)
z&Y?}D+{TU(+akzJy6?`#j1IAv@R5c7L2aI0hmIjGz=idIa_ghF3wZiM|B=U>-(PZm
z{#7e`l{2sH@UcG*Tcphr($Z{1|H83p(qxbBopv>a^uPBAOPpyQxN7woxkLi-GaG*j
zf?JfC3^<`3lReT0-vK-Td73ZBdnxmA8twmCI{cPU{;Mv|Z19Woi-G>9SX`rQObx)9
zK8xXEIR7>A_ScA&D02&IHI@iEpVP=HzN4|D7e4f@sn7Wt$eqVn%8n#a=Zt@N8hdI*
zc0e^M-FJ?a`DUp$ILhXsqdv<<)AIRrq>{}WAGj#fyK>ZG@B?L=vdW=ew+^M?5q9g#
zqx{<Nu34?aK;|4|b;776<({M5g2cDnM`kA4E1u?Tr~BK6#YIR(AdCE@Z>eZgf;GD0
zXJ!DC0g{+TOVhYQW4j&ad9yzuBzdj1<}S3fgPt)+wYM5gdu5M5^-wa{4B_SOY#zQu
zxJ!y^dwG=xuB2GAJHw2G_ND+iVB3<TX@%O#V&<+`)dhXSRqwnE(8F0j6V1Sk9%Q%#
zr8e~FPw#wNpo_xoQ5d5NeUbKe0D%D05tFQeT}by~7N)WqK2Q~dc5SQF6<k<-^lvKG
zg2a(BXjQmD=y=El2ad<=gY#DRz`3!!pZ5H4YA_*I7(Kt5roeq+Bsorasvsi}x9sNy
z><akP2For-1_5wv3=VV_Bo@6Om5I%w*Ili8V8_k256fH*TvVgP9(%*OWd^e8hJ{Dv
zsDu`)6t+DERwu6<HD#A_Q`OiCJ1Yx4`auvX1aROJ38M7Hb+2TQbcb&@X~@%Fg%UAJ
zs<o+`<Fua2QOPdjk~db8o|Vrw@(+6wOR?+MtsV@YJN2ih5@__yh7ji+>m(4PvZW|y
zt|J$>Sz>@~NuRO#`z?`X`zgj+LPmrf<_eb|Z$H|vjeD@W>qE4QJcKP`8#(Zv)@oGk
zJnt%h^?gn`Sld3OWxbBs@VrN{)RX{NS*`844$b+R>g#Z$TLwS>DRO?BcIZW&gkYvI
zQsEUJxPnNw?pSdftk`=Wa%8wmg`QPTuU~4GNA86<pqt*TW~JhR@41b5PXpjJ3DDy_
zepe?axm!w}DjglU2~9G&)KjT^o^-In4o8^LnJ9Es!Q)}jYzcfy1BY()26}ZOpDkK`
zJ$)9jxqFjD=5M^?$kfte{{`yTO*1F25vKb2P73p^o-t&Z_qsO7S{!XOU9og2en4~O
zu^691Agi<^GAu2V?C@yOzurw$&cx3#ZDsztXw%DYuhO%fm8_}GZ^sLsgr=KafP4dZ
z^uhZRNl2ICh^nL?2j?!43<duFIy6~j3E%qN&S*c&nZiPx{^&d%>*}bZf=o$jL0<d!
z?M!VyL}fA$DumA`@l!(58i+Cr9KPds7KhO5POOW*V*lbV>rwrIZoe(Z%U_h39{U*&
zoxL}y;LG8a*0N20LZOa7)~7?Cv1ZH3Y7jYeZHg#a4Viu9&>7I~&@P8KM;U2p-2((y
zkDOlT1mX+qSds~pOn*IQ0WgTYFnQl*%L@aRV2Z^qZ$SfdJ^>=N7H{Q%Vb+(_PW~Dl
zq@1D(sbYruhlI%4>Dap-4S}<d<=eTVoNq{LL$}whl3l40Se$Mut}x<w)wt9*^UvBa
zmMe1cGsGPGu$HL=Hs}s$bQD5z{}&L12UQh2o^F=E@??~x6|b1o{L=jbqrv+j$aZp(
z@}yNqLEywdgmGItH>^pkDlW@{<0Hif!ML=ko89R8%dc9xZuBjpCpIcvoK|XZx>351
z!cPej$&XQiBgj@fAts+d3wwL?$tk}b%-^Q-fVhQtRhP-LUx+bZ)n#M|k^CfL!W5yV
zx!JuFyRLD_JQRydmo*gFfEMc`8?Z3fdK?-;!@}da4!9s+3Ih0k9)a)K?;_4Ma@zBj
z>V(@c{Uj)reRzM{d@#m2p>qv+TLq8?2o;doIQw-J_-3pCTwf2CJEg`=htA8Qkv{7+
zw7|*rpU7O0<%}FFLJOt}C%jBjS?6`GvtmzNT@`daS#kj^j3go?DoB(Fvo@y(+CQL4
z*APYTXyqKi!V@$Xhl5J@9F)hq_9J6Z$B7aKq-WdYr(WfFTtMOCV*h(}CYm&E^WW4K
zyC#I_tiWej`qq}>36g^B23mh3pT5#WAhl#k%q-7vvnKeYQZu73u^#_R{u|=Qi?XX4
zD{rV;jUam~bK7P<@dkp(L;P$_+rYlT>-i-pJ2P<3m{50)yC<1sEVQsUm5|DCgdB9O
zilkho*yw|;liqn-zzv|H04|xUIwd#O^nLtiQ=JJ3vqLE!%<Fc!r+)z5E#%up2$aGY
zdWDEmjEfWrl}PXr>Zctz5~@$5B-{<m)^q2{W3ZyNfKI|UoU6;+2T-SwPBieGxs7l8
zX9xS{*6q+1)J+NUJ_~)GR%6KcpUX)7_Figb@j%#R7*3`l7ryF3cy1|f6rQ2^bJ`Sl
zq#*g!>S<<0h--Ancixn)lW-kF&cLaTVy7ARV<)GhSt2PY?5-Daw?zerQ~Z%nh?`Ff
z2%)v+{gGGd{^)i7XBJ@>p>%uDOwY?yj=08jzzq&mODqFBKM@2|Om6~rii{7x;{0sN
zt$y^9UnBaD^If<R?blt)2$e-wmq8({siFMG_Zse(vB(+_MSe)7iHec*kUj*Y2zkSX
z)}3vmQ{tY_`qKO;VRifS_Gh7q08_p2wIgKT!n_^Lvh5f`$$tc_RXt`?vId7;=|QQp
zj^4`v`TJK=IGJX(v^Z1+2m`vS#I;(@vkYOUkZSh7y$~b@u_5p_GW@7zX>Kz$+cD@x
zp}K%Nt>=6&%1wzc2HKjBy&}VN_8pk7`)Dt?lSIq<-|9Wo`1bcp`71yGd)uGv8<qFK
z^;1~;XSf;ylE<P1>?lDi48%Y76q^Z@i8Zaql-06YrM99pKauWXd0dfhKFuX^QXRg*
z6?*dQZaB><9K8H2(TUmnw<-Gp@^mk$Pxn3wqieRD9oDc6AN7+t*tvUe;$rn{Gsxq_
zwi4gm1V?vO{Y_j4@4&2|)59PoGb$>J_KkZRAibS8+eQ8FfI3-v0%dvWz1{oP29iNV
zrIb_elgkZ+o;WvV<ROhaD%Q8uNwUsKgM~96+P@+*nYv)kWEGgHPjTD8J#G6Mt%u=D
zATG42<@XnDSu0DfMPX~qo`8KoG7=DjS8&UQmk5wWeGVch%tFeprvi{oRan2dQ6uIr
zMN|4r;hR{oNbcagQ8zYf_sPxgM%M~qTUd$O-N)hoM+I<kUM9*!&_DSD2RxE_>IE$#
zfAT2t8gf7UH+iIJpmR=USo2P)>pZF3+@Y}IEh7Lqd9o9NkYLR=dVea#?68v)jAyf$
z6l(87CQ^OxRzL4`$}K-ZQ!LSyRim){ldyh4KjIhTtiptd;D$eujJY9?Hc8sm*#LJE
zw&U{J*V-wqzwG69swVq7D|LHO^|Omdm}Rf&>xFTZ$oFV_U3dq)&+BW-`XxwF8{=v}
z?6W=*?qoKyA99C);`yb=hI$rh9uuzr)-k`#{ph)KzQKgOpP4xE8biR3EE@++UxUqB
z4ty+|8Q$B(lv_$(+6_4pMErV>=9?|~9mw=K3Sv8y!+e~6w~;oi_0`JNTnE<G4n$eQ
z5h&$?S51IiPm0x~p#WKua5KQlH^wdo9=V1@va&P@gim)e3WuhcqSSMENzOy|tJbwK
zmxz(mU3XAhiQL@KIKYe7XeXn<N0HR$SD&}<hyBcVi<9>vpiwnGN>BX^H9IJAWW~1*
zZ=*Xz?pUaN<P+CVgSl$}lY$U3pI}Sv6gIK^fn~V0lNUVSH5Mf%vO-8by;*Kkaz$LG
zHUC<orb1Qn59<o!IV@I1--B$L03W=qlDyuGJj@0&*Go`Ss=IowraE>n#l%K;VESVe
zstOc^RSP|POpCSeUI+o?)d|Q1tBxuay}9rxp@E2;n>(^@58L;P&m8RZPz|BLoK%En
zJJ6`J{W{BTqs%1N1d?qx-6Rmu-z0S6@;;X}JM@z{O}58V$~z$~7x+>7ZSqERgZ?sb
z5w`ch&S6^UMs+j!*LpV<swx)d9NA|MM2iHlL4b(luCwRR13W#UuH-+xGhuZAUH%a}
zsHcBdADFjK@yxJzDOvcUj0Tc2|MCi((mgL^=<K~nnV8U2@_Js50@3meAm>%sZBYoQ
z+IvQjMTceIp0C=fqV*!p)`ZxZx@bnRr`W&kH_a^^MU+Oo13{jt?a5i=s;~#jaQ7QT
z8hQ2po%LMaqnp+%#FYa){b@cn%|1FolcV`a-j2LpvW&tlc~?rQkYlzxMaxN><-sjs
ze_>&&i1Mg-(sI&;2<th%M|;S5DLiK(lXOJVdGtd}7|wnFZZEj#lkdK~pM&=XLm@#f
z?5B6}+66|-VYJ@l-i+VnBSWWHkdZ>C0q!hKUdoO)oWN`Qj@eIvNo%d|`3x(vB2$cJ
zc@w!eE0l9?vOPw1{k6J5peGz{_9$<i3+iMm2@$w_NrVR_z8mUWn8ytZ3-afNf<zZ`
zu6&(oZP+?jf<L=K!|8u-BcM5Sc)N{PVoebVc=BmfDztD1Dz*MKkl!(*J#oEOhUV*6
zEUCFCaXh5*Q`5dUIK()!+s%NX?-LjyFw$s1iyJaeg{#-4uM;g0@RUrS%rTEskttg}
zfOm0^Xg=#@w3dri2_;)W=IwJ%R-ZiJQ8c(gR~<I`Ch!NMx&OqqZ%Y0}?_CccCMMr0
zu8}9{GtEO4=6c5?R`muoMpc*fm<W^lcgVHrxA|%T1MO3cEqF`@A6ynoO1%triZZ&m
z>u8AY!98ytOvnM#4Qs12deZ?Ulaz98&(40IMC{J=;?n1(@bi@F!wHivC-ZmJ@3Xer
z#$slCUZnY*Bw9|K!*dF$o&CGGxpF0c;vOit8NtoVV&T?o#<NGSR%Y5GRtNb}Qr}YB
z&dkav2+)K_ULcrDZYp^@;aJLQhAKCme`FvrPX4oE^xc|AM2QjPD4^ckql^AT*u9Ny
zp203{ZCaKJY8T{{Gw?RHDj}CZ+V$K{;jAw5GUcS6{9tns`suAOh`%tSEydy0@Mxl!
z$#;12Ie9p6=91vT0kVmUn2adFa?4H~)kMx8QxwB$sOe!1!c;+icD?zo_ztQ9XbgGH
z8F?{=bA%LtzNlo<@*0R(MQ1*yM?hp89dFCCZG#%?B}fHsv4qcnm$|&~;&+<hwKijK
z0M6XBb5S7>;is!Mk5#{Wcze2yXJ|96XU|IT`Il|4Vfc-~hk;OK2n<<+CO4*+8xrJi
zM2qNgiW$KNke?GKi_$cKCn{E-NxHhvMkN1HS~WYmU``&ssaB_CAeQ(-URscR^HTbA
zH^XqgWn7i{dVi~y_1+y{;oVlnDr>n5zi`p_$%D_Ya77t!s3xV0GLtx*t@5kww&v^=
zt00Eb^P-CDw<*3$i2<QHU&hJwm`k<3^HiE!LrQ4Kd7)+hco;YK-?%55++yUrs+h@s
z;!Vh#U!&pht`0~p1)ooTa=;3M-5UMFPRjhiGgR^;v%<th4;6?dpX_ZOZdT^)>50F;
z`LU`RH^(Kkz$fw$f!Q(6$wF4@sslC;t4Y@Qw?lhV8Gp>`bs#w+qV^=8^sFv67=T7e
z02-fo)>C1AGt{Ziv}*EF7R`+IdGP^mVUCd*5~p<5c%ZE_&38L=kzf$Cv#^1LLgoD6
zM11zn;`lT$bLz{V3o&~R{tIqy`_C@1s}fJ{UUgXi=*V7oyvZMN<$#jPLx(mm8H7u@
z73x3Y=FHTYQ+rL05?@906^K4wLkBAP7TE6sd5oO#_lSDhp!X+R`(cl6cGEy1<d9)n
zuh@TWYM3xgGkisEDuEpRwG-`w0#|puZSl#zx2CAy+6c`~S=a40BK_o~!d`UFgMpl)
zWHH(4E`3}D0323G*);b4^~l|%6N@p)DoyWB@$>cHoxdxzAONmAVzR<bdYfr`mt*IG
z=nhc3hFPBDSYI<G1!GNaDw1=x?*kL(MN_h`9U&&KK0GJh-;COV%+=7182`(;fpG9v
z33KH_B0Att2hR{Vk}ZDsdxOS4<lh8dRo4yUr-v5x!)Mlu6;7;Sus4qzBOW_8Zl4(B
z8E&JME}aBh*)k<Eo<_Qw7S8*J5_G(zHqKd}S(+er(;>f1N;A|6`mH7a1tBbPM81o$
z)ATdjksP1r$i`rL9X7_;(fX+2dw(I*IqO^&l4Rta6<H(&?CD7$SwX;5Y!%QPZK|@x
zwtpIK;P96{++K(Bjbv%Ic7b_KVPq>STJs2>X=I9fS1{H?Ti*?<YnX>!9J&mWjd@Mj
zr^pM>b2siQutR83_&JIUG+S|pNfDCzH<d*ctJpuJc{#*0b<a|U>F{@$mPT$z7o^BH
z)};8Cc`{B9MHt6XoJh^}Ci>52lA5cj%lCibAol_@XK()rEe)}PY?A)i7cYNeizQ`c
z<4e1jW_|~e%a%<!%~tjAub79gq2JLnF!<~1jq8T|ztd0+FqDVYH7D9V98}-aFej}_
z`$0aAN*Xi&JDSt1y+V6>I~f^sn~syB*Tpl7tKgoY08A7FLvg=6E41j9go+@7BCr(x
zkSG40PTlD7c5_7H$<=l$uyzTYW;=e&kbY{JHks3*GxrPs_s$tdK(AYG{?=AojGF@l
zMsw#?zczj8C_^Fyp15S6WPq@2?gT1utQm&S{4C5DHf4{hJP$SGKx;dRT=1Wt!mJ5M
z?<~#eudre`RH8w27G9)hKFD9!Z1OvDYp19aEywo2GxT=6F3(Wgk0%w0YT|-~GvHZr
zjw3{<YKe`3y+EixK~>M#gI?H&5Ohlt+s(<Q5^lW>?ao8<q+*<*u=^ApJtP5$vMU@%
zfU*^8=6OvO+;@>p{i@|@p`VFbl-P!&!1Kk4>e~VWMAMa>RwuTqI25NJQX(Sq1vEhF
zi-YN8;BZaA_oR2}g*(zzf3HHM0o}N>39(HliS20g6Hg-*F;M~v#tT#fL3qyo&_=x7
z^)z7H*6GkgFz9c!EmG%F7F?6P_R(K<Mji2P-^aZ@{1t4~w+Jt0!>{_O0uhI-0a`f^
z?~q?bD7GP*`6Gx={66DO81vWEr9}TtcK0kfqPn<g+X;8wD=b)~^+*}m_UEeqQH^s_
zIWVtdve;U{1sx#Z-=3t0a`1{fcu)*hXm>)}6)95@qBA4o^jq)iC=xB$4X>*R*GhA#
zV7u(ipcY~{Fwb%~8`ufrq6HORCn??-fSz3XBShyPF&_>t#zMHB0h=obu!JD-f?aq~
zg^Alb*gJW0P`65JFpL!3{5q(hmX3+A!n7{A2doY73{Brz{Q9Q?Wg*)8Q5kwE#bKw)
z_`_sV328aoMcSvz+g~98Y!HgM)7Z%__zkog*t;OnGkwmL^*4Wb<44z=*a@3?^6eol
z^2lR`@qh2758r%*Pe1pwQ?!Y+ux9(?0~bSjgIlHsdk<1XPcWR|6)o;p#H3ZHo2!M8
zIl+kNYJWt=lK30#2DSZwwi)g>Z9}5Gdd@R<k5^H+YW3dJpBk1L8VGLg70-TobP?F1
zKA!Y|0*|9X!@83&c=2X8Pg(0a&afTMuNfe83MjJH5n%b_dEMw=^fa*gDypEhf{5S8
z^L=_O)^NBcMbH$9oZ9*?tD(@R4N(nhGnIbG(|HQ-!6DzkXIKYLBM95RzXz_~J33Tw
zJaX~-%=|;zzej~Ua^U9z57si=2#*AP^}bxG<|e^^i5YLgdv!~GRFU3w4!MRWudZs0
zS(r$B<gX0mQ|w@V_{1MO33KWDNH-<y`A@QtM&dAJJec4(YT|v6BqwmJ7ysck9HVlU
zXWYhDy}nZySN2_f$-sbeVq)r!QGm3<xG){u&uu~1qBK!PuuS!{MeuUTOo_~)d9+uC
zY^+N5t2ro@<nYDVkqu(CQc_9wx09ri_n94?t9KF0QuyM;iGbmvgXHiSzVHUWu=Xp)
zbd`~3Xvl1_d=V!mSfFqSa&+fzZ~$H&D%J)iW%0~=9g*tni<3$wA&4zU3^|~i7ByV!
z#s0I8m3Di}uMIQYViz*iO54SRa4fE4RRxLHv4Q4Z9b_zxvgFN=J;rI7E1CY*3%|E{
z%d#+$AUV8<$3xWDAv=MKMP8c0fBWiCi!LgEyC}@aKk$isTIxol>6(KTUn)uD--#yQ
z?j%kDXp<>OQ1$(|s#sOs7|+G7a#XPSB0B`H6?Whdkoo6)qw91|C4K%3Oe<sxMcePF
zrF{L0CW1v@lhbvcc(?WFy?vLq2=5pjFLT?CwLQ`Xr`hA2!Jmpt5eFvMyFQ!k2f=^p
z9Jb~Uh0no9dJ2EYHme>LoQUz-|Bk#Ag?1*RXG1ViwL7%0^|~aGk&gdN<&PO?*!~=#
zeNjGCPo7Gu`AvnMP1%3&(I*%845=+0*nzR4ZT0|DRQQ+@m>QgZJk(aY=M#)OBtXYN
zKOedd;Q$@+|2=#<N_rl>`APoY7qUf%#Qd7Mc)s&mMm)~Q22tqQ%*l!~OU(1|pK7?Z
z>yMGA>^P{*c1=x`55ve`cOQRA?E^O-=?aP59G;jV<?|oW+a%FLs8acF6aLu3l{MVW
zJu%oq9{7D4W8E#BPRD)DNXzx^w=}09TvFf96H6>JC1M{`52zHAw)n9vheC8v-ym0l
zd*6g8=;2;(Crs~V;*us~4Jk&z0!4XP^Ti=i1oD&edT-rfzm<nDe(Q+GciL%YvM-@<
z`Uud^3i4O*l!G)z*#u2+6XN*}mg}PVHWm>P{+W04U*;1$kn?yAr#5OmsO$lY)*6@B
z2Mik!{W&8_sPVCwgeVz)u~nIt>q4OBwZB$Ar_2iDW4p00dCNL{CU9;tk$vkt%B1v?
zF%YFq0Qr+l2Nek^{E7xSL_8V<U|FZSCp@;X@m1{K%5%<E-es2Ek>o$r%^}1HzepIE
zJG;bQif~jpxYMr(43v#Z=8aM@a!_4Sn0n739}*=VyC;Hv34u%0Hxhr0517+hIMZhJ
zU`d;Dot-BQm4N4*V+yp{^5mek)sBpB8q-4L(O=|HshvR~f?eOc!{^Lin$a%xos!fJ
zAdag2oSb22B>4Q$L5=x{Aa%+qRW5s^HSp<5Njg8KQwka#FlW}k%J*;s+Q$y!NytxV
z@BMZv^QDjmQoz>5oU2i_jmP%<XW1bc>yeEIcIC_@?SACYKPqwxoMB`Bb|dRAx5lhy
z+=h0k##}|=Qr2y4T1d6*m&KS#Usgac_Kcm0<h{yRauRTtMx<ltFZ~7R9I`Zliks^Z
zYVDmvI($RRZ<2#sq|-wH?YQ3U5RH^%z65%zFL@o+>L%k4SD2DFnt(O=V(X#iyf5X%
zr1V>1Y{0AgwQqlGZ(`oQ9z-!Vpg|QHW+=(6R(=)Y7y;*=4*WDz6whY(N$*?%au%Yl
z{m5ICVc#$2CnxESaOlXM1O|Bazr{9`mg`|WE-^$tr2=Tq$eUzk3b2y3w?{@NvUHM(
zTh1!2okPxi0|D=V02yM0R7`U0$}b|P#a68v`kcHrM#xMSA8EkFUgyS#|I3@kidjuZ
zzMC+Fx>t7!rK&xs9l>BUmNF6P-#lLK|3SrC!WgD3GO@XCxBmII>+#vLZ#U7F!l$eT
z1I{Jj#*d6R7gSt9ffz<27q`&9;<>BjV0oPvw>OMbZ3)DZ#Bh5vQ&7Ld<Rp*kN~705
z((nxBy!%isIVf@`Y0M7y6X`=g29iZyZVnGc$pP5d2Or#anU>(Vuydn+a@-?5^`4(d
z_;>JX;vu4`;^i7{RqzOUhYxLZA&lOca0b@(7X49?3Kzt&v?NrfKN>h^@tWl?AeO>4
zsvo_E{wb_FzRy!^WJ^|(8SPj5NDz6-cc_oU<kqdXVdV3{*DUu$NaNpyvhPz{?8U9`
z)LgZj|2z|t%o5c+bPctgYy>-18%O@_*}f}un&hO~qP54bu2{ce@Wy}gCoSfo**%Pb
zX`|prSTA6SGB8oxtod2zDu=CfH-&QW{1#2u0)Fgg=G6GRzH28<>@{X5CQY=sZV%=8
zsWHui<orCMyz{Y0O5qA48E0-;c*`Ct2++`=G|j{LV9w7$nwhw{`Amf>gJ%KeF<VBc
z6~#j!MX9XkR=Ekn2W8EV>7p|c;*SNQFR(0kbv;EM@`;o)&@0{~YNg&<Aw)F2`}Kwb
zEkfJVMesgWh-~k)$D&bV4`KpWzE_g3{f5;sj((sPcC+4~tWjMowQSh>QH8nHc$VMn
zc?WnUY!AZ8p9Xe8Hy?M#g|&)q6@`O4y<8BSv&HO%#T|{{e|9pVujxq!@i*XME(LOo
zLjgZZM8~5RtmpS5e?A>~{ifeM?c9=A)=e5pI<6)c@Mm!%sD&Z=0LVRq%`iZBP>qlZ
zU60G|Qlq<%FksV>OY7L_d<R(RARvI}t;LY{)sE}IgKCt8K>P*85z&YtO8a4CF81C=
zJsif<sMm)U($DNqCM)1=#RY+grxM6vT+yXu<dYMyPsQ==Lir2Br;xw=%j<ExbMgoc
zDdwZ((DrdnFDB-1@}8Y;cgCzM_X6^{zuRag5cX`kC~C<L-MmUiPj>jf`qm6bCvsXg
z7dlat^)m_8?|n=+kG|oS+dlU=62XR#A@>*skL_^}1$LX(Er^n@QxF}ulIYL~D4LUJ
zu3zyu$d;ovIZatcx^EAzZ}mqM7RNLnVG1H*O&a{*r8b-{Op&kB>)13AEYsh}^tw2|
zutrD3gc^xk(#8FWRp3U^B@-4QwU3)-7aIs0&#uqFH7r=^YxxPojwS<=k&y^qW`P<u
zoOzhU=Ro#Xn9GE~0xDEkn1Gf29%Qr^DWyW24pAI29AD>7M@B*V9=<}}Z%d*(_3s|y
zKitZ@M@<#=wXDtn^*&eTzxNQ|*P=MWe`z%KUOxpNqZ=PqL_MJ#7LEeT+S*S3PXRNg
zypSVZ{WGxq`@x;D=53xm5F()8f2>6`mY@&AczPCfG>v>#?-b3*^TE3|MiY-s)c@YD
zh8vd|yhu+>q*L!gU!Wt9mG?E#rV=i75`61wh{br`Kyf6U!3@)X)!fI+{dci@{Ryh{
zAHKKo48EGmmZWbw_xeYu#-S0@e%NAsU!lMV|HNkQX>l^|Q=loK-^M5E&|kN1-{b7O
z#BYsTEBe4Q^om=Jx0=k#qeB9b=Wxyp{2Xos035$ZA5kPeL6xFB6*#r8fH`XQMmqZ&
z2?5@dG(21f*&=M4;7dAN{C6064}`~f`HNlrXZo;#nb6{1P~bBW0B!q7WR$Xq*|U3w
z<!beF&5T>rccUj};F&0o_0V4W;kw(QETktlj?3NOJog&3b4{FIVacbR2YIX*&$a(y
zHQAQAtG<3H=0&Q|`wu+%Y`(V3bZrfw%|rWls|NmP(-`A-Oz1U~gbHg+DMSa>;v2@G
zg!BzB93kRIO-r@*u0^DYAn?XOS?Di6grlIgDT#T66zMR=Del=0@d@$}BQ)l4%}3mo
z>-MUhmNfCFz-O{w^_qS0<^PHj37iGXDLreVnqKE+r0is7*rR-JgD9CEyb<!nuDs4w
zkhmT~R9z|Qu_K>&6pyZqEvn^OC#9vM-uu)Cwf3!_A`y4ppBz?Mnh%KxX?buCKb425
zreEsEqqa)ew(H<g<0M6LbY){XR>8l<D&?E*MLxGF3qXbPtbvtN9sl7s{m+tvPF^qa
zewzP;DQ?MX|BQg($$AMY=BO0D;l!bbHS3d>vDaI2WkM>t9`p80%t-MLznSfFV8ZUC
zxl<~fniSw9T*B^CEL~dXKGTT*h#T-?)m+>8aM_{GHB6NtlF)lYR$NZz>h|rfsSl63
zleNy`i5(9&meh!oEd_O?jU&v`FK4}qpUW>!G2P}Fq#ymh+l+^Yt?6B2ta-=n8{Di>
zXnfHA6I5nDvC=QLyU!pwwQC2)#imw9L++xvP2$6|+@By2OkW%znaMA$S;dx1rtg>8
z&fk{heG%lZ6|-E5EB`4gre@zopzSC2lp0+*AoU|QIgGhe{ga8D^bctGCOX7P>@MG~
zV-9|JNieLc{gYPP*G{40_0$li?ft(*M$JH|<PDa%usc5q5>8qw?_|bD9Q5dg5ZtY2
z{dmPR1tlLhk0;BOeoDMGmzmB7e2~j7P}6+>?snaGstZ~e6I%5+%c?rnJF(%k_k+BL
zg0mRo1KAI)#fRO0fqP^<>~wSM(hYVxZr4v!5>dS-0s4Q2CcjqFbUME~_C?`_bSh!_
z9yeFO)IA-Ot-}*IyAMB4M8<uc5%mlkl&<G@sIrE~^|r6aR?it&-fhcaB2mTq<IbVV
zmP!9d)py5J{l5Pn<VX%u%8sm3Wbbt<L{=dq*;yfqDC?Y5NJf&G6-r2UvMDPwqsS&Z
z*?a!3*HQ1!_xCuD`t#*=zwZ0KuIKf<uIqVO@TId1BsaRV<K7qzl>BMs`#qT->$+~x
zl0w$9n=JHT(mzUI#_Mo{8mAN8-X~FKIxxB4XGao##>xvM$MymNG^(~eNKx|#&~b_W
z={n3oyNg0@!&&v8C9{reC+CqTR%GR_<^+!C4b)dCW@<~*liu+*KDNhxCg@GET7@U?
zrJY)%?XVv+<3`(jA7Ys{$MP@!>2Iwy1)&%0*iV<%oydU6UKyRfhzMOkMoLy#HAaqC
zH+MgaUzYe3%rAl+;WyN(O0bGf@jd@Jzw+l=$J<DeGMuJ!(ni7AJy{F18na9_Jep=_
zcA#cZLI=Lo-op$>k2(|PqQE6q$PYv*+01^-6KcXYydn}jo{=@kO)*iXt9IpABgPa|
z*3XYhe@8pjN<_)r*Z+Lm0rfHM9C+;S_FiKO+e>si!86v{6e>i(M%PTZCZD54N<6-m
z>s#E+<Go#?@F|i9d&1;9R5R;@WfsE7htAC{(6SV{xjA`N9ElT-tO01}1uwYQS7Znu
zGySWtNA2J_rGe|@P%SbP&TyD2E9}XV@uO9;`caS5V;~Pqvry(8Ipo;igK}piKfC8}
zi=_SnC(`f7vB`3Lr#5wND68yG9=}n`1~u@J{<f1*y@s$k2@HoP-khQ6HRgMVL%mWb
zwl%B;HCxdYP_>Y_tMFOr3)OefA<2))%!>8L?E+;rXR2<Ok1ULf5|4G=N`4JRK#P*+
zZa)YI71#x`=X+hDVknyM>=V%02c7fz`(6p8M;Jgn)*^NkjI;Usz0n=LclB?)r!P05
zOyujFO!cRkJ}!`=>$gj|^NI37Bt(?Brx$g2#}<j6kbkdgeINXimh+fA)PjR6o3;_p
z5QI#;fG$W}@QOO!!8RO9PYrqf95MW{<RN>e$`=3z^bjxr`QoiQrFSFu&kDeMw=?{-
z(In`(ns#htigB*oGhCl0rggW!TS|#d4)mdQKv8mNUkV=23jw?SVZ(pj8mZ4L5fsxI
zJtyd!aR&Z8=?~n<ZieEhdYNKMYca@MicbF)cV1v+>mmv1?nNiwF=1UPqzA1rwP)cO
zdmso1y#olaX$ja(2P3=STeve8njx`ghQg8x<Z#Ht%t}>TIY$fR5N|9JOE?}$fdK`p
zg}gneq+5ozl=`<xqTDwu$$zidbI)t2Gd}jmrHS_PK^~(-R*YDbuph@pE7DW$FOyl}
z<t>ZWUPmW#4}UvoVuIHSmXFyJI+st>c`;h%E~hr1dD##Y7nwJ&A|MmwjyT+)SAqx?
zpErAyy3|m?IN=!#XoqUMr%pC;&-chqj|{Pc_`L&(gpL6L;(!EyW6nZM<KE&>i6krm
z-^zNQ@3*u!k{hOV(s)m~I7T{O%UKW7rOq&iNX}i2apldx(fg6`SMN5vQb0muH-s`-
zv<D%#O#)-CxE}kUR3-}g&ZlQKzcp1JMqWCE{{u+mvwV>PNn85EptgH~L)$Mz>TSfY
z-yrUw_`^O6fw`GEuWJL_2ydS|TR2;xt7EK}&bZQmdG|T&z)ZJBGIKgAK>EHi2n4ER
z?ShOK+d>cO`iI>@M5(t>8GJ86^d-SUCCj_lgrz(Jx%%ttW=woMBM3l7p`s4ZG{Pk3
zZ@H!M>cna+(%eCBxYiW>RC}I+uJUIH+C=MWV_sZ{N8Vu<NKn(jnUA_b$fsDAxkiL7
zstZYn)BJ$7LqO=kx_^JdF~D25KI$QVdAxg4_r)y%F{#_PVkhBKa45xB%pe3PxhTRa
zeA}H3k}@&JU!bPC05iVCP<8+Af&y-WE=o^U)ML~gxeP-cWJcEsp)uQ|g_8XGNcu{>
zFt#p4it8=NFBP90TF%i+$+7u*2j2PX{;|<>wqNGunI^rZBv}YM$PX;2f0T3_GAs*9
zUVJu*2Q5%%gQ+bGiEI|vLcXKFWpJ_C2p$U*gjHnU+k^*&iuNMc0v-fG%HRT@>;56i
zUWjyrSscbQ;a64{b9}A|l4$W7m>kaJU$8`<UT)++4)aO2wB<p93FMtkNeEKAws5Ql
zwb}-o6g8Vz+*v2&A>)Gg6%UO+C_3G*K9vC?8y?9$+ae}bC=+#Jn4#qJLk$0`?oIg>
ztknOvq!d73(RR`JRIpF@rNH1Wg{HW3jG2g)$V6At4qBtmmhW8yE&Su!RgaapsmGR)
z>E6dX_YYGu=q!ETRlXp)&ycpkcli?dKBJ%Q$c=6pGo%RBsSWdvFE+x|Hke-&``Y9-
z2(%b7Rldd~KpzBD2Is?(OmH($?0nBY5qE!K-j%RBB3Aa9m3Oz+0~xLu37a}?N|@Nf
zGJHP6{IEKYT1S$ouSrPBBI%h1<6(frF%}%FP)7kh9VDn&%dJNw>Fypk2#mOC3B#3F
zuOduCX;IjP!3j=t*>R7Q2Z%h&3nM1HP4O!tD2h^0{K>PwEwmtXY49~puYW7=yoM(n
z6E-Ge=MfOm^=1r5+UQN~Y%iu#@wEn{5~KJX8!UzFSd@RFzb%ys*^nF#8vOs3#Pw`<
z{8*f!iCYyJVzls&=+)g%X(9lBOO;~!nUKW2Kz<4A)SzXv%6zIIhx>M>ArtmUGL|!m
za_BK{bL**?eqdy-EB-tSCJT<tOXh_+14WycVvvw@3WoN3o6f%Yg3Cy=Yxe8>s_3Ia
zPMfrY&Umc@xQBCB6<`pJ09jJfUbB2gtSAvTHA}E)7KE1h0lC`y7b*Mn2&)B``-J7M
z5b8T4UmyddUvYmni2bfc{F!Ec4xo$*+I_i$FFV|R!7q(HY0~nt@&0!-n_Vv|g8KSV
zGHOI`U7DbU&tBMw%+azFsMxp|y9c*2Gej(PvgLaCxXBrKOi+6uCP9j~poph@7WKwU
z&z9uywP?vZS`p*p{gV8UqE%Zb-0W;w=t#Unuy8C$lf9sH;}u)zO1N!f?bwX34+{$&
z4kNQAL!G`cPq%(Tw~%Pk;Hc@yxAQPyb1E_yfdIFHDGQ;mU|=G+YjCaa;3+xyQuq}n
zpH~W&hB@y0^3M9#e|)Q^VThHiiUilgZ>m*g`~<WbNwjBDiS$n)$KWD-AAZH#y}*Pm
z=oUZ7qw<PEOx!0YPZ5WOz0WJm2<^FGNvToZ1oJ#EZ^+%c8^#u)+}h2l+z!%|>ixYa
zjRYyKXL)%MXOFP&8X(5|J2Mjuy0hrCuMWKX0={)`(L_1T)x0k!WD#BED>n=tb<|nf
zjQFqrcuZ`XI>bLOD`GZ>tAJkPKwl8oa40`%n!Rd^`f(b0AmW4IfxF-pzkBYJv(<h?
zsN;F(`aJXe?Q^uDPZcx)yY+rl&hRiu-J?H>VvC&f(yF=*+R?5wTcJKC#q>m6NJA)6
z9m@ZnS6ZQhXERewz4hxQ!dd;kB&<&N9mxwgSqxR1o8H#))hx}Iu^_<{x5$1~_tE!}
zw+O=~1wNhWL0O$TbPG_6Nz^<zm*$+Spf6WCb|1m*-HoZ`ImRh}#c?lKVI9nrlr&0D
zGm1%wp+>paxAfm;gTUa9H>iX8z%X1mR1t}!fF1tcMjeq6R%_S7CE#QFE1v=c<GtD6
zKEjuj+vcE7kfR<Zy1kH(Nw`l03+$M4)vAiWcLv)L-jznlmad_`=&a3zxAJ5KbA^z7
zPr@zzCdI{OCsxd-#hrIy6Qrr%Zz#DSQ~|RHiO-t{405}%HWp7U4q!i++`H6^>cMqg
z8@*KO<_tYCO&V(TpPSS)0suz**!N*D@SxfevY?QMt3wv5aC<?o10hV7?<8jMH`G6!
zP-J?>d=@1{x9!FI3#K{6jDgUE4O^J)ZM1TAg#Z%F#~`x?Onw)w<Stk+k;2tE@q>?V
z_HY~Jo70MjsUSlK|A@Rfy1sOTw;4*HC$~yo>16A{pr6$a7<9w|$CXYuf+cD2Q*lDq
z@4og-!u3l}Hr!&7Qq=;@%bHh20Fi#!*>+m4SHnYEpg6RCOf}-deB?rXB?KMgFzd+7
zO6m#w$&rMD{T&2xD(W_<OogPd-MaWMCdE;!XF8Hr*ih;389LZqrWCW&9H)$*_k70G
zQQ?~o;9451jR)ez@J}E49kn6)-}zM7b{;sxQCK>arC~o#IH1|LKYoPPcZ2i>Bt)NK
zlBlhp{~DPhCSF5yfNjN1IL)**gAyASP6u+%9l!R9clxYQ@Bb<0@oV0O>1!`S@2Tdo
zj%~wvcU7y_Qo5UNh5qC<07KsIKMD*T)+VzYTIQiTiHi2V_6!6|>A4?PiyR(V-7MVW
zRp$dCcX4@9t|je`*>`r39rXv>QB&^#?PBMVZG73{h;s<@?;A}#!*5oA;E8PC*Izk=
zB%FOL$gzVyFcQ_A-^7#&`^>iOk1Z5==MmIGCB-1!ai?^z{@R*c$&;gCDqhwr>sJ^l
zC^74fA%64?b!=5yq@~j|JsB;&dax|TNA|Z4KF9%;A$~yS-aHp@LdTH9KwAWD!IL?H
zr6Mw(Oo&H6?YwCzGI5#;F*u@4_^Rk%LLzsnGc=hKOS8<;J{4IjwXVeM#vP7KmD7SY
zX5;xyng(~XX#VfYEQ5otYTO0*eZ+8Xqe1s-QJeO)V8rCCS29G&a)CFqAV%F}FLl=E
zUR_*;;Udg3H*@~;5m2L4OJ)|>=khb5+=U9Ur>7r25QW}%(CH%->XHhZ{xc3Fr1*is
z%oLygB{BTl<M@bF7{|s!ph`k}p~Hlk>CySa-w?>hWu|g~Ot>=ZtIYqk2o0!|-E;%c
zbnL}WCQ}a0?C}Ezj1S-V3K1XD8SabxCk_=dvSKe0tb!f3-&h~C*XCe#xq4%)xaY;k
zwhA4rU)=SR!fg67d|yr(R~|r3s@|W-R+|~q-sX!GLxn$mL>BjrUlGyD5Ib%E3}H;k
zYJE3`-XzH0KSx;I^Ebm!U`pI*`lm(fa3~1K&$Ys4i|~J`OE~Jld*>UGGFQGd`OGb7
zpl-+|%&ld-uuR8Mh~#O-(0+{LRD?)tlFoqT*#MF?`BW5l-s`H8h75m?{^%!?=j$2Z
znEe|@W@4Mv)kfbX%^ZU^%tqbrh-r1GfB}RL2~sqQw&ty-*Do21QS=-^VgUc9H*KXj
zkQsL#tP~X%#S%g`a+L|MRLbeVgg;kEl%fm;j}`Qy)yMildYT4jQd>)QZm+M6f)Fhc
zi9{TCd)k2SB9sDEe&n-9i~$80gFA<b>lLzl`_OEHy{O`RviA=dD~H#~yt)*Sfh_4s
z6%)6i=W40@U9@`~0y|ERO5gSj>O&T$UvBxI86acFvy*}q3vwbBvLksu;DBmWsv7Bw
zZHku~3!1c{*{N-qt}e;gIX4B1G!6;M%NVnTMDBBWCY;^2r{Jbs$l`b8o&?9)2VoLq
zP6JXP!haf(3es<FxOo~hqrV=El5y##Kp-#ri9-%R#<{U>|Ld7FKX)T4Ja?}lR*&t{
z1!0jh4>7UPCilDS5v{?YU~;GF=a?o9rz^zuH?r$)aNEvRkUF4JsaRaJmnmrW(gSwm
zOMn1hvq-MH^(aveG~Lmt(M>KL;p2R<`wVh`6*y%~OYBhPfh&)P=IqL7G_YoHaaHhd
zHb|poAGEWS0UvtkiRGIC_);s~%DEHQfV79j(J{?3R46M9^crgJljyWHL!E*Qu~M}}
zhZ0jiX>k0=6JmhTkdtOq3bTHu_kKdAg<0z6pH$F`(|Th0YJZWF76pHqal{_fKfHpz
zq?i(+_V<yaw~3o#pTB;ZZ0vOewSnt5f{`uR1K>#=vTSj%m0xsOV9=1B;qqEvkivEu
zD^r?Y$#v&%HudK;Zow;th%u_>sC6j3y=8@O-6gTYJAAosy803mC*?zqdY+0bx80~d
z>*}5@;tQ#M<P*ipUG-*yEGZqW?o)Trwe7M<&XQ#<N(@Fo4L;CdO`5v&y26J>4OLJ?
zJ#7o}&Cs!HFGw`b4JWQ@%s>=t8SYJYCr;_TwWZL@PBhys@Sji_L#z80$#F$ma2#!e
z9Pn@ct-j%|yWpeoytbW6!ds=tZg_6-@-cocc*4LSxsYVjJ@kq6a4+ZSWJ+ua(_zp^
zjq(Y+0J!M*j;tF84Q{SZDLAQOrT#j#EjTiKU`6?c!rvm}T>0#CEe!(PD6HGVINf>c
zvVkK#sA-C4LLTgckn&h?J8u^L4lIp_tXOWy`kJvn!QA-1-^$D?2Z3De(un=$I%O{>
zqnOCyU#-u?A|(9J9}D*elWdY>f@Q)2X9lXEY)Ad5Cb+>z_kPH}j8yQKF*8ZRq*q>-
zX6ZSP*%iXEWtu&6<FhGR2cXv0_OuVf;Z8cs(Q1mMAjM#Fl&m^28OX>nl9mDO#ZAQu
z3V{&zu$=IP`C$ud*O%8sIrC_C_%2lyr~Mi4^Cbf9w}Qr?PLMb*z78{_Oy%voRFr}%
z*s9uP{DkoF=CW^xH1nu>dr-$CN1^FyM;%_ygMU^l5`?4ft{9EPYeL<8;q!LHOz#LS
zN}J#w`QLEJ`n%xCq8~~|00h~pMwrP&-@RzpJh{GQ!!o(*EsN{=<p_j>I|DfksqxW4
z`j!y(CPP{b)aB}ijU2b0(GAukG}>l#apxC7yYHg=$?WZdC$9rz@1MU#A<W#3%00X-
z2I9_XsoG4H40)!D^Ctz(=p7HiKqVdOFVNn-?!mXY#rUEII^H=FuOgvBVntCXhg&B?
zzEooT?-+{;c`hb)j=z=oc)q69feM(A%nDHHepB28^GN`uQr?Ly=7fkLWA4bB=LabK
z(`F&?5NQk>f5^NQ6+XC_sG6a5K+ktGuj#Hl6UUcSs;`wZ2goGf`5^1%1I{rm^O@w~
zRLaCDUwoMQ|5+-M4Urr--iX*Tb{9tOtMWztl3sbfCs3VoOSMO7Pm74f^_CLr+<pLZ
z5_P3Y44)T5BC{ld7l5Lb$Qd(z!y`1fEJd8j#r898gO}A^UOF?OQ7O?!(yZOut1<H~
zh*J`wgP3?a3ZudD%arVz?AI0k^^W&nV2+hi*-7E7(vkSdOMPR=gBriPJ@qIb1wj6t
zK=?dm*d2|;U8^qrVi+0-781|kRC^#w^5n&%mud=U4pcG{IY8@5t(RBlT|rP_ib9{&
z+k5mD>{6~FC8+cu5{Phw!DCr01Q+gnU2+^oaG1*5GbHYj$B2<aQ;>Uh14!`Ch(sOm
ziax*tzGa8+8E`8-y4Oh}dQoqKnWr{H@LD&?^<0+tpMn`ls>nJy6+h`{P=@4Uz`5u0
zU&&g>eQ!byo+^j-e{m8tVnRl%#!7HRI*My{yN#ouFMn0(d@-m|>IK-7!BBg5l_%d-
zp=kgox%HF23ThhhpD_JPL8{kA9ds$`Kd<P3zB%Dpx0Zy3?v5z7Wmi2sEF<&rDGr7v
zG(Wrv6CyyS^~U~6p?Bb}y$&w~AS;d@zj3%>A;hyEe)KSLpzdEK2n-MLsWD)vJ%Cd4
zdD$q@hjv=FAxPP(@{zaA6->_ADR1&@8cv85;E@r=)mwKhS0*w0DL%Spys53RZ-_j9
z&pT(C$A>1p6F^%R<KOLox)&|CdiPEe>zznP6)3^c8|0!=(PZBhgr5I#u-f8Gvm4XB
zLG^}ZhyQj{rZwXea{!aa(>d_oH9ZhgTT1&4{d{>E7XibNvM3YBrg0q|D5|wB5fot%
zLB`HNFru|I-Zij#>My%p?A4X;KVh}s8u@8n@|MLv!$Eebl2f@@?VJNDMjfW2ECMsj
zuiCBLvkN0pmR}s+2|v8^_Bm<U;hjvsq8NhZ=&x`q?)3oD{rQs8mW(I#yV~eS4u|n8
zXG_!(9g&gqENTa>R@vs)lx*+C%|AjI%3qf9Icv3dMfVBr@Hxt_w-mQMD(>0H)v8dD
zpro>QahpBI*zczCeg2|pbb}OXtsJT`^$tv;B0_f;Nz?e6oDvUE*XDmie}l1Ixpqt_
zWULP~P_#^%epq#rRx4k~#JTU2;D;6IuhWJuTseIf%n$wxJwyzCDPr<9IY$J@N6v-W
zL0Um-%a-I|40wbEtEn4pd~Z1wa9jwvz#KBo7)%alv)WDTUZ;jS5+48~RCoS!{e0RN
zApz+sqN6f03PnE%Xv)3d!226J@=J1N951JmFFncF;Q}LD(M|pN%}JGN`R1k>7<0E~
zd;^R`?dITa4>II#>z??&QT&NfKM`IP9mXtCHT)|?=N%>X1&q0`HzT}>-d0>&)r~)M
zk>aI)T1|=r5N;yh^O8s34l;v=P>c4oYRW=LV&@Q<W+mrjLEu?X4HZ8S>%9^6ctuLj
z<=GkXHt5cUfMfZW6oOU0EjwJJc{;eaU%&gj?NEQbCS?l%i?7Ke9S+p5r;96Q#8B$H
zyD+RxB>E7nC@uLCjoX8W|Fa<eS!l^8K}8s>8Jc($`j-x{_7gBz!>#WRz#zC@@YP_c
zI)EYz;Wq~z`9k?)y=Z|4>jFuG4+tgTE&`x!F(m3(Huskw_xF#nXBR|JA+W0=aQ#zn
zu6LfKc|;EEa%dy%4|JmJKpqfgh}`bInJAHI)m0ctfBC|)9+Dj{#M#>r&|H1=dc|zR
zjj{a-CLJKTn_KJazeXy2LHk{EntA?0;eDNFh)7mz3MF<E=5zzeNpIlIh%Klwng(}6
zw{`xL2q#!(-Mjz>s4OQ*Ttr}i(b=S|#%uo``WbWZxV0saEU{AFDL1(Dems2XfRY_N
z`$!CRHTrZO5+*dYzz8`(si=&dkDc4oU^<8GkSu_X7qN)$yM~+|%)9}e1>$wGM-s~+
z+&E=?*r8Lh)JLBCVdmPQdJvJ_3<o+|XWk9Uas+P$LX*wR1BD7NQL>ZB1|B0!eRGX`
zdsms1FmCB(e$dC*!bh7)h-=NyslRiaS@I^_k3~jE<I!^n-CI`XQuOPh!F^bz<JeSJ
zNpSx9rRiZzol>285CpJTE`|rYab3^qx!ycGd;I_bdZ~K6Pn5O7i$wq%0kK1~b2e#X
z2sKaS0?ba>hysfHa8iW`g3uY%p?dL6jLAx8r)n3%v%DM6zm)gsC^zA3LnP~W`Li!3
z!Skw5jU?5lp%E3KQ&kDIfe`euJ-y0yq#vCfWftQ{SSI}EaiVSRX7lUG)2Adc_-Q0r
zpflUFy0w2)f$+ag{1}XYVj5rU_$P|sgS*6o$uKo>%9Kh$aqkt*Sc91UYV`D)Eedq9
zlvdbh0|+v{A0B`nG(9TZVzlP$0QB@vxXplyX)9*leLRHW`EQjzxY3WaUL}kSQABv}
zX`lObjR{+_ZX#=y;?4-hB`WUGB)^h22<Rt`zb!1Ed^&Y;?iYB%E16Tl4K{ZMr9r;e
z<qpBy6g3}3SP4H%Q&%4n0f~FLO_%1a?T?K1p#_{rK6TR3-PP6S3XuB?NMw=*nLvkR
zm3tJ4kFJ@!lv)M$8MLe+ZJkhJ+F(`rZS*QomtXJD^U`gTmiuwf?C__<w7VWq6zLr1
z&_HB;z8`igLKwo9AIuXRI^X+y*P@6JE<4=xX2&<epu0L4iVQ#enHVCV9d9~q9;2!?
z{kbNcW?GmH>Ad4WX|p*vpe|8C;dzuOIR3Vm;P~H34jU${E!t5#P9SRyf7%k|HHeHl
zMV=H*^ho&BO`FAcpWMC@r@J+Dj&h&ptxCvIVY^zZ;3tN!cbFbPJ8f2zr}6WGxxeL#
zgsQ8A^(Kt}fkt8h)S0SyGBSlx*OH2k{c8_M2W@rg=42<08Y)|7ek~{P4}lLwR2K^<
zu{zu(1w`F%c@R*jOqka)bHdfl_}*MAT5`b*b-#I@A`EnWm-;2i2$A@wHaY49`)2&Z
z4IT!$d&<?O#CXcV!F?_UP+Vi9XaSMh3Ax9Ut?r8cyXGPwpu&HvWjM1nu8Tsh5}<44
z(o|4z(bi5KX8t0b9wEMA5hWpjiD@nX6XzLucP@9J+0uoa7gKnf`Dx3ypvs7Q_D1_l
ze{V<7m~?b(`iVm%mg!L^meM@P6jxm3gDIkjyeG|(k2n@q_4z#}q51%-_W+KSVB^XL
z`IEtlgr}{(B8m`o13IRFjca7?Tep*Kcjm#p9~Z~sB7@}Rs(~D>RQ09fFTGkF`)lyQ
z0m6ByBm*V{0+gft{$kV2*{`eTY=G<r^>*>9thRe^A*F-mrkb!u9bU-#I60@ff1YnB
z;wE&zWDbvxQ{RERJMVlwxj^t$^|f*c5sR7Nxs@iuZ0`_ulTHEH&HSp5VK#f*=NUk-
zx#IVkMUH`zB1)_R@ZUVDOG`Bx5MLO6C|B)UB76a3n!Wozod^jubTawZ#U!iL%#kx&
z{5Y!K{gy&-Jtercf*ekcI+N!Bk5CPC+mif8JvM--{K4B*M9KCHN!UQ2YU4Gq@@^l;
z**SIvDT;rstjUUhMn1w>U-7IGsH-kwBgkKa<$|H}FviyGqOWH8X(VoOIz22M1srM$
z2y>GQMCU?4g)0ES9RuP~bfS^aK;<kkP->R8YK8#5cy;R$1;c$V02oU_5>5=j&}UkP
z63yqCc{eWWf-oyoyCBS>oBQHR-sWa2@hMO-DcU@Dr<G%~jAq9Y<`tK{i6M}1yH2f-
zIL;Jv{QR%Gw~|=6k{&4fE4P-knHyg#R3$74<wWvlQzq8nZGcO`Li51XT&#Napxt?>
zw0oU1+@9U2zg)=j=XS|zMQMI8SZh4pdkU-DV&)%H5}JDL(E6Dml8^jy4Wb2wT&A-T
z1_bLzOy)u0#}ga3R-vtaY5~{p{Ud^jSc6$|6w!8`YubkP1v*hfqyX4-K&0%d+-Ky_
zQv|yB=idiqg$4cdzd@7uo**(bqjG4pQAoh~#UrVg+u@Da`L%+9ZVha;-H6;`){eD-
zIuUP0-OT7?ULdC+X{^>)Btqw`zAP*ju%&Q_X2&4|gCq#>)SlB!zZESn$st`{@-Bs`
z>@Y>X@jI191v^Pz*x<wvRSm^%Y~<6jQqa^m>IW&OHRna`z)3ejD4;v7wEU`Fi$$6r
zh%U<5bpceYmC@-!|N7ePQ%lI5x{chaK;2gy7sKjy`OTX^qV;*Q%&2r!*df=}UR2C=
zRErGdkTOC%;0!X(=_0V<jTOHl?(A<S3JOAoz=_c!rQ$TjU&n<v%Ge&8v3A7i%k8Yn
zA5Ts=9Lg2Ed}Uj&;WLcdLSJBYKw0nYHO-B4pSroQYzr-jNRTN5)0XX4c_6j5d4zEC
z1(0HJ8fVp_qwWOb32!;0n|8*8woTY%Skq+n!Byu}|CT$Ie&+ksx?Ig5Opt-QO3ixr
z(oZMFLVd)`{){Pu0U$lD&c7`aB%xNEq*C$6liZ66i&GZ+?Hn)_(kz^D@_r+~_u3yE
zN6#k%h5H(8qavnZhgJg$h?phq*BBVhB5!>MF)sGqkDWKJwGGy~v&2+{1E9o*J${=g
zZGc1rI<=U2qe*>7w2aqg>zt>3vm<V8aqih;*28Uj5{nn_`~qT?CbTHc)<8nmVlX<2
z-c1nnQ!AE4^*~_M`cl*tB$43s94B0U^;$s1Q&RYt_%6b%snr;wTcfHhd+V&{aLV}$
zax{|l<fz4Cgd6|B5FtFM*TRU|MqssrJN9<X*I=3+W6T*yC{TOnL?Z`Z`@Nxlp?2VV
zXU&WI0M8VykR>DlSvptmwZ+tw<E45E-c<&uT$bl5q$Si4=Jk*Oi^W++4Wttywj~5}
zu<Hg|Ilg@1AmkK==xaYr?yEomP{Cz*-Wunhlliu^vNu>*&h~KQp5Wr?38H$O=jJ|V
zsxzKy4e68O?!422v*zRcP|ThM2(4k~Jv7x}P=4!wvK)liL2v8i{*_F(N7IM$*Lp8h
z;I<lbZ%?6VHcp;8P=C8r^(zegd0bY#XW00CM<YwK9q=u}d&4|lH~HS{P}!vBT6^h3
z@!C&5gf)saRakMQVOY?+*v<8~)qioY<qDI>QNHYn0CI-tz3g|Mukwg#x9-(LF6Eho
zCcJNSA+Y;$QLWK5|7Y6+CtF?QsawfN3h!urK{;8>nz=No42OQYxdpPsgm^y0L1c?=
zj>&_4!QA6Re7IRZ54#6xrB&5nmpex+o*mM`K|W79@`U7Nxj=vYl?M=L<xs#RIct5C
zkn7Bj&s_7g%z(_pgF9pQq2nFC?3$nvsW4lKgGkS>ah#DlzVZ0j&r@>T?6?L7;!W0$
z5nCoKwKLmY`2!hq&L1g<t|XYa4hP&0ML5Dds5IukWgqqG+*U_q3qnAciY}3mAUO%~
zk%mWG0Dxfv>>y_o-uQ8C-(c7DTCnJ-{Ebx}!Oa9oRjlB}0T{SO_1g$0?X1R#f*{+1
z1op8}`Za=}T(1_4gq_b3v<ZaLagxeSeg&U*|BeIxPeSqo7f{cY53h0$^4!eDon_w(
zK1!<3v%Ymb%Y|;yt`i5EoCiA+dC0S!+;zuO-(J=c`j|d<WP<YVxhS%@s7Nq;W%e8L
zyUobFJ}%JA!v_9YHgE&{58C8scUfz2_j^-oqHrASC#@-!#jPMc4Up#;hbb`OhKKNH
ziwQTj1xA$*Cgqqxo&9d%qX~p8&3^GjF;7*&_sl6c69K(ShynDGzjRb2x8mVo>fmmj
z`SMZr-0EnOMW%L3n8)Tu!d?eyyNhHrt_<&s31%fC23k>qgQ|KGiynnBqVbt|LCoxD
z_VHL05tl<gx%bC;Ym3&=+<^a?s#%oX0fheFDh%vJwFK-55BAm+J&1l4%T{aDDG7VF
zgfwZG+P@=wR5>xPX{L#%QB3=~hfo0*I`?bqKO^<_09zZ~)oqYMwAB!)_-M;Od2?~z
z%uP-MQU`O^hS1Ug3RUZsW4P@mQsgSUH_tJ1eOizDTPj{jcOjJQuF2Oq<6W=Nc@p-`
zL)J&?TREM;qb6Vd2H8c+#d?~OQ%k^4x^jI7SK?~lIbFquV6q5x(ZC3LbpUot-L@+e
z2qby#{dn)@aGsltVSW1Umoe(6Vgskx$s}K4af3D9T10XML``wFB-z(oKBe4)z6qp^
z-mgxn!!MN^sYR(gA-4NN91*xU`61nw;6a=4dpM7Y6Wn#z;y2cGTGibe#qFDF#KaAg
z8L}$Piq?bqOtLKxD|f$I$$N-D$o>4e(WwEMS2Lq3_RaJTN6zJBKR;Q;<dBUK)EB#o
zxzltMb3j4B^efv<UVBx>uXMJY&6y>?XINkG1-(s8EiSn|(K)v!LvC?T@4H^AMuPJ|
zVR_ae;lzcbMbh8DWX^cqcrzrUVi<jmt%o}EYSrL{DeTQJY}A%0zb1UKBZ(94h1#X%
zu#q|Yrj&J$c5!Zu+iFtY-2FwJad`~>#uchFjW2I)BEn=?wUQ=FvU#=SPqt`%!(0=U
zop*)2-5)CB`7>CB^RQyvRkZAbX+rpmwN(Qwtv5G%&S}BtkFE}!Tq|}w@R0m8xQP0%
zN50ULX%W<yZcH7Im(y?M5w7%hTW(piZyo(sxQe-@v|+9?Xy*Em`_$MEQk-y|%^OVO
zj|D?slG7nUw)f{Kg5S+yCJeQ<<3gfo_lQ?0&o)3<k!$_Ku^$)kzQy^*(|=BaSyr?!
zZfbbz_@8TCljaN#HzOWy%5z$3qXkr|HP;*|J$17%rq?;nA3bp}>M{e0XZIXGXKZkE
z$<C7*rip~S&9sgvIC(;E+HXgGeK-0+>7U1q!oJJ))ExiQ?lzk()qI3&=gfsl&ZxT`
z%n?Lt0jWw1m8w}JB0Yt6etl=MHLfg&j?9HmhTMZDd~5TMT34t(uL(e5+0BytgMaSg
zL;@@x?su+pR=Fva=Wj>f$iHN=_UWTTxpDh-D<&I_(n7ZNSCUEt4Jf5Lk?rjz$t!~l
zE#WEa(yYQfyEU^+VObRhwVZxL&l!Z})+^86To&6C33x<!C~Yl9`G!P)T!yQDMQQr(
z?6F*{V|i3+Jc&Fc64TD=r%AedZ|$#}7}ia@XTBCB^{S$5E0`tA91KnUJLg_YKWqIE
z(S75HE!Q~P=8Op<FOT_x&Ssn}S7~onlX)Ht^H@IK`Ghf@p!%s)L&dXuuq04X9^UQv
zj%&~PvI`6-G*)S+uiH|coO&M$ZQ98-;~lAS!#ylTvTM6fNOD(|R89&XR-l{XJGg5V
zOrytuPqU;IF-Biu;J?IA!d4?can7$aaQ_vpK2(e$7ui7I*UnnGR=eT#<A2)(m%C!4
zh`1f6_6q1H4fyPCKi9G1_8}*h%CbapPp{c|9e<56ePO#W(!b{qQ{QR^$H@DpqEx`v
z58Bu|TkI_vWZ>>e0WQLVmj7yb_c1vuJO>0sOQcrVht2qOo-x6liU{&=Wg4~T!kZ3;
z(WF=(5ivktnah)CK;5cYHMgx)btLJQ%)#JkagU8^lM-lgp(BGmKe$gvuL;4Pr))6^
zynWhv6j1PmmO)7bcjezg)7zbp`n1|}-n!+EWh***I{bxiRH*56u)~YN+NVPJJCyQk
z%sjhAZjz&xa6{=z9P_<*QoDN?kz?PU{QHrK{Kedfx7^T2(N6ty*cr)@L=|gx$=0p3
z#Pv1|_`R7w@^!|{>P%_7<AqYX3{2u!A<@l~n<@)#QdU|po<e+tX6N48JQKy-`idQL
z;@b_ZqD&u@o*@#h3~@qAIBraLT-tebjqBi_GL3jW+#GlGH0g_YD_5UUbsx?~lv<J{
z>SBp&L(gbJf=YlqvTTJ4bz3_-K1<l9sl(ixqbmO}u#4tb#-&UWH@^NqGaK*!vrVr}
zZ#|3~63cl>#JoZhmy1dCC88<7B;NQ@H4)!DxP2j@Vo5LzRHn;A^#gE^Nv<yd?!wbf
zZdUpV2QAn3{qJDqrE+={E=}BN^!amWX5+;P%eQCVBkL~ARv&F0;U&3}FN7y|+Y9k#
zs%-Im>J3)p@4=_l+D>Mk53<J1rgaGdX~)@b-Zf?n5s@i+6tHoT-F*x6OX<tu9%b|i
zj(-?*^fuVRO6B@gtNX}A5~+0$l)fa-c63U$@4k*)DSvo0&5rGx^-Dji=}Q8OC`s6U
zzIpWZVmdNF1%GzQfEYZ_;Wbg5(`3t7tB0`i8edPwhqfA_p87!2wrY2^-qB*r&^Pb&
zu>dNOt7vRM#l?{pu1wW{ilc(5@gswi+z~?X2@Xtcf7{6_)SZyXklF8tnam2y%HNvW
z3sb{8`+c{KsIL)c!eT1qucEIMV%VT^TzSDwxjS@3b5NOWyh&@DN$#Dj_3)s~12N>_
z3pF0H8=MGQ+)uP6R$TrSXTf5!cDHi&_ld5L&0VV38)rzLMjv<@LDVT_6=sRLBzxG&
zX6-|<B`O8#lvJS7Y=WmozWw%PU*z?wole&vECt)o4X&;(8ez6GOlz4Xo1~7HW>y+A
zrss@L+UW{<onN&?y<OP3bcQ7A11DRQ=^35IV=VVwH9hU-$7j2r((Y|ns|Db4wv=YI
zx0C-su7HHiTS~XjEh6Pf@CWy#XH*CRQlrB}5%HK@+-u)ERao#HyQco)wiWl;KxFe%
zVexaxx(%q#`wW#ISQy@}I~U6H?;ogPjQ||y@pJllWv?I(W*hK5l;^&Q^Gzbzhs8Bi
z&!sGcdm7h{Ssk7;kzliPd`WvK(a923^;ih+_2^Mh1=7L}-M}>_DeEw(>68{11-##C
zfsbPWmwF6QdBQ2gb6(v{Zxc7x&+{~SUAyow{(J5?TE&vP;B(8^SI4kMA(U{H&cU<C
zSi18{a?Y2fMYH{STF<4tkm|@un@7#FOXFuuefx(wYScIQ*xFis4C#q1|IxiAf+zs{
zOs=xm_v0u3uVu=6)pfaoe8Cvby0!U<(xTpk!hJJ0&s!tkFg%z&znbbE4L5znHf8!5
z^`7(fo&AiE#818#2O9!|1KkEpy3c$4XO4yi$otNa2z1N{yE9aNo9#c8aZLdRNfPXv
z393z=C$>@x=$^y9jKgK|X(mnhn5wNABjoNdtA9F=!(Gd%nfuQYy;$<1a#VPKsqd2T
zV8|N`b|IWd=gURp0R3}miYf~s$0N$(Rj5f4Ev<G}NuF`Wjpc0CV4Nfo^$(ONm(>s9
zV%6!neopN&Y<q`@Z`P7-SZ}qi)VG@qmHAr%uQ6DqE!RKwkD6RY<{$j^8%b~(M@1=g
z<%|4brxUq8`)aHFqkQgqE%;q(5PtS*7sq?ngH?}5LbF|$F<E&4ucACJZlR>MWZ+|o
z+H#{l^IjLamjd8+D}trNr3*SqhB2eD8IQ~<3ON4(=%SMKwW$w{)Iy(FYxpQWp3R<6
zb$?kqZ#19!Dda{t5%Us@b3NwZ#f+U2w=RZ<!ttos>-+(<xJ@N?IFp0=O|{crxj(EI
zo)A6f6qa||D|+$3!3;X2k(dgPv%(kDcy8{w^z{h8`>?3^qWq%8x){G`QIMV`D&_{-
z>ApQZV_#@~Q<MG}FnI)skg_gLmnSM^G0dV__7qt=PrAeP_$HtK#OK1E;Y>$O$Cv_V
zwZ9eGWECsXHQI0lT|MAf8772R3M96@%TO5)yKV_%!4<%@v)8b;4Z1Yx5^T_0_eeqA
z#up~v{weUJ)OHnkZyfyPA$xSF&+J|d*NgjCk_vs~YrImfq7!+V9@;jdnnH!}RaN$A
z$JB@?>@^AHp~~Rf>R9s%ih~iu;TxSZ@=#n=O17UAQEmXaacucGX%pVvk6L*z<R-C8
zh+XgaZ?4QYf}YWCjK^jaPm@Rpv5BsV;Y-tQxLI)5RCIeiqTN%l@E-FK)vSm{7Jc$U
zhD{pBQ@(M;Pzq5IT;;p3yJpgUovZKOn;2iitsOGR3#grcz!)?8bhG);Zj`!@5_tCb
z4iQUK>+DtiG`1Nn+MSg3XW-y)xq^BbFCmF7(zz5EIuMpnBZIu?*<o|^=tn#H{)~#U
z`!5&DUMuD81Eu^Yj>s2?Lfh>b@{vR}*hqZDR5J6BWa~2al%3su*p>Ds0Zemg+!7;f
z8bghJ(_O^DvkU*axK?qkJ!7c|W<>0(nb;^b_@?ZMtL}X!GVn-Fd0y-Ez}QwNdm<ZC
z*-5h{N?I{ZPgM7kXvQ9ZNXgEWjlk@x^ig<dblrBqlR`(_S;W$JlFO98r1|HTXWR<i
z?z?t93jD(-@GbB9k3P0EH8@ty5;|xB+pYBm6qU@{`}Cj)A~uQkpR!4Vl5Ls+I63o=
z4_||#5gW0W*ZI?BU9xc#B{WF3bSRzSxmTBf?%K4lUXWmA;Voj9tgswat}m}>OAl}J
z*@s<cz(;%I)FX)wgf*a6sb}r&zqycuFLs<Ltp!u>ZSk@FZoh-78sszXO}TIO6{<?{
z-Ej^OCr3;QZ8b)Dh?%M1(o|(H<XN~Z)6I0f%Zy2aH<-1Vj?LV$CXE{Z{3;!js2lq>
zv?7F$q&xay!@XNrP2*OlLSU`{_ppy^w|eiU6$*o&@0?4uTI|?6I#>Ab_Nx48pL{aB
zGv+8*TxUzXEXVsKQrU_+Xt+^i#D<|VXHQpew5xk9MF=mO9#KcbY&!?Jt5|RVgK<$o
z--Wm#ft5D(n<B;3_U#S>!HIzXt2Mfwk!7>9cn7^6H8t0tB2an-F<Xs36;B*)fZxmS
zr?o^0F)}i9mPur;u=4D-fXl0B6zp9??5Y5lk#tMhmG;JDUP4JNVzusiu~5&oFqXu(
z$)3FZ`)87tQ+!IMh_9-JRkBYR767l!jswa7QwvtLzvV#?L^T7|o|o6+|Ii5_tDgO0
zmi<0jQPK*p+R!n<4TUfk1J72N6IeXH-`V>-8PE1NvYWcf_+`a5iM%SI<}67VFUfP4
z`Hcx37@#G55uAPZ$;~OIAYc3YP*R8Gi|99c(bld@2i36gX&T7U@@q!ftsGl1x<SL)
zm?`^c`iu$Zl(dNNGavb32X@DVNFkK%-q45b0IJAk%-=Py30ABn$@SJkC9%N655LBZ
zd8aJzoP%Y<m}*aXXsifn!sAo-QWXc2%BC5Oc$0%fd?_BOCHu&x386al?}s*^-n#FY
zlvRY#ql6x={%KG_;Fxi~v$4haZQN^fxjXZtCMMNDC^@N_kiSx+1R@}oVaUZ94ptqg
zBr2K6PV@%O+Qy(Js4_ZuL#v(XV&e|ApCh?)APh@G`S@MIZryHX@?{j&PHz=myq+a*
zvJeW1bN#(Hm5vB@-3Ku)>}xs)>H-yaz3aFB3CFN)_~!gp*=seIoB9i+R4qPnt{)xX
zUR>pYxKV)b7Gzkh#Yj?A-F<0s*5-%_6YRaX=Q#ChcHK-G;XygmmZIC-l%;qm3VaaO
zB5P^+XUXXZ22%&+O`Pukv0(K}Z0+w%L!{5Lg#b{wYKh{Z2k%-UGdwD1HM>eDJ<ez%
zJ#2b^k*f)EAAZvQ>JnTCN~^T93}Sd*vEkM=`LLlvu-LjsFcV$u_`*flVYuhbv-9(X
zE`9YH*r2)m>u9H&H`Lw};vAMFu-@^L2@<z_5p$^A9>DsMEGK2}pEnq_H2(Oz!23Zs
z&pEPXe&*)|;+GHE29{FnJ}!J(>Lu5Jx*6y@(nJg~UcX9;DFKv4C3`hr=DyM6wPwLW
zk0MPK?sJX~4{pu7{x1Tz2|O~j_rN^Sy5N1$d9CQ$`d+rSccyEln4xz^@cIJ)mvIB9
zC{mFf&#?$zEl?ShI_K&A;|)CQ)W$L>kr94)or(E4j;x;LgCpl0xv^_f3?({39B`a0
zl&Bg}>`VvwUJ{iq5BfEtR%fq0a1n_lL^g;l@?dA-1?_bqyg3u9ad!4#V8p0i=IGEG
zQVIdqFNR^>a%Cm-cKjvXRr}{@#yqzEwe=Z8n)hGT_lhqVuv?<quXOUlq3MW29XgJ<
z=wQja0k{-&_MF_#vx@1@sMDw8oUKi6zuAyGeeB=Me)%FbwO1rY<jxxLS(P)-ueQFC
z?b|z3{_6~tEltN+Q`S?9>Kjd(`u^~{Hs$pF$!hNVFgzrL!TXr2{&-D$cz?y)F+@et
z+6jyspT7@Y>>P{T9Z)~?g@Q{~-D32CS|SE3#CW17V{y`H`oE<n=#bD`P#B@F+#ne$
zJTWcw<HoNNyxMmR76fnCt<Vy#!9RNVRcj9|wmQff>Ktkb%MY)u|3YniBAh6S(Zu#6
z1Tnk5uCtsq@(!<cvI#J>Y2oeqrI8-J?J;d(0n{O-OIwrSFUF6lV7YIjIny5^*6jwl
zc!@KHxa5T3#Nq#AiNa4dJrP1F@{+vMKJiVN0XwjaaodV}3dRjSVP?sWwt#g@;Pf$i
z)D!6iCxcMZznIC*sxnJy*0YQHicRnxyVk_w20E3IX3FwIyAi>LU&#G4G1!hsB4)8e
zzH4(G>&i0x*=zuC5WUY-&%z3^*D{?x^eFATk@Dyt2fCPJ`aHjfDhiX78b3r(vqH4j
z9QV%P)lHz8-W2OAG1&(4;yN2XVG`rB^_G#CQ)2o7Ds&M2d|c|$e>Yp4d(+{%Apg|P
z=m!Hhm9M|N{P04=<8u<TaOEB0#DfNeikN$7XTy=Hy>offv5%%jR5`EKhHeddYFVQ0
zRX;e_fMOJfU`|u7Ym{&QRtG|O#B8N|Z@fF49;GO0YZuXF^zz>|{A7ui5!|k^^L{Mk
z99uqn$D!A=ETuri*V?Dz&95I$#9C)bBwmmU<l>ZneId&;fO)7iJNbE+l1vN&cF7-~
z8Sg~}Sfk#5a(o;9A)pkx)|Dr$_e-O`eU|LOVc$IXyg7Dl#VzZ(XogK7uXp}pKE{;M
zInhe`z@?9}+cFR<Nw<F&25*EQ5!kI%p53eWt=9%;;)95WBw60N1f`&V%L<Ta?M&^*
zA|m-$uchpHtTKK43!oH@`9tk2QQFLIS`3wfgOYDCrZ!z4MpyoK1b#lG-8<ccxi=q2
zj~d|5P<xj4ml%p7DiR{`zPkHav{b3((k2~MeGe1Y6A@oBWbx_c&l6I1U-6Mhtj?Lj
zqr0m}kXRN`BlVYdc^#)d+<*$OMD?wIvsV$6n;}9hWsTjGa~N$qW?g6+geTo~8)KL_
z!)*iey<a9_h9>7U&X9C7RLr{prs?<@L%VmQX2vN1NBhD3PikRH4Ql>na6|VI72zXB
zUn^|T_mLUS0ZuG}Bz*!T7cOpA?ETLcDV<RF;cY;vd6BTU3E^2XMOptl??1y}u`UG#
z1t#zTf4_9-aBu%blgf;|ovLu<+LFtuzPh@((oO4wxy0GI){oRyE~{J=QPQnw)XgPU
z6RK-Y#F#Eu5(Tly;0a>9Dhq3G;|%#}>QMEkSl4@)8I0n;UM9@;6AztnabCZPrjOq>
zIej#7&5Wm1LCC`<Fa_tbSOE;Gvw6A@9-WIY3)~2!#F94wn@i<h6AhB7endkIMsHf&
zRHhp|ukK53z+egOPp>mSTzY>j@c$T~uRz~pOfM&!77L-0y`&SOjh7)zUlVjL1W!nJ
zx<>v`T-?}4F38rKJrb}^V=0%HIgG6K`;rT1Pvy4D_OrR3z{6+R3Rmo}?#FK&e^`wV
zS)yu1T>CH$s9Ik?QCCyMd}~U3@N8bAZNmkg`S^r~<g_o*yy4#c*!M-eU4P^L$};Ds
zyB`WihH;AH5v0Axx|g^X4%JuJK2##bQM@5pSrz|Np}u6$DTJR2d>jezIGPCJO`sHC
z?_0Q(^-BT27iSAJSwe`0$c^HJ2l&!D82;)p;~4}f%~aOd+7Gq-14T59Uyg-g>+Hjl
zh43m1YS+-vVBWsi3zgC;eSb7v?Pgae&cLT-dfOkY_W=&j0lR`GgTG>s@VKcpQ=Cls
zcuXCQX=1se$F;O`5p7D09GR~xtAy~^>q3C{bioCiTz*K{X%5dY*Z6k~L62f+NKA!T
ze+ro7&dp!=D}n<dyVRMfJ*UUlCYW_n4cMRhU8voaj%2k&9W~Fepi)4n<A?Z*kEEB*
zzP#as1g+1&XS2RCxHDyt;I(-GgQ}ZK|5$cO%g=2jT>v!qe1*XE;A2T|)3`hFdiDS6
z`MBY(Vh0G|)d49hrn&}HuzT{=exM}t?z>%ex|vTgyIOJrY{b**zS}wv#L@U)`e#ED
zCiM>pvlSC0fKU4~%zw#|&f4MnOu?Pw{ovY8|Jj?(XBauA5~M6qFWS~8-zoX6o}2+a
z(A^tPy-#i$2K?MBB)ac_f=@R1RH*pV704p7c?nmlgVw>&I|kF6MO)M>?*99v(ObTe
zO_sA2`;@T*9f2~QACdZ{%urcg^^z5>9DtKD3>!(vfSuM9wsKaPn>L9LBpN#X>y}4I
z%E!+jw~2T0{i0BUs7Y5UeAZe&rof=~zhJFCSw-MUr5N9jwXVLx7=Ds>$6iUg2bqcF
z+gUG~Bk`JjbN}v*8VG}|1S8Lwef=$js!&BWxlH|4cLH7QXrl2g3%h|b$|};(e@ypV
z!58a1(#B}hTMVSl;Y5L$KZ;JH7nUj7Ob)j3pWF-!lFYA#M>$gBf6n2CI1QYM{!66^
zSL(;_QU}GL`hVY?(fS(rjXrZ*W6XpBYvi1mBZSu<MDUbUx*uZ4;I+!l#o86E2Ny=u
z=uyE}Zwohy@a(X{Sscn^VB6cW%K^-<j@^_OX=#Y36#9Oai?WUWff#uo1Y+Xd<_sve
zt&U?meScaNA>f~o8pj@cV2B=aB*&ARU+yPpbwWqO1rxq(2GeG@OLLwRu8)t4SpP2!
zqnXhB&RL;;%MvAu@%OhxjkR43n(-j23T-%dcxU&SH+fsaqo|9xLC%RcL;}BSw=_d%
z9#HX!Bk*Svw9NV|Gf(cYUQelT3;R5OK}EBJzImG}`~m|u*=_IF|D}hq)d;NbxGI}+
zhj8^+0)I|!i+hfD@z<f89$zkSh)&VE4Lap`JuAG2(IMf=N8IF(a%ay!KHu2)BTtc#
za<dI&es$pKOQNXz4JdAVTxT!JbuQLDV)QnyI4ME8xX3@67B^u*bvbvg3gz_nOZQ7{
zu|u4Y)NN-V%%JC9j0@#ATEY-hm=FIoLb8`Fss;N#X`!7u6C>e7M){iDCu-wIxaO4g
zts{A&KY&b}!{8ZMJ%^47xf_Z-+wgfx(0@(+@TNrFTyayry6JyLCpk1n;U!Tg4+&64
z=L2xp)BQwdkv*;`6ofR8cCRr|P|lw}w&zB+ob4bG90(WFCFrMqB*K3ES~Xp@283bh
zIt02X^kNtrIH~J(_HQt365C>Uqud`fW9I`Zg#W~LA!bpbiQAr{^eoAI3o84^xyC{B
z@<d3i5Qr^opr^+=Mb|7=|2+G9sfk2LtEv394b=6e?P@^L=3q>VU*PHHc3FEgEj@2=
zcqCj}zSKkVxy1xI+Oh$XB8>v5yG?;i;^pnij$hZz%du8?BvzR3#wgo;5b<5cDM$Pd
z^C-O}!jhgLxdMau>Myw5{79j-ZG_|!FVt;E<n2!DrCOjyUuLJTiI$4&Q!a@WV$Q)+
zB9{u(ueI-;eDH%mE4{+w$$JAui_v;cr#BFFkP%b;8Hf%+j!c~GK8cZIAvdj=EVgBg
z!Ix?jWy+=P7h2$VV@?TIPQHF*m&KxR<@{x@fm?}N+$!Q7$JO~RK*mRnV}_|8cLSL9
z=tJQPxv;+<5|d2)cQ5$E(VlZ`I{F3IMk!!iMp?;3lKA@(Q){;F#O7<q04wxCaE4Gm
zdi<p3o*!oNFIU}8uf0<r{zVAy&icj>E%4G6iH2K{XqXUSYL@1Te#mQcEM4uW@TNp#
zTMnwaJ}^H7wl<ECNUFq0#9V&G*Z-{BN9})>Mo5et;3Ck$dBzM_0kDvRvqrgMW_$j$
zdoGGccy{yitOYgCZic*;edn%?9tt8dy%~{;41z^|lUcS=M7o1g^EDZ(Y$<HgM-x5b
z0*%f@(=b}358mT2mmQId+3@DIMBRFgsZ<j<mL4A9o1i)5fFu}Zv}ksYBn=Km*+B&H
zGbmi#5@k$}GGg5rkA5)_RXo4Xk0n-cTcYQearGo;J;dsDvR;ZPSTJvK+`jv&`!ZP!
zFG-ZEiQr43`syt)<c1%+d;;N|ax88y-`=AwU6|2y@L)k>H4bJB-;1XBFJtLxg)O@1
zu*ROt#>$PI`=WLK>CJlOuR8xDhcA}6HTXir_<SVcgECN>uB*J`Q3`w2{jb^~3M*C1
z2~8jjvKUJ8Z>j>xi{~F1=7+w;>B;cpOTP`4sF>Y<osw!BsPgRj=3ajj@(tnv_$A&d
zNPomH^E+yiE~(;hlF5bTEhgtYp53-u<KK!5_$4%U!mk`0>cprnAy<`hA8@2hQA7kR
z|K$IW(8VN7q6S0d@SWQ>di#d$zh!HTz_MePiYp#0+GFtVv&zT^Cj#f|b$Su5?Nete
zg#$X!&2{p(|Ji!3|Ak`71FgNBoa?UyIj)~3v8g`&oI8?8Mq1(?a=fMjIJLHIty|4C
zt}bgP@?qj|Oz@)kr?SU5NQXm<J|Z{MDNXfQBSxUT)+-~+n~0ROXzWM)`Fr8~FP0Am
zz2=7e*OqcJ2CE%KQlPaLvb*KPjV;jn{%|6pIrRU2h$Nof(9h(t{3K32s7d{t1zr`3
zIAp3G@>}jA@A6y5IpO~SqFSG`d*g)*>6jt?1>DW|CkQ65=fc-7`;g6`|4#yY_7e)Z
zk}@U|wu~VXqsa2gMT2Mi0o2W=Nt<sESf`J~ntqoggS?vZbxn&-#w4LLFnt>uXE3H~
zrX5I98L%pnsEk_T+B|in=i5{vk%R+E-%iM8n_Y&0SAh*oelW*$-T9~7%cBw(|I76s
zz-cs~rl0QSHxS5i0nELjqDjZ+oDhiu*P3I|B2^=A-qiKgELIdHr7P3T@ssq!znSa#
z%_usun_uE|oI?J~s~ywX5I@=NtPhC50n#FP?g*lp-ZBm|$x8thzyH3YXCW>iYS8J2
z^~V)cR0_){a_3bPdY>uqyvH-KIXzkLU&Ja(9vsZ0OVTf{QXKv99S3as@pgo>+yTx~
zv^C9}p>o&S?JOoku$3QJCIq|H1pkz5a}0@Fx!fX$`DQ>;d0En%lmy|&2N7?1X3y*U
zWv1mdJ<8Wnm9`L$DQ~_@$$maz0y(v`Kwo!D)b}f7@%=0vLLePeF&PPty><q0*W+(9
zEA%Ly_FZY}b1z&X97h_cg)4uDvshtcmNcuH@Rb3ndyn|JEB_$rwJ~CzJ?;Y@Z4D^b
z7b7M^`<qM!c4K4O?zrdXS4DWz)w`=-pD98W)$?Nrb8}ew3&*cN)QQYhOz7gSuibB6
zFz|R9UO}@lB$Kqx>gs2vaBLPOzk0U+tPiQ{mrjcOP*I;wAu`R3^<E){1tPynLHln;
zk*o@$K6>wGezIwoX=&wLHjDw}?E0z`c6WKpt{6PzxC2UT1X1!LpcXLgyAU<dyJyCF
zQsJG^*e$=kDQ1SUkN$wuD$fg7PJlu7U$QY#;`2%PXMtANak*e}M4V&w;p~umYfEc%
z)DK<)>IJ*CHWT1j%N8W9x4+k3Y6~HsO1esivl1q2P|EJ^1ywID$hc5Jj^B<jgyij5
zWqs_hV<K&p;iiW;4~GBcvWr=7A_FkLdBi&W1%qlFi*_?xlR_vJviM#OJBQ!@FwCBL
z-Hpezd;YiF$<f$F_h0EF{)9mmO?cucqP3~42<=mp-p+=t$HRS=I34&R_L;C#Hz2i8
z(gS;a`5M8ad+={QnOu_?XNNqUAw$erLDY*;-=Ms}<+tVm`_DtMHsh~=Ge3>~&k$8i
zOe>LkoQDX^niw<Z^&y9}RQ34?0HU41qIZxv-3Suz&#~Y}V=uTgi#Uc}_1F<by04J=
zwXp3rXnM*ZJ*(Ra3>VBk6<A;Sf9+lQBb492f5r%vl2oD?l4!$>kgcK3lBg`9kbNgx
zvdv6=>JwRtl0lO-WLHSUNS0_AWM5MDeX<*7%soTgdw;n1FZlX_UuGW9InOz-^L{Po
zIVMBFN0o0Bc}M~o;1T7sA<Ny-zJHgd>Tjcu9XSj9Sb}mes1v^BBMu_4JHa&{y?1qS
zs$bs$)!|jiDURp6Lrek2&pv&Q$BC{@ruyl@;BApq{Xq~qV5_V|;lk+`I21=N5%<sq
zYrvu-{jlpzFzk7cRhMO~smG>NGx(h|cgOVQUFU_3yc$%2fA+q(hMWhYTY}yODg=5V
z=(yGi#yCA7nKj<{T{=ouli#~xLof#R;gN)~FOYiJ<M3k9zvEG*p&mLpB`|^FN@PvQ
zo%eb+5meu<VSEek5q4oq)4dol)R%{yP(M)qJ0L``gYxF@8U|RWC1+EI3ny;Srs2n-
zX`XO!BGS#n8yG7u4G$rqnJ!NPOG4w80$u0&CGL-G_(!rDpNh|!kw~34!Pl9(0F%|-
zRbW%u>u>edzqY~tT~3P$iFY)?gL$=vh4#ZF9;Ek4N0M&~0(X=z<H2<7(ca1Sj@Aun
zx9SNjMrA1PwQt-u^%-(&FNUjIJ_ii$xU+L+t7BOnNXQ~3scY@M%?g)|N*Fk34V;rE
zB-h@=E&Yp%^q7_7#z1OK#JeiZYNC%ZI;HZb;DJs;`PbO~G-D6xS9@4NVBAbEuJVDq
z9BV$nntBJS?2{W7ZOZ`#xjdN^%iQ=X^yM!9K!&l03tttxR4r?f32@44<NBWLw1$2J
z9Pr>%F|6+x5C)J<aRc<m)>G5K3aS)L3rfAdk<I{d{plOBN9l+=nwtpYhV^&Q%jHet
z6v{OCuwOv?-413r11}3YeokdOT<AeizVf?sn};zyw-6_Xl{!=t<7c7qEm;S%yS7RK
zuI@$Gc}gtmrr0v6m6l#??jzV9zvMQXE;%H8knt7HyoVbcRih`zONt&=!0`>NqXC9H
zB*RI9SXOLB_r;&*R#6bE+D6m{fZUV*gHXZ=`=!p|{7Vm5H^fwxfdp3A7z4V#Wn)c;
zp+k4vLjVAJ$&OdKyuDXkgc*id@5tTitq#9P^#Zn>xW<kEqXqNz#RcdA_zr1bhxV^&
z3OKf+EZbnsFFp~4D>8?vx7p&0tszyvTXn$&ubFj3&?jxsnvzS`n$Ou<cpYox<lGSN
z!SAZGIed;3K<DDOyBOt~JWw`kPI3v8*^*w5_4LM#gZMD)WtZ_8piZgH`yB=kH;f-j
z=_g4$zD7dTU6b0WD@@}SK!P{Dpq1JX^Xt1-ICRzhuT1P)+4ox(WEvIvKmSHS1-IE6
z+nSoXSV$n9LDp9skpWLB;Eoe7n@W%WaJsP3RQ&{Hy$Zj^^{|rD&fmANOQv|KoQPCq
z$yeE;N)P*bQMkphY&@^Agv4&ZjC?^8{i-~k1>~;+BMrqf#N%VIKE<j&h2deLYm1?I
zOTax$hvH=n2p-o6HbI%wZjPtIQ^Byq!(|pbf3_OgAvKw0!m+BpD{nlHca-N<2axvv
zJ-z}+L~e7yGJ)Kh+Lg1#WX;6vv#=LJx75^dqM~gBNo(#{;jiFJIv}v<$h;x44uIfT
z9_)Bxxx+V3@l0^6(VsR>@w-^%*={+-%cg5|HCAY5OMywR*a`IXjFt14h!t0+?%(G;
z<?P_-s$(*jLd+GZB91awqQfCgI#N)C!|e=2kwk6^J@l&I4(9X^Gr95)pHSz*_{7fW
zBe1=Oe4HTNJ!T_Uy<>kFXS`#Z6HvdF4<z=LG8f-|Eh}sw?D?J~X`2AEX1pZJ#?j94
z2k9~#=bIU@h-B<<T=Fx`*{^or^MNZaCu9uDei_^BTkQ{liczpZe;Pw}k&)<fNc}0%
zw>vO=t(1DnXRT(#DS;>}6FF+rMJs-!XHZZq^l@F`-FbZZmV!$Q*;o>em-h}+tO(nO
zwa8{F+IR63W$K#rWzb_&U%8eg*5mq5?b+`8rF&ob*Pd5s*XDe$rSyn0zC$Tz4Q~0x
z+Gs66Do-u~&Qt|*Xjptl%Oa-TVt0?D_1wadb>fbzFi|6uaMy-iQq*w!j5<H4rue>1
z7WS?=|H*_+>hX1{)uI7oIaGwPT~%VL`pgn@L?$$xr%Yr&o_r0H!qmKtwVtxPv~T_N
zd4RGr!LuVd%L$N>^_G&`!?$Q$yW?&W=bdR9HSAQH`>7QW88QY#;KC!=ye*nRm&S&{
zo@=*w?>D(!Wy^M-p0xfJ%tdbp60Zh>{afIsic26O|2tvaiNX~w%GSq3nbSdJB(NzE
zJbtbw$qUP(a&Pnh$&d7my5aLphZ}^~OJkWjvyk!$=g8(LR;bf$vsUnO&D2#gg2^9;
z<Gm|pP)3|x0NBzuA`*?P*3pH;8c03pH(BDRaA%It-z^gEPHa7Lw8vG7cmxc!sopBb
zFw9Q_@5qv0aoW=wDhR_m@!^m$*nSOpW6mK%rqW!%M7#qz-&f+Wllt1(b1b&qO8MBS
z()Cw<0>;wD$?-Klu9I6xY%_WzSWCvgbpqN>(DK+?)&p{iI2^C&`bI%P(Oo1$9pp-x
zU3h9j$r3%}FxkKl4ar1d`!xGbgn&zeeW>w7UnjN>*H@I!{e97bF!zg_0Fk6<8QmiZ
zmulXgdi4HM9AMSF5n+I&qAUFgg0!j{vgbVl@7dnPHkyVo@VIb@cGO%7NJUJi4NKw$
zVD8`2J$9!9@48i)Do{uRrMk3hwhifZ^z8X#HHmR0^mjnwK_5M<#d!C9M$sA4n=YC!
zi6}ELWbWmkEtvmQa)+(*TWL}paoijXy4TH{nBlx=8Sz;HF15pR_FZbS#8wk4M3&kM
z{b?Z-5Nq~fsir*$xjdHzw$ss2>k+jStJ|szT+9|WY<WbpXoFfXKn8RaObI50nN!*p
zO}b#sU}j&Q?@elT_`}{XVLOsjF@7cPc@s{tc*938zX`O;0Qbo-$HE=Z?d7RkyO<y`
zOnW?hpAQ$_)z$6Ud|XT{pQAQ!bi@Vgz#MRVr}$Q}GeI}e4`9#X)hFj%!&{&A{5b6r
z4XY=x0oYeDC*kUoBKca@;6;}~qDBJ|xz9#=SbReO7Q@~fw@*DGE|W_FL=4G~1hY$6
z1argJ<^EePvHr)fc$tw`S@WtI1JmQLXzYCUr<gBl6i?xk60BQGSzGMCKCA|bUBz`<
z*YAp`qaF@6me~#zh_odm0t)9dH)7xLxij>%#Q$hK(wYaqgl=nB1~V=-WA@YcwXX*i
z1Ex-I)^a^IxF$ptn$dueMzfqHZMxRfgZH#%yN_ODYi#OF(ADuXI_&UfALC(-lDz-)
z;su+iWvmmm_Xl?HM|#^yg>$p@C88yn?+`gWNr~(NbqZMFo}#c<Wii!0{Pw-0F&UT_
zW8CFDYa==mFL#wm*t?8drYPG?`i~JE1AdOmUN1wp%IZ$KR`lK2bCBRRY_E%6Cd;<)
zcao(gw5<gzolMROS7OYintN}Z!&I;OE2Nfx3_kNyW{#+_g3+yuB;gFJFQDM=?gG-z
zb%~#kpq6LS(h(NEtbYO{OS!K67L9mQ-~Kt_FtB8cSFv3uO=XQ}CH^1#WVo+BMNe_M
zeRvn(RL$<McjPD1qY6zhK3))T^L<X((39y(j`90yA53p^$YqN}!`$++^p2ZI{e=Rh
zK`yLsA<G;&!Zf_A!_F}zJoIOitIZ+5{PesRjQaEj+b3&FFLiYqXKKifc4_2#0_J9_
zSdC?2_Uk<liD^nkC&sd#1<Z$-lo1Sn4Ycx`dQ@p!YDQ_=s7+87_C~{yp@e#(L1XmJ
z-_>46rG<9CL7Ly?>qnGZZl-hgnNCHwbwm86s|c{eS&X1$Rzr@f(WQCh#n)j;1rsZ$
zr#O8qq|OvKtIbfdU_u&}AI)f2^fM^W^H0idSw})s`Q{7nn+l>BPpRDH9$SSE70+vd
z+HL{d=9x;W!dN90Id&Y>CZS+ex$8)<l?1TSaKERWhtt2zcfe5st0b=9m!dHp&_u$~
z$h+28;M+A~dNRBrIi<ck=R{OgnS^ME<g59dPA!;xz#&|?wt`!k_Bo%jTN@Zc(xrV-
z#aKJt|4qg+NO7zF5f3Og-R3_;G17ZqN<44k;^7he)Gpz&E>hr>%+y5a@yZ-O74D7f
zCt6`x#ShX;CDR<q)+igV_m*+5#o<!bqeH20(q3pQWKa7GI=88HP?_n7U*c%-$oaz4
z#HE<5vbeP4BvE<?oFEXn*c#!3oevlO_lxL~NFh7nB|FDcc8+71!IElyszBB!8$6Xe
z{#Os}13JPpWACRRRBy(LLx5O{a~OTHqn#$O7FSppVd~Qr6oX9q5X2qBzCz{y;5B5m
zhjy*REHk#Xm6~uBf$<S;^GUI5|48>1qy-{}8R{|N<8~W9=CA%QYM})P1f8ZIXM2wo
z7qy%eS9Z0!M|6y&$B8TMR}TFMJG??Mk}mP=dMB2amGx*;%;rr$*EuPt(6v=E`d;<O
zQ_tp<z?;PbU;AzgC6!psS8H9~$mHRA5IvfG`i6ApaXKviSir3j2hYhD5eCT?EG_#f
zS6y_MR@DlT)uV$vBV&)K9!Fn@{C+k{K58R2y(qF`?u*g8ardhw0=qDrNGLi!DN6B6
z%ksFnu$0*prx6p`Im*lrfdtXVe-O``7=nHnMruAt=uo+#arZg$PZ9gb<R3qf5a_K>
zC|tCOfWm@xO-9m(P@j}?CZ-A^Pi5#djQdW%x{5gW@pdJf)Flc`+NEc?F8wt9aWW(Q
z)i@QPKOopB5UXm5KQR_88jTiU&KLlPfm(f*0{q+2M|fz_RwJSo5NOa$6wK2ze=M12
z*kO8-?}t_<*qR@>b~tWNA|jDnbA{;qcAT-&sb;pS7k;Rsk#~0!W&q6)v%G>m(&_zf
zh<%l*Rpy>|`^K5ZpOo|H*z(*A*#uN$7a+SB^xD|>eKF_=0MZ^7a<Cgfu9V!SV7}%g
z;N6pHZz=(z^-LDYCAfp(2ahIp&}M!x{uwTZ@E2=Bx!yQuQUgxXc{M(GAkS~S;O(f}
zA9%!C!^?E6eDTV-*g-lZB)j%!Mjkc9^$m}HKA*n43uoMC?;Oi#A`pY^(W<X&K4A($
ztY#V)RrLtUNnw9RT>k#Yx*j;{o=Jhln(u^|_K1)6L5O>~oLFy9Ib3Sm>~*<V<;L;3
z>)(S^nJ4H8wfBm?%wsrMt-0j4Q1yE;GcYzqNIhgf+NpiJwB(CjePYp$Nm1+_$5}sH
zoQB(-+!mvlsyjDKx^~l6F_GAqh^`TPH2UOnn@{scQTl~Tk&LD9&xkI8$G$*zPmScx
zdDa!BQ_dJfUGaUAJg`AlU&~j1s2*3{wvu|Iz<J<HLDX(kI!tBU-^nr6Cd^FOlK09Y
zOYNy^y%Arn>Y!qU?lXRupV-uow~(^$nbibr)WyH}B-Mv+RsVZvKiiTkwQ@|U22k2X
z?pjaGU_$$owz5uq?#<>2(K!W;9K9c+a3&6AVvLm^g`4I!=ZLO4);i@G#D;8_3(flE
zaA@EFG#I9%bnmmmWVf|bj+N=jF|Q{K%3!fYS@!n3gC)+QNsEOlgem87C$5&(&g|?4
z*=-MMF@hJCQ<<vdFBrS1vPfrEgrHorPI@(M73`UwkNbYmcQ>1g!3(O0baAzswt?N1
zRw;avigPF>Sxb@S;<5%_HgsFcnI2OCzAkh#GO<Jgt!@d!@%GSOP)|IT-hZzl;xxhs
zf5$M|y|=CH=g%hVitNS0#q32{LVWx_Go?bMQnX8kE;e<qHtiJWRo$Axggi+X#|v$_
z1swJ)sgDd-Gc`wg2H0%93&RP9|J=CcW9Ic)Z!C?}G4~=?+nm4-{paUDJ@EhcK-Dk<
zzV^66L$xu-5`0qB^OB*bmAR+2f~C7P_yeJ&P{`9rsnb$t^-xj@C^-eB>`5sp1t}@2
j)xy*N^#x~FD|;KC|N9Gp@>gY<_o8u0`(pO_I}iU0G5VKX

literal 0
HcmV?d00001

diff --git a/public/idp/google.png b/public/idp/google.png
new file mode 100644
index 0000000000000000000000000000000000000000..da0976870e323dae26b0b7077b6472354b4149d9
GIT binary patch
literal 47408
zcmd?Rhg*}`6E^$+0*WYW0~7>H0Fk;PB3(s+&>>1MQ4yqfFmz;vRS-0R(2GhDA@qRs
zD2o_+M>-<CN~j4X?|Ja|zSs9Ze7o0PUK>u%nKN_G%sn#)U+U?o9b-Gk20_p<r21V0
z2s%^<|96-Le6nz{q#gWm$o97OZ3rrgKDzsm8T|i+$La>!5acTeLBan(5Dk13JPScy
zk`OeHh9J3k2;y>0uGCimKVW&Jsdg8l!~dq&WaGdmte!~id#tl8T&J#IJKMn-2fhp;
z@7})uY;bW8Q=RhQp~QYr-{_1r;$ahX^TJir28Pz)!*|pfUvVyUloH!K)Xaj)34IPj
zp2gmuiB^7QF06ij4h~|arnwJ75dWP(k_HSJF1}(!2D4i$*(xt=g_jZ8CX;a<ZKJj;
zTRZ##cHd=pN;cOPYn1YcsfU0-|G)Sr3w444>d;-To;<P^t~!$@X`rTiWvTBucKY-6
zC%1EBE0Bu$cEyFI*M!J!ndGmu6nZKmbNW9-j<iR2Q*uuXLdbunAT<s<utimIh|=w<
zY^P^iZw2fYXk!((R%f;{GK96gvordz7CCnI#n}(Ka|nytxVIULB7|vmgUx=^<NemU
zRW>e!C%WCv-d?InHQA#{ic?`cs@0dF;J|beBjnqa5~uJmP-@WfdM>+|oxR0<+&zLJ
zXYZiteH2%0;;F7rLK*l|xa2p9rwrWhU?0xyWrrd+r-z;ljA9q_g{yFj1Uv6I18+eu
zwYkastlmKr)2aMTy|T33p9`C>jzhBoY@!f)u*b``wbFLRO;a_DGM-UV`e1E5vA8rt
z;fftzaH<CpffLoZX7tG7T=t|oa#>^ELg0xSs^mk=@B?g>eXA4k!SYkNjU*2>o3X&J
zLP|xNk08>06q*6Tz0Wt5E_Ik4?N-Hw;|Jwx@CpcN4kV=`L+QG3Hp1jmPOXO|Sq3+(
zj~g--@aai(5!^5%;)lY`T4i*3EnNKusxkNPL!`UHg;4O{ImimXjf!mP%(dS=w0{xN
z9|de<V!Cm@zE~8F9r<cUGI6rZz(Z54LOQ1$pJ*me*d%05_hs@F42fTY#zU@vJ?QuQ
z2@Weih)e4RYae6WZ4CHR6V-YqPY7V1VPy>-vGHCZ6QnDo$zqv(W++pc{<c{oPTQY1
za?2rznG<49x5#Z%dRW>Lcvo!WCz8+7R5mwD>4voO8|&JCW-newI*X9Sq^acwlqtcA
z%*bg?%^NN?C<RE8`?N9C(YS0<wYdE@%gZn~wy`%$DIf1{h-}j+zAv{PavoW0;7~hw
zm1>V_iZgvO84*#izqs_CA$b2ii7{A7uRle4A-`%yA>WS3-~S0?t{q^m-FB6%l35Q`
zRtcs_khyS_hOVX=wQ0}&rBaSz*IU;iNhzQ;bXbM$Qt>afq`p%qN(RDK2xEY46g-PR
zK3t%KEfAPGDzI@>yNL@m&xLpX;T!Q3O5XzCN)He4Xl=sTX6CDlH5<5l8>Gd!@MkSc
z@e0li{m$<(Pn)Ef&L2z3^4POWQrhwQ0^KSIux5f3--(;u@bCZnPN>JwBT)E>32LDj
ztMF|`TB}MihiahV{4sO5!*l*vwq?mi^CO1f<<%G5P-S|)uES0?Ub$=}#>0UygD`m;
z10=*AU(b-onp<HBnRwkBt@~n{H-a!}#t_;U*b#kh7(+faU7q+;DAO)2&Y)e_-5HA$
zV3IP-7PQi)yo{kBb4ww#J*)t>;S%ow6*c>X=ai-Q^VNuG%`QCqI&lc=e=XDhlV?*l
zXKzKCM3PMOD`qGvh4CmP_$4JSPvL{Kse~5!6M_pNt8!KHw-s@#w?~X%s%)s~&^>|M
zv@*)yrktpNNQaaj+=HNB<pE2t!iA=GdweaC;!$7OZdQioP_;~{ceQVb%C3?cPn$xL
zH-M{ghssM}=COUVvoDA}L_$n<e@}NNBkzYjfr>KWDI9X|KdeQoTJtfP$bXrk+B6`}
za{WkLYDuB&u(`2jAKqG9yA8`G*|3SA8e?A*ygjDg=Q?k{QisNe0LI>A<eT-6y0!Nk
z32vMfFiEn0g1tzFEJ_Jk<_VLR2`cqGTtO7v)~iFow=+qMX!J;}{lNQohCA;~=LfM0
z@?>EH2H*Qa0%^Iz{El8tteh4eBeog_4UD98Jv4))<b0*q(s`c|T1;14CK97+pSoD`
zSNywWE%ztLz3)Fu^8<f>6Z45U6dX9MDGvoW^?xeS<#ysw{E#zM+|`tsBddS)R@xkb
zdY?dz>vFCMBKP)>AWlNG*NjJlYdso2Wh*#7{pf)tROAW9#aQF-2Q#>9VmbP-9HM7a
z>M9&Z6|SCyY~+9+N?BT@^+iP!o@v-k4G^aR#tg4QNbGs!-Yq+dMELPzR(o$83KXw^
z<(J^)1{Os7r)qv<_XyaTUenZ5tc6Uxtsz)<FR|9T7H1Cn+NzPIU$i<DFAQ|p!YyM#
z`#x|~O~>Cfr$Uq*EogG}Oz@GpjOlLSiuZOL^gUst0Q+!tX!Z%Pr|;lFe0K0`lS0j}
zVHHHkj5(0jr?&_m)chGk8-|Wtu;qGkl6b)6;;G|l&yc21EC?I2`lbw8Tp}gVEE3-1
zj)hNOUX^!i-A!_IpJ~t)@|_&Wv$x#Hrq_Hlb%d6UQ}!RRd<%7mfyI?su!)NthVEtd
z@#hM+i;<BA46{g9+^!~)I&`l}-U!d*%zfer)Qt>bCY4tGdVj{2ID~Ptx5Q4~e+jjG
zJo{h1smDFx)+$by&p&YjId>S)^U8s+OA%?qtkO@`!*SKu$v6aK2M6vYWy5sd&%kuW
z+<n7K26-qrXQzcBSlE3lb4GNL*Eu!Kz$!WBD6TYvu_MkN>)=2hYqR6n3l%!cC^-P`
zt+mW<6JRQ@RP@LzvAQ}&L56Ie1F^@{BS(!iM=K_G2}w<~>z5eDje(!WpY|z`oB5Jr
z81PUdKpPvbc_<h$rbQm}QXQht^t7gp3Lb|9HNchr8L71IO{Nl<;$jV~P&jENBj_`~
zHu6TV>AwFed1uTDcFebsB%k0pC~~MR!bsdDkv5OreTw}hz(~5e_>o*Sn7P+>k4I^5
zWdcHr0y!heZEJ02Zz|L*^&BjdCdnrm#^Zbai?j9zMhB`Sl-KHI_&E<lTWa8Rrb@q7
z+32O1X#u1qF7XuD@$`?BNtZ-#>IYQ*pnL93XxkE4skVJ9*@<X)3DUx?$cZehZ{bDq
zXa7AEd>3rtGf-hO^}&8#R|sR5?8JP_$oA^gw82``&-#-6l_P1}|A~h{?Awjc4?`?w
zFwS-Jj4kW~#mOc9H=vHk$FnD`>~YGbm39l+|1n6$YZ*W+Ju>}y3YgE=3$74%t+7%F
zMiRTLlRYMB=>-%DgqB2m=UMD$^z^kOHkgsq8i#_<J~b2GSR(w~l-J$=?d8|N&_M@k
zU?SbP4bggPkozv#-GM_nNy;_aywG0rA(r&$1EphBSOYV9re7m5k$0h4ls1;5H>=ib
zPP#wH0IUNib%cB8nYwA5zpAWnzn6dz0!Cy={5h<L8m+bV9Ia}eZvDW>FdH`nqQm3H
z!71HO+SC^Y#p2|`yAU_Jybn93EGb8)rxsz>F1kT2j%=dAN`;S?iq}wPF8{6(pz*rg
z0TZ(+UE9}u)DNd*f}G25K{kRo-rxjUfPa9gPk>`XN!L|+NuO`jU1*$PBx#b4e>Y8t
zD5(B<9PB3w_B%VBrO7Yr_wzea+0;G&g;mo$1bv%w6`rEV$<cT~j+wRrE7{?dj}GG3
z*>n2|J-d!rfs+iukFQ}TS4@|teYh;V>W%(m=zwFc;_~K$X3k^BV$*cRlyQ^KUP7b{
zdu(;VjVYNp%aW<J320UuY{%y{BcN+xkl2}al~}7pz5|xUd_wLMd#3w2T`GS{fn~tG
zgZVt#2cK}9ClKgwCwpOAL0J#9DFwnCMsbdx_e;R4WALh?fQ@3c7=yrytm@B*5(Fb;
z(VH>NKa{z#AmmcLJO)Iw0L#R8^3NC*XkRnC1a+Vi5&WODF(p#PP$g_B0UxX4iHj*Z
zffrwiK=DTsV|G!wy}O^XIT^K-nK?<<tNeOpIhIS4th6YJ2oG?Alm-qPWN$ikEZdwo
zW#|TJalp$4FsnG7T(9jo)I#p#hBHu$XSh8@=(2F#+W2d;WlmO7j{%xNt4L8-c`Ktn
zrPE5IbzvgsIn?2T`V=6%p*vVlC{Ko|XcH6q)pFS-DE^#}CFLI~p;J~FXD}8&dFUl{
z%c@F*xcen_U~9KCfxnhocoPzgV?2t+_C9G2Tahc;pqQ2@k#m53ZYQE+3$lC4Mdel>
zu810$cfLJLvL3Nwh(GNGhoQ3F7nw0uy6$0jA#{2`8J^OtDdSjSa2jgV0Zwwn+q`r)
zL3qjsMY(AQL1R-*Iyk!9ytG-JC|mGLz-D<vQ@Bz}^6aGRjIh035VWj@(x6sl;jPRo
zS1Xq$AZ}Q1hlT^lufij}Dbv{Mt4PgD5Q#g>YR8^Tmy?uRA=o;O`m6Inzdnb)g3ycJ
zX+irh)uwp^Rbcn#eF;IQT+PI$S~YJtVvLZVZbDJ8Tr6HACMC<2w)^eZbLb@qA><(_
z{-3!YLZ&(Nx_dn3&auoS{pI*e&@=Q<f1baNFm<norVcKE%fkb(ru0dqRZ}ZnUNMc=
zf+)M(Xb~s66Oz?Ut4G9XFhTK;SnY-D>U_3S$7Bz}94jd(o5Z-y=a(9|j0{&(3lbyi
z3Y^6rh9m=|O5Hu=THD1crfD2Un8vG|qc1_*WtENtzuQikD#uy}U{3*<cy_WTd1FR|
zjhreToQ41h5#*={ys{L5Qih1evOpb|kK-o^J92A5E0L{9950!;t=UA;=_57s$*eLe
z8)C#hE=?wAR=>R0V6@t^9$$BYS@Pp)V-h;>sKVB8Mai_!sGfa*3Rd<c1LPY>F)S%6
z9aOG*TAxj~I7cFlFx`XL6XpBG>F*51Tr}Oou0z1(^^l{*vl&cvW^ih7gF^3wFtbOV
z&rRL^UTPK;6Jv`6iumblZ%QSj@<%K6Pm?YHx)ZQc=Fy%a@3;S*t|eCY#=7h-6s)9=
ztM=&oIZ)?$Q0DO7QU<sPaGFW<5dTD^cE{`ngYyFK<NQno>Z+gC_tjk)6DLBnD8{3+
zn(~H(o0;sfV{4wbA#|{#xc1)5hJJJU1AS;uHH3LRHZkVBgHi409$Gk32M_d(KHg^#
z=t6$EGdA(YCq3;-VQ_8H<0Xm^$aA_#Ltr~@S1ZR}+NXO-`D2&Z()q!Hvn!j;_*Mu0
zr+cbMfT%ZjAqa~|!BWD*kCz55UF^5?)8i#+Wsw+dO3&vSnZLo-sZ*{1s0?QpfLuy^
zR=<&SkD=v0u!rg(aenbsRB3onIikQ@f(g3$$rM+2C54Ipm^>}9a*9>5JAR!(s;#Y8
zL_AkuMV)d1Y!lf`AedSbpLXN5-$OPhnK>mNFZ$DpQ43EOqHzjV=K#J99VlD`m6E`R
zt3t|{f}6n!x4_l+W%4qHiQWyl4y`LfCRa{C!N?*4zS?&#jKFi3VI45Oj&8VidiR02
z5r-7Vvw#SjD?Qcju+u@mIrT|mk&6|kS-08;i+ralOXt%vr|$xBv~tXFlr90Da)0yF
zw<JIqQk;>uwb(PkHfJzEl1_5M)X)YYzU^N3hPdc|nczY=J=@re8S3z|%CoC^I`?g%
z_5xeF5zuR@>((a^zTva;)lx+BOUIz#eEImv*AX(#d%v*v-JlVm(MspW`Pc>f9C|kJ
zP$nonTQHIbIA62wsQ-veCW9w6@KDG3D#Mh3uTTB9qa7%hfPm|HikXvfoGw3TGw-3w
zdm+r84Vy%fG)w!vTtqg!$yRTo4@ax>-Xxj7*16z%@EkZOtJi5JRo-WFx6?|qRYK4X
zgafpo_J!vDB-0@Oxhz5&mPN8=i$B=Tedb<sn;p?K2sfz@qE&p6s(n*ZoPtv`f6Rv6
ze+*izz&=y<2HyE5tCfhlG;8Ba5EQU_-UXE_O`B*i3flCxgHYNb%vw2B5+<u}+MbTa
zVvlBmeu=HUH{K9Koj7K;|A3oxA1D@OvojytuALKPg2e&dc9h#=l}Du<`Xy4RKa)5j
znBv(0q`F4Dmn%GM+j#;Uu>Ih6Xtci|p)Xpjf>xPymqF_W5GThw-*R)()O1CM@)YQY
zJ=sr_f`ip8uMgn>oz;4k7*o|JPN!z!%kkED0B@FO?@i|E1B%r<Gfu*X1ea<rF^(IL
zfP!!J192}7x%Uuk^ZR@nfoM|h*?r9F6tim{h$VklIBZa2wS`xZaDae7w8PPw1b7PQ
zYWh$k2o756+D&cJB9?KJTR3(=5Q2B;^YO}-)m79N?)AqmPe6iTQRL84E?(^1IeU6t
z4^0c4Bl&G^Mo7b9QjN=MZ(!&NL*&l!ON?j*?|h5ePkj_0qz(?W4}X<@z*oEeL3Sh{
zA0*?Rj78&;i8u!_p7+&^5c&~5CNX-^ykx>?!FNp`y_iR0jGAB8Y&ZEK+qL@uI|G7a
zFgf8hp5s_FALi%FB;|55Zj!#s*-H@L_oxV?<P<@A{NxE>aJ0K^#?-V<w$e<GLs_5+
zH;Jjp`qXEuq5gb-WTOAICJ_kAx<iO|EN{v#FR*aVRQ??d&Z=!E<Qldn^bgWE4Jh{T
zt&Z7i1iGwJ&BpHcWuIXET?6zNR03DKafv}1?qxuK@s=A_;qo6O+{HQn{CKd|d#W3?
zP^IaP1wWo`6D1B0mnP1ny7z8aon-mVpB%!RA@~G1jLQ|`elCR#3SJJB1)_MF_AeWk
z?1sN!*ku(dM3a_`z53kFCT<z!m<SyMy;XJXRu_rU(hVa`g9e6BfK4XH#!o`Z*OoT@
za0-?nzN~)?vL6h$@@;xx^+SS<+ni05TTi|(@0qH`XiDNK0Nz{CJG**zsR3PKJhd0u
zxV73y&lym-;>WG8taK;^uug3L6^iQX%U&@pdGz86TG9j@G6_@0o$bp)yBGsY;Qo+J
zdc8EJx9hbT-SD)e@o8hp3*Jfr137c0V@3{&YCw(_w6s87`Svcs<?2HBzf3Hlj7M2W
zuyrhws_PIOu>c4G*HZQxJ25G7shc4@$G<bOjKAVyST6^0IbSm;D8)Jz)|^zDL;2bw
zu3*qN=}LN??0@HJ_qCg%dPM@IGWS(tjKGDnOXO3`tM=Z<>Yip^mk}vU=NJhbD8{Jl
zn5}4#*MKvUpwH#_V&}OqF{4+EG#ukmT1#8Dggh~-Y&7k^%V7)<HzLKfxm|Rmbc+5j
zBP|*%_?{9c8f0G8O+#xdT7cWIe=L_6{k$=wX>gBWPbGvo;L*;!hq!QNg#vjM1{%q>
z(rA%Cg^rcF;i80KpN(ri7rzQ%znW;eCWH(FLO@7^g0st!N-O`hrVWW5ji&;g;gqp(
zFK(E)RE}C>0Z1cl`CIAi6Hsbtn8B>}K#OydCBlX1u*x;8P>YL~O`Q;#17tmDx&OTI
zhKc44bGnH>sU?&2{OoL-W@=?d?^!BZ!R{{z`gUz&#K-}&-=*DeA#gN4!Sqsa!jqlB
zGaN2ns!DuQXF#ITR}{~rlG=KktuBBCK$y^BqA#_{z{3fv20|0`Egw;0FC0|v(fW#h
z@mM?ttWa63eo8G#GRQ|3-vv66yqGB%1ZtC4<%VkWq?XEO_n;aVP|_5riv{7W)!`Mw
z`@U|r`?+w@^FDYqoAjK|5LXP^YGWGnNw7|E`!9BCc9N(P3Xj*ORlWv~W|5v-?ulBI
z=hysNc3Qb2PyjL=q}9u{;_vyfceew{<NV_?`z#>#v$qdg6pj3{b1pbqJ+MKru;E&!
zVOVO>({AF}NtSiN@XspI2c5rYW&ep-7})WG0?`XGopmP;t&6kXQQ;V<olegDK%}~A
zq#^*O<N2his=Ol%imhP(6F!#3lt}FKub03%p{!<~rrd~w{^0d=AL2b|q#OpEW2Pl;
z(i1jZ=|G?7V6M(U>6D@VEf*B}cH9Wjrr}kLd93wI0AsYTzwK17{nVKj_Oie3a4l6o
zYj~ku{5P2l3qJR7=t7GEI1`)VV5F3LgX)T9KKT4y_45P}^DPR2bMh02wGw1=_^fq3
z%P+9i?aBf+C|p9+A;iJ`=iucaB6L4(Oq^1-(4a0LRQ}&Ky5Mu`#=$c#I!$!%5#ST0
zgFs-es|9EqskdQvg#k-V8#z>MB)okNS;n56h>{8NO}dV@5xEqcLwvmP3Unfp1c1%D
z8_RCbO0@k9$=M-^${QB!S_yA#z~|WQiRV{8S9;9MsnyDA11kK6A?$84e0kHl2$6zx
z4gh6}vSf1`QDiLDG)NT&2w|)t)~F+U@KP{xmt>yS*S6VIr#0^Y!W7hPZ`N&BAorvj
zZw7o0)N42pFxC8~<Td7V4}MOw*yRy6Ayhx#?>)(&)x>H8QratJVM9xBJI^4la;Lvo
zg0uhnS`>uFr#Kkyt{{|!VI%jgOf-pb|7D2&QWSs=+#zjFX2VeIrdgO{n3+I#qH#Q5
zx_NBgE)>XD6JsR#%<<wsM*y#CSm~LJL%>VbFwCLAE~g4TS}9`>;PXm{U~Q&UQoD!l
zGK2yi^Q+WjgJP8{d;mMuF%t|?6?`e@U+9~2W8xX*xXI{)oq#R@{d-&rSglb8zRq(5
z*1x_b!`~;uiw0_asS%pOLFaXsLH@P-P|dgxf@l<oJhAO!nU;LE-{6D6;xS-!4)mXZ
zM2$m~9B4-c!|Y#Bc6hw@0BguSG*<S&NF{{1Qlpe&yJo_BXg~Cfu`7RBf$Yo?fmStK
z@`VE@01Dh{Oi=o*=$+?Fxs01`x>5jaIC!NXnDx=oi~eybT*`B$G4EQDe4+>In?%N+
zf&k+(1oLHksr7dV4mizgaZH_&<YW_7ci(x^JpH;fOgVn?<^S-=_)R0^1xG6=UI8uN
z|65=NjyPF!exE69+<=sY?!Bu}BAge()8i%${-1XNum%@VPTye}jEa_^?_nv72WZ`H
zYs!_*cHUpVVFx{aaF>)mSZmXu8#}3cpy2wl+vxYFjoCBK0|-3D`ZV4!1sLE2G8<nh
z<h}{YB&!DwRCVkCELl!=HDgpPV?>Dij6gGg|9nieknC+3rW-LvB<rUU!MELD7MyI2
z!e;*8^@0&=LEMM`(AuhsYh;xJFg*g;wfb1iC>Y8ZQEL<@#>3~tVWp34grj%XPx)t*
z*QUkO2Q9s0=xbLBXZ_@Lp3>d4`!pEA&r_X3N%!^8o&7K|6%p7VV*e*w)~oEly2?Q(
zYxQytCVER2C|MCGIaX_NPE)>5Twa+-yhwJ071m>5$pDz^y)giyfy)}E{aMyUuqWCJ
z7X;6Zvy0N2QnS<i41@_BBCv5y9UbJBj>a0nBdboC`Qj(_YO1Ody6#!<cV5*635|Ue
zaL^gqopb7fvJ%0S-1=7u^a6a|TQDfq5*uO(nY)2tq<x73jL`^}7IX0F)R~TB$K7nd
z4b{?;H8t$^rP)k?>J6Gi(#=jAw>*`XFx{UWyqc!t{v1AK9^lK_orP1X??5uASdP0G
zFjPiqV3<9V7$Xv>44~)P@w4-7P^8dtMlf7E@HhYoXLp;wq`KNR_vx`Q5wOisGx8z@
zeaWydW-xf-qzdER$_gy^Ck&d#)M52TIfdSm&`1CMVbQp17nuVl4$}u_38S#hO0$XD
zL@qhBnV5Eg3D1`UBfqO=^nI%`oN$)^eKY=8+~Dp3?U3{utBN(c6>Wh2`|_~YBaEMh
z_`$W0fonHAUd)(TGOwXLAokR~ft8Wql%lh9Ntfr4FMwBS*{_K+w%O$Di4Jd|k(0pT
zq(a300ksg^BD#)ofoYAT0KlBqJJNd@W%d4SuV<d?E7;_Vu){rH8Ez6mv*@Ecao&NB
z4Fy7&Fa%H_1(-JB+gaoFWDxE4(b@q)r}MxzbMQ79r1#mwwKQZlN9;QuZ1REMnuATU
ziod={bzAuKz$2`w!w*ClP<H|!u(`&}srVSg#xw+`7~b0*-n)(Sj_=nt>E@uktlgUb
z`ze^vzFz=1rG8BG4fvC`$Y38@!<)miSwj+LHwu;u=rMrSqX#1e2T}~Yv-?H_1}rqa
zdj+e^GM7IIS2>WE4N*S*);><LZw=?4$}RcPe@Q$YY|W={ucUO^tW<Yaq#y<=#@m=|
z1GlH^$M)*IQ+-CC|1{Vi^2xVp`@($L?pS77l!NryHa!n>l$1GYrrcpVE9Ql^m{5!<
zSBCXN4bBXkhdHwE@X5*6`n3TzljikD6oQ?!vjaL08oZ}TTDHub7R1M`O+JDfXRr|Z
zWNqJ~X5x^2(|LkH?Smv5p|oj<I9)dAxy+rfGB$5Lwk(iTS6yIbxw;f5mLxNS=JZMw
zwKrXAuuBvWCZIIu?T|W13O}8ij##T!L#I0~0CWe^vV<5b0S$|l5GL*`BOysaX?fgm
zyrHues@Bk~LM*48qqlFV_1(K6PIyGcHn+cI>a}@9ttqeD%uc6(;I68{hfnOrC0pXc
zV<!>9x5xA>83NQo?it<OVhi4J`z&ZBB4DNCu8DNE!<scctu3`)>yvMg@;d0UU9P{(
zQIM&mK(2Sl;gFEF&753Ca%vp5VX?Jj*wYAUD6Lu=_Lyl)kf|gJ+9H|I=p|js3xl<a
zQc6X}Xna?N+iGuGjm7nvnPp8w1?y7bXl)d~l}4Ke<ufAswbRQEhdf|*JY$4ic|dCu
z9c5r8awM2RzeGwPO(Z8xn=;UqpC(V;4j;Rp|M~sp<g*HS3*CdOMNe!qdVL?+Q8Hp^
z85s()<eaXMeE3${Kp;><HLPj0DkB-wm3t?7GN);!lmUb08PgO>1y06lOPkCdbw1ZH
z8EY6|(B<nc+)7EL#Q5)Az#IgV+HBIJ!C|<k<}=tjLs@DJWRhHymZoZ8bu(gg`wW!=
zn;w`spE)|_Fw>wbCzkT=2{Cr9YjQV6RP&nJHP^*t3^O|$GiUeOmr7>~zZu1$8v+%#
z&OuUrUwRyol+}zt`;QNly+9SU`R|L>%DFDJHp^$T|4d~*5Z`X|30<4`A})CXcs7#?
zxXBMdh6?&7`vn*zKP-w1^J~vHCdKHA4UAOO4!hR>YaH+BHBz~0QB}8}alIm4c;hQp
zK}=dmgN5%6NQhV1M6-sYh|O)fP8K+rS1S^bWLuo$M{<}zRbuqjyxA}y;ZA;4t(&))
zmy@uUlXfcJy3Bf9zW-m4NgxoRGXEf;B-+0$D^>hhaO!$%hIy<(LGlRSpzCgI|LEnD
zzO7LYY|k5oO<NhG`m?6H5Yc!xrWOz*E(jOK4@x9E7*-3Bqcs@QZF#kF_$7#5Q%_L^
z3LA+8E6yWQt((2geEJ#-CZH_Infhv+(l8E;$fOz45CikTqYjjEEHqnLg{4SjPS%8P
zmdhwk4mxnW`X{jHaj!{Z@8&L1V8a9{u33El>bfvUX&tAHwO&>krL2v&>8&xd7BYIa
zT4cs>Wak)(4tD$hXJW|yyi$pfl4iWwld%zs#01(0WZa*P*ea7MfWTKf;~JwS#@@t4
zWH3k)oC#z<)Y_;3m*bwNNt!Bx{r5k0!!<Syl&ootFeVTymHCzZ$<&!!;CmrUxkkHp
zgsA~YNGrk&>o1vE@n|)SN67?x_2hP-k9p}to?%s<2(k7G`7+|G7JBLoDF|eeoMrQ>
z#Z|)K;JNS|My*Vj*q*wD(zSe4e&xRAM6lZ##wRm_Pi8X9EZ-!037d$X@r{W!g2wKJ
zG-Oo3xKY~we#8t*Ib;WERqkcRY~3JY`mxy-b)B2HZhCw5etMTe2;j<&i9=v?zzdCc
zYJiW`hBHPWOFWidjTK1OT{seq?2fTUp_;0iX7{(m2X?0dE`{V2?d-1UDk#kSjwTvd
znu4nQlIL3r+qlw|!uZpF*uq99Ld*{0T?=0Wy_XexnW+^WxK}5@*uAhUJ)=;DoXM1)
z5<u#_J>0F1VRogDz5V&)f3FT?)7C!P2R|+r%B;@yY_gK5ov!5hk6{F+I-{67)OT3Q
zU}E0tNP=)yHRCf#=^t4e(1h3?Lk60jgia-1qWc-_i>5HGl-~QxcYCJ|?qH}a8D&mS
zA@S<}AomczOK%5%FhIL$Et}T3d!go8Rs@3GWX-W6iHSa-PTxRH1SfpRmv`v1*lG!|
z)TRy~bYl<WNKGQaf9uIfKKwI4X<KX;!u)d``Zj4sjHz=BQ`?{H;Ry21zKOOOD)Oe{
z?8TJzv0Oq4A}78zgKrk0(0{K=I02q`4{L;E9A}Ug7`X31U2ABq-imEaQoF~vH+4{E
zOUuzHF*GT_e@}e7gJG6bViOg#2CTkaopN#IV(^Zai}qf`p!43!pK)k9y%#(!8pO2k
za>evm<&jNJ{$%)Z<FKSo6YIA>4+QKuf`rMT84SMzmbECGKij^`>kRK!j7$W7LE+r{
z2V>jwi2DZEqlm9tz^k-^86(_=ifpJ>f>W_rXxpV0KN-!z&rMqkH}_k*?FNy{+sRk$
zYHIsvzmS6`&pMVJW7J9p->F!eIOAZdoxeHCu&vwQXBrqpW;PqOf?HayR)11BEej!`
zbq(=0#2O&`Z@oK`Hsw}jj-wqReOwbcp^!AWt`AFhfm?U~F+}!)@d2gKyK0SwI2f=o
zt-X5)e+|SNn<1lu-Fk!h1px;3!cIickj}!E?&!0Tx|dAxABT*T=hlB3?!49(E4V@y
zeYq|TIH+I<W5nMT9!s*icD>W5+`O42<K;4AeEK^($Bc`qQZk@}Dta)k(?*TmcfdTs
zK76@;9-M~IN4wqs-*{-$R^j+L?pxX#`#HV#fnJ>tWc=^(lI~XoY~XZU;@-)`PR6cE
zu<!hmFLerqa3JOBJ6V-X$Y@YRun>#G=-VLeoVrTu`i-<RtdbVXraLi>*XMS9?E`=K
zY@FS@2sli<wbE(KEuVag&22-ck-sztLl_b~Vq${q5_bo?9LoGHd2f|3RzI7f4EB^G
zDvZxb0jde1ZiO`LwNLbA6W4x;D5Xy3bU`fROl~U3(bA{C`UqW+FWmC(!zU`MQ|{We
z1h2G%tf4iv<@GsDLMzv3|E}=Hc`QU5Zggnk!8;GT6RreX9z5Zyo>`F4oOeOUYF|=>
z@hhA`nowFYCQihZuB{+--mrAUo%%Y-BRpk<cl<%gr!0Zk=sS2oSW4^mN`yDGLH^I^
zS3-fr9k0PAy4(%gYWo)jlrJ4g=MXx(RcgQ2dQXUdw;P@gs2_^AJLvFvl~zj&OKb+z
z3K;|FAM+ny4e-u0S&c;S;}3P%s@hY6l1x6hC~efIjR+q{XYI7zUUAWN&%a(-4@8{%
zK$@tl*eiar7IwU}Hh%JF7exEc+C5htNS<yV7G+CMgImE>l!nZ{F^~%`btl$P*wE*Q
zcS$}xN<U~DfJN;mm^&ivQp>D=^)<&B-BP}aw5WX8JjNb7-ATlk3!IH@D*f@NvjJso
zNO9CU?Ie1n>U9mj0hyD;zC|!-k`Nm#oLV{Gah$zpt0KZssi<^b{*l?w`|i_cZgClh
z+{3y^C`%AAet<Z)+(?{US~4LtijNjfjeum>AzEY8Jj3NO>}x4Dm5E%&e$NQ9-B%Se
z0h~8J&=CC=F;HYPrHP~UV<DU0LW9Q$iD~AgZVQGFA;h0~qN-X@Hlkp&hW<l#jV*o1
zYU}K?gW^%$Z(GFew~(aNh=o1o*L!WVQM-mSq^&B4jiz2OR!9X6?Rd!{7KX|e&O6tx
zU0;v^C)%W%YG90P`(__=x(rg{fP#0*;L%e!2fLz@KwVPC<+pBuKR~SMIF&~_=lVb3
z1_-v*GTQWcP8=nYb;W9?X}V2}U=n-qK7!JQ(8Ye^R&sLWIW&9L5PfWu)!nYQj~+!~
zi<dp#V-Ogyiexnc3Fw;(Ic!0>>Y0y+jy>kFc9i-gL!AilW8Z(z7=xDd{22*dvK5js
z{$jpk`P%%S_AL}OvI)}4y9{a)LO15ymK#ubv_AUS#}(e;{a%D-2E+PiMI@CUj60|z
zGv*9h`IXCgCh{u@<w|4;0Xt0uXvL)q4cxhzt~yx10PgQQ7Q5ulS7-e}h@DaE1q@Ts
zfzKP-+TF=<lewX(;Y>pezS~loheBuaiMkjqlzf`*HPK_~YD;1Qb)Vtcq#igVdZ<m&
zXL*tOp$?yD)dKBDI0HhweuKFW8Z5GDP{S%%oV*oHbFJ$3Z6zla>||Ymvc@)hXUq*W
z*7}h;=hNeyhA!NSMxl?zr*Me{c{{~!X)?~<_R}Csn0PUF1e6z;mOcGALd!+OZR|J@
z0i130(8u1a@ODuf;AwEjV}*x*rL#I&RZ#>o`+N`y{c&T_fF4MNsSLAzZ>yTAQvwxp
zIq#Jm<syK2TcCU2_AW4Z%F6O`*4`&@SdErtb=T?vXOuDyk^a+$_bT1!MH~hC45Pj9
z9+bF=`Q=3yJQ_UeJybE%mLl!49<4!1RKg(J0BRosXvEk}JY5h2tt3TvO$|a&b)Cns
zEI?DjPk3PJI`@rGAeLDzDZFE|-3%7B+ycM|Ug9G7KeFp>zx(ir=a@z2^qB}5r@i1S
zkWCh>2T!M15v)RB*4{FFM#brKp_1PTG}dqDW<!wmS%&B3%z(fpVztw>g5{MKtAt4j
z+aEK4?V?#q7<1b}?L1LzN|C@ql}}6Ylp)QwF$&L<fOBrpdUOIM<_-w_E!m{`#|Nx=
z%W=maya;6J5E!y=JsRgcNE6lvQ-Skb1vlljN0TNaQ+IVhh?_lH7Q3+)_tIj>5<sW&
z#>0;oAKB{*N5DPz%O>XuX*^5UMKoK#@$GJuNvCYSfbZYVmZwBqt6t;mkyUdB&s5Km
zuJdS%xmbes*~%+Mv}=#o!l1m5)6P=Qu7O006nu&V{1v!eiX`(0FldzwIiP~958elz
zhL~uIo}iPf4ZLivYC|5F5)2!1IY!|35}tBYdu#=0uXHwck)y>2syB4>A@;KWX*o!T
zQYgN=4R;aVA2ep)LbLpBq<IzadPNGvrE|TL?OZF)eOC)0b!=w8BX##}%v26__IeOs
zzz2LDFxoo5NFlA|V62ggQi{tEJBB`|q`E1v@j&y2^B$`S^t;Bna{X;dw6gmI9Z4z9
z**5{i0iLJOoNmca!Qkk=E@3y=S^-*`%kA(hl;7CbW>%?_Gq~%h4G++>*n`zo{O7R}
zf7~I-V@i_4XEEf10o`dRa;|FrUUOQ4A$13FRA_Al^iA1W!0t#VdemRRIknvxco}%c
z5)O8XY{WX`)AdX%B*{y-?SAJ!-KjqZ6s^6VYR@N70+A4ER!?{;HbTY`Q+@@C|Gm{0
zk>+XY6t*u-9%!U&!THHJk2KE&P~vSmC5DBvI?fYJCGJ}?xaM)f1Ip%iCR_;W_kZf>
zKyNHjz!ZzsenSxs?s!D7Fr}eW&Ug8}cE8IBW(apMtzVhI9pBYM?t53$^8i#OK`5&K
zAGfP65X8h^4;KC%;(2^`8{29%D#Qi}?o~O0>9WOsQqELR)GGf#-(0DLoYz`*Ig$fi
z2)wm^>9g%<E?^c}--fu-)(dBV9Pw8La^TU<v?&FJOk|~%fT6@ee&PPn&TjL`%!rUE
zRaZmLLU7<&BwwoHXlt4`Ea^h;A#|mqRSl&gv&Tm$VXcOq2Dk?}BJ_O!;MOT%J>0@*
z56uzGe!89Jvcy&#dMSB`t-vjMel_ETB1VUA|98j)p1XjaE6&<1cf`DM_7hL-B{ryX
zD!;ec=tkzQ1NI(>+R)fT=05fZavp(l0DBbwqEgj%lqExlQ^XC6y37ZIK&haU8%#%o
zRi$u&m#Mho0GK_~&1sJ32Kn;lYk90L!|vsv?-y)o&D^Jz>{vEa1L7Ro-QU&P*%m}e
zF!_7JmUlMGGUZqEYPglak@5K0-LZxgYP;eRlML@)puybH9ClZ-BohCwU(CPPh~IZy
zg`@Rtkn-&dq`Nf%t6>CXE9_OUPkO&BlLJdm|K#V+w%-Km<|z~RNe>}gdMt;|x%$JA
zdxi$6(a)a0@MEVyyHOGat1L3=_?}i%d2=oz!E1BGF2(=K4xJi#eTQAZb$v)(BVY-{
zU%JL=&}Y?pG}p$iulxq{!6V$IHGp??bdjfRKS)XOL-~23E93jT>ZtyM*FrBr=P}-n
zcS1=evh6&LJlu|BHEVor{pDyKURJjXrAG=F82dDJ4Ia%&qKNl8cIKrMx_kQku*Ktn
zbUkDkf2D*<Ht+ZEVn=cMBZxPM0V|EYFAY59mY2a5(OF&YEzso;^#wXjc8{qg^|s5c
zU*ksNHz!n{Gi~<7L~yx$4lKC>w4Knxmd9sQ(C+H-d2dTV_F*1fD`AM7*Eoi=p}Wcr
z&9I$d=}yfmO?7MfCYHttE2P^br1zKVCVO2mB0G93O{89XT6v8pA!yDCnag&PrFq$q
z5SLv1Qx2BAgA2IZ!wnkyjNXnSQYZO0l;$p3!iRBDEfZ5$wEp~VC3ewXK-a2tjz;(j
ze!YhF;*7DPqjmpp;Bw!J_7#^<$F09;y0rYR-(ovMGihxzHOu968vX?Ok`V2cfNYH%
zM~%XgT*2NJQYSUCu7F)8!K-gM1My+(rVgni$oo3MW=WW*JWwB)=2l%1W3HN)4&VMN
zB090BuC%8`k>19;wQFWD?fDP;-eW&`LWItMYv=*iG!4-k>7b)9{cfpFxA>U`%id)D
z*}%p8$iTJFJpuKM;R#N<8a2;~Kw^e&@q-k_>eZIyWrA(gnreT_uZ(4usFW>ft2G;!
z^f<3>7w8I;BM}&UX~KoRdSV+~S-)mt-U+Tr)QGK#@2EDpUVavj+<G~wE;fbHyfOUy
z2x!_vd-?x@L_Z)|{T^YKwKL<roSYP}qIkJA)r5t?cT7D8vp=D2rhEZ5_+Q2$y^l5K
zc`8>uhO&8Ep2v;F|CHK1cWBm0J7*&k9y+1l-2AU5oVVJ&?JU7?uiG=nShQZ-CWR>S
z<fDz}5F-;~O*S5zW?sEYqk~8VmV+Ht!iG|;)XOy+ur0Daeo<yVnoY_2p^S<dcv@Hk
zPuYG2==uiV{>7eWnGhd{5PE(5SkPtit|c`kv8H}tt5&M3A|RFFx%1d%4eCZFPg!2v
zApoF%0VYm-P*G9F@m(#zW)NKwM=hUu*eL$wV>)C3O1UK10N@2&o@IP;;FS_wpYG<w
zieXq{OHiN8wUuI*40dUjqgi__Z=2)H3#Ygafet_WHD*H&?gZ)G;*8X;=DJ^tjUzZ_
zi3(xDsVHvAcqRTZDZhTrCfd_z1}HdWTKFFeLkEo-;+_nWbBnezDCc~=B<-1QqTh6e
z#};oWE6UGjduu?YJ}!Clt;8Y@2K_AW#ORX`JT{8iS+y=Ut+_arG|R+Leno+t(L0jN
z{Xg2Sr(}aROG45MAPxHH!>ySdVq0~Ilg71~;U$yb&&|3Ll^^}}(Ea>VQ-Uo#VF9#q
zO3K1>a{gy_4A#Mx;_!6yxGjB$58pX7!=rc8J0+`UCaw4<Z7TvmeY_6X!lEE))g}GK
zW!dF>GPawP6xCBv4+zQyuq$kXLc_};)%OWLvMjvrt+jVubymHV+~2IqyKj2*Ypz7n
zv)+`850q}iF$3{_?_ED;acz)~_Htbx6N@O}FBds#>5eiL;`^H<$tN8rQHx%np9Yp9
z1pr+0c=S44yFPffQd*c}xw+rxW6B=Cg5qTvvFkrvdyWdG4FlCCN-6uVJ$wjmH4NxM
zWxABy0%p(DQUICIO?GRq6IkmD6tR22bbM=Nvx{%<1RNPiOenP1ZLy8)o&9@w>&;gw
zCcl4KX)b&|5qf-VMNb6NHj%6BR|O&z#1}92Pxs>QEE8K|BCX+eQ*DLM&7HBW!pJ~}
zS{Z0JJkdxL+>Fi!>uENRlxVY*RV&V9$Xmu4Y5gU_xh>hF+>hxN7EAMky#Q|NXn*k4
z*7-<2%DR?fDCN_8K7p=crF+)7`YgA#k%Zh_q|8g$h>NF<yPsNnZciaueECQ68kd{C
z8u?2T?uA!h<i1<Zhs4~jn0OThOZY8c?D?Gj0ir+wz_%{iG^}Hz>}-@cQqo=F5GBJJ
zIx(t)ljayK-B@@J)^h{qm4&oL?VLsO3A}U>DUk;f3|(_sD#v=CIlPxIEG_Y;j|z}S
z+7<?D2}^1CuUl8hi)Z9Z#v5z#eY+<x9gQ-<l-vW3eF1DLnDsCE+;l$AOtO-xyj6r)
z(pK*OM^TcqB}tAL`uo>rsb(iNkAeFMerL<GlT4fzdSC53E;I4`t?0AP)&!4b?}r__
z&hp9C2Jo=W)iLHOD$f%4E=xElC5E}{<|{0_vZK|YCWp;B{smI4t|{_{fkWW$Qf)Jr
z)3CHfoquT+>7?wnWF!l|EK1t=sA#g?#nWx+ug=|KoY^CD(5eH|OX#LITb{6?e2S6A
zLq?Yt9Ea@}P3M-p#zjsRsZLfdr_cM*|AAGKvW^#%?`$L{clB(hHDMlURN3@#Eb91u
zQCD@gh`-;?i&p)-q~4U-I7TBd!K#htHAHK_>+F0NCvX=3UlE+G0kCAUy@o$Z&U#%Y
zPB-#ZyETs-EL8v!XqQ*tKa6`k`(>wO{DBqu_uLj+XzJ833>4u+mzQY!NJrkv3q=3>
zCvkbgvfD){_t|bu+|}d0O{}2ir!7vT905|!0oYw4a)y`dlI6>6mOsh653e}`@V{lP
znJBv~ECHwx82KFoR=-sv*BFieIfQG$ee1DXPE83|k-wah;_=UInb$WmH%d`A%(v|H
z!9@;Mlhhryne{ET_mZ|I>rH-l@klKk**YAWpOd*;1_w#>D|zUIR;|I~opH}6io@3X
zCADv<aijRs#nDHD0XF3PHkSw(%CBbVm*UOC3sN_>4RfsC{I|X^EGw}y=BFy>7xv<d
z=gl6w;@yJ>aUe}XsAjf2^6}ChBjh{zLBKHFBzEk>+CLj{Yt@(r>BFdyR0Q{Jp)Q7B
z^YiTcT@J>Fubq$IC4bQsZ+#b?cIjwVQ!l9411ht@SQbqEMG6J=Z8!65RWZE*nKsK*
zpXtwD<ykG~V_9)dK2<43fZ~E7Y&4_8$=<<gJ+_+1+i(4fe+$TD)l8;?-{nwtqdYKk
zIR)nAr1hc~uGk)qCqHNNe#+xoVpXGGw>}kN&G*%d@*kbJ8AT1Fmcu6(fwTl=#ho$6
zSzABb4*yU+k9_ixylXp($HWC(e)9Rm;Zqv~@T(<OLVz^}&t;Pm5t;vOe&LhZaoe)~
z5<QmO_x!{|NlT*LRHl&s#Hp&gK#7uj0E&?bOApp`c${AQUq+gpt0|DZ8N;*^^b~;c
z3i~(j*ZsQ<UD{?=mjNb%mkYs#BFmzxFEr&QtYxLiC;kdt$G2E`g-dcr$lLNK?6Ld}
zr1W$Xmv~OrbL3BUQ^EhgBs;8+ajmn@QGUE|0nm&7>{Z@~dZRX4h+)-!6~ZRpX2o^0
zW-HQjIbMjpwx2c5ao9J38*EkyO!xR$VJsK&VOaFfuYX*6<G-pGUwnp!mP-Q-*ukQa
znc=L*dT_Mb;6m!ed}}c@l`d%;PU?H9cFlL;c}CGqxAC!4Im+d;iG+T5KAyglN0MXt
zkQCNNAlD0YD%&V8r;0vX)wWA<y~`cCG<Z+9YF`5O)()Q2#*OLs!^^imY<7j3Y*Too
zcK@yU%B>YXWLNVkPZwsU!F&n15$H$r(r4}McT$kknjh$Z29@wt{f~x(u=kA5^aJ0b
z=spKq&YlPUte0IT0bZD$49G)xw2h=PEAJCar(b`6Ea~sI`jRzJ7rs@^y%1^rls=B5
z4<*@C0$rl~=Ctk7+;4I35&B~K@glX05L{dE{nB?hl`sVY8le8?k(|iK!QX07?ylW-
zvi^II9<FECSr)r3G&jJP@dF?a?riJ$bfthr$F9GnYTGQqXP_Symb@}zyDX;CnsjjI
zq|?Ty^fWN3r&;<J8<(1%$BoAHz4T7pXq8SW4qT0u8NLXkVKjquE*sEE(`FCE-#-R5
zkK6ndsZBJA9=sfx5cGh)^L`{n84n<SYsCQlx_cHC-ljdDgH3Olx87fKZXJH$gUDpF
zo{pNN7Yw_GHfjN@tV=TYJtH=+y&wf$C4(Gi`z1O^j6jupb2fXr2Cm@$y#Q|Eo5bjl
ztkLR`LE1X!J6kLIY~b}--;ThCExfEr?<hwffhDs6Y<X@si|wA7Xt%vNw1xRwjF<eJ
zYb05A#+mCIyPhVs=3r_8yOa$n+3e6`qjS3alTVHA!(xGuQ<r*e`1=Q+5ks@^Kr7f3
zQr4AX&)u#(2x*9Kk#jKOtewaO6_Yx*;zvA<hRUZs-%Ev8-97Q;2k+?hg*-!49pcEh
z4}8uuBv$^!%QActk)uTz@;3t4K^~q4j+A#>`gJzPHRmVZLThP04%37^!>)YBxmr`y
zC<1oj1Ymuewz@~}T~hvViN^<A0^{i;y6-mkO{^bg2WT68^y@EQL}rrTPQJvB8?!5V
zT5(n{eq&es-l+))k;YCxY*ERzD}~?EN9K3aPshg`b^fBxSv@-qJhMtN%Or;yaqv5G
za0ZJHS+hG4`EbIlNh*^xY2hX9VKnlVs$44e#PD+ToLiywY&nc0NtNubOV7|7sDz}R
zqXJ*7lQw>gm~0mpWYuiHk<8k?(?&Nfof~vHav-1q`ux3_@kJtdfbv|p0@77VW|pWG
zE(t`JOJ=oMs1T+(4kQenX}@&yRaQ~J8{r2wKG*0KL)YkCLx4Pdx1KRua7iou8K!t3
zV#R4=waysxtIS#Tc_k}t&$;{oL@s}gR~YhcAKg0+2O#hpWqGWw+w&&T66857x{_Vd
z8fb-<dsb=B@}buA#NDQY-!D2aKj?unz346ucq3lDG95MjnZHV)#As3Ll|s}PF7S$e
zq3XbKSUsMcPzW|XZR|PMl$TJxX_i0-HI|Lf<ljXLTQbeG>(9Zlv!QmyhnH=a{k)>U
zFaR+N=-vNH)b}c1xyR1zu0%-upy;~8OF7u`b~=SiQr}t|pY+_jq&VlwS-t+P#dp#9
zVWfUe5e<Zu^t9=3mp;2_e_9G%kGz&k-sK;}A7sK$xA-LU+}GYue-?oYg%0J@##`_5
zb#oEAaffPb`UZS#e`>mD>};QSI6StIv}*(Za{WngD0tKB#jh&PZTZ$Z2QhmO6rz)#
z;{v4XIjW4f$5tFPRcA1i3&3B~^wA^XUBYo1A*r>lGp`SH;*si|ExA9`U^ez>15n*t
z{B5E4T+?vl5idyW&(i*6K>k{RCpxy{zdn*>IMbf}cBz4F0h)gcenMYBX96LD_@ec<
z|MaM+|G;ZI3E7)JWJ<7O;zs_|e|-)eY)QTQd(6vz=Q*Mti&nMxF2vUchaMB%&$fD(
zKRb24WZfT>2NzD)ovFFBy<*>OD#mQ{{#wrgN5I7SOWF0_u5u6RpNFZ=ekO?)2p&3>
z4m1On8#f%&cZ8{Hre{&XAH7`=3I2ADTXX|-z?Q-@6&)SQU8H0;QCIN|vqa6`^&DeE
z^nNF@JfHg#k@dCQ|5nE7*jOM=(WWO-WkA-OgtMNSa$QS(CeDZ337n^t_UqMnRgC@4
zg@Daeo$2H%#m2qw1Yr-goz;yRKk_ue=iF0RtSk~uoG3?swSRs0UqB>Z6=Vg>hwN9{
z$WPIwDq$lP{5vjx>SykB%8kKuR6JsKVT%g$fk40qmL~(B$r?$3_W#Kb03aRoJQ6KR
z$Itrp=~*9`3~0JES2x$by*Avk$c0)MiUdTSgw{jv%~=1~yv@@1r-G~$Cj5$S>52Q@
z+rVWWlnFm><7Q{eTX~9&$RJ$+2}bg$W#Hp5{#u`Jd&`-V901&^CqSf;yi$net+d&^
ztm$5f;Qq`*8t&xXx?FAzsG&`pghk0($NoE?vx?x342gBGF4%dUo3Z-)^FgsFyQ~JN
zqtxJ9owFFGQ6;}-Gd%<(25w%qJQv+@iN6>_owrZ;mHa*<lNF$`;;kYrYaoXS?*!q4
zTNEs5f7Q;#hyYT9zKL_o;*`7}WlKbwUJXC|c?~zHf?JJP6@z_ytGhKQdM?b{WnK9R
zKC9)|R#-tG?=hRn=r`Q|dKe&wJvBt4Q0__3yvS#c68<_+Bl^NM;#{oN9A03?WyIPV
zSb!z^jB%z??+~<X=12Y_>fc}_wb1G3`}5J>TCvh=eXtF;LK{h=?G(ds-L+gCwY}yb
zOvVhxj=d991JB8wKw5@aJe}pfOVkEl^-$wrUqN15BtU91wAa6i>1n#UB|(W235m^d
zj)Sxhs$el%^4L0CUgw_540sRt_{MrifXVM-9x2bkeY?F1ZTTSa0HD?{z2|-#x$Ins
z+$uJ?iT!2i>0u)=CTpQg!Dr4m)u>XyK1>Q+=Vy(^N_oeRpVAwYUK8IpoL1gh5Uxl0
z<@;(=rNYaB+S$uO#0u@TkvY1noWU=Xy!!G*{i&}(I(urL-#w}B#IZ-r0GDJLB5@k4
z-DvaG!s4o#$GKfD3Go9*8i_H99+jF4^2wpjfW+5xTo~SRd)PzI>RC=N)kxB$zdKK7
zT6wDv_7H>ljJ+CZf{z9lxBxiTRG_WyIr%;oB;xkxT!CVQU#fz?T&f?F$s8kBjA6BH
zvFBYWL|^?Avf)Jbj9z5%fmoew?siY@Jy^kR9rB=n{2pO@E-?N*PcvNP{e+9W&6o7^
z#N8AG5M7<6lyq*1T};=2U0G{t1Q7I3^4I7CLk3|<tNYzDU?5Y;^Uq=6*w;Rq9oEF3
z^^NB%X&X#=QLt@q8gcyfuam7+2v&frAnqQi!c@oEhv!_b3!QI+qliiLfMS-il^J16
z9XwMErY9R6pNPmO0+ADA2U1$-@0{T5fUHvL;IHvM_=^wVAh=&oI%B+XSvCie&Eq@!
z9NS`9Bz4sCH=umc!($KTe}fm2(0)>gNTF(Y7`}mFx#IzNw;#t`Q2DnCN7dGjcxU3K
zvIY=1c;&`3v%|Se!|#NgmDW^?$JJb5o<ujwG;eyKDPvh~0m2ouTP{0Es+pMB6`4(u
z*ZV_h)?APYBS@qpKXCW)o$Tn)&F7k}IClAUJe;JS#|?Xa?3P;(v;$xNUBfaj`q9@b
zieIe0YJy#Kwn1b)px!|(O$g`&s_nl;Af0oPC7t(ukTaE*2|gkPoGlgm2N-s=$ByH*
zzdB5qhT}r67TW)Ud}j6e#ki)#VJ)~?g|W;v;IU7_cztyV|A(lr4ydXL`aZOTq990v
z(gM;TNQ1&9M7pG;q`MmhBow$bl5zp*2I(s(UD6#&x1{vDm*;)I@8459JMo*Do!vR7
z7Oc>v>5=_zp(;4OXo?tNr1c*TN`pTYzyM1$2C;wOB16&AyXyqi;&fO5^lAHcme^UT
z8Uk6%UdV>__b;TKV)1^rSTS&U`xzt(;5eopNb<OzvX$vBJBCnt{rz3EOAH`nuvRU-
z>b`btCcgydVL7;=JY0391K?BQx`1><G3dKapa#d}I|DU%X`kO&3?~e{vu1)<1mlvk
zkYX*%>=@C#;o8}3SfQW&JnI`kpo-DxZ6Tp9)wbJBxt=Xxz5#xME)$Q7O!)6&jlCtW
zIK%TAD9O^#9uEiFxaOWN<FSQpf~6S_1b1S?A`bs_L$H>$h7ol(=vSlrF_+kD7dyQW
z#Z7|uUlN~czAH!Xp~UifnP+Jq4G7{Q>(<Gy?lk_5z0CR^9ImiG-I&Rvt=9lUBLklL
zjqXzWM3XU<?BcU4)4iWllP`gzUV3$q`Kx`W%w+HcD}nj06k!4AzyZ*Uh4Dy5HR;=x
zVc_U}EYiaS`fWFhN)$!khlJIzJEG^HMu}BJN&8dvI+pVvD3XZS%04Mwmm>EurPito
z_pQjmMGQe=`D*k{G6JO9tsX)$^R=wcZfdFiKvV>o`(+CA1{OWWZ_etG1+<-wi1ar}
zSr#**7x^&*A5Z`)Q5++BPV*!LH)MQ(bEh*^CrVD0fcG#Y#fD{b7?q%r$)pWA-5J9?
zat$1P;`#nzNcuiE@IuhLf~Ppvt!Li&#uN$%nRz8$`?#z(m+xbZ$$*D7REv;7bLH-1
zqO#5GAdEJ8#h)`F^;FWg8C@X|t0~*3;zCXs6@g*9X{wuGjbT=woiA(X-O94q8R=sV
z1~&-44Qm$9JEoGgm)heOd3jF3UJCvgq!)I)LX|Dn<U>|PRSEu#*J6!j{dA^*n<fC-
zxOiMVTnbSvlpKGe5y+3`t7mlkW2Epko>#~1<qE3103*59tkh_jg8y#LbG+xk`6j*l
zI{N3aBzT3vlB9!LiJ`{N*O(Dy`)uPTVHh)jOK?O!A#v-!qrYmmD8Y#@!4bFB&ODSn
zq7lo1&cqSL_LEY#njBeI3YXU>AEMv^G+jcy;21~(W`q;RG%gQ5vmnmladsxk9A*p-
z=>l<d!C;>R8wY)r*fL@Or;+~T<TPGM_uKP0@r&rCD`{-rW(mfrgMKOy(mg-N^MCKS
zt&4OHN-4h$(aknQO$X_3$-iu@N@ij1D`fH##oNrKb|;l%RM5ZB;6b#A`Dn98$XUZk
zlJKjN7#mQFfZa594Xm-JN0xya_q7L!$KPmx)=`j8l&<YVs#492=6h7X?=)p<2ZCoE
zXq|I--*br-U-{?&b>}3rit>92Y!;fgSj^enHDC!T-yB9~1ILLfQhc&s$2Fi}fA8{6
zKZTeQp2@g7mSz)^Gd$JwZB~Q)h6Mt==rFIF_613yY;buTbjN)qH331UyC%G92;Q5C
z8Uh)r>^zC~HqQn?tl-a%mTaIA9JJ#;1k~#3p?;u-RSzZPCDCB%Yk;ESq?jpB-gxV5
zm!N0}&^uczZcRAHgv#2^RRB6hU3udftBC~Ot>4X6RsDH0x>af*Kh33<Q9Mgo=BD6p
zAB~&ulp;X>CS6Eq7%PexJfd{0Q$bxOeCjOBQB5iosU%LStw6x$aw=eRBadIbo@b@I
zqACO?!%<jcT_Gg(g|KRrO)s$AA*{8br^;@AT()sm1y427&T0smrWb^v6d<r#_l^^-
zv!?HnRsTR3Yzn-WKcn-c+YTJAfT*4mV~vp=X#~1Ht+b_mZ^s6lIJj(5sg7wftc9id
zj2es7MF)0c*<7Uj5%0MKd^L>XhXnQpx6kcwMmJIn2l?z-0n!S^4Si5)MsctG2VN2P
zW+{nwb-JlsR>KQD>2wL8q+HlJ>R`a?v#n(^kF|=)bHaHhly+nndPUwmo(}}>KCAzv
z2My&kB0>4gWE9X*eR!vS`|~4kiLCO^cyVdv4+j_DnqW|2#+q%yCea2r{v^q4r`FDU
z&Y28aU}*v!>w9KjfMSo4$crr|%7`oAlDO9f`xLm2^nlZW$QrVk>La<=DuHvBk;c<+
zM7LH!sbr+IT7@>A?6}~6YSb%$7!=Jh!+!|0{#zB;NusBC`R8dH?(FDD!p+yItZZ39
zer=CeB%Pd%40`g}b?L)@H{|ovrJiE@su@*V@y<I)Y0c`TCpW#h8CtdS)qg{vBv`*G
zfI_!OWhI~wlAuXTwJw;JYXjgH)Lux#`7V1i1HG`S7#U<Y=cM2!2Z%J90hGME^29Ul
zAeCC%=tGz%qLw<_l>+$_ge+PbqjQ0#eYRo+U233!zm>rb1ZRLLA9>3%3&)MJk-$vJ
z1Vg_?J*Q0zGy@Wjz2P8nic+6pb@QFB#lY&bwHy?08_^4I=7Qe6wk3-H!y!({Vm{Ih
zpsZa%^&|&Ma(_RMCfiajsvQ2pW4ADp6dbMj?^`PJ9g;h;zW^6eGqn1~i$IN<6rc*w
z>{BbbHgYM+`xVOCxzN%y^#Wb*U#c0!3lBI*o$S<twOka^arxx{b)b0;IKtl+LR@dI
z#hQP^z82l?*Q_FCe!@R|I~}CPC&W;irBa<t{~l*d8B22-T-zc6TtfZ;0u%On;d`hH
zNZt{m0~7>=<+ExUQ3s>rClQ3ophi*oNTMy91x{e=7vluqTmbi#=I?8RLvH$NdOvS?
zi2K+Pd+gVtQsC&*AJp}E?Kc<0lncQ3!^Lz1HGpt-X63-yYB0x4-8WcczgE+H4^aNd
zj#cOpCKwmD09e_5Uv;BV<2GFV`ZKr+%6BO`ywsrn?Z=lcb&IMY*X2EGeD0s5t=SuS
z=siHRQ?mje!EslJ36!<7%TPpXqLfrI_5WzT(OIf@I$%i#k9}bR9Pa^RnG6yI27tF9
zFKx$?6O}`?Kz^&IS=R1Ef_f-Q3Rl!+)7*|hZx@$sgTfn{|HXBuZoCD@zD*q}fl!h%
z-@J5Hzf?C8lA);25mqJyKtjd>1c%3NM6|<jYz>?M6^3&`w$iin)ttC{|IO&(&5V-J
zH(AcUBCWuoLc9EA#+$jTfps9jQU0G`N^quRdN4#l*yDZ@v2ab=rn|tuS)WYxk^tr*
zWrVc;y*+!2l^{Knr6;ded_&z+tT7c2yoU~3^5r+`_!}$(0f{kz(|ur)#H$2FXn1l!
zU3rzkXb|z(hlRi+wZP@O?rU&W=SGxeFe&Ca-UqDfC`w3WL5+@!A_-^~BR$ZpmG`=8
zKfqI5_n!Z!iK9+PphQ&%i|jY<PDb4VJWXr+(B_!(<=U4?XB&DjP!btX<uAbS;T0&o
zjdT(IPb*Zwv*Ogh?ErgKEH!Sh`v>41>PahbO#@VM5vai)0+BjklX3}Z8G$3EsJR1d
zR5=>>?=iLij2E{r4@`D+Bl}kku%rAM(2NMoP!+Wf25hSbIKiFmvHw)G0DNyPgGAdF
z45FrXW93N;aq^giMNwcQ6##??`K~uNA~Ka)CMe2Y2dHu%*sQy#9Exp!w5(nr_K;_J
z$Z(GLgJy)JC=2>GI`U4{!w7&Fe+~*M#)Cj^@BkG8JdOVXbRYDaSy_rE(H=CDovJKq
z1rj7HWeR=2htvf|2S9k6Qa<lLSXC=W-&{NBYbM`{aAN5)md2Y^Q=?kC1Ng907sp%n
zDR<P6GjGO3E-OOIDE~&uBlW6-_gKz~kOl7Ks%z<QZg_-=GHG2Y-(#;G6f#$n-Z<-a
z(Zq`2y|-t!SOApkyGW%_5-vksDL_7EMfnua7YE>DewE077YhIgNV=z~m-hPHI2vhU
zlq?5o?t=b(YZdg#M|V+-icAA$Hg2zX3pK&*ET`NXkS%fiaIOM+1}GNjK8r%d+Q@I_
zswki`B+*u~1qb-+i{kd*-n?%@qoD`T<arB;HW)8)^v8{){`O|;_89;K0}k6<Fcf_J
z=oxU8C>f-@7_E@SBP?p^N1nO3F|U(pu5A>b#DV&5G>YjH1l1uZ$hq>uTRh`~xshwG
zmBjRyG2a7JM5+|aqV8$ZHZx7%%Gwl6_)UcZ18(8<&LHm`hbm9=>q$!x8d&{zy<EuS
z=b4iX0b$WDUXiX-gK_W^!_fcbye+!f`2ra#_JP}jG0t4y-Y|cH>D3(v+ILseQrf^T
z)bIBGXEqM%n!s_<mLNed#?12-i?*3iRG_~QI0}NUh^uE9Y#{gWlE|A)y>S^hnpU9h
zMQ~Pv%F}&^%cM?5r##^()_xN9tU$L$-ANf1a`A>+z0H~yTm-!!!L9a(J0?T^7Dl4H
zp|LZzAhxsWj?Do#9OCML`!X5Y7#?4y0<wdPAPi!k!@-?z{>8ruiny0Y5=#q6L9PRe
zAJMk&!41O9spkSrzB)$ns?<w&nj}$fXb+NSb%!mkp`v8K1WD!B5di;D*HhxsRG-$1
zag+f-GkA3a@g57FYO7!$u*qPC-Yo$A29D;JGNd<iZtmN0LHXup_Og^IRU^r$8Iu=a
zv$7;e)}WL1&QSktg!fObkS;Uv=C3+w^g!G0RmU+apx7lg8?RbG_Nhd?_O2NH3B#m`
zM;4A952|-72rW@HQSH?P--{_b?#4m<lRqN=1(8`l&~{8lI<Pb^Qx=2M9n70}6n=oA
z_Iv>m*<w%1bioL>b9nhSMNoR~vul$N_J6$qDaxoiNE5V5I&^OoZ(dNRBG{qmtOoh`
zBd~sH!R3Qs)Mw`7`9L7IF^z8R;sFr0$yv+K=~80lCeUx;>qk;lHglA%Y>Bw&!RbTD
zyju6xQnTXUfH(hf<^UlVow?&LMj>LCHo?u18|KgFR5|C}Z_gcFwa3D#lOA~ei36t&
z=(bN{f6TAx91vjY8^u5Er1p~awQ3TvMMbF$usb#e{=e<GBb5vvXlnp6Ocy)9EOwyE
zDRi)Xj(d^%{-wwQ4j^NAyAaBbV5$-5)*>JQ-QZI(lC<|sLB&#V)jt=7j%%Cf)?+dB
zwG8<o<X%hIX+_1G=a-A90L&zXRwt1E&Sg{ZUImq0xU8zw?o-dD{5EA$Kpxjx0g3h>
z9*FJXh89RxKMfTmq5`o@UGRplp;3GaC#CsXe&PNbRC@fbqz3ggNWC><FFqTC{B^`j
z=@Y8t%hhQ`UW0B;b>@$ySqQ?sCNs^vVFN}~vKlZ-mHwx9$8qf(-TLdN$7Px0aS6^q
z^#df`PF9YVqsiJ!uC<Jc`(|M^lvZoh)u5piNLcp}EH#9m)T|{8@-(yu^=N$ex`ixI
znn?Bvl))%IpckqGE|*%?3R~v@$_PLgP+L{946yK!k^q3mTE6QiDjLRi7E`Z*8T+7C
zDgfz&-eY4u!#DGOE3alB-};Y0CU6<{elYeWm8j#|Ym_d%%eAbo{qL0o=6h062C2(J
z0CyqmzP*@FVD=*vnd4R@q=!i<B8DKbK?VqUjFwW@suBF*<-*bg-fgXJlgD#nvCu-)
zfC$`&>iBcixg!UV_qCON)48wx{0y47pmIl}S8<@29o9>YvvPZAgp=HEt*h`L)D$(F
za9xmmpkwDEDJUo|U&Gs@r3XCsQ5CU=D30EZ(**=xU|V2~J)cZmVv@eolsCKc8kKPv
z-Q~*xqC<Okc)xW7PDvnim<|__MUg4d>u+WK`F?vTzqUR6j9mJT=z5Ts5-Cd8*4$-v
z=|TNg!WwB%3J^`LVVK-6feeU9toDSs#i#WNcjUYTiMF)sAup`JICM@;Edv$mWDYQk
zX&NdG8reQ<eCjRVHx8EGmPpR-qEzKlbeomtiJ;`WnqV%a9s#K}ek~fmS7S4my=Fa6
z3{N~PQO^{f77#F*FW?oa7NR))6s|c}bM2_(zgt1|RT>;83RVTwodKQ};ac5Zum+KW
z7xLKrrJvV{XWhj@+x3BeA-{O~(Wc%I>N(Y6RU@TAq|*IR^QgJIKs&U2_dACgO~(s-
zEDwL|UbfIw{N^@%Y6yfWA#U}8aGoVNjJ%QKy>d?p+=lmXF!-~p{G8{)uhX0+w#wT6
z`T=n@>vB|-x+Xg<SSs#VOU7hQSGzHyK7GqLWxJsA;H(K8m7wu(Nr^kZbY|2!=_J$_
z)&n3Rkx}luM@F!r!;8nB^df^&NQiT``mx?8cCn3&;;t~}t+Z=`d_b{pjwaR^H(4)w
zVSDT?W8Ej!OZ)E#2L^UT1)qH`=PY=fUxV_0zBwM~i{;CL(XkuW6>qC}8%<sriYtbC
zZ#wun&&MA8ZBt<0kD{eWn-w~89=Kecg@Yb@RE7SV$aktK_VVcU*>O&j?Sg&RnGAq@
zkgG>HX%R7Bx81LEJp9+_a}rF<Q3^Nh-&@RDl_vs+(MLv>RReY`U0)O<g%d8YkAf3Z
zl*#>)d}zfE7aHA8PER#0=F0uPR{+Ks@i6=6=rCcerNnqAu+K1sn0yPpy@78JusKOl
z*6Nx4q`RA+$$YFc%XZg4HcsJ_eOE#_JA_>Nii%QBe6~Zz6Yg;<&VV)fYSs+C3oaqM
z&E5evH*pTyr-y^ECUNTZkq58`kP$o%m4Y{1hy?B>F@Jb>)@o5Kx*yNr?um~qKV6Ga
z+Yg_8uw<PU9P1y;dBm^N0%~?3S*ScN26gHbMtH!^S60KA)^hS0-ZFVB)sh2HB3MT(
zDHDn?+0QiaoNw%@UnYf?dh|ZfQlJD0K}*BOPbJalF3PZGhF}xk1vW~GRip2iTWh^t
z%3ETbyTT4DBiCgq<8oBcg0_X<a=ugmsFvUQ^jAP&u(UbMxy&fFM7)B9bKcpwna^ve
z>Y_14#A31`-MwH54Pq)8No7W{EcV69w3J6Ac0H0p*v>@(PCtk3;KJY4a3?i6W7^wp
z$I@JRHHxPH)h6Q$VApT@FWZC#L2Fwy{ew}qu?Mql+!Sl*g(Cbou|9Lt5Y5Dnxtl@D
z3G3-FMieZT=W@KD4J@}Y+012mCo(59;;zBroOp{9$#*rUZ!HF1oUh?}{!GVrnvE$D
zt7<pi0kL=bew7VaDlvEm*80e?n~{%;0a|?<;1up!#-U9g-x3mccUd`Z<y_)&2T4v}
z`Tz;wQ2tNiTg=~)545-YLA1OldOW^((cRQ@P;(j8^LG2=^m`N)?e??F)oF2gF!cI7
z{t+jaU#3e>*U;h=?#vj(mU^=xYiCD<#5kvYB?V~2ipTx<LxJCn9M(5{=HLb=W<=Ak
zv}mJTL8%u=h!|M=zXvg#BC|qQMjHkO1fLyvAE<I1jppk=eNF@RQ(F}{%VafFCUNG(
zJq|U=L(0QbqHqHx-4Hbg&rZa+Q7U<7+>P_PAWHi<eN}WAxRgl8jnvl+SZlfMXgjeo
zf$<2-S^@b$$)mphi$<q`VbGLWIfLA=Ro=5n1@scE*Vx>AMFdu)pX_6{c4Z?$G4M;9
z;4_>E$-{E`yd{zb&d$DUe2bw{a8P-9vtPgq#AQXIn+xF#_+ToHchp+wg1fSiXQgx{
zG3f8U#KOfz_mUbNce`iwLM;~X-}=q5phF^MxntG9424JRn%Qq2CuIEm9!WRxD>*h}
z%GY4db)mO+Bo@=U3qPT0(=(4k2@1eT`OP-~wAOXSsfXF`^u4}Q5~xM)zI6{td-r_4
z!Pr#Apn0{`$M_JDe5Gn$9il64CW8j;OrN$?p8r4;#bJW1ZkFynn9^C)$tWX^opP5J
zgQU2X>V7{)RR892>SyniN#DOIV7t@N`xei?KH2zSb<*5*${IAVN3R#M%m?)a1gHe(
zOudl1p419G$ZcZVPsE`~W6H@en1Z!c5;jiU!hmKv8ikhERRin{L+cFiVr2u5=I`Uw
z4Qts^iHdQ~`WlOQEyZ0mzOgpQINF@;0L7Wz2-PR|&|Ngr_=ir5$e5zS=G`q<JNaQ0
zut7pGpSACv+dBu&-WCR+axKf@efZ!B{}cpWFMp}s@qPoNd4#)`>(mp!8Py_t2Q}EN
zeQ9;wv#wRf?}}~=#f`StfA%TQ(^I7_Pp)0{x;H^>9O>>Wz7e-7hgM%~7yo?;RMf>+
zjkry0?N^raj#CqRz@X6v$0;O<rO&3<FrbT$#=5KMyP4DD##9SpUH7%;v#ThuNO^~D
z(?_6yX{Cpr`OaK~eTtwbs5LQI&wK4<u?p!C4eA%`QZI;2CWkMySSR*(z$4{?lD{x{
zjtBA{)QhgJq?;dSn(wvUc*|XE$Y_v1?H8^5+2*fdF8Vx{Hu^gb8DQ`AuF8|{W`^Se
z9{R1)w$o*AtrZlk^%?mqv*rw6RDewg66L;N&9?ovy@+KL8E8Jc**xM@eRs`O(Dl=R
zf}3Gd6ph$(GMMT<eGjMM$y-Sf0Bu~%Px`(A$ClCbS1$@#Gm-U#)f(aqSYDH|cf_BT
zPP+Qp?e-G4`&;I%KgGv~$h0dr_YU9$3h4EPO#Lk>=wKTN*TvtM%~%_-cVk6P*K_)+
zV|jen*Xd3UNA#|m!MA<U0pB<(P@75RA9s}s*s+d(5y($c7rr2ti`*O@S(1khD!91-
zcDrYw*!`O9q;z&<j1nXO1S$OXlip5BnqV-yD(9tWjG4Ru^i98atTp$Bc*S`CAL@SL
z`jor$la15RJ%kQ~nySM!zIVOaRs~B9E0hUhl>=SHr;a*hQ9R%Ay9Yzr)5TW0v$Ha<
z9-RsA3?Fr28L0W6|9*Q;cNntIO0IYtYwWUV`AL5|!?=8q-K1gYf%r*DX9kUjV#@u%
z$Xz_YpRrdvo_Rf>Cmp7;cTZD9>}v+xHMHuDd$}LbH_=v+=`ZBmZ8oVAwYL3qON5*X
zxR}hpiK_dl5I{(}B#oXZW^y>Di=p+`OBk!7O3kBh{z@R6;odG0xmaj?bAmNFCiIf5
z<I9SMrZF1y?r$|SX9D`+dwW}tKQs0pjICJ8XpmbGQ9k8NhKZQNS^uF*QOik}koF~h
zRoA!o)7uvzWT2#1b1b;)s|Ys(PO*?NBf512tm<%NrVuIw=GRmLaGAIP7e!;mg8eVc
z{?`}GU1-pnmJ%yx4EkY+rt7EUxD~dbY(`VchiaRZ*%ABu!1F3(Gvk^(-f?7X0Rev|
zZLy)DUiDHiJYa4x|L3WensD78wCYuwx#*=#h9n#Q|J=#8r~HoH$}Q6kk%O*Xza1+O
zd0(z%x1Do>A44#pi7q0WB36A32-IZ3!qsxVP*Pl!d=RXuax|;)bdCh2P-a#21bG)P
z#;uz8`JWSkM$3H~;P5}1mo&$uQ=4_q2Zme+1Lh#^#(UP)AERLhNBxeT%RBfL>wEdF
zNn&gXEvudbV7+IMbF9&9w+og|kGpnH=`!waZURWug_X|VsT%RT_WUR5c?w=Cc24EW
z)njdG+8Qw6WxoaHIFftxo1s4|AU)Y0)M3>W1NpI?GyK-Z7&2lpiAP~wD8(3?Z(zsS
zjFzbXqaw7pqXo*QYs8$yXor!))}|xGxAKzEt+#eNPPzlaCMH2-u_J_vEONQ({oBru
z4(6`6ut2hJUZK(Ay1>fn`Gp}<Htu5j2FLEIiDj6ur&L|R@FK@oU%c$^aW{<S{FKTN
zN%P7&fl8R~&>8jWF++*x$NQOyE97RC_jCWubtLr~crVSvFB%xghHtaq$RT4EL>hKf
zN`ngW94+5|@4M!KLS<4IC>A!bFmgs?9u6^NPcppE&jSS@T^stPuXjeW{=b8F4LiyV
zRvNwlrQZN@p}^0hUK&($cbX7m^hYLdl0wciZngg{u@S<Fz&ZX1_&=JSXZB}t`2DXo
z`TZegAOU5tQHLwGsG+e&?LZeML70Eqx^jfSOY~zz&FEuW5kGwfYZnK6q1orKlhyO*
zPTumEipBc@C?|fOS*K-A^e&Xdz0>@6p)yuPk!Vm_x9-KQVG{m7s<9`qz}>O`gfREb
z-RyYWIIx#W+2Cr8v+*^sx8CF?esOxtH4c8T9Z|nl;$Ea$`N!yMCuQDe;w>jLjho2i
z)}-VIhr1;{yUxl9Kub2quG*VB@>U+fB$U@j=w(y=`IYW#|KU6Q`%9Vm$PKnv7ZZCh
z1hD>$KH@#MT72qjS>2Y$Kv7mLx{5EN7@iXiDh!ADxE-7kyDPi_e*tMf$JWotMO;)e
zU{9YDrlsG=!Ab<2!37!3<&wMjH7*dL*XYldhU+R-&@fG6pxoDig0+l^XOZJ51HqL9
z1kvcZyWi+KPt2>UFXsDY)^6E9?@TZSlCa;192;ju1%2gq$WyK1ZUP_lkR6)KxAJcC
zZ^~xIk~6fnJ#__Wgp|m9Prk?Iah!+JUKzu{=G>LW`Pn+UE^9_KQ45#j&Mf6{<1>~r
zrc6*@&RM~LlTpz=bCNeGKM$G_t_OQ|z4Q~$LY4o0elU=T2@NWkNA>!efkxVBq5}SM
zO;>H3%5!XCpmRXVUPJY%?8C#Bm-2JX*F~scXRELcecgheFkN&L`57E`ISe=R*9=wL
zKY$0Mvtxl>*5;_3uU1%#dGcY{Rdr#1|G=)N{MFS0z3NZyyH@-7J#z<*%nInx8dk@=
z?}8cZWg_NbI@2Ue@Oln1CDTdeg~A&W&5W~)wJy)~5{)`P({e8Co>wr>)dFkH+hO3n
zT-U^LH>=C%K%!IP7T+(FKNx$lmVE+8U3L+J{&W6ohZkEr&XtwP9FgB$j+>snJQD&K
zHS2QHckVCJl?>>tT5l_53;oFjy2^GKdGxL2$@lfa*9dVoUimH0EqiV@Gn@a&;T{Br
zRlX%U;Q5{b3b4~|X|7Q{P=E)}q;Vn)ScBIs68s{qy2a&;R~m|W#Y^Wdt8AY7q;Sc>
zJsG!K<dnb(R<2nwfvVk87!5P-+Ao^SbsrhLVc@?aQ<(hOf|IxZgeI=UgP@Zm4Xbsb
zLBHyP*6-g>kc5IZ=||P^nx`Z{b?PmLOH=pwxj}dQG47PhLwZBlz7DKcMCm5q^=xZe
zU78bSzuRnB?Eephb~{8M3K(Ag(*|bB9|ag&@a9M(5$J(M!Y0=Vxw%$aTE_fA+{JRB
zY+m@g^GloVu1bsQIi_2Xkub`bt@q7=F%Mi3uNu0Bf!*~4{FPT?Fj*qrHmw)RoooQC
zis>VQziW$S`uUvBi|<YXRnMK86{Pm?1phQZ_ZnLiuDH&Avvvn-jDaPQ>YHeo;9r8h
zE9tydeh~6gr`5F@Q9bZH{R2SKCKQ1NshLk^j4q~}F#%bgPplj%9EW8+1G{4oV-qhX
z+CaGPXFWgppFF11|9Y=wVYFQ<031*kx+?Jnon&|!(3%P-#3nS%_hU^xOqXb5sp4dI
zPt7g-4C>A;PsgPRNwA5p%N~0k?fZLN9WbIniZus*?yEs@zqi=d9F_8ffwuzV@z?p9
zA2S_E!`C=6o>uUcPWVbTkLj=weA4fG*6(>znFw|_Cn-9=SiN$x5;-OF0;>wA@qezA
z2xfte$mCSn&~M%QKatGE*VW#^f8SN{Z8-gC708pRr(j-mZz1KPks)(@GzxK_uzdFs
zV2~B9*nSp+yTX?Sx6#Sdx~A0?PC^l3rErO)rGa8lkG|f!(7FZ2jl-RMd+-@1VtmWX
zm*SN!ZM0P4ZsMaPk>zBe)Tg~opPPBSq)?Xq+TS#WE2&kvwDGblvD6y@q9>E`mD&^0
zhg}f>7Iu-2vMaWCr9t6=Nk^^6P(JG!%2pc9PfqJ9{}>u^FM~fDt(1=IH<xhWK}KJ!
z_Hkf783A)Gx}|5xGbf2Vv%o%0D>=pXe=>|Kyg8%F-@Z6*vRExXPfxmMZ<#ybS<BbQ
z34CSJhX}vTxmD&mZ6Yq>xRajD^WNh;2@cP^`?(z;>pSQcRqnwd6jvuxyzbE6r)0an
zI_&|HiR>sia(yWe8bKi=2gzBF41W%See<kbJ|0W6Fm}$=HyKX>g4L~B)_J;Qaji`)
z&#|8RuNpM>H)}vfz1@3(hU{JB@Bs2fwVRz=Z`Q=H#?*c2M0vff_oLuR6#pgYf?N7A
zO?~WvgR`5Wo?CBi=N{vNzp-duj|Jkyj|j@4oA;jhPUCpLN4GARTLSseQ>^0=9nZ_T
zyqiS_Ae=Sa>J?YExr4TWSWL*_Fih$I2eyKbZXTjJeENX(uyb1tQ_aHk&t6O33JwFe
zP_wX?&z#4uyfQgLYx_wW`}A4swZFGJjk%frwg1IY^FXrii&qYkN`1FUo*SD>IAKWQ
z<CB=*bATx^I<KGG@}gOHGZy>lq-fS8;dAv87#Z1h!NVyDl2~+ik~<$g<vLGw-Z|MN
z-1^M)sE6IcQ>-MSaPtwldHRXaiLd|M%!#jg6KbbQ86$nEz3|T*Sr#-zWITTE{X2Bh
zPGI@2<o=ny%o-J8&2}M-GRndu*mP`~KE-nnBik9Zn0z(8rYF*oqsNMdxMN4F_=KRW
z{?*8DclmIYHyy4XGU8Uky5cqzMQ%}dF}q4k$J;MxW5HV&wKYmgv5ZG~n9;&g_+&<m
z_pr6~J6~9SoS{Yh_@qO<vR+6TH9S*u85S6~Si+`Yo)E7Bmdh@tS;y@}e)Kj=<I?36
z3FXt<<C4R1Fp8d-$J`=xo<~!5+sfw@OhqLAZVC$=`E#bfUR8mC3&vZr3!~d-gVp_j
zR5zNQ)fRM1Nih(DA=%$-6UsG*6HV9eB<@%W$;{93$$W0L38K^ZD*{RwbTA4>=^iZj
z3srPEZqnX|QclJJqobv#_riOE8d(3X3wYHum;cqCopbsoB}PY_AGHbs_~^x#-<s<(
zy8PvF>6RPknG?h_2)csNGzC9A{#T8_WE7he|J~&B{hWDYeS+qP#MFW(Sp7GxVGpi_
zO~n&Qbf<L<6ckt75oUORtv!o;QPaeDiV-(afirzP%19YC-e4@o9UamkcIhW~G$9Qp
zCt*(RssBd@{xJtLItaaxQHscpl*ncJ(XqfIAN5f5%ddamUY1#wO^Hg~MHCuj1=V%*
z3RMb%QeP(lz5T>UN1vZ0E*)c2tz&Iau&JCF5FpG&{o)?XKktXRb?a;WDTmaRnq6fA
z)1WJz?U;@56g;MCKybjT@3!z`1ZK3CqF93;{3lC{51Enc_-Evj-5Eb4B2V~u#B-N$
zy!&YshQx})`hmU2@6b5F(x#8!nk~Q7^?$*PPLa~NO#&yzD6)%-Cq8dNv=bO0H`5cO
z4~vzgtGX&ZCFwBcG2L8YuBRSSU=vyT%es6|`&c_L&x$e6qJ>gZxtD<280yj&&PqK$
zGMc(7U5;`e);BFX1oIdWbWY3$EcuhYR#Q;~>OB<M!1(*>8LZ(RhTP=vQT=lb(mZLW
zHvyx4MCP?t2S4S=|Iq$5ICE-)omqDnG(r$7=dCs!j9r=r9Kb3$T6+7pXDNtZagb^v
z>(VezEE%9Wfw#aUM={E*d*Iw?x;bUUp;41@fASyFe=8%+tP*=f-GP$>f-H?jsy~J{
zY;}Nlr&4C`u=+$2bVZ<P5^_!2u3z!Gu?+V0$!>%yy&Gi`^SJ%*-zVg!frCAZ_kdT`
zADe$Vi<GUy|2@#73$80FsTm@QlQSSF^O9g#OQJt*89G|kBVO6Cri@Zk+6=U@G1`>v
z>X9$(dGZhwg7OQS%9oj+Py=JBP7d`sGlH80j1t>N-V0Z#r>FL>Iny@OpKyR1L~eJ7
zVAljH)F$+@(7wclAk~4casH^73nzJq)qXVWZ!2?W^bDENQS@8ci*fkW@Y{PO-nw^w
z#Z!h_N+-2pW7p`{^j`CMcuh*E0x=1{Fqp5(>-A^*dv98Tg8gltmWGbphoyF?Fm%FF
zcQsdMeXo+wJE6pm>dUm=9j(s4loR(Fv@>x+=APLZqCRjDqUFiQr=c(vOCdo~G@x|y
z>ftFjas!rSr*uTS7%#(_HtqnwnreP9O+1nOF1Jegk(EEiD>W6=24}d>JrdjIvDa+?
zkI=^FSCm<O((kgC?J`OZbcrz@S0Un>29C3ieO<fGJFGQ=2w$TKcP%t>6_GbPc*KEn
zE<@hEaY28T+(LkYI3>;U)PUD#eZP-~)z8zP-CtW-p+9=p{@qIL{l{A_CBKxc&n{9x
zm6RbvMX+YaV!z>sb7_D}%v!V(v$Pc`j<r3?7G9C}V%2D#uMT^yKjx5XrAuh~2Q0m?
zG4ggZ10)Ps;yxoC_$%`!0U<U54ZUl)+W!|9<jxvH0r<_uTc;qd9K7qQQ&jq7!UJyb
zVYfR3quytAVLV<vF+&y<2;tJ_xw(4!kFzkNU#`x~h$YDbFbypFG@%bKemS-~z&JbX
z^r2+psUl@7l>phGeyG~%uDnIU$48*VBf7b?nbPvOG6L`_UMaXd=)5yp7`)#0_=vAs
zVG*qBH}QKX<k~zQ-R1~oThjE;Y%r@UtU-8f#UMa|$Re^a%Pgta|0OP6-`Jw+Y~y3=
zESU|XfOv*4fB)ISQ)1V>y?9l=Mo_#QZ2jbCLzlUFD1g6`IHG>Y3<jUwe82hmye`xg
z{_QrJ951PGEnzMhwszP4%4v{5(qV_`sUMBqyw(GO)USfX!8TNxp>@`T!Hb62N|d$Y
z{Ge__lWqSumHm_o=B<Vy_v~6kOywULxhg(J5d)Ee%vA<LM%j-LH`&f!=(WbjccU9B
z0(j9PV#G3AoH_g?-e4bTz>^ib?awLxY?dtC0WLlf=S><Kq^ggqxsdXYJTvUQr9WTC
z=gAh~J0FdP{Bcq4d1ymGhnwv3A#|}#R_Sx6Y#=%`82s`|rRRQfKR~2(k%i;$>OUa1
z$vL?S+LIsi4I*<|5BO5QKKR{GelK82fJ<=b3K@`sx3h}{W#R+gmA~E*&%}(bvEE@O
zRhnBilSj~CYr~kl)osEM9SysEY@<~)U)cm{3XhDRP(pHH?@B)P;kTWK%zKL2>w+Km
z{@UA2QJC3&G6s{-%}}~dz|Ie&b|$Kz`)BEXA<98BI?}E>JL7}+-LHTq$4&ovpQ137
zld8XM1Mm)$*>Jqx-^i~8;bR3^7G`m2zLE_Y`7!bc_c@Jqi{X%h{;7LoI?K@MZDvbJ
zZ}A|E{LRSRQQsYP4U%&w2y$!vN-21#8lA*!scZ$U_m~Z@Xz1WGsuD+}Gni`NDY=2_
z+@<W)$*<?Pnb)>u(8>ej=8e}<f48N#Xgr|@RnBR9kNDM)uq{s~>gTuVnm`Z7biDk=
zLrK+ris!!@%!=b&-dgzfy;p3p6pB<P#~d1_RxlLXP}R`*>xhIPo9u$egfu-?$*i72
z`~g)bTS2VB(p}N@-_Y4$Iypo;_4$>}bM;(WiFP8N7D=L;pRn$<{2rfqc?&|;c(WIt
zS`d^5MCzCw>>c0lkYWxq+oovfKnS`WZ;CwF%*Lm9ITAi$CxbO~8f{bm4RIYl&+`Kv
zS{VM=n6>^4-VC&zzCZ5sR5l0idi0d`62pOBkxcokXMQ9J3I&#;ue59^a)H1k10yFK
z*IMCMY&*-tz)AlzMLCd)20P#|ABv=w|0|fK#EqE()>c<ES1$hTaP0W1jx=f`rJd+M
zp_yazgj-4tr_AmcgCA}pJ3fBPa!hUT<4ngPFzsJ=WB}U6hcu<1oPWz0-gR_cvpR5r
zGB$zq%+qae;=7$QO&$N*M}2d-QN)V_NOlRYQ%by_g&obEp5gEMornh^hONy?$3}5p
zyi{1T+;R!rUVYgjX45^+M^w>^z3P)yHM^0&=U>C0--aY|DLtioxDr?7y1^GDSAXn3
z`x;F{W|Y%PY4?5#QEV6-AH9B@&~`MdBt5cKq=DvxY<k@^HX!yd@K<UP2E;SgNz0#D
zA4(|yI1@WsMVF}jA0H0_2N3XRisHH&QLT4&E%09GEJLXcWoqxy_qdsS^W9A(Z%ea7
z5=<0+zQf!!XVP#l6^u^yCoL8#qb0ZF<Om7MRL#(YUvN0JoVNI1*J;!G)-5t{Y_BOW
zKzc%6=j%;^E26Jot9|c!27ZGb+1PApL?`;#QqT%YW{#eH8GQJi*&Z=;=A4E1C#*=2
z;V2#<UcFtKAwc^xj{tpwhLb_$_;i_gr38Q_UE1vy<6&b-GWIx2PAiDqauFyUbL>N3
zu2Z>(0#Zuw`Jvw`O0();C_jHP_rNmprY0{hVh(x9_9xv0l9-}!wf(agh!a6(fR^0T
z=MM`$Y(1p^DI@CFqXqQs;!{%?nvtxpz`gPg1@pMusPSea>udfx5ZW{&MDx*1i~PN0
z7hm%rKuE~i{_<BlfJA&&G^5pj={%yEJic43RS<-TP!YGHxsQFEq;UBa&9rLzfrd^h
z!8(XM@px+U)uBOLJQB=<@WLK85Vy;@wv}2x!Ikz`rxoEOm1wu($M=^FIc$U2usD)m
zogjK?zF-Etj5gUPXB=IQMZKT_f<+f8BQZmtDZ1#tGyJ|+OZsDKk1hdTs$@;7!$9DW
zM)&BnRKX%)Rt^u6C=fb5Tlux~T^jC|g&iRG!!BFOi-!nN0^g_*g7+gZ1N#58u+BKQ
zEl0dy|D6mxA;Nv%Rf*WNUO|<VACmL(`5xCw+!dV;tU4!nTn=v?$~>4r<nsH{h?w^$
zH(3Ib%;`(4FH#gw!WT&b{GD6kZ>@u{3QteiuOA<7#fp|0`!T#qHk~6se@z(>#3Ouq
zmRs1nB{0SdiJ6YJ&*JaWOP{?7&Df{px=3fRJ3<@GR}_{p{%6`1xxY99ym|z{nU~F3
zr<yR4+IvXZ0mDAK!VFVxc?2gA!_MSi=c~n`rZ{L2%Psa)8t`cqxRt@-7xTY`{QK<E
zpPcmMqb;=XDTK{OKWySg%41AQa%rftF+whZR9(A|({zsUH8dQ1!7=g=16sB-#l_{z
zD$Z%Z+GtJAwlBIGikM}*Ot|6L=><i;9j3Kv=n`6v<ME84#a~&|1(`A^Kz{?i4Ov^9
z_KHW!DHk4A&_vL;*3N;h=qq5DVKp+xM@&u1xRCzW-jvD*iTzLi@B+8(61q5EO+^{<
zH;?h}_eYQztS<-z)iDn*0fEG9{pnZD4VQ65Q2hiqjZ6l6em<ELV4armX?=S*vh@`1
zmWLgnOoUnVj@Mi-md@Ao`IdR|)pIaNcXes&Uir{QMJd=aG<e!UUK?9#UoUSy3jgLx
zjU2mJ{#A&d5c`mq40lKY1oRAD{z|yeY-Q(QlfeXczF%)6DOd+_8{2z4P`$M>pS)>f
z1^we=N)z^%Uo>QiAqQH}=Oa)y5AzBG#H|-CQd##KycRCrl0d!Ijyo=Rf?ttBYXVG<
zQdHdE>3g<mClx{2kfN=btyHcx3tA>6^`Cnjtocu9mGB_sC$hiUE5F%KhvD-1XhwQT
zn;ksP@}_sNwJqPS>r|R|UE<0^YcCpLSF1zGW`YF;;U@Ty(PxmkoD$(*!eHkr;FqLl
zT5UU6{HC4k>^wsn4Estj#cVVeX6JDYAfY7pk*cr;I0jV4j|x)&D=vz={OMW2ae$h5
z1@Rj#G9?AWSy`HGSHcH?InX%hzC>Ks4Q)8iV5375Uls+cx2ESNE|N?ifYIEn);`o+
zeIiH>Mbo5+@baie2mlJv&g-^rc;0jRLl2yA0T8zyM@RD{mhU|URFl{+UxD&7tTCQI
zA<FZZXHIfWYhR&D5O%q)uQKxXtPmuN)({Fobbqwc-1d)@wCWBs5wp1HMmRRzpF&&c
zq|M(1#IHE*3zx*&+-8IhGkIG-bw<3iNbpTpx%hJq8pyD~WF*z^L($1EfqOau)AW-Y
z`Urn?AFYgj<}#5`>u5?MtQQ1DeH>yYcG)wfIbfb*vlF}yqT0fhTMsa-9(%mvgiNDV
z#s%&SxSfAi%u~fczI=Q9ZC){?_b0?gobd7U+04UrGcZ}>l@hiCl#W@N;Q-DKP47L9
zO84<K(IA`1esYw3D<DlcCeF@Ky}HLcuJbiP8IQyz;@KO#Ha1o?IvByxhjg}N?w!}F
zkc1b7tI4LHq~-y7S2L#_IcC|xl(6Y*-}uFUre6tEc`7gb>ilDfAov=cI%N;+_5RGn
zImK5rXx(_}_Q&NNw@`$BKERfj6#mUdPK(z>k18FpG?{E|lzpUCaTp;6{KUs!wqqC>
zc{`|OZ$omn9kW#>Z-2Nd`McEWayOz6dQLsMcaBRA4p@@sBI>s~;LX4iVC{^THQDsn
zlmi*=%Dg}%)u}$SxdUB~++luP{E*8I?8|J8gZ%g9I7rLLEGe~dqMD~k0reh(K0Ix9
z-v@<ROHjZFS7W!ca&z<g3!Oc(Ha19~&YZ^Kh~&!tdjNr&uD)Mj&$R@2E4;8AqQgRY
z#LR}Bg!Q*p&>9|7i^)~o7g$`t4?vk^SC8x*qa`kw&vsq73ry3kXa9Ff_@6E`sLM=3
z>G|=h-+5t1$bJq%Dddu+%@8>!hwbAL6F|WC&1<GSa0_OD0l`xh&TOsk`W*c1o?>!>
zBnBQQs|d*D&MQ#dw-tR|XWg7jSB`HCxd@juw{{p3cWVC}HFHmK5o3f90prWZ@j1jB
zqySO978)Jrk}fhC&%Jlf5)hp&{^B1_ROU8%?pum~kb{KP^hVxE(<Y}}3$X6l1F=sa
z8#;DkVyPRqe0sS9M((DpCrYxPq*(MP*Mw0)gQCC#D#u?4GEtZPyhc{Woy-Y!Pw}N{
zL&CwI{c0SX76n-Y2~7gx7v;_4^qGb^f%XI!C2SSsSd7ln$Hrnn_3hlw{ae(wQ8Ntd
zzio8{P5J#^*6pTo;yZu9F=EzM<0GXxl+*a7tGm$V@xePp@9ZSokMYC;^_?xoQ+;4}
zqy)wJPlEt0r>ImctV-4(+9j;!FKv^_bL9fh-Oc;v<tvzFe-sz{2ujPA$FX?~{zg`0
znR}@c@S!2n-FUAZM;?iL6;#y3Q$c0UsEo*;fnw&-$*{Xe;Jp<#_dW)*YAWeh&~#xI
z{Ri5AKSrD8nX$y&d>*1P<a@lBq&BZlB7#&$HhJ{R4~ujN!FkP^`GA!0tqZQkk(^Bi
z61R39`n*NH<s!}p*Dvslp82=~U;Mc<fP+>Cg0)#ac8drOYf%_Wq<~c86;48NTYOF@
zE9bvpLpGlQT$;=rIm2+=j>kXM(BwAq8^$tv-J?KiCLh}Q6)h}yYK%$U_Gz`o{MQnj
z7%}S#EC%t7Nw8E^dR}jXdG;PX4rDVqXlWM8@aQZU@k{^o1oN+0x1Mv|BU>CIY9uqy
z>GDC|{n;0|KEMCI$NX2z$Vq+V4Ff4G-A|H~Y31Vavj?aUrxOjL)ex~)^aFNLAS1&z
z^0SQ%hL^oL+IZq>wR>st8{;2?z1ag20I3rcCCFCUIQ1w|RlEdP_ZRGds;7g=9D9Q;
z)h?|?%Og<qy4W}UJx$m-$m%jipDNaEK8g0cLy3V5?H_l!y66gaS3%eFO^b%Ei#=YP
z-ZuB+2Xl%U%xS26XSAUfU%eX*R>0Ec<8Sj1M=_>N49_bd{_u9|`346~q}z}|@WT@>
zO^2l~k0WBy_1YkOTHd1EN1UV~Yz)*gw;{{ipNh5E<ujD&LKY}1l5>|X=%CraD{;;j
z$p`z!UN09n$?5dv*f7uy*QGTZS$!9gS{UX+wvv(zPzkoqtQ=6FMdyaLXfR!WN0Zz;
zpX#2%6onA8bu)*!zVGBZYG;mG;1#j1tnensIH&o~bgZo}FnFRrlX9fKei}qHQIn0m
z2V)i+{j<YAIT;5<w;RCM^%MqDjv!VD@h;FkLoYgh)T=I8IiX77vClxv*j2Zob29s{
zh}*YJ69zFTEA}>myi|?!07aTF1KM|D(nyNp@(KANM4jx+QPUZ2W%@&`0Cm31+(*v@
z6%~0V`QdKLb<bfwTFa$%iZM0P6G;*w4&(axd8FyexHbpnL6{RM@MN<G-ACT?P-kTJ
zmrEhO^Q($(-7Chs5>{Ue@WRi<#pinczQ+0cS<2MyD!n>xSDPr2IJ3U}D5j0((r!*1
z7HBJ`!HibZZN|vIOxTmgiwh+${o=aS+(U;iF;oCPLFk>;yCfdxqAh&+R;TZ0x4w5d
zd#}ke49o7N@%{|eLs5C7a|1zS-cz^sWSk!y6;i4X`61K0?&||9XLCcil?kyJ5~}|O
z7B+NYm%~RL1j5IvS1D{HE?aE^I71&TZC}csKP1#VS|rXYPvfLEq6FG^PTOUdiy1(0
zKZTEt05B%3(trskApO<FXN8KQ@etf68CI$<L|D38sg{cy<bLHoY=i<1z1$5OjpV=Y
zt_5uSEk{Gsh=Ru~>(>{=Jd`g8Ao9l#Exj1BtTTkX$JmyjL29rfX}ap=kyY2sW_hjn
zx@3vZ$3TekF=NzT5TrWa4Ycs^MhmC?WuTg0gDK(kM8@9~RqueQmA&s>NeUG=;PE>q
zastlc=K=VCgY$7PyqSKTH+hbJXv*-^x|vDgaOEc&f-AAP%t3y!Ee`p~C?I(IS#pYy
zT|u2ba97a`90J2i3Xd&jIRTU+`zeGk4@HR+eDm2G6)T$WpANP%svs`-4b>1wx86Xk
zo%)0vsk%>7h$a^QK)7Y1A)Hh+wz|Ws<gj=7XwbDqFs#MLKQW=fKy>@Nn-er)@GdX$
zHUYXm)B0<e&&3>bNdSHK<g47&kYVj^D4+2j1K--OU6K+yEVujKzBaYLHyqz79Y-Qq
z_@M>*xrEJ?)QgE-(hTm}7%J#SIn1(`&q5F}n3HZgN;%zn?lJdQh%n@^%v)Y_)h*yj
z8RZ$gU_gFiNmKDF{;ZsX3EBK&;=Say`W}@5LiSK9NNj5X=f&#boVr88(tHeGz@ukO
zAGUKYMzvVhCKAacob>ETk2AzQ6ORzce!wYe9+VYu5@f`<5CD>htCOwGSuP9wT8k_?
z(M)ShEK)rsL~cDv*d$7~AB9CEbII0iHh(F~&H4esPtv^p2C-tbWMjCU#mk^?eI*o&
zFEbz-x5Gf@>6s7NPd(eu6ZM}H?OTF)q@OE2Us58J?Q{)O_`~r0>(FV1z{giR-m9Id
z%&#F>?$r<N@6iR1@nL~!KOy{QIf#0jaKt7H8Z>Pai?CvCbY1@^#2Jktrwn|-@w(hU
zA@eJK5ECOdv9>cbt~Po|e$;)tEk~54w^tV&dr*f*ofd>f>ejs%+?K6W=&r|J`EUdZ
z*shr{YZ+{x-6_m)k&UF12rn$alP5HE<k8YQTKLVR^0kpa@$r-w19t$;YKtCM&e|K{
z%;Dp|3_xjKiyrSueCKgwdkAe!tfw7*O1>7j*Y4lo(>kMZA5B#ORrL}5f^Sy;s>JX9
z`g)p`j1Xma+^_>h4|V2hBQ5Xl^}nSrt_TSW<ET$BRYaU;1pBu0;-G*uB6(f9Nl|KQ
z&q@zX(&)xdDFTk;sd61;T?6ra@PmydVp|$SqibR((diGU{_{BrelF=H{O+0})!Sb}
z1qDIytAT3`^A3;z3IBW%JI*BX&3p1+J+rA391<<`m`n1p?h<R$CssOZM6eey)Y8@D
z?T@|Ampg9;UmL(TE;1UtF~77hG*aQd=#=n*5aWNT2>q{UP}+tquM*+!vrAr!0k2>x
z36PTDg-3b(btVm2l~19||G>i9jtXTwyQf?paRk_Tbkv=G2#$@olE-rqz}8+<&*5!P
z+ckGrMThEF5U+;R;Ip&ooh3Ss$A>2{beFDYeezap@}dOHDJ}_!rVsG53W4;ZnInrH
z5qW~l&6x%x`NcX@2`!+bFSS(lHJS4xiJ-xpDaKj*o$ATczc@EW15AMuETdO>+GZ?1
zNn>3nsQb3ce*5_pp(-j^`*D63W6g)sq@s;BLv`;7>mUi4QP!}n-&f1?c?RDQ3TTjH
zib2$P=u(ob(9it$3_k;!*lbx!c;mOw?3p7*-n8`+(XVhc{7jjw{V_j{UkTYC&|H{m
z6&@&Z{NsN(Xm)N-l*tySNb4OQv|wyt0u62x!P5ou1t>6Gl{LnirHK~ALq^rN#_pZT
z#YV;OX{tWd;Bh7gT9HyQuGRTeA4|B6m$@BJOiRP;A?u*4w_RpLoO<H?qf-)~88pQ5
zUfns9F?2}>HfGzD43h1RlMCc#vd?>8YGnS}@%zF+6NCv<t@4cCAJc!Nutbb8;piCk
z)pXGvA4E_tj6eiDz*zQ$TOIOYvadjF+{)wZO&2-Q_Pn9g+w0ed=RS@6Lqmh>dAsD;
zli9Bq^WkZaX<9!O-+JTC;@?MtH+4df4RWedJ+A6C3aQLOZlqM=V-Q8Qx9wTNgn&6A
zDpZDix@f|@E*4RV9uq9O0IU@I**V({JK70r?5i<S_jx|4u}4cUZggE`E&PkA3r(-a
zb7^upsKi&tpzD9ccvk<~(sgoN|4fJxqRYRWRU~XUbddGFGRzR)O*e<r>D)GaDl%13
zKfs;k5`_Lt<Fh^f5)Ic@Rgn^X-1*!j&%h(>z4e(KHPV-?smgdRV0CXTWHzM;k?WH_
z(*l~T$l-3o)1wc|dRA%4WUe&zbUxGJdvzll1~@vqtVGA&?RnHubFORu-E(z`$-J!W
zHuS9v@-Tb@=^3uh))`qX2EUhZHx3B4<Nlia=Hx@De{3NwKSa08r{LAEs4S;T)$>y1
z3YDvM29@ya?UZ{jEn!MCQm>Z$VT_mW&Lya~jfrDXpG$#-*W6*iE;HNx*&F5I<Mc~d
zHFNs7k3qtnHBCpLTc1z?4;UOP#}mss(+IPx_c~=BFtcr|3L{y9!u(EaLSk82#P=uh
za&D;zY1Vh?hAhby^WxHzl>Kq#Ht1q!R}N{s{#J{8@|oTzJraUomB%f+q2voDgh<os
ztA5Jo-8!@BtCsQLCf3Cl+xjM+W-u}Z_f`DiQ`Uo{AfP>D4F57BSrJ}CpguQM+D(M@
z0}{~tX5{o;E?J0mFbx=u9?A6zoPBz^iP=;D<oVHK!VFC;<4%J9FC|Sq?OvYG-&iAG
zvT^5Dx$kdVVc|D1eQl42jbNc4*vezVBXa-kpm_Ue8|N-YatY(DFS4Rut~;9uiQ3%=
zSip`ZYE>obZQTv<kpI;8(kNNx;UH|?tCI*@9#Bke2;s}Ge{R;HnNjE8y3JL);E;SL
z)+K34R<516EXKU_gnhZ$y`(}gO$Og|FL0)%*}>`;N1TK*01p}!;mV>ReO^{jCAaw~
z;xlP>%{9zs=k-(c!rS|<?>0yj@0=Yr{`NH4A5HO&W+b{49W*ALy2o=gzA}Bi&-z{w
zKI##)KbFQUl))Ad`OJV*j61>qjYfQMl|)n{IxK+Z8F>kf`{%Ca7q}2ovtNBKe)Bo3
zv|)Oar-|l$^M1hFJtwdr6eN*mqOJ7YK!o&IO&zD(HPhzcy1uFw;RhG%@uc6Ql|1(Y
zK`aQ*L3uv+E$+J?zamO@jvliPI_CvT5DI}cZJ`FcZo@5AZcvDt&X*ptf?e~hr@hi8
z`F5$0>rPza|M<=BirlV<hR$?KSInpL;q~X`V{$EnHtvbrc6Q$N)`YzCZU58WcSSW7
zHEkcd5EUr_6varDj#NcT6w!nt8Y$9S0I5omUIK~=C?$XxP_Tq1y@~W<p-PD&AWaaY
zNR!_A_KEL$*MIY0es>=?tOfhbnLRUmX7<dp_erPI`C*w7;%=&5ScAxxv8-?w7R{O9
zu|d%>G6iq$h-#K!r&ZlnruV<*zDi;u@vp+wZ>Ve9?2nzl5x8lvK#_s>B7(O)uR-S!
zb2%d-x1rHjL(uJzZhzbZZgJ-n;`EiXR94F-xcr^Fw2d32Ug`6E{1t9}M3kjH;9)+0
z{F-bppW6>}3LkMTp|px@W<ihcmCE!ORyRM#+rgQpN09%Vd6*x&_8!eDPBJzWHaZ~$
z&MERs`Q5`G5_a{<)}_=HjL*nq8xseSNsh~zVwD#WrS966?dG9sTdWFf+g(UKDLbs#
z&QEozSmRgZi}C(d`hudZ!ZbwF(pAhvUWNYC(}Ii?-IB(QZbbg{?lIA>uRK<#ME~n~
z!GS9+sa*Cd(U4WU$kG!!2g%)tfx35A9^C~8Lh<!?^D!*7?&Y^zcSW_pp)-_Fr-K0R
zx8n6DGgGSv&cyQRAh^uTH=Hk`jAiOC;<7-dA@TOkYw{sb-G$I%9#PqO3-V?2eh*b{
zi5$Qgm$3iU_MJx(ndu}1pHRzXqz>Z8rq|#MB+Bj+3wMrPnwU_r5gVOoi`~f23L}i7
z3LOHQiU0k6p)D_x9ni!$TIVl)w;<>K#+jh(-cNUj8*x8x?ExdrLc_@=E9s%VTK)v;
z$hjWF6qEHzUDu!mq|#B8ru?O_W+NVpQ%BtyxQLYNUxnwBIUFs;rqNFD#CkMMw#7rf
z*cD%rwm~_Pwl_9!MA_qLv71|hG{m0RnW8HXSyB@c^gs(7BJYfe*XAtsnq^=HPJKjE
z+<O<euS!-wV#gQ`UVKDeo!vMWBKK90DzFp2D?thiy8>nFdva%D@v~*ox!?EG>4?Vn
z=`r>>GZy~A3rhlPPxW=EgjGC+mMrz3m6>!u4VBe&3`^x=RpnXU7#}W(r)_yGUKqO)
zXq(n1qzYCa+>f}~{ncrBJ%FWT<P@X-GXu%w<bC-Qv9mzI(>;2X0$j|tiL$#<$6&c}
zTdz4O%q?qtLZk^X`rmI$o$|!&JxM@|{X8{~Ir^#R7h}pSGuDr)H|3Te@)!O7bRhNo
zE-3xrVT`loGJmlyEE>zwcb?y_+H{>#6_9jdPmlB@9rPL@3ijD@2K%P8Yp~SQNp^bk
zj`RYFWV6MyLa}0ill0u=Rm$?V{_&y|@~eO3ncw_Diksx#+NNO{tKy(HZ@Syrm>sSz
zNRMOgtiRYQ+Go3~BqT|uhiN~#a;#@?ArmesV6PtW+H=<N7Z4c^J|`6G<jcr~qr6Ox
z91^g8e~Gg9k9Mn*n89#m6gk$ErQ6ZQz5%-|GO4b~LO#ZL6JxC5EEbKqKY9c1n83uZ
z9~scz%qh6mRV00;i+QJ&;YOreIvtLUPJ&!YoLTB7c5-xj0^>wiO8o%a!u;*X;$+{0
z65g%V4DpDL*rV$i{6a-jSF}tG%9nbA?dX1dk&mQGTl?v?>N^pQQ<pVOV-o(Jwsom1
zFSd#3E_l-HD#U<80{YcH4tZvS1+$NW+W({b9GOX7p#5v56By%XdPiJxyjf?LV=Qj0
zD2v9n@(c;6y3BZz$eQ;7<7j2=@#_5FK{=eAA#pr?!ovH%8*>mdqM_eHB<UP&;IPyf
z{qrc63HUPznwGrQ@jxzNckig|)4LlVk##*%&&;l250INISTP)((J3Wr`e!dwE>qV*
zO}NvDYqZJwR=5h~;$fH2nq%~H++S%Nmm`H~C|{V;bj}*#5~y?Zx!@uV9L&YIwV;U5
z5a*;>Pk?EY5MZD%u)1IQVN4at1l_R0v=^1|kRKUa^tuTt=r2yG1)nRaFfXFkQcy2|
z=P>avcbg~<Mqc4eUO7h{K4+Ze+u#x2{Uq`opXe{gGbER-u<Y>o7J}CYi$jh%wI1Jn
zbdq5#4TO*ElS1?qca|+pDcj&PCg1ckB*oH9KceBHB()$+qH6i4v7m<mp>7Cz4C{Zb
zHHe(7K|gLUzF-|VC@}KQ9*0s*+CV3Zr>eaw2#XfcRR$p+V7JH<7FRzwwpv)8vYk$v
zzt~b+3hDs&$mp&4Zo<K9W<kF%WHbXq%7hI`7F#;OGm%FUL@Y<dWteSsG>V3+zoMrc
zrIWxvZjfu$JJ5bIE<qb!;&>wJ-NPj#%U3UL)osWl#ldS~Et?avo+hZgbz4Dn#!ban
z^X_s6T3R57g&>k(yGc$)P)Js^`JUEeFB=oKFCFSJqe$5c_vxDjf&18M8lIs0j@e=d
zff9<nE}>s-Rna(mx7F!f<b>5sfcio9H@__ts~&JR)6W*gx*PW7<t`X0qMCF>{?Qk1
z4>tX~gM@{QKpY^xPU-$4#-%Ie4<6t=SQr~OoM&2LwZP3fqE~!@y1+92-nwTKt|vy>
zJIe4^m6_-?pqE?>Y7s9I(88lfZ#L@)uRjSAX_-Am6*&h`x@5q<&Rmew_!yg3c1c2!
zF+zlU5W|cI3$pp<YW(~ozu*88R__LNx-C7!+nr8x>vDc%((#tMil<kKm+RU!2I3+f
z(>Hs;V6iLS-iz<a8lXA>5p<9ry^V&G+mMdx1fG@(-w>s-hOR3azw2}l;im$i`mTVc
zxs*pgIEZWiwB#K+W!!3PnLYa?lU<;qwDsO7BICEZHVb}sFM___UL!N{1pDRH`&DZ%
zsY*3A{OaCnzHVpyOyhCtq;T5V5UuM9qOmPJRx~GZCaU@0?3RU))D=dOxHY1;>70M<
z$gdHf0IzO0MZ3N6Fy7Olk3*zmp^dDDuT81P=^N67CUEdHkJeZn^h_*Yv(Ze^e$-7j
zDDOGi!@%Kt>wJCY5!#a_E@RIbh)<F@|1nKsa&_weljO8;LqJpzQ(pY3BAg*`47C_~
zfSC{jJD!EzR;Fra3Xgj_KcFpZ#=njfTC%uNI&q8Sz(M{~bM(okD63^+Nd#xT{lP+l
z-lE%3tKDvEwC{+{n}1^Dw$C%jopRJ1IBa-i<O#|=^9*Jxp)Rm)>JSdvZ-5Yekv<MJ
zEA46%SKgD^s8;Y9VS<$Q*W&suMhQNms%$x!UWCXO4J2~bUpZ4xtM=(_Wzt@y-X>cG
zG5X&uQo|!B3$8sYy9~CK_(%%5gwk4ICX;@PQHT&@OJH!hXK+{g%SdJ*I*!~)6=`ha
z^AOSN*9tHLY%J`W^!<*8Wnho2HwC$XMP<dC_ttzfsm4;}bsE_Q_7@QG$}yz0NiL>3
zEiAf*x%ih*NI4j<Gz|q76X@#|Wj85FF_quQ(;wl%ipwu`B?I<wAT>x#Ks9?y%dJex
z82X9|5%PY4%ZvgfOvZPwp0iG!c*iF+EfWSmk|N|`X~e&P)HGpiRe6XSu*b?*{nTF0
zym?-fkSE6u5I3M{<DD9iH>gLQ@!~5@`~Q|$9~G_Q3N&p;C;76)OtcYJyu)V%A@6p$
zB><pt@$z7E4lWsZ==-mXvZ!g|(qD;rc6MI6cf~)Pv;LhmfnoMOjRLa2!uo6*S(+-K
zjjY_ywux2q7u`g6vM#qgkbZ_Md<@0{Y0i>a-9(;C`t13^{&7S4LT=hWk8{!nb0+Dt
z#B<z+j3{9al)|Uznbc*JGuJbA`iWQHz*fI#*$67$RTxl@BbharD~F6GG*<atfCge{
zxVo@lgFpUhXu)Sa9=04P(Cm8#8z|f5lQF+{7xQmRKQr05VZl%z4H))%4ev7UJ$>$X
zum}t#NJf>e8SN#v;Ug?aC5wvNpsvrLj{ie<{;wK8O;^R?U@Nby1-hGeRr*eV;eExZ
zq9~7Ev$wbYu#pO9YwtEBgo*dh)L*TQ$3R}Suq^znZwgEwq$=O^C)<R}=^MabJ66fx
zg=^WIW+*v_dvxbTP&8ee7P+}|w+@AADWzz@F4zho@oG&?0jw%6zpmtH^`En~54i%v
zN0D9Fh12YidFJa3{w4os@7wSWRIdbhd6)E0fFmm#p=L4Tv$#83_l!)=n{rQq9ymeD
z@cIolKY@b_30_jLA13JCeE#4Za2-fHg+sc3(>|s>w&zaWYA(+s<*|6Bf`yx3R_vXA
z(#UUokdc)&cJ@{zcnUJLV*Z3kYQFcKm2W<ks8?-F;d4EIx7&v$x$h-fWPu+{oFfU@
zDN)r=hA{v@vv^RxPblA#Wr#4pF+C96AaPtRWJ&5ze;9fan1NTx*i7-sXP}l&rEZ)n
z9GOtQhSM}<BsZ3CYw37Xe%)Xhwris?zh`<N)NRdeNIPmP@z5=~ucxU}O+!sx%bm*p
zg6Ms>S3F*`H-_|+87sJfFf8gO<io~8v(RBu@!oQi%~|)DWd40PUsDSek6SNpd|uA!
zdgAnQE`FQQGLA`rOXo|-LstebNv;kwt5}|t`oKg;0w*<jTx<bN8qj`9=bzgaZY%$|
z$TD>qh?LI|XCC}uTux|$8mIbLI&s4RlcLUFBUEb=f(_h09JQbs+Q=86=~~vxjM)ui
zy6}Qb`_C4V;6BTDy;#4P!RAGKo=cY{DwP*>-_dsk0mqGfUFvU^-L@y;=<{zhx1&0G
zGe<h<Q`PDU37CKeJP3bhweJHR11t7N40UB@O5EZI2TW$a&b#8>WVvq0bLoK`_z>sR
z?p0b;#ld9vtzot{e+=b1>>MFA-Ivb~Ih@|!mBX8tf3)*uSdn48iDp-J`ti}+lYeeq
zd+Yc=E8%uMciGQbxTSID>R#)f|2KgT)GljcXey8{21mD`R*pJfm2OA@?PKthCiSl^
z3&LGtN$q%>wftGTZiCJJ*HT?2{DKhiYx23yCht6zV#R@7l>7Np;E}~_m0Q5Ii!%IG
zi}acux3x2Gvki?2oSkXxNnr5jGXirB;d~0Pt|6AcM?~QDU+7w#9DQT>$Ffl8aGZMW
zM~UOAut|wB3xaYJI`VYBR9*9U9q~WPn+7$G)3?7&u-H`H?mW5e98h|<eJscOHW?MG
z0t6{aCRgqpY{}GarTWCeLs7$UaZv|XdiQ7Mep5b^$ugofZR<f9?l7i!U6z^f4TrmN
z=A+8<Nl=P}9gNEWMF})Y?FtHFgO+69+uM$WdCrI!Kej;2)<)5gpTkfE|4Xb|%G8v!
z{$0eo<9XF(@%V_a{k^*RL$(au5^syoCKARuV<C*Hc1P-}|CKAgVS{N@+beV(+YGs}
ztTtlAKlz1qH-C2q)a8?aWwksJFC=g(?sP1Brg-q~qrTEp6)^Dr$eP4NZh<~%c-=OU
zNnfl2#qgg&+O()o6}e!h+p_y=@Fh3|*Yi={<vD*uz71VsK`F@8(^4+Av=<{Lw#vv7
z|5TavVMsbFO(sBDl<*BiSd2irT<euezZc};e<qY+TpXGH>kpqGL#zo9q@(>*X|V=7
z+mN){D{!X@w6VD4qs!CBon-L+`&U{_gO3a|VMPwE$>ANCJOzWIVY4MzcnYams_)hI
zVra<1Kzqr`aJiyJX<}Ea7y-+daL{7qJCpTn6t(Jf46Rj{L<2(eOtH3ErS88pzd4Jc
zpg#=tRBnyrnc@1HF?MXhfgPGIAXf&Kj>`$If~GV`Izrnr%NXJimcY>h_~8~U7;$@g
zqmoI0IZ?}>1T%y2v9C<un+Tl*2o1_qkS;CC^SFZRSpK=VwPV;fRA%JAjb>=ibSB^B
z7A34SLWpLW58Q`i6!WIH<ys1;DH)}iu_96O#kKNBoaikOWAIs&nWYl*;D<2G7G(IJ
zYWT!<D8+w0E%+H?Q-R!$=Hf5+qm;fVPD9iIn%rf2<v#ZvR6>TImjO69H>*37Y#-cD
z6mOSGln0P6!09>ryWOa>z!|_eFPfwI!DEltS=P<=8RUjQzZmShS>%R_SJDMKsR)5%
zXvXSEEc9~(Kn-5}%0DkSK@HE?x4Okx?WW!#T^5uluz*E2>K;4yD#d}CbP1X^=6kHW
zuX5O{Y9LT0cMzutF<B?o1B?Yz10Iw6saY1g@$b+>0C9yE&abB}w38ACwa#>H^+Zk~
z_~t7A#X+yjhJqU`omI55+;kF<se#E2cj80qGI9-7o^DU?l#8x%%xu)3LVW;f*<v<a
zpXWe)AQ7XfvA)u=Xsh<&sIj(4$0kAn0$djAQagYa1Cz==K@WrA>%A-c)K$J6UFC47
z(P4pX*jTIr5)G4LJU17FRx@DTD~BXHd3t)B?=TMhJb2j#+E7vpKT_{)EL-dLj;W!W
zm`bLOx_;43{pJ=W&K4}MjoW6S3|0>h!qx85$_0IrrNDzxK&nr4FID_(RdC>tKq)vb
zb+8bcO=#$uuw)tBKYimQtUxO!uJlzly##gD(OM+{{)@lULr-{7>=HP%8+ZStz`6)^
z;&WbCw2uS=Xfi?X1Gvac`4ik2dy=!g*VSIY{=ps4aWRh?tgG~DoDIMLbQ+j=S9YXB
zG_Q4W)x-~gx&W+%8GX2B*CyQIpUMfnLmFYBDg9N4FBUxb@Fq+pH7aaKulpTIkg29E
zta(q1Kqmp{o4Vf8fDjUnSg1Fj2IrEu{@zu8+R{Q}6#&HFl^&UybizI~L;DzPMuhfX
zloYA7LYJM{OaPI);tni8%0S)yds}T$=e3GmG!DZCuTUGqq-N|v8-TmZ^brw+y3DmQ
zVpKof`*}5f4K8A!O`H|`k=mbohp;Tri%=Raf}4TajqbL_#U`Q@b-<RpV|tiXV36G$
z3qT=B0I9A#8k<>S@!U_;34-Mnt2qBREV|%(45=4j5#i<-fe%0=Y|?J>>|LN_!={LF
zJmgX5JAJ?ZE*XORN;Ff(RBJ5K-q*vOx&TJtT&_F5LtD@82yyJKC;~tg5|{y+HSKS6
z(&MzdS6&wO397vS{G#rbR&AC)t@auhg^^9W6gG&cX<%^8zb`V%tkM{#1`{KGkK&@A
zl*rBvispnW>40rxGv9Bu-_wax$0*0a`oVts;`L`+Q*y*_wUlX~h2~`yP-5)!_s789
zzNr4{x!;!g>dtEyanO_-n6RKi{%2Y+i^y<WSNQ|ATl#i$j6fEzc8@@U<&nve&Ah1_
z8H2$n(Ij{aHT1E}A~gS||M%RZAEB;zFk8&glV(p=d9ecU((UTW(cJcY+E30Da|U%c
z0^f*G94Ml?8@IGCc?#7TQ{3pmsHqjrv29{)6@Dl8d=?EVVoeu{_1AJ1Tk}{q1(gNZ
z06In~yRVvrCDUYlkP46>2jfi$XENPhd`4<Ws<##vd*5jIDI;?l%-Sv|M1J=sLw8U?
zgtEth<u0}aHr6+<Y3&Ny)utB4RlwmBeJvTF=~rIA-*ae`Tavu!;Uq)N?#wNdKd&s`
z0b5sgf-v4R%%E;4<nSd}hj;t9EoC3$^cpym`llp)Ug2UUV9l`?w<RHrx`vaO8t;Qq
zX`vUFVP5x_lS#Fe<GIG*ZcDTnaJ{I!#10AGU-_0=)Eo(Q?^F9qN!ZiZZ#B7hik=*Y
zaEE}_9B)t6I4rQ+mzn>`FTh6PK!%9tTo>VwYbHC0IUBLlq2Jm7Qnm-P`2tGC-}j_*
z!1gFxe>uLkZhYd6n}LA=<}j4~7+B=v<px)9fNu-*?Lqm=V|wq_pmfmh=l%NtPUKY&
zA<&nP`7iWW-S1vosMyiM8gl|d)Ai{_I%}(N93_KMAf%u#^Ws$3y1Mx5Vz;^Bcj0bE
z4F==-41EPy9hqXIfvyQ;cyYw<|EHpuUG}y_8DTqeQ+8Aje4h>dV}1q$c7unqvYR_t
zKWLj*8sgYA0ZYW~hvB2WNjlG$!6l*O^FWu2mW*G{1}!|Y3$mnW5@{oW6a~LZl&2}K
zIPG=kWUBUEJq(cuG+a<%Sc3xcQ=Ck7|G)VYL$%k%4@l({<nD?9WC%N;Rk&JmNjzJW
zSGrf1sHOojfG&-v58Otm#UdQkd};6)9b{^|l<x2)d6ePALu|5`Bgb{Xl~QWdj&`xM
zbkJtjE3n+~Yx75-!Y>cn`39P78_I`P)rlV9!X&5?6Gd|S((%N+ZsT#qlW_pZ0)nVN
z%mZX~&FIbx?TJ}%7bRN6BYtL#d4FxG#Gy{}Fx2;0lN*}7KX%kkgYK)IZ`XPF+zZHY
zepBH&w2)dPnA@yGQlfs0xMvBkj`DpJaNyflg;pYUMzYnNzXyS?s^qUz^H5=lPAzPo
zuCsFWWUN$;1}Dfv4;iNH$b!ERMv+k9k75MWl}&}$JRIGW1?Hp*^S!4XPjW-pR4A!<
zcF3!Z@<8usfYnX$(>aN;cya`jV9*o-Xs6lt1aYsgo6TZ*$ItUSz_z|S0gto!^i^c#
z5dVo0kKSHTnxTgXk2wH1Xe?qu1&%K*0FME7y^vQt0A}t=9L&U2qH$b+945dG_kyWG
zL0jB;A1JZU9k`g6DJRbVYNs3HB8g3_oN1<oQ0CkwtSQbjB^>sWAlvk64Msv;9RIL{
zHt|B{r$x1Zf2TCsDAi@`<@O`60EF-mylthBHNUyi<X|y)kKMt1=p_Qg4uary+>LI_
zl(aa73)KH0msJnEoe_6VLoq;JCxC^-;-g=<|E2+_aO>tPF9kZCf}j>Bcb*3$ri$(z
zv^em6J+LE$uufAeU)K)`81Mhd7Z;qk0j5l@|H%URLqHxFk9z=m7$dkNOWKbiTYwex
za-c#x<nUl{DgNS6{5XKaH$eyp_c6BLc3V(6O#I7Tl1>oN13D?H%|H@dT?Zcw0K?$z
z3xsR`*LZe2cRr!kj&cen_q9y>ZG@oL+&_>7)U^!E4E+{BEdVa%ucl9s9*+3}@N14w
z>?`H?KD(KyS<j1kK<Fhaz`Enh_Zefp;iCq^K@lJVxJ<roF8!{tZJ?sGw><fIxEIX^
zVH$%Jm?2aUXXk0&W6x@*DQB^4VA&NKh~u~XG_JRm8tDZTzBmrWR>SW-c1-@)N{v8k
z?Z@^4FGnLVa52P;5(siTvd8yb*>hM31x`iM666(MX1tbBKPXbUQb#=e<^Y7c2c}VU
zO-Yh;_KzlD&k49gi1bsPHLwmxIUNQZ*sYe5%lVd74!gy0?l=Xy-IYorG!XtNb)jGK
z4NvJHCTO!k=wuVA^%PTqIFhvCckfs_2*(Tb(0mO(K<r}}Fy8iRMP2v=m>K%ml+3iA
z>`)Qa0|RU}6Fkl<<+ilSIj^80vb2W_$V-0~+b5dU%{>xw3)!na=R8dVIlj*X@BKN#
zXcVKWQutH0q9b1a5+KKp5K?u?usmVaKv$Mn25w71ZvjUPZ9KD9K>8JRiR%QXYkvY7
z6O3cTD!gh;ljc>Q6arJVhc(gn_LN+!7CS}A9spxv`2l!iiHxrkb&<?9_G&me&`bl7
z!hs=Mr5s<+{2HZfQX>3b9!s$T0<N?!TB_A9v(6fLs{4FZMH8e+F`z`{k_JHe>8}Pp
z*(+;Pq`+&vUf*x$V`*GmkI)TTD1hNhg5V0#n-Jjybx+2-oc#IO4m(!hTt0kOZood7
zFJ`;oX`1S`qz4FjkHf)5N;eYV^BAv+g_Ac0v1#exb`9Rr6nUeJ^H23Vk^wf3{$GL#
zy~qKGKDF8K>lur*EgcC7+MJ*eci;XUCO_bwZ$~Z_)GP=pI<QH1*+n{w`5R9;ysvH~
zcN6*bX$bA(6fMu3L;T*oC5dIXuK}v6z_y^uPXJgGG-iEso{}VV2t-)2deShnPRYgf
zs+p!v3-I}@`e<0-Q{L%c+Za#3_B2=415hd&LMcF*n923<{Z}!NHy2PfIwm_S`%(4u
z=mDQ6N%DpiH}L9&Z?`DbUHYcqa4TJ}5qo`?*&(z8OccX{R6xe{rdz|<rDM{L+;1T?
z&e`2Dw8iPX@{&Cjq$UW2jD#gh_Jl7Q@OEui?=eUI2(&XiWdNZ>WlCwGl>^lOD=yA^
zB0M}yYNztuiC2O7AfYM46f-qF`@4gD2cRiY;QSy_+l?2KlZul{sqB@XNnVw{_P}lS
z$XX|IcEtA&Ha>mLa4-*?hYiN_(?BTX?l#Fd^dWNIP-=4+OytE<C25{jGAqyW+)u25
zK{((|5COmYn~?!BVJ&3zCMm|<@iCd^5)DBQsZ`Q5uGSl7H4h6smL7`Dg#}KzO6}o?
zow0A=@ln5yOAv!lq?KCjm}f2)ru^HXNC&-;G%<+4dF}y#M%4ZTp55B!9uKa>TgHA%
z5rbqgr?ZFKPvUq~ywD$0v-5IwV;P`WCz!bGWf;$=FwLXAaa!)Afa5bVK^CG!)j1T0
z6ZxJ5%<jQw*j@wA(*yhkga_YoL{>4qVpZBa?YgJ`p(cwK#UP~Pe>LNZ24a4aW)>oN
zeFWA71>L!8`0Vr{m5s3WE7)UVsV^8%=PJlZDM|Tt2EK@$vf5&A0b`KGfb<6x2W9@F
zhX>eWLcOPx7(EB+yY5*etz_Y&N@!E|K}vfb2oBGF^&<_`$4G6J7<!L`O0d#SHF-Ci
z_9dc|GNRDS0XP=f8J%$G430VtHX&;A;H2)HBJiz0>pyTz1QYQh5usd!6O&RkcnSwm
z@-S_{PJinUB@of-LqLuVz2u<QyF%?wIxJn6I&qsadfb5~Fzh`xB;L_|YVCewZaCO1
zR$l=;s~r{j4h}?x0;jV5QAOpt+Xq4Qs}%I#YrZJCitlYJ<o2}K()X{j?oLzFA#i6d
zH7-My4b;%l>d41Geb$rLo+6XvoqjOZ`^R|gAgw9CV}xlT-cfT-9q&N_-u)M>qAm^q
z52R=q9p__Il(=?QJ|Qt#9&MJ+KqlTNCwfT6^_S$|iBMcKzpg$V&Ep6%6>xq91Xy+|
z%vSq5%2S+qB3)QK(d$5yGfGrYu!eurQ_6JAO?#}U+Kzf;1b)c>`4KuO_G2{3(|+Mr
zPNM%2&NhW+ohFR(O&t2f%Qkte|1h}@>o4WCs~dhoe5R@0`4mW=Rqw$H6txEp0_*5+
z>IZ@dB<`x5n-nY1Zl`&-?XqEBVIluj%O|J2>rc|oudF0+3YeV<BH)$rbPyrI2nHzg
z*L*)Q8hKoFGwzkwI8*00Wx_92l+U!JT!8VsxcM6Hr%6ATeO>9;?DRrBcyzppSrURA
zUEo)ydfjJ_c!T%8-yTiexl^&0ewcD?FkMN<znh#i6lBK}k^8uOqPD%{Es%#RER|+-
z)9&=j>zmq!`}cRc&<&%q3n#T6CV#WUNrlIL93u`BSCZQ-6K54XLloE}s(%R9Y}wek
zGDU#r)#2ysL-Y+8G@^ao_uoH!$e6EzSH4z!Z#?)VnNDbegL&wsE+s`aKsVn=Fyu?)
zVo&|O-Z9;v;au3uUjq9BaA*spi7Chtx%@P{Kj?7fYb=L}o1w%tA4m20wYUULA(wkS
z#Npwcwms4C+oUjXer<q-|F(2?uDLGQy)9b9ETAU=PMvYp@|}@>KNDuuf&5d>?T22*
z?!?|v(i+iO4@*--F-+0U(KQir%+pzT=A1XUFUoM6>D9hm!JDZ$>K;ZPun_=TJT#O6
zcLbbX2X#u=&CP{wwe)m;*>364E3Ofm``b`3B!t9Ch{|Jspd4%3hvT=M;`8pV`?R~{
zRSh#s774fi^-1Fmu%xR1Y#G7v6CzR;&v$mZe);iDiLGep%Li2?^HybmWy_Y<uu<`_
z@TzxqIeD14`n0;7e0(NI=WAUEsr0%%?@&;@886;s!R?Qo$;rQWYOe6}syr^x^R>~i
zE$G{#<~D&4^fD86LXe{!48Ss*L4N))%y)=|pKo4FR1cSGR%4!eJ42<#zapo8yn?t&
z6dVccF?veQ!fKw}v4|sQktMe8=QIW`f0$Euyz{P`yl5Np`I|&<NQjL^6n0LkOxr1r
zQ!cwjX@Bzx5udRx)S@vkj%ys(wf{cGr)Xkz$U5tDeGlj5d!M6k8vcrm_{xj-uz;_$
z{=c99Jqgsm+uA?o^XqX@^X;GDEka(JH@)!IUUtg19(LdtBr78;FDauaDJ!Rc=A5#E
vtg?cPxQvXlj12b|4X{i6e;#nXjd!&7`~N>+AG<vV&jYJ@^-}&ttFZq8LmWW-

literal 0
HcmV?d00001

diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index b5e4bbb3..9636efa0 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -101,7 +101,8 @@ export enum ActionsEnum {
     getApiKey = "getApiKey",
     createOrgDomain = "createOrgDomain",
     deleteOrgDomain = "deleteOrgDomain",
-    restartOrgDomain = "restartOrgDomain"
+    restartOrgDomain = "restartOrgDomain",
+    updateOrgUser = "updateOrgUser"
 }
 
 export async function checkUserActionPermission(
diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index c0b81146..fc1f6ec3 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -213,7 +213,8 @@ export const userOrgs = pgTable("userOrgs", {
     roleId: integer("roleId")
         .notNull()
         .references(() => roles.roleId),
-    isOwner: boolean("isOwner").notNull().default(false)
+    isOwner: boolean("isOwner").notNull().default(false),
+    autoProvisioned: boolean("autoProvisioned").default(false)
 });
 
 export const emailVerificationCodes = pgTable("emailVerificationCodes", {
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index ce32d8a6..2cf24bc2 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -107,7 +107,7 @@ export const resources = sqliteTable("resources", {
     enableProxy: integer("enableProxy", { mode: "boolean" }).default(true),
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
         onDelete: "cascade"
-    }),
+    })
 });
 
 export const targets = sqliteTable("targets", {
@@ -143,8 +143,11 @@ export const exitNodes = sqliteTable("exitNodes", {
     type: text("type").default("gerbil") // gerbil, remoteExitNode
 });
 
-export const siteResources = sqliteTable("siteResources", { // this is for the clients
-    siteResourceId: integer("siteResourceId").primaryKey({ autoIncrement: true }),
+export const siteResources = sqliteTable("siteResources", {
+    // this is for the clients
+    siteResourceId: integer("siteResourceId").primaryKey({
+        autoIncrement: true
+    }),
     siteId: integer("siteId")
         .notNull()
         .references(() => sites.siteId, { onDelete: "cascade" }),
@@ -156,7 +159,7 @@ export const siteResources = sqliteTable("siteResources", { // this is for the c
     proxyPort: integer("proxyPort").notNull(),
     destinationPort: integer("destinationPort").notNull(),
     destinationIp: text("destinationIp").notNull(),
-    enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
+    enabled: integer("enabled", { mode: "boolean" }).notNull().default(true)
 });
 
 export const users = sqliteTable("user", {
@@ -260,7 +263,9 @@ export const clientSites = sqliteTable("clientSites", {
     siteId: integer("siteId")
         .notNull()
         .references(() => sites.siteId, { onDelete: "cascade" }),
-    isRelayed: integer("isRelayed", { mode: "boolean" }).notNull().default(false),
+    isRelayed: integer("isRelayed", { mode: "boolean" })
+        .notNull()
+        .default(false),
     endpoint: text("endpoint")
 });
 
@@ -318,7 +323,10 @@ export const userOrgs = sqliteTable("userOrgs", {
     roleId: integer("roleId")
         .notNull()
         .references(() => roles.roleId),
-    isOwner: integer("isOwner", { mode: "boolean" }).notNull().default(false)
+    isOwner: integer("isOwner", { mode: "boolean" }).notNull().default(false),
+    autoProvisioned: integer("autoProvisioned", {
+        mode: "boolean"
+    }).default(false)
 });
 
 export const emailVerificationCodes = sqliteTable("emailVerificationCodes", {
diff --git a/server/routers/external.ts b/server/routers/external.ts
index ce44bd8a..6d00eb3c 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -582,6 +582,14 @@ authenticated.put(
     user.createOrgUser
 );
 
+authenticated.post(
+    "/org/:orgId/user/:userId",
+    verifyOrgAccess,
+    verifyUserAccess,
+    verifyUserHasAction(ActionsEnum.updateOrgUser),
+    user.updateOrgUser
+);
+
 authenticated.get("/org/:orgId/user/:userId", verifyOrgAccess, user.getOrgUser);
 
 authenticated.post(
diff --git a/server/routers/idp/listIdps.ts b/server/routers/idp/listIdps.ts
index 2a0e5809..c9e2c271 100644
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -1,11 +1,11 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db } from "@server/db";
+import { db, idpOidcConfig } from "@server/db";
 import { domains, idp, orgDomains, users, idpOrg } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
-import { sql } from "drizzle-orm";
+import { eq, sql } from "drizzle-orm";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
@@ -33,10 +33,13 @@ async function query(limit: number, offset: number) {
             idpId: idp.idpId,
             name: idp.name,
             type: idp.type,
-            orgCount: sql<number>`count(${idpOrg.orgId})`
+            variant: idpOidcConfig.variant,
+            orgCount: sql<number>`count(${idpOrg.orgId})`,
+            autoProvision: idp.autoProvision
         })
         .from(idp)
         .leftJoin(idpOrg, sql`${idp.idpId} = ${idpOrg.idpId}`)
+        .leftJoin(idpOidcConfig, eq(idp.idpId, idpOidcConfig.idpId))
         .groupBy(idp.idpId)
         .limit(limit)
         .offset(offset);
@@ -44,12 +47,7 @@ async function query(limit: number, offset: number) {
 }
 
 export type ListIdpsResponse = {
-    idps: Array<{
-        idpId: number;
-        name: string;
-        type: string;
-        orgCount: number;
-    }>;
+    idps: Awaited<ReturnType<typeof query>>;
     pagination: {
         total: number;
         limit: number;
diff --git a/server/routers/integration.ts b/server/routers/integration.ts
index 79453732..69bdbb42 100644
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -24,7 +24,8 @@ import {
     verifyApiKeyIsRoot,
     verifyApiKeyClientAccess,
     verifyClientsEnabled,
-    verifyApiKeySiteResourceAccess
+    verifyApiKeySiteResourceAccess,
+    verifyOrgAccess
 } from "@server/middlewares";
 import HttpCode from "@server/types/HttpCode";
 import { Router } from "express";
@@ -469,6 +470,21 @@ authenticated.get(
     user.listUsers
 );
 
+authenticated.put(
+    "/org/:orgId/user",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyHasAction(ActionsEnum.createOrgUser),
+    user.createOrgUser
+);
+
+authenticated.post(
+    "/org/:orgId/user/:userId",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyUserAccess,
+    verifyApiKeyHasAction(ActionsEnum.updateOrgUser),
+    user.updateOrgUser
+);
+
 authenticated.delete(
     "/org/:orgId/user/:userId",
     verifyApiKeyOrgAccess,
diff --git a/server/routers/user/createOrgUser.ts b/server/routers/user/createOrgUser.ts
index 5193e8fa..5b11c923 100644
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -84,7 +84,14 @@ export async function createOrgUser(
         }
 
         const { orgId } = parsedParams.data;
-        const { username, email, name, type, idpId, roleId } = parsedBody.data;
+        const {
+            username,
+            email,
+            name,
+            type,
+            idpId,
+            roleId
+        } = parsedBody.data;
 
         const [role] = await db
             .select()
@@ -173,7 +180,8 @@ export async function createOrgUser(
                         .values({
                             orgId,
                             userId: existingUser.userId,
-                            roleId: role.roleId
+                            roleId: role.roleId,
+                            autoProvisioned: false
                         })
                         .returning();
                 } else {
@@ -189,7 +197,7 @@ export async function createOrgUser(
                             type: "oidc",
                             idpId,
                             dateCreated: new Date().toISOString(),
-                            emailVerified: true
+                            emailVerified: true,
                         })
                         .returning();
 
@@ -198,7 +206,8 @@ export async function createOrgUser(
                         .values({
                             orgId,
                             userId: newUser.userId,
-                            roleId: role.roleId
+                            roleId: role.roleId,
+                            autoProvisioned: false
                         })
                         .returning();
                 }
@@ -209,7 +218,6 @@ export async function createOrgUser(
                     .from(userOrgs)
                     .where(eq(userOrgs.orgId, orgId));
             });
-
         } else {
             return next(
                 createHttpError(HttpCode.BAD_REQUEST, "User type is required")
diff --git a/server/routers/user/getOrgUser.ts b/server/routers/user/getOrgUser.ts
index 38cd70a6..bdec2d12 100644
--- a/server/routers/user/getOrgUser.ts
+++ b/server/routers/user/getOrgUser.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db } from "@server/db";
+import { db, idp, idpOidcConfig } from "@server/db";
 import { roles, userOrgs, users } from "@server/db";
 import { and, eq, sql } from "drizzle-orm";
 import response from "@server/lib/response";
@@ -25,10 +25,18 @@ async function queryUser(orgId: string, userId: string) {
             isOwner: userOrgs.isOwner,
             isAdmin: roles.isAdmin,
             twoFactorEnabled: users.twoFactorEnabled,
+            autoProvisioned: userOrgs.autoProvisioned,
+            idpId: users.idpId,
+            idpName: idp.name,
+            idpType: idp.type,
+            idpVariant: idpOidcConfig.variant,
+            idpAutoProvision: idp.autoProvision
         })
         .from(userOrgs)
         .leftJoin(roles, eq(userOrgs.roleId, roles.roleId))
         .leftJoin(users, eq(userOrgs.userId, users.userId))
+        .leftJoin(idp, eq(users.idpId, idp.idpId))
+        .leftJoin(idpOidcConfig, eq(idp.idpId, idpOidcConfig.idpId))
         .where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId)))
         .limit(1);
     if (typeof user.roles === "string") {
diff --git a/server/routers/user/index.ts b/server/routers/user/index.ts
index 4c5dbf86..a54ce681 100644
--- a/server/routers/user/index.ts
+++ b/server/routers/user/index.ts
@@ -14,3 +14,4 @@ export * from "./removeInvitation";
 export * from "./createOrgUser";
 export * from "./adminUpdateUser2FA";
 export * from "./adminGetUser";
+export * from "./updateOrgUser";
diff --git a/server/routers/user/listUsers.ts b/server/routers/user/listUsers.ts
index edcc5dce..0535a79d 100644
--- a/server/routers/user/listUsers.ts
+++ b/server/routers/user/listUsers.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db } from "@server/db";
+import { db, idpOidcConfig } from "@server/db";
 import { idp, roles, userOrgs, users } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -61,12 +61,15 @@ async function queryUsers(orgId: string, limit: number, offset: number) {
             isOwner: userOrgs.isOwner,
             idpName: idp.name,
             idpId: users.idpId,
+            idpType: idp.type,
+            idpVariant: idpOidcConfig.variant,
             twoFactorEnabled: users.twoFactorEnabled,
         })
         .from(users)
         .leftJoin(userOrgs, eq(users.userId, userOrgs.userId))
         .leftJoin(roles, eq(userOrgs.roleId, roles.roleId))
         .leftJoin(idp, eq(users.idpId, idp.idpId))
+        .leftJoin(idpOidcConfig, eq(idpOidcConfig.idpId, idp.idpId))
         .where(eq(userOrgs.orgId, orgId))
         .groupBy(users.userId)
         .limit(limit)
diff --git a/server/routers/user/updateOrgUser.ts b/server/routers/user/updateOrgUser.ts
new file mode 100644
index 00000000..fb00b59f
--- /dev/null
+++ b/server/routers/user/updateOrgUser.ts
@@ -0,0 +1,112 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, userOrgs } from "@server/db";
+import { and, eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const paramsSchema = z
+    .object({
+        userId: z.string(),
+        orgId: z.string()
+    })
+    .strict();
+
+const bodySchema = z
+    .object({
+        autoProvisioned: z.boolean().optional()
+    })
+    .strict()
+    .refine((data) => Object.keys(data).length > 0, {
+        message: "At least one field must be provided for update"
+    });
+
+registry.registerPath({
+    method: "post",
+    path: "/org/{orgId}/user/{userId}",
+    description: "Update a user in an org.",
+    tags: [OpenAPITags.Org, OpenAPITags.User],
+    request: {
+        params: paramsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: bodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function updateOrgUser(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const parsedBody = bodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { userId, orgId } = parsedParams.data;
+
+        const [existingUser] = await db
+            .select()
+            .from(userOrgs)
+            .where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId)))
+            .limit(1);
+
+        if (!existingUser) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    "User not found in this organization"
+                )
+            );
+        }
+
+        const updateData = parsedBody.data;
+
+        const [updatedUser] = await db
+            .update(userOrgs)
+            .set({
+                ...updateData
+            })
+            .where(and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId)))
+            .returning();
+
+        return response(res, {
+            data: updatedUser,
+            success: true,
+            error: false,
+            message: "Org user updated successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx b/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx
index c56c45cc..30c55053 100644
--- a/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx
+++ b/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx
@@ -8,6 +8,7 @@ import {
     FormLabel,
     FormMessage
 } from "@app/components/ui/form";
+import { Checkbox } from "@app/components/ui/checkbox";
 import { toast } from "@app/hooks/useToast";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { SetUserRolesResponse } from "@server/routers/user";
@@ -34,6 +35,8 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { Tag, TagInput } from "@app/components/tags/tag-input";
 import { useTranslations } from "next-intl";
+import IdpTypeBadge from "@app/components/IdpTypeBadge";
+import { UserType } from "@server/types/UserTypes";
 
 export default function AccessControlsPage() {
     const { orgUser: user } = userOrgUserContext();
@@ -61,14 +64,16 @@ export default function AccessControlsPage() {
                     text: z.string()
                 })
             )
-            .min(1, { message: t('accessRoleSelectPlease') })
+            .min(1, { message: t('accessRoleSelectPlease') }),
+        autoProvisioned: z.boolean()
     });
 
     const form = useForm<z.infer<typeof formSchema>>({
         resolver: zodResolver(formSchema),
         defaultValues: {
             username: user.username!,
-            roles: []
+            roles: [],
+            autoProvisioned: user.autoProvisioned || false
         }
     });
 
@@ -107,31 +112,38 @@ export default function AccessControlsPage() {
                 text: i.name
             }))
         );
+        form.setValue("autoProvisioned", user.autoProvisioned || false);
     }, []);
 
     async function onSubmit(values: z.infer<typeof formSchema>) {
         setLoading(true);
 
-        const res = await api
-            .post<
-                AxiosResponse<SetUserRolesResponse>
-            >(`/org/${user.orgId}/user/${user.userId}/roles`, { roleIds: values.roles.map((r) => parseInt(r.id)) })
-            .catch((e) => {
-                toast({
-                    variant: "destructive",
-                    title: t('accessRoleErrorAdd'),
-                    description: formatAxiosError(
-                        e,
-                        t('accessRoleErrorAddDescription')
-                    )
-                });
-            });
+        try {
+            // Execute both API calls simultaneously
+            const [roleRes, userRes] = await Promise.all([
+                api.post<AxiosResponse<SetUserRolesResponse>>(`/org/${user.orgId}/user/${user.userId}/roles`, {
+                    roleIds: values.roles.map((r) => parseInt(r.id)) }
+                ),
+                api.post(`/org/${orgId}/user/${user.userId}`, {
+                    autoProvisioned: values.autoProvisioned
+                })
+            ]);
 
-        if (res && res.status === 200) {
+            if (roleRes.status === 200 && userRes.status === 200) {
+                toast({
+                    variant: "default",
+                    title: t('userSaved'),
+                    description: t('userSavedDescription')
+                });
+            }
+        } catch (e) {
             toast({
-                variant: "default",
-                title: t('userSaved'),
-                description: t('userSavedDescription')
+                variant: "destructive",
+                title: t('accessRoleErrorAdd'),
+                description: formatAxiosError(
+                    e,
+                    t('accessRoleErrorAddDescription')
+                )
             });
         }
 
@@ -156,12 +168,26 @@ export default function AccessControlsPage() {
                                 className="space-y-4"
                                 id="access-controls-form"
                             >
+                                {/* IDP Type Display */}
+                                {user.type !== UserType.Internal && user.idpType && (
+                                    <div className="flex items-center space-x-2 mb-4">
+                                        <span className="text-sm font-medium text-muted-foreground">
+                                            {t("idp")}:
+                                        </span>
+                                        <IdpTypeBadge
+                                            type={user.idpType}
+                                            variant={user.idpVariant || undefined}
+                                            name={user.idpName || undefined}
+                                        />
+                                    </div>
+                                )}
+
                                 <FormField
                                     control={form.control}
                                     name="roles"
                                     render={({ field }) => (
                                         <FormItem className="flex flex-col items-start">
-                                            <FormLabel>Roles</FormLabel>
+                                            <FormLabel>{t('roles')}</FormLabel>
                                             <FormControl>
                                                 <TagInput
                                                     {...field}
@@ -184,6 +210,10 @@ export default function AccessControlsPage() {
                                                                 ...Tag[]
                                                             ]
                                                         );
+                                                        // If auto provision is enabled, set it to false when role changes
+                                                        if (user.idpAutoProvision) {
+                                                            form.setValue("autoProvisioned", false);
+                                                        }
                                                     }}
                                                     enableAutocomplete={true}
                                                     autocompleteOptions={
@@ -200,6 +230,31 @@ export default function AccessControlsPage() {
                                         </FormItem>
                                     )}
                                 />
+
+                                {user.idpAutoProvision && (
+                                <FormField
+                                    control={form.control}
+                                    name="autoProvisioned"
+                                    render={({ field }) => (
+                                        <FormItem className="flex flex-row items-start space-x-3 space-y-0">
+                                            <FormControl>
+                                                <Checkbox
+                                                    checked={field.value}
+                                                    onCheckedChange={field.onChange}
+                                                />
+                                            </FormControl>
+                                            <div className="space-y-1 leading-none">
+                                                <FormLabel>
+                                                    {t('autoProvisioned')}
+                                                </FormLabel>
+                                                <p className="text-sm text-muted-foreground">
+                                                    {t('autoProvisionedDescription')}
+                                                </p>
+                                            </div>
+                                        </FormItem>
+                                    )}
+                                />
+                                )}
                             </form>
                         </Form>
                     </SettingsSectionForm>
diff --git a/src/app/[orgId]/settings/access/users/create/page.tsx b/src/app/[orgId]/settings/access/users/create/page.tsx
index 6ae00b61..bd50a883 100644
--- a/src/app/[orgId]/settings/access/users/create/page.tsx
+++ b/src/app/[orgId]/settings/access/users/create/page.tsx
@@ -46,6 +46,7 @@ import { Checkbox } from "@app/components/ui/checkbox";
 import { ListIdpsResponse } from "@server/routers/idp";
 import { useTranslations } from "next-intl";
 import { build } from "@server/build";
+import Image from "next/image";
 
 type UserType = "internal" | "oidc";
 
@@ -53,6 +54,17 @@ interface IdpOption {
     idpId: number;
     name: string;
     type: string;
+    variant: string | null;
+}
+
+interface UserOption {
+    id: string;
+    title: string;
+    description: string;
+    disabled: boolean;
+    icon?: React.ReactNode;
+    idpId?: number;
+    variant?: string | null;
 }
 
 export default function Page() {
@@ -62,14 +74,14 @@ export default function Page() {
     const api = createApiClient({ env });
     const t = useTranslations();
 
-    const [userType, setUserType] = useState<UserType | null>("internal");
+    const [selectedOption, setSelectedOption] = useState<string | null>("internal");
     const [inviteLink, setInviteLink] = useState<string | null>(null);
     const [loading, setLoading] = useState(false);
     const [expiresInDays, setExpiresInDays] = useState(1);
     const [roles, setRoles] = useState<{ roleId: number; name: string }[]>([]);
     const [idps, setIdps] = useState<IdpOption[]>([]);
     const [sendEmail, setSendEmail] = useState(env.email.emailEnabled);
-    const [selectedIdp, setSelectedIdp] = useState<IdpOption | null>(null);
+    const [userOptions, setUserOptions] = useState<UserOption[]>([]);
     const [dataLoaded, setDataLoaded] = useState(false);
 
     const internalFormSchema = z.object({
@@ -80,7 +92,13 @@ export default function Page() {
         roleId: z.string().min(1, { message: t("accessRoleSelectPlease") })
     });
 
-    const externalFormSchema = z.object({
+    const googleAzureFormSchema = z.object({
+        email: z.string().email({ message: t("emailInvalid") }),
+        name: z.string().optional(),
+        roleId: z.string().min(1, { message: t("accessRoleSelectPlease") })
+    });
+
+    const genericOidcFormSchema = z.object({
         username: z.string().min(1, { message: t("usernameRequired") }),
         email: z
             .string()
@@ -96,11 +114,44 @@ export default function Page() {
         switch (type.toLowerCase()) {
             case "oidc":
                 return t("idpGenericOidc");
+            case "google":
+                return t("idpGoogleDescription");
+            case "azure":
+                return t("idpAzureDescription");
             default:
                 return type;
         }
     };
 
+    const getIdpIcon = (variant: string | null) => {
+        if (!variant) return null;
+        
+        switch (variant.toLowerCase()) {
+            case "google":
+                return (
+                    <Image
+                        src="/idp/google.png"
+                        alt={t("idpGoogleAlt")}
+                        width={24}
+                        height={24}
+                        className="rounded"
+                    />
+                );
+            case "azure":
+                return (
+                    <Image
+                        src="/idp/azure.png"
+                        alt={t("idpAzureAlt")}
+                        width={24}
+                        height={24}
+                        className="rounded"
+                    />
+                );
+            default:
+                return null;
+        }
+    };
+
     const validFor = [
         { hours: 24, name: t("day", { count: 1 }) },
         { hours: 48, name: t("day", { count: 2 }) },
@@ -120,8 +171,17 @@ export default function Page() {
         }
     });
 
-    const externalForm = useForm<z.infer<typeof externalFormSchema>>({
-        resolver: zodResolver(externalFormSchema),
+    const googleAzureForm = useForm<z.infer<typeof googleAzureFormSchema>>({
+        resolver: zodResolver(googleAzureFormSchema),
+        defaultValues: {
+            email: "",
+            name: "",
+            roleId: ""
+        }
+    });
+
+    const genericOidcForm = useForm<z.infer<typeof genericOidcFormSchema>>({
+        resolver: zodResolver(genericOidcFormSchema),
         defaultValues: {
             username: "",
             email: "",
@@ -132,33 +192,19 @@ export default function Page() {
     });
 
     useEffect(() => {
-        if (userType === "internal") {
+        if (selectedOption === "internal") {
             setSendEmail(env.email.emailEnabled);
             internalForm.reset();
             setInviteLink(null);
             setExpiresInDays(1);
-        } else if (userType === "oidc") {
-            externalForm.reset();
+        } else if (selectedOption && selectedOption !== "internal") {
+            googleAzureForm.reset();
+            genericOidcForm.reset();
         }
-    }, [userType, env.email.emailEnabled, internalForm, externalForm]);
-
-    const [userTypes, setUserTypes] = useState<StrategyOption<string>[]>([
-        {
-            id: "internal",
-            title: t("userTypeInternal"),
-            description: t("userTypeInternalDescription"),
-            disabled: false
-        },
-        {
-            id: "oidc",
-            title: t("userTypeExternal"),
-            description: t("userTypeExternalDescription"),
-            disabled: true
-        }
-    ]);
+    }, [selectedOption, env.email.emailEnabled, internalForm, googleAzureForm, genericOidcForm]);
 
     useEffect(() => {
-        if (!userType) {
+        if (!selectedOption) {
             return;
         }
 
@@ -199,20 +245,6 @@ export default function Page() {
 
             if (res?.status === 200) {
                 setIdps(res.data.data.idps);
-
-                if (res.data.data.idps.length) {
-                    setUserTypes((prev) =>
-                        prev.map((type) => {
-                            if (type.id === "oidc") {
-                                return {
-                                    ...type,
-                                    disabled: false
-                                };
-                            }
-                            return type;
-                        })
-                    );
-                }
             }
         }
 
@@ -226,6 +258,33 @@ export default function Page() {
         fetchInitialData();
     }, []);
 
+    // Build user options when IDPs are loaded
+    useEffect(() => {
+        const options: UserOption[] = [
+            {
+                id: "internal",
+                title: t("userTypeInternal"),
+                description: t("userTypeInternalDescription"),
+                disabled: false
+            }
+        ];
+
+        // Add IDP options
+        idps.forEach((idp) => {
+            options.push({
+                id: `idp-${idp.idpId}`,
+                title: idp.name,
+                description: formatIdpType(idp.variant || idp.type),
+                disabled: false,
+                icon: getIdpIcon(idp.variant),
+                idpId: idp.idpId,
+                variant: idp.variant
+            });
+        });
+
+        setUserOptions(options);
+    }, [idps, t]);
+
     async function onSubmitInternal(
         values: z.infer<typeof internalFormSchema>
     ) {
@@ -274,9 +333,52 @@ export default function Page() {
         setLoading(false);
     }
 
-    async function onSubmitExternal(
-        values: z.infer<typeof externalFormSchema>
+    async function onSubmitGoogleAzure(
+        values: z.infer<typeof googleAzureFormSchema>
     ) {
+        const selectedUserOption = userOptions.find(opt => opt.id === selectedOption);
+        if (!selectedUserOption?.idpId) return;
+        
+        setLoading(true);
+
+        const res = await api
+            .put(`/org/${orgId}/user`, {
+                username: values.email, // Use email as username for Google/Azure
+                email: values.email,
+                name: values.name,
+                type: "oidc",
+                idpId: selectedUserOption.idpId,
+                roleId: parseInt(values.roleId)
+            })
+            .catch((e) => {
+                toast({
+                    variant: "destructive",
+                    title: t("userErrorCreate"),
+                    description: formatAxiosError(
+                        e,
+                        t("userErrorCreateDescription")
+                    )
+                });
+            });
+
+        if (res && res.status === 201) {
+            toast({
+                variant: "default",
+                title: t("userCreated"),
+                description: t("userCreatedDescription")
+            });
+            router.push(`/${orgId}/settings/access/users`);
+        }
+
+        setLoading(false);
+    }
+
+    async function onSubmitGenericOidc(
+        values: z.infer<typeof genericOidcFormSchema>
+    ) {
+        const selectedUserOption = userOptions.find(opt => opt.id === selectedOption);
+        if (!selectedUserOption?.idpId) return;
+        
         setLoading(true);
 
         const res = await api
@@ -285,7 +387,7 @@ export default function Page() {
                 email: values.email,
                 name: values.name,
                 type: "oidc",
-                idpId: parseInt(values.idpId),
+                idpId: selectedUserOption.idpId,
                 roleId: parseInt(values.roleId)
             })
             .catch((e) => {
@@ -330,7 +432,7 @@ export default function Page() {
 
             <div>
                 <SettingsContainer>
-                    {!inviteLink && build !== "saas" ? (
+                    {!inviteLink && build !== "saas" && dataLoaded ? (
                         <SettingsSection>
                             <SettingsSectionHeader>
                                 <SettingsSectionTitle>
@@ -342,15 +444,15 @@ export default function Page() {
                             </SettingsSectionHeader>
                             <SettingsSectionBody>
                                 <StrategySelect
-                                    options={userTypes}
-                                    defaultValue={userType || undefined}
+                                    options={userOptions}
+                                    defaultValue={selectedOption || undefined}
                                     onChange={(value) => {
-                                        setUserType(value as UserType);
+                                        setSelectedOption(value);
                                         if (value === "internal") {
                                             internalForm.reset();
-                                        } else if (value === "oidc") {
-                                            externalForm.reset();
-                                            setSelectedIdp(null);
+                                        } else {
+                                            googleAzureForm.reset();
+                                            genericOidcForm.reset();
                                         }
                                     }}
                                     cols={2}
@@ -359,7 +461,7 @@ export default function Page() {
                         </SettingsSection>
                     ) : null}
 
-                    {userType === "internal" && dataLoaded && (
+                    {selectedOption === "internal" && dataLoaded && (
                         <>
                             {!inviteLink ? (
                                 <SettingsSection>
@@ -564,71 +666,7 @@ export default function Page() {
                         </>
                     )}
 
-                    {userType !== "internal" && dataLoaded && (
-                        <>
-                            <SettingsSection>
-                                <SettingsSectionHeader>
-                                    <SettingsSectionTitle>
-                                        {t("idpTitle")}
-                                    </SettingsSectionTitle>
-                                    <SettingsSectionDescription>
-                                        {t("idpSelect")}
-                                    </SettingsSectionDescription>
-                                </SettingsSectionHeader>
-                                <SettingsSectionBody>
-                                    {idps.length === 0 ? (
-                                        <p className="text-muted-foreground">
-                                            {t("idpNotConfigured")}
-                                        </p>
-                                    ) : (
-                                        <Form {...externalForm}>
-                                            <FormField
-                                                control={externalForm.control}
-                                                name="idpId"
-                                                render={({ field }) => (
-                                                    <FormItem>
-                                                        <StrategySelect
-                                                            options={idps.map(
-                                                                (idp) => ({
-                                                                    id: idp.idpId.toString(),
-                                                                    title: idp.name,
-                                                                    description:
-                                                                        formatIdpType(
-                                                                            idp.type
-                                                                        )
-                                                                })
-                                                            )}
-                                                            defaultValue={
-                                                                field.value
-                                                            }
-                                                            onChange={(
-                                                                value
-                                                            ) => {
-                                                                field.onChange(
-                                                                    value
-                                                                );
-                                                                const idp =
-                                                                    idps.find(
-                                                                        (idp) =>
-                                                                            idp.idpId.toString() ===
-                                                                            value
-                                                                    );
-                                                                setSelectedIdp(
-                                                                    idp || null
-                                                                );
-                                                            }}
-                                                            cols={2}
-                                                        />
-                                                        <FormMessage />
-                                                    </FormItem>
-                                                )}
-                                            />
-                                        </Form>
-                                    )}
-                                </SettingsSectionBody>
-                            </SettingsSection>
-
-                            {idps.length > 0 && (
+                    {selectedOption && selectedOption !== "internal" && dataLoaded && (
                                 <SettingsSection>
                                     <SettingsSectionHeader>
                                         <SettingsSectionTitle>
@@ -640,144 +678,206 @@ export default function Page() {
                                     </SettingsSectionHeader>
                                     <SettingsSectionBody>
                                         <SettingsSectionForm>
-                                            <Form {...externalForm}>
-                                                <form
-                                                    onSubmit={externalForm.handleSubmit(
-                                                        onSubmitExternal
-                                                    )}
-                                                    className="space-y-4"
-                                                    id="create-user-form"
-                                                >
-                                                    <FormField
-                                                        control={
-                                                            externalForm.control
-                                                        }
-                                                        name="username"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <FormLabel>
-                                                                    {t(
-                                                                        "username"
-                                                                    )}
-                                                                </FormLabel>
-                                                                <FormControl>
-                                                                    <Input
-                                                                        {...field}
-                                                                    />
-                                                                </FormControl>
-                                                                <p className="text-sm text-muted-foreground mt-1">
-                                                                    {t(
-                                                                        "usernameUniq"
-                                                                    )}
-                                                                </p>
-                                                                <FormMessage />
-                                                            </FormItem>
+                                            {/* Google/Azure Form */}
+                                            {(() => {
+                                                const selectedUserOption = userOptions.find(opt => opt.id === selectedOption);
+                                                return selectedUserOption?.variant === "google" || selectedUserOption?.variant === "azure";
+                                            })() && (
+                                                <Form {...googleAzureForm}>
+                                                    <form
+                                                        onSubmit={googleAzureForm.handleSubmit(
+                                                            onSubmitGoogleAzure
                                                         )}
-                                                    />
-
-                                                    <FormField
-                                                        control={
-                                                            externalForm.control
-                                                        }
-                                                        name="email"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <FormLabel>
-                                                                    {t(
-                                                                        "emailOptional"
-                                                                    )}
-                                                                </FormLabel>
-                                                                <FormControl>
-                                                                    <Input
-                                                                        {...field}
-                                                                    />
-                                                                </FormControl>
-                                                                <FormMessage />
-                                                            </FormItem>
-                                                        )}
-                                                    />
-
-                                                    <FormField
-                                                        control={
-                                                            externalForm.control
-                                                        }
-                                                        name="name"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <FormLabel>
-                                                                    {t(
-                                                                        "nameOptional"
-                                                                    )}
-                                                                </FormLabel>
-                                                                <FormControl>
-                                                                    <Input
-                                                                        {...field}
-                                                                    />
-                                                                </FormControl>
-                                                                <FormMessage />
-                                                            </FormItem>
-                                                        )}
-                                                    />
-
-                                                    <FormField
-                                                        control={
-                                                            externalForm.control
-                                                        }
-                                                        name="roleId"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <FormLabel>
-                                                                    {t("role")}
-                                                                </FormLabel>
-                                                                <Select
-                                                                    onValueChange={
-                                                                        field.onChange
-                                                                    }
-                                                                >
+                                                        className="space-y-4"
+                                                        id="create-user-form"
+                                                    >
+                                                        <FormField
+                                                            control={googleAzureForm.control}
+                                                            name="email"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("email")}
+                                                                    </FormLabel>
                                                                     <FormControl>
-                                                                        <SelectTrigger className="w-full">
-                                                                            <SelectValue
-                                                                                placeholder={t(
-                                                                                    "accessRoleSelect"
-                                                                                )}
-                                                                            />
-                                                                        </SelectTrigger>
+                                                                        <Input
+                                                                            {...field}
+                                                                        />
                                                                     </FormControl>
-                                                                    <SelectContent>
-                                                                        {roles.map(
-                                                                            (
-                                                                                role
-                                                                            ) => (
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+
+                                                        <FormField
+                                                            control={googleAzureForm.control}
+                                                            name="name"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("nameOptional")}
+                                                                    </FormLabel>
+                                                                    <FormControl>
+                                                                        <Input
+                                                                            {...field}
+                                                                        />
+                                                                    </FormControl>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+
+                                                        <FormField
+                                                            control={googleAzureForm.control}
+                                                            name="roleId"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("role")}
+                                                                    </FormLabel>
+                                                                    <Select
+                                                                        onValueChange={field.onChange}
+                                                                    >
+                                                                        <FormControl>
+                                                                            <SelectTrigger className="w-full">
+                                                                                <SelectValue
+                                                                                    placeholder={t("accessRoleSelect")}
+                                                                                />
+                                                                            </SelectTrigger>
+                                                                        </FormControl>
+                                                                        <SelectContent>
+                                                                            {roles.map((role) => (
                                                                                 <SelectItem
-                                                                                    key={
-                                                                                        role.roleId
-                                                                                    }
+                                                                                    key={role.roleId}
                                                                                     value={role.roleId.toString()}
                                                                                 >
-                                                                                    {
-                                                                                        role.name
-                                                                                    }
+                                                                                    {role.name}
                                                                                 </SelectItem>
-                                                                            )
-                                                                        )}
-                                                                    </SelectContent>
-                                                                </Select>
-                                                                <FormMessage />
-                                                            </FormItem>
+                                                                            ))}
+                                                                        </SelectContent>
+                                                                    </Select>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+                                                    </form>
+                                                </Form>
+                                            )}
+
+                                            {/* Generic OIDC Form */}
+                                            {(() => {
+                                                const selectedUserOption = userOptions.find(opt => opt.id === selectedOption);
+                                                return selectedUserOption?.variant !== "google" && selectedUserOption?.variant !== "azure";
+                                            })() && (
+                                                <Form {...genericOidcForm}>
+                                                    <form
+                                                        onSubmit={genericOidcForm.handleSubmit(
+                                                            onSubmitGenericOidc
                                                         )}
-                                                    />
-                                                </form>
-                                            </Form>
+                                                        className="space-y-4"
+                                                        id="create-user-form"
+                                                    >
+                                                        <FormField
+                                                            control={genericOidcForm.control}
+                                                            name="username"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("username")}
+                                                                    </FormLabel>
+                                                                    <FormControl>
+                                                                        <Input
+                                                                            {...field}
+                                                                        />
+                                                                    </FormControl>
+                                                                    <p className="text-sm text-muted-foreground mt-1">
+                                                                        {t("usernameUniq")}
+                                                                    </p>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+
+                                                        <FormField
+                                                            control={genericOidcForm.control}
+                                                            name="email"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("emailOptional")}
+                                                                    </FormLabel>
+                                                                    <FormControl>
+                                                                        <Input
+                                                                            {...field}
+                                                                        />
+                                                                    </FormControl>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+
+                                                        <FormField
+                                                            control={genericOidcForm.control}
+                                                            name="name"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("nameOptional")}
+                                                                    </FormLabel>
+                                                                    <FormControl>
+                                                                        <Input
+                                                                            {...field}
+                                                                        />
+                                                                    </FormControl>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+
+                                                        <FormField
+                                                            control={genericOidcForm.control}
+                                                            name="roleId"
+                                                            render={({ field }) => (
+                                                                <FormItem>
+                                                                    <FormLabel>
+                                                                        {t("role")}
+                                                                    </FormLabel>
+                                                                    <Select
+                                                                        onValueChange={field.onChange}
+                                                                    >
+                                                                        <FormControl>
+                                                                            <SelectTrigger className="w-full">
+                                                                                <SelectValue
+                                                                                    placeholder={t("accessRoleSelect")}
+                                                                                />
+                                                                            </SelectTrigger>
+                                                                        </FormControl>
+                                                                        <SelectContent>
+                                                                            {roles.map((role) => (
+                                                                                <SelectItem
+                                                                                    key={role.roleId}
+                                                                                    value={role.roleId.toString()}
+                                                                                >
+                                                                                    {role.name}
+                                                                                </SelectItem>
+                                                                            ))}
+                                                                        </SelectContent>
+                                                                    </Select>
+                                                                    <FormMessage />
+                                                                </FormItem>
+                                                            )}
+                                                        />
+                                                    </form>
+                                                </Form>
+                                            )}
                                         </SettingsSectionForm>
                                     </SettingsSectionBody>
                                 </SettingsSection>
-                            )}
-                        </>
                     )}
                 </SettingsContainer>
 
                 <div className="flex justify-end space-x-2 mt-8">
-                    {userType && dataLoaded && (
+                    {selectedOption && dataLoaded && (
                         <Button
                             type={inviteLink ? "button" : "submit"}
                             form={inviteLink ? undefined : "create-user-form"}
diff --git a/src/app/[orgId]/settings/access/users/page.tsx b/src/app/[orgId]/settings/access/users/page.tsx
index ad1214fd..f31bebe6 100644
--- a/src/app/[orgId]/settings/access/users/page.tsx
+++ b/src/app/[orgId]/settings/access/users/page.tsx
@@ -77,6 +77,7 @@ export default async function UsersPage(props: UsersPageProps) {
             name: user.name,
             email: user.email,
             type: user.type,
+            idpVariant: user.idpVariant,
             idpId: user.idpId,
             idpName: user.idpName || t('idpNameInternal'),
             status: t('userConfirmed'),
diff --git a/src/app/auth/login/page.tsx b/src/app/auth/login/page.tsx
index e2505303..1068c4f7 100644
--- a/src/app/auth/login/page.tsx
+++ b/src/app/auth/login/page.tsx
@@ -42,7 +42,8 @@ export default async function Page(props: {
     )();
     const loginIdps = idpsRes.data.data.idps.map((idp) => ({
         idpId: idp.idpId,
-        name: idp.name
+        name: idp.name,
+        variant: idp.variant
     })) as LoginFormIDP[];
 
     const t = await getTranslations();
diff --git a/src/components/AdminIdpTable.tsx b/src/components/AdminIdpTable.tsx
index 9c6c3ac4..8849ba25 100644
--- a/src/components/AdminIdpTable.tsx
+++ b/src/components/AdminIdpTable.tsx
@@ -20,12 +20,14 @@ import {
 } from "@app/components/ui/dropdown-menu";
 import Link from "next/link";
 import { useTranslations } from "next-intl";
+import IdpTypeBadge from "./IdpTypeBadge";
 
 export type IdpRow = {
     idpId: number;
     name: string;
     type: string;
     orgCount: number;
+    variant?: string;
 };
 
 type Props = {
@@ -57,15 +59,6 @@ export default function IdpTable({ idps }: Props) {
         }
     };
 
-    const getTypeDisplay = (type: string) => {
-        switch (type) {
-            case "oidc":
-                return "OAuth2/OIDC";
-            default:
-                return type;
-        }
-    };
-
     const columns: ColumnDef<IdpRow>[] = [
         {
             accessorKey: "idpId",
@@ -116,9 +109,8 @@ export default function IdpTable({ idps }: Props) {
             },
             cell: ({ row }) => {
                 const type = row.original.type;
-                return (
-                    <Badge variant="secondary">{getTypeDisplay(type)}</Badge>
-                );
+                const variant = row.original.variant;
+                return <IdpTypeBadge type={type} variant={variant} />;
             }
         },
         {
diff --git a/src/components/IdpTypeBadge.tsx b/src/components/IdpTypeBadge.tsx
new file mode 100644
index 00000000..b0e90660
--- /dev/null
+++ b/src/components/IdpTypeBadge.tsx
@@ -0,0 +1,62 @@
+"use client";
+
+import { Badge } from "@app/components/ui/badge";
+import Image from "next/image";
+
+type IdpTypeBadgeProps = {
+    type: string;
+    variant?: string;
+    name?: string;
+};
+
+export default function IdpTypeBadge({
+    type,
+    variant,
+    name
+}: IdpTypeBadgeProps) {
+    const effectiveType = variant || type;
+    const effectiveName = name || formatType(effectiveType);
+
+    function formatType(type: string) {
+        if (type === "google") return "Google";
+        if (type === "azure") return "Azure";
+        if (type === "oidc") return "OAuth2/OIDC";
+        return type.charAt(0).toUpperCase() + type.slice(1);
+    }
+
+    return (
+        <Badge
+            variant="secondary"
+            className="inline-flex items-center space-x-1 w-fit"
+        >
+            {effectiveType === "google" && (
+                <>
+                    <Image
+                        src="/idp/google.png"
+                        alt="Google"
+                        width={16}
+                        height={16}
+                        className="rounded"
+                    />
+                    <span>{effectiveName}</span>
+                </>
+            )}
+            {effectiveType === "azure" && (
+                <>
+                    <Image
+                        src="/idp/azure.png"
+                        alt="Azure"
+                        width={16}
+                        height={16}
+                        className="rounded"
+                    />
+                    <span>{effectiveName}</span>
+                </>
+            )}
+            {effectiveType === "oidc" && <span>{effectiveName}</span>}
+            {!["google", "azure", "oidc"].includes(effectiveType) && (
+                <span>{effectiveName}</span>
+            )}
+        </Badge>
+    );
+}
diff --git a/src/components/LoginForm.tsx b/src/components/LoginForm.tsx
index ddd410e2..65e57156 100644
--- a/src/components/LoginForm.tsx
+++ b/src/components/LoginForm.tsx
@@ -46,6 +46,7 @@ import { startAuthentication } from "@simplewebauthn/browser";
 export type LoginFormIDP = {
     idpId: number;
     name: string;
+    variant?: string;
 };
 
 type LoginFormProps = {
@@ -496,19 +497,41 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
                                     </div>
                                 </div>
 
-                                {idps.map((idp) => (
-                                    <Button
-                                        key={idp.idpId}
-                                        type="button"
-                                        variant="outline"
-                                        className="w-full"
-                                        onClick={() => {
-                                            loginWithIdp(idp.idpId);
-                                        }}
-                                    >
-                                        {idp.name}
-                                    </Button>
-                                ))}
+                                {idps.map((idp) => {
+                                    const effectiveType = idp.variant || idp.name.toLowerCase();
+
+                                    return (
+                                        <Button
+                                            key={idp.idpId}
+                                            type="button"
+                                            variant="outline"
+                                            className="w-full inline-flex items-center space-x-2"
+                                            onClick={() => {
+                                                loginWithIdp(idp.idpId);
+                                            }}
+                                        >
+                                            {effectiveType === "google" && (
+                                                <Image
+                                                    src="/idp/google.png"
+                                                    alt="Google"
+                                                    width={16}
+                                                    height={16}
+                                                    className="rounded"
+                                                />
+                                            )}
+                                            {effectiveType === "azure" && (
+                                                <Image
+                                                    src="/idp/azure.png"
+                                                    alt="Azure"
+                                                    width={16}
+                                                    height={16}
+                                                    className="rounded"
+                                                />
+                                            )}
+                                            <span>{idp.name}</span>
+                                        </Button>
+                                    );
+                                })}
                             </>
                         )}
                     </>
diff --git a/src/components/PermissionsSelectBox.tsx b/src/components/PermissionsSelectBox.tsx
index d8f9b59f..3334cca5 100644
--- a/src/components/PermissionsSelectBox.tsx
+++ b/src/components/PermissionsSelectBox.tsx
@@ -27,7 +27,9 @@ function getActionsCategories(root: boolean) {
             [t('actionListInvitations')]: "listInvitations",
             [t('actionRemoveUser')]: "removeUser",
             [t('actionListUsers')]: "listUsers",
-            [t('actionListOrgDomains')]: "listOrgDomains"
+            [t('actionListOrgDomains')]: "listOrgDomains",
+            [t('updateOrgUser')]: "updateOrgUser",
+            [t('createOrgUser')]: "createOrgUser"
         },
 
         Site: {
diff --git a/src/components/UsersTable.tsx b/src/components/UsersTable.tsx
index a5526303..57fe5c91 100644
--- a/src/components/UsersTable.tsx
+++ b/src/components/UsersTable.tsx
@@ -21,6 +21,7 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useUserContext } from "@app/hooks/useUserContext";
 import { useTranslations } from "next-intl";
+import IdpTypeBadge from "./IdpTypeBadge";
 
 export type UserRow = {
     id: string;
@@ -31,6 +32,7 @@ export type UserRow = {
     idpId: number | null;
     idpName: string;
     type: string;
+    idpVariant: string | null;
     status: string;
     role: string;
     isOwner: boolean;
@@ -81,6 +83,16 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
+            },
+            cell: ({ row }) => {
+                const userRow = row.original;
+                return (
+                    <IdpTypeBadge
+                        type={userRow.type}
+                        name={userRow.idpName}
+                        variant={userRow.idpVariant || undefined}
+                    />
+                );
             }
         },
         {

From 5efd1d5405862c6e4c03f1c39d9428cf49a8d23e Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sat, 6 Sep 2025 16:54:06 -0700
Subject: [PATCH 018/166] Add region

---
 server/db/pg/schema.ts     | 3 ++-
 server/db/sqlite/schema.ts | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index fc1f6ec3..1f571ab4 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -128,7 +128,8 @@ export const exitNodes = pgTable("exitNodes", {
     maxConnections: integer("maxConnections"),
     online: boolean("online").notNull().default(false),
     lastPing: integer("lastPing"),
-    type: text("type").default("gerbil") // gerbil, remoteExitNode
+    type: text("type").default("gerbil"), // gerbil, remoteExitNode
+    region: varchar("region")
 });
 
 export const siteResources = pgTable("siteResources", { // this is for the clients
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 2cf24bc2..90b09734 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -140,7 +140,8 @@ export const exitNodes = sqliteTable("exitNodes", {
     maxConnections: integer("maxConnections"),
     online: integer("online", { mode: "boolean" }).notNull().default(false),
     lastPing: integer("lastPing"),
-    type: text("type").default("gerbil") // gerbil, remoteExitNode
+    type: text("type").default("gerbil"), // gerbil, remoteExitNode
+    region: text("region")
 });
 
 export const siteResources = sqliteTable("siteResources", {

From 26cc0f81843ea2a5aa2acee412c01f07842b0a29 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Sat, 6 Sep 2025 17:26:44 -0700
Subject: [PATCH 019/166] fix listIdp query error

---
 server/routers/idp/listIdps.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/routers/idp/listIdps.ts b/server/routers/idp/listIdps.ts
index c9e2c271..150b9f88 100644
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -39,8 +39,8 @@ async function query(limit: number, offset: number) {
         })
         .from(idp)
         .leftJoin(idpOrg, sql`${idp.idpId} = ${idpOrg.idpId}`)
-        .leftJoin(idpOidcConfig, eq(idp.idpId, idpOidcConfig.idpId))
-        .groupBy(idp.idpId)
+        .leftJoin(idpOidcConfig, eq(idpOidcConfig.idpId, idp.idpId))
+        .groupBy(idp.idpId, idpOidcConfig.variant)
         .limit(limit)
         .offset(offset);
     return res;

From 685be473bc4fff1a7f8511eb45282a1c17b79111 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Sat, 6 Sep 2025 21:38:17 -0700
Subject: [PATCH 020/166] remove extra components

---
 .../users/[userId]/access-controls/page.tsx   |  95 +--
 .../share-links/CreateShareLinkForm.tsx       | 549 ------------------
 .../settings/share-links/ShareLinksTable.tsx  | 298 ----------
 src/app/[orgId]/settings/share-links/page.tsx |   1 -
 4 files changed, 52 insertions(+), 891 deletions(-)
 delete mode 100644 src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
 delete mode 100644 src/app/[orgId]/settings/share-links/ShareLinksTable.tsx

diff --git a/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx b/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx
index 30c55053..fdce89eb 100644
--- a/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx
+++ b/src/app/[orgId]/settings/access/users/[userId]/access-controls/page.tsx
@@ -85,10 +85,10 @@ export default function AccessControlsPage() {
                     console.error(e);
                     toast({
                         variant: "destructive",
-                        title: t('accessRoleErrorFetch'),
+                        title: t("accessRoleErrorFetch"),
                         description: formatAxiosError(
                             e,
-                            t('accessRoleErrorFetchDescription')
+                            t("accessRoleErrorFetchDescription")
                         )
                     });
                 });
@@ -132,17 +132,17 @@ export default function AccessControlsPage() {
             if (roleRes.status === 200 && userRes.status === 200) {
                 toast({
                     variant: "default",
-                    title: t('userSaved'),
-                    description: t('userSavedDescription')
+                    title: t("userSaved"),
+                    description: t("userSavedDescription")
                 });
             }
         } catch (e) {
             toast({
                 variant: "destructive",
-                title: t('accessRoleErrorAdd'),
+                title: t("accessRoleErrorAdd"),
                 description: formatAxiosError(
                     e,
-                    t('accessRoleErrorAddDescription')
+                    t("accessRoleErrorAddDescription")
                 )
             });
         }
@@ -154,9 +154,11 @@ export default function AccessControlsPage() {
         <SettingsContainer>
             <SettingsSection>
                 <SettingsSectionHeader>
-                    <SettingsSectionTitle>{t('accessControls')}</SettingsSectionTitle>
+                    <SettingsSectionTitle>
+                        {t("accessControls")}
+                    </SettingsSectionTitle>
                     <SettingsSectionDescription>
-                        {t('accessControlsDescription')}
+                        {t("accessControlsDescription")}
                     </SettingsSectionDescription>
                 </SettingsSectionHeader>
 
@@ -169,18 +171,21 @@ export default function AccessControlsPage() {
                                 id="access-controls-form"
                             >
                                 {/* IDP Type Display */}
-                                {user.type !== UserType.Internal && user.idpType && (
-                                    <div className="flex items-center space-x-2 mb-4">
-                                        <span className="text-sm font-medium text-muted-foreground">
-                                            {t("idp")}:
-                                        </span>
-                                        <IdpTypeBadge
-                                            type={user.idpType}
-                                            variant={user.idpVariant || undefined}
-                                            name={user.idpName || undefined}
-                                        />
-                                    </div>
-                                )}
+                                {user.type !== UserType.Internal &&
+                                    user.idpType && (
+                                        <div className="flex items-center space-x-2 mb-4">
+                                            <span className="text-sm font-medium text-muted-foreground">
+                                                {t("idp")}:
+                                            </span>
+                                            <IdpTypeBadge
+                                                type={user.idpType}
+                                                variant={
+                                                    user.idpVariant || undefined
+                                                }
+                                                name={user.idpName || undefined}
+                                            />
+                                        </div>
+                                    )}
 
                                 <FormField
                                     control={form.control}
@@ -232,28 +237,32 @@ export default function AccessControlsPage() {
                                 />
 
                                 {user.idpAutoProvision && (
-                                <FormField
-                                    control={form.control}
-                                    name="autoProvisioned"
-                                    render={({ field }) => (
-                                        <FormItem className="flex flex-row items-start space-x-3 space-y-0">
-                                            <FormControl>
-                                                <Checkbox
-                                                    checked={field.value}
-                                                    onCheckedChange={field.onChange}
-                                                />
-                                            </FormControl>
-                                            <div className="space-y-1 leading-none">
-                                                <FormLabel>
-                                                    {t('autoProvisioned')}
-                                                </FormLabel>
-                                                <p className="text-sm text-muted-foreground">
-                                                    {t('autoProvisionedDescription')}
-                                                </p>
-                                            </div>
-                                        </FormItem>
-                                    )}
-                                />
+                                    <FormField
+                                        control={form.control}
+                                        name="autoProvisioned"
+                                        render={({ field }) => (
+                                            <FormItem className="flex flex-row items-start space-x-2 space-y-0">
+                                                <FormControl>
+                                                    <Checkbox
+                                                        checked={field.value}
+                                                        onCheckedChange={
+                                                            field.onChange
+                                                        }
+                                                    />
+                                                </FormControl>
+                                                <div className="space-y-1 leading-none">
+                                                    <FormLabel>
+                                                        {t("autoProvisioned")}
+                                                    </FormLabel>
+                                                    <p className="text-sm text-muted-foreground">
+                                                        {t(
+                                                            "autoProvisionedDescription"
+                                                        )}
+                                                    </p>
+                                                </div>
+                                            </FormItem>
+                                        )}
+                                    />
                                 )}
                             </form>
                         </Form>
@@ -267,7 +276,7 @@ export default function AccessControlsPage() {
                         disabled={loading}
                         form="access-controls-form"
                     >
-                        {t('accessControlsSubmit')}
+                        {t("accessControlsSubmit")}
                     </Button>
                 </SettingsSectionFooter>
             </SettingsSection>
diff --git a/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx b/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
deleted file mode 100644
index e3ba3f17..00000000
--- a/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
+++ /dev/null
@@ -1,549 +0,0 @@
-"use client";
-
-import { Button } from "@app/components/ui/button";
-import {
-    Form,
-    FormControl,
-    FormField,
-    FormItem,
-    FormLabel,
-    FormMessage
-} from "@app/components/ui/form";
-import { Input } from "@app/components/ui/input";
-import {
-    Select,
-    SelectContent,
-    SelectItem,
-    SelectTrigger,
-    SelectValue
-} from "@app/components/ui/select";
-import { toast } from "@app/hooks/useToast";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { AxiosResponse } from "axios";
-import { useEffect, useState } from "react";
-import { useForm } from "react-hook-form";
-import { z } from "zod";
-import CopyTextBox from "@app/components/CopyTextBox";
-import {
-    Credenza,
-    CredenzaBody,
-    CredenzaClose,
-    CredenzaContent,
-    CredenzaDescription,
-    CredenzaFooter,
-    CredenzaHeader,
-    CredenzaTitle
-} from "@app/components/Credenza";
-import { useOrgContext } from "@app/hooks/useOrgContext";
-import { formatAxiosError } from "@app/lib/api";
-import { cn } from "@app/lib/cn";
-import { createApiClient } from "@app/lib/api";
-import { useEnvContext } from "@app/hooks/useEnvContext";
-import { ListResourcesResponse } from "@server/routers/resource";
-import {
-    Popover,
-    PopoverContent,
-    PopoverTrigger
-} from "@app/components/ui/popover";
-import { CaretSortIcon } from "@radix-ui/react-icons";
-import {
-    Command,
-    CommandEmpty,
-    CommandGroup,
-    CommandInput,
-    CommandItem,
-    CommandList
-} from "@app/components/ui/command";
-import { CheckIcon, ChevronsUpDown } from "lucide-react";
-import { Checkbox } from "@app/components/ui/checkbox";
-import { GenerateAccessTokenResponse } from "@server/routers/accessToken";
-import { constructShareLink } from "@app/lib/shareLinks";
-import { ShareLinkRow } from "@app/components/ShareLinksTable";
-import { QRCodeCanvas, QRCodeSVG } from "qrcode.react";
-import {
-    Collapsible,
-    CollapsibleContent,
-    CollapsibleTrigger
-} from "@app/components/ui/collapsible";
-import AccessTokenSection from "@app/components/AccessTokenUsage";
-import { useTranslations } from "next-intl";
-import { toUnicode } from 'punycode';
-
-type FormProps = {
-    open: boolean;
-    setOpen: (open: boolean) => void;
-    onCreated?: (result: ShareLinkRow) => void;
-};
-
-export default function CreateShareLinkForm({
-    open,
-    setOpen,
-    onCreated
-}: FormProps) {
-    const { org } = useOrgContext();
-
-    const { env } = useEnvContext();
-    const api = createApiClient({ env });
-
-    const [link, setLink] = useState<string | null>(null);
-    const [accessTokenId, setAccessTokenId] = useState<string | null>(null);
-    const [accessToken, setAccessToken] = useState<string | null>(null);
-    const [loading, setLoading] = useState(false);
-    const [neverExpire, setNeverExpire] = useState(false);
-
-    const [isOpen, setIsOpen] = useState(false);
-    const t = useTranslations();
-
-    const [resources, setResources] = useState<
-        {
-            resourceId: number;
-            name: string;
-            resourceUrl: string;
-        }[]
-    >([]);
-
-    const formSchema = z.object({
-        resourceId: z.number({ message: t('shareErrorSelectResource') }),
-        resourceName: z.string(),
-        resourceUrl: z.string(),
-        timeUnit: z.string(),
-        timeValue: z.coerce.number().int().positive().min(1),
-        title: z.string().optional()
-    });
-
-    const timeUnits = [
-        { unit: "minutes", name: t('minutes') },
-        { unit: "hours", name: t('hours') },
-        { unit: "days", name: t('days') },
-        { unit: "weeks", name: t('weeks') },
-        { unit: "months", name: t('months') },
-        { unit: "years", name: t('years') }
-    ];
-
-    const form = useForm<z.infer<typeof formSchema>>({
-        resolver: zodResolver(formSchema),
-        defaultValues: {
-            timeUnit: "days",
-            timeValue: 30,
-            title: ""
-        }
-    });
-
-    useEffect(() => {
-        if (!open) {
-            return;
-        }
-
-        async function fetchResources() {
-            const res = await api
-                .get<
-                    AxiosResponse<ListResourcesResponse>
-                >(`/org/${org?.org.orgId}/resources`)
-                .catch((e) => {
-                    console.error(e);
-                    toast({
-                        variant: "destructive",
-                        title: t('shareErrorFetchResource'),
-                        description: formatAxiosError(
-                            e,
-                            t('shareErrorFetchResourceDescription')
-                        )
-                    });
-                });
-
-            if (res?.status === 200) {
-                setResources(
-                    res.data.data.resources
-                        .filter((r) => {
-                            return r.http;
-                        })
-                        .map((r) => ({
-                            resourceId: r.resourceId,
-                            name: r.name,
-                            resourceUrl: `${r.ssl ? "https://" : "http://"}${toUnicode(r.fullDomain || "")}/`
-                        }))
-                );
-            }
-        }
-
-        fetchResources();
-    }, [open]);
-
-    async function onSubmit(values: z.infer<typeof formSchema>) {
-        setLoading(true);
-
-        // convert time to seconds
-        let timeInSeconds = values.timeValue;
-        switch (values.timeUnit) {
-            case "minutes":
-                timeInSeconds *= 60;
-                break;
-            case "hours":
-                timeInSeconds *= 60 * 60;
-                break;
-            case "days":
-                timeInSeconds *= 60 * 60 * 24;
-                break;
-            case "weeks":
-                timeInSeconds *= 60 * 60 * 24 * 7;
-                break;
-            case "months":
-                timeInSeconds *= 60 * 60 * 24 * 30;
-                break;
-            case "years":
-                timeInSeconds *= 60 * 60 * 24 * 365;
-                break;
-        }
-
-        const res = await api
-            .post<AxiosResponse<GenerateAccessTokenResponse>>(
-                `/resource/${values.resourceId}/access-token`,
-                {
-                    validForSeconds: neverExpire ? undefined : timeInSeconds,
-                    title:
-                        values.title ||
-                        t('shareLink', {resource: (values.resourceName || "Resource" + values.resourceId)})
-                }
-            )
-            .catch((e) => {
-                console.error(e);
-                toast({
-                    variant: "destructive",
-                    title: t('shareErrorCreate'),
-                    description: formatAxiosError(
-                        e,
-                        t('shareErrorCreateDescription')
-                    )
-                });
-            });
-
-        if (res && res.data.data.accessTokenId) {
-            const token = res.data.data;
-            const link = constructShareLink(token.accessToken);
-            setLink(link);
-
-            setAccessToken(token.accessToken);
-            setAccessTokenId(token.accessTokenId);
-
-            const resource = resources.find(
-                (r) => r.resourceId === values.resourceId
-            );
-
-            onCreated?.({
-                accessTokenId: token.accessTokenId,
-                resourceId: token.resourceId,
-                resourceName: values.resourceName,
-                title: token.title,
-                createdAt: token.createdAt,
-                expiresAt: token.expiresAt
-            });
-        }
-
-        setLoading(false);
-    }
-
-    function getSelectedResourceName(id: number) {
-        const resource = resources.find((r) => r.resourceId === id);
-        return `${resource?.name}`;
-    }
-
-    return (
-        <>
-            <Credenza
-                open={open}
-                onOpenChange={(val) => {
-                    setOpen(val);
-                    setLink(null);
-                    setLoading(false);
-                    form.reset();
-                }}
-            >
-                <CredenzaContent>
-                    <CredenzaHeader>
-                        <CredenzaTitle>{t('shareCreate')}</CredenzaTitle>
-                        <CredenzaDescription>
-                            {t('shareCreateDescription')}
-                        </CredenzaDescription>
-                    </CredenzaHeader>
-                    <CredenzaBody>
-                        <div className="space-y-4">
-                            {!link && (
-                                <Form {...form}>
-                                    <form
-                                        onSubmit={form.handleSubmit(onSubmit)}
-                                        className="space-y-4"
-                                        id="share-link-form"
-                                    >
-                                        <FormField
-                                            control={form.control}
-                                            name="resourceId"
-                                            render={({ field }) => (
-                                                <FormItem className="flex flex-col">
-                                                    <FormLabel>
-                                                        {t('resource')}
-                                                    </FormLabel>
-                                                    <Popover>
-                                                        <PopoverTrigger asChild>
-                                                            <FormControl>
-                                                                <Button
-                                                                    variant="outline"
-                                                                    role="combobox"
-                                                                    className={cn(
-                                                                        "justify-between",
-                                                                        !field.value &&
-                                                                            "text-muted-foreground"
-                                                                    )}
-                                                                >
-                                                                    {field.value
-                                                                        ? getSelectedResourceName(
-                                                                              field.value
-                                                                          )
-                                                                        : t('resourceSelect')}
-                                                                    <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
-                                                                </Button>
-                                                            </FormControl>
-                                                        </PopoverTrigger>
-                                                        <PopoverContent className="p-0">
-                                                            <Command>
-                                                                <CommandInput placeholder={t('resourceSearch')} />
-                                                                <CommandList>
-                                                                    <CommandEmpty>
-                                                                        {t('resourcesNotFound')}
-                                                                    </CommandEmpty>
-                                                                    <CommandGroup>
-                                                                        {resources.map(
-                                                                            (
-                                                                                r
-                                                                            ) => (
-                                                                                <CommandItem
-                                                                                    value={`${r.name}:${r.resourceId}`}
-                                                                                    key={
-                                                                                        r.resourceId
-                                                                                    }
-                                                                                    onSelect={() => {
-                                                                                        form.setValue(
-                                                                                            "resourceId",
-                                                                                            r.resourceId
-                                                                                        );
-                                                                                        form.setValue(
-                                                                                            "resourceName",
-                                                                                            r.name
-                                                                                        );
-                                                                                        form.setValue(
-                                                                                            "resourceUrl",
-                                                                                            r.resourceUrl
-                                                                                        );
-                                                                                    }}
-                                                                                >
-                                                                                    <CheckIcon
-                                                                                        className={cn(
-                                                                                            "mr-2 h-4 w-4",
-                                                                                            r.resourceId ===
-                                                                                                field.value
-                                                                                                ? "opacity-100"
-                                                                                                : "opacity-0"
-                                                                                        )}
-                                                                                    />
-                                                                                    {`${r.name}`}
-                                                                                </CommandItem>
-                                                                            )
-                                                                        )}
-                                                                    </CommandGroup>
-                                                                </CommandList>
-                                                            </Command>
-                                                        </PopoverContent>
-                                                    </Popover>
-                                                    <FormMessage />
-                                                </FormItem>
-                                            )}
-                                        />
-
-                                        <FormField
-                                            control={form.control}
-                                            name="title"
-                                            render={({ field }) => (
-                                                <FormItem>
-                                                    <FormLabel>
-                                                        {t('shareTitleOptional')}
-                                                    </FormLabel>
-                                                    <FormControl>
-                                                        <Input {...field} />
-                                                    </FormControl>
-                                                    <FormMessage />
-                                                </FormItem>
-                                            )}
-                                        />
-
-                                        <div className="space-y-4">
-                                            <div className="space-y-2">
-                                                <FormLabel>{t('expireIn')}</FormLabel>
-                                                <div className="grid grid-cols-2 gap-4">
-                                                    <FormField
-                                                        control={form.control}
-                                                        name="timeUnit"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <Select
-                                                                    onValueChange={
-                                                                        field.onChange
-                                                                    }
-                                                                    defaultValue={field.value.toString()}
-                                                                >
-                                                                    <FormControl>
-                                                                        <SelectTrigger className="w-full">
-                                                                            <SelectValue placeholder={t('selectDuration')} />
-                                                                        </SelectTrigger>
-                                                                    </FormControl>
-                                                                    <SelectContent>
-                                                                        {timeUnits.map(
-                                                                            (
-                                                                                option
-                                                                            ) => (
-                                                                                <SelectItem
-                                                                                    key={
-                                                                                        option.unit
-                                                                                    }
-                                                                                    value={
-                                                                                        option.unit
-                                                                                    }
-                                                                                >
-                                                                                    {
-                                                                                        option.name
-                                                                                    }
-                                                                                </SelectItem>
-                                                                            )
-                                                                        )}
-                                                                    </SelectContent>
-                                                                </Select>
-                                                                <FormMessage />
-                                                            </FormItem>
-                                                        )}
-                                                    />
-
-                                                    <FormField
-                                                        control={form.control}
-                                                        name="timeValue"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <FormControl>
-                                                                    <Input
-                                                                        type="number"
-                                                                        min={1}
-                                                                        {...field}
-                                                                    />
-                                                                </FormControl>
-                                                                <FormMessage />
-                                                            </FormItem>
-                                                        )}
-                                                    />
-                                                </div>
-                                            </div>
-
-                                            <div className="flex items-center space-x-2">
-                                                <Checkbox
-                                                    id="terms"
-                                                    checked={neverExpire}
-                                                    onCheckedChange={(val) =>
-                                                        setNeverExpire(
-                                                            val as boolean
-                                                        )
-                                                    }
-                                                />
-                                                <label
-                                                    htmlFor="terms"
-                                                    className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                                                >
-                                                    {t('neverExpire')}
-                                                </label>
-                                            </div>
-
-                                            <p className="text-sm text-muted-foreground">
-                                                {t('shareExpireDescription')}
-                                            </p>
-                                        </div>
-                                    </form>
-                                </Form>
-                            )}
-                            {link && (
-                                <div className="max-w-md space-y-4">
-                                    <p>
-                                        {t('shareSeeOnce')}
-                                    </p>
-                                    <p>
-                                        {t('shareAccessHint')}
-                                    </p>
-
-                                    <div className="h-[250px] w-full mx-auto flex items-center justify-center">
-                                        <QRCodeCanvas value={link} size={200} />
-                                    </div>
-
-                                    <Collapsible
-                                        open={isOpen}
-                                        onOpenChange={setIsOpen}
-                                        className="space-y-2"
-                                    >
-                                        <div className="mx-auto">
-                                            <CopyTextBox
-                                                text={link}
-                                                wrapText={false}
-                                            />
-                                        </div>
-                                        <div className="flex items-center justify-between space-x-4">
-                                            <CollapsibleTrigger asChild>
-                                                <Button
-                                                    variant="text"
-                                                    size="sm"
-                                                    className="p-0 flex items-center justify-between w-full"
-                                                >
-                                                    <h4 className="text-sm font-semibold">
-                                                        {t('shareTokenUsage')}
-                                                    </h4>
-                                                    <div>
-                                                        <ChevronsUpDown className="h-4 w-4" />
-                                                        <span className="sr-only">
-                                                            {t('toggle')}
-                                                        </span>
-                                                    </div>
-                                                </Button>
-                                            </CollapsibleTrigger>
-                                        </div>
-                                        <CollapsibleContent className="space-y-2">
-                                            {accessTokenId && accessToken && (
-                                                <div className="space-y-2">
-                                                    <div className="mx-auto">
-                                                        <AccessTokenSection
-                                                            tokenId={
-                                                                accessTokenId
-                                                            }
-                                                            token={accessToken}
-                                                            resourceUrl={form.getValues(
-                                                                "resourceUrl"
-                                                            )}
-                                                        />
-                                                    </div>
-                                                </div>
-                                            )}
-                                        </CollapsibleContent>
-                                    </Collapsible>
-                                </div>
-                            )}
-                        </div>
-                    </CredenzaBody>
-                    <CredenzaFooter>
-                        <CredenzaClose asChild>
-                            <Button variant="outline">{t('close')}</Button>
-                        </CredenzaClose>
-                        <Button
-                            type="button"
-                            onClick={form.handleSubmit(onSubmit)}
-                            loading={loading}
-                            disabled={link !== null || loading}
-                        >
-                            {t('createLink')}
-                        </Button>
-                    </CredenzaFooter>
-                </CredenzaContent>
-            </Credenza>
-        </>
-    );
-}
diff --git a/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx b/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
deleted file mode 100644
index 2943311f..00000000
--- a/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
+++ /dev/null
@@ -1,298 +0,0 @@
-"use client";
-
-import { ColumnDef } from "@tanstack/react-table";
-import { ShareLinksDataTable } from "@app/components/ShareLinksDataTable";
-import {
-    DropdownMenu,
-    DropdownMenuContent,
-    DropdownMenuItem,
-    DropdownMenuTrigger
-} from "@app/components/ui/dropdown-menu";
-import { Button } from "@app/components/ui/button";
-import {
-    Copy,
-    ArrowRight,
-    ArrowUpDown,
-    MoreHorizontal,
-    Check,
-    ArrowUpRight,
-    ShieldOff,
-    ShieldCheck
-} from "lucide-react";
-import Link from "next/link";
-import { useRouter } from "next/navigation";
-// import CreateResourceForm from "./CreateResourceForm";
-import { useState } from "react";
-import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
-import { formatAxiosError } from "@app/lib/api";
-import { toast } from "@app/hooks/useToast";
-import { createApiClient } from "@app/lib/api";
-import { useEnvContext } from "@app/hooks/useEnvContext";
-import { ArrayElement } from "@server/types/ArrayElement";
-import { ListAccessTokensResponse } from "@server/routers/accessToken";
-import moment from "moment";
-import CreateShareLinkForm from "@app/components/CreateShareLinkForm";
-import { constructShareLink } from "@app/lib/shareLinks";
-import { useTranslations } from "next-intl";
-
-export type ShareLinkRow = {
-    accessTokenId: string;
-    resourceId: number;
-    resourceName: string;
-    title: string | null;
-    createdAt: number;
-    expiresAt: number | null;
-};
-
-type ShareLinksTableProps = {
-    shareLinks: ShareLinkRow[];
-    orgId: string;
-};
-
-export default function ShareLinksTable({
-    shareLinks,
-    orgId
-}: ShareLinksTableProps) {
-    const router = useRouter();
-    const t = useTranslations();
-
-    const api = createApiClient(useEnvContext());
-
-    const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
-    const [rows, setRows] = useState<ShareLinkRow[]>(shareLinks);
-
-    function formatLink(link: string) {
-        return link.substring(0, 20) + "..." + link.substring(link.length - 20);
-    }
-
-    async function deleteSharelink(id: string) {
-        await api.delete(`/access-token/${id}`).catch((e) => {
-            toast({
-                title: t("shareErrorDelete"),
-                description: formatAxiosError(e, t("shareErrorDeleteMessage"))
-            });
-        });
-
-        const newRows = rows.filter((r) => r.accessTokenId !== id);
-        setRows(newRows);
-
-        toast({
-            title: t("shareDeleted"),
-            description: t("shareDeletedDescription")
-        });
-    }
-
-    const columns: ColumnDef<ShareLinkRow>[] = [
-        {
-            accessorKey: "resourceName",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("resource")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            },
-            cell: ({ row }) => {
-                const r = row.original;
-                return (
-                    <Link href={`/${orgId}/settings/resources/${r.resourceId}`}>
-                        <Button variant="outline" size="sm">
-                            {r.resourceName}
-                            <ArrowUpRight className="ml-2 h-4 w-4" />
-                        </Button>
-                    </Link>
-                );
-            }
-        },
-        {
-            accessorKey: "title",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("title")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            }
-        },
-        // {
-        //     accessorKey: "domain",
-        //     header: "Link",
-        //     cell: ({ row }) => {
-        //         const r = row.original;
-        //
-        //         const link = constructShareLink(
-        //             r.resourceId,
-        //             r.accessTokenId,
-        //             r.tokenHash
-        //         );
-        //
-        //         return (
-        //             <div className="flex items-center">
-        //                 <Link
-        //                     href={link}
-        //                     target="_blank"
-        //                     rel="noopener noreferrer"
-        //                     className="hover:underline mr-2"
-        //                 >
-        //                     {formatLink(link)}
-        //                 </Link>
-        //                 <Button
-        //                     variant="ghost"
-        //                     className="h-6 w-6 p-0"
-        //                     onClick={() => {
-        //                         navigator.clipboard.writeText(link);
-        //                         const originalIcon = document.querySelector(
-        //                             `#icon-${r.accessTokenId}`
-        //                         );
-        //                         if (originalIcon) {
-        //                             originalIcon.classList.add("hidden");
-        //                         }
-        //                         const checkIcon = document.querySelector(
-        //                             `#check-icon-${r.accessTokenId}`
-        //                         );
-        //                         if (checkIcon) {
-        //                             checkIcon.classList.remove("hidden");
-        //                             setTimeout(() => {
-        //                                 checkIcon.classList.add("hidden");
-        //                                 if (originalIcon) {
-        //                                     originalIcon.classList.remove(
-        //                                         "hidden"
-        //                                     );
-        //                                 }
-        //                             }, 2000);
-        //                         }
-        //                     }}
-        //                 >
-        //                     <Copy
-        //                         id={`icon-${r.accessTokenId}`}
-        //                         className="h-4 w-4"
-        //                     />
-        //                     <Check
-        //                         id={`check-icon-${r.accessTokenId}`}
-        //                         className="hidden text-green-500 h-4 w-4"
-        //                     />
-        //                     <span className="sr-only">Copy link</span>
-        //                 </Button>
-        //             </div>
-        //         );
-        //     }
-        // },
-        {
-            accessorKey: "createdAt",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("created")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            },
-            cell: ({ row }) => {
-                const r = row.original;
-                return moment(r.createdAt).format("lll");
-            }
-        },
-        {
-            accessorKey: "expiresAt",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("expires")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            },
-            cell: ({ row }) => {
-                const r = row.original;
-                if (r.expiresAt) {
-                    return moment(r.expiresAt).format("lll");
-                }
-                return t("never");
-            }
-        },
-        {
-            id: "delete",
-            cell: ({ row }) => {
-                const resourceRow = row.original;
-                return (
-                    <div className="flex items-center justify-end space-x-2">
-                        {/* <DropdownMenu> */}
-                        {/*     <DropdownMenuTrigger asChild> */}
-                        {/*         <Button variant="ghost" className="h-8 w-8 p-0"> */}
-                        {/*             <span className="sr-only"> */}
-                        {/*                 {t("openMenu")} */}
-                        {/*             </span> */}
-                        {/*             <MoreHorizontal className="h-4 w-4" /> */}
-                        {/*         </Button> */}
-                        {/*     </DropdownMenuTrigger> */}
-                        {/*     <DropdownMenuContent align="end"> */}
-                        {/*         <DropdownMenuItem */}
-                        {/*             onClick={() => { */}
-                        {/*                 deleteSharelink( */}
-                        {/*                     resourceRow.accessTokenId */}
-                        {/*                 ); */}
-                        {/*             }} */}
-                        {/*         > */}
-                        {/*             <button className="text-red-500"> */}
-                        {/*                 {t("delete")} */}
-                        {/*             </button> */}
-                        {/*         </DropdownMenuItem> */}
-                        {/*     </DropdownMenuContent> */}
-                        {/* </DropdownMenu> */}
-                        <Button
-                            variant="secondary"
-                            size="sm"
-                            onClick={() =>
-                                deleteSharelink(row.original.accessTokenId)
-                            }
-                        >
-                            {t("delete")}
-                        </Button>
-                    </div>
-                );
-            }
-        }
-    ];
-
-    return (
-        <>
-            <CreateShareLinkForm
-                open={isCreateModalOpen}
-                setOpen={setIsCreateModalOpen}
-                onCreated={(val) => {
-                    setRows([val, ...rows]);
-                }}
-            />
-
-            <ShareLinksDataTable
-                columns={columns}
-                data={rows}
-                createShareLink={() => {
-                    setIsCreateModalOpen(true);
-                }}
-            />
-        </>
-    );
-}
diff --git a/src/app/[orgId]/settings/share-links/page.tsx b/src/app/[orgId]/settings/share-links/page.tsx
index be561acd..caf02b83 100644
--- a/src/app/[orgId]/settings/share-links/page.tsx
+++ b/src/app/[orgId]/settings/share-links/page.tsx
@@ -8,7 +8,6 @@ import { GetOrgResponse } from "@server/routers/org";
 import OrgProvider from "@app/providers/OrgProvider";
 import { ListAccessTokensResponse } from "@server/routers/accessToken";
 import ShareLinksTable, { ShareLinkRow } from "../../../../components/ShareLinksTable";
-import ShareableLinksSplash from "../../../../components/ShareLinksSplash";
 import { getTranslations } from "next-intl/server";
 
 type ShareLinksPageProps = {

From bc151df6387e7c4a77eeb1b10d5a9af7044981f6 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Sat, 6 Sep 2025 22:24:22 -0700
Subject: [PATCH 021/166] auto detect public ip

---
 install/main.go | 36 ++++++++++++++++++++++++++++++++++--
 1 file changed, 34 insertions(+), 2 deletions(-)

diff --git a/install/main.go b/install/main.go
index 1d684b51..33606250 100644
--- a/install/main.go
+++ b/install/main.go
@@ -8,6 +8,8 @@ import (
 	"io"
 	"io/fs"
 	"math/rand"
+	"net"
+	"net/http"
 	"os"
 	"os/exec"
 	"path/filepath"
@@ -15,7 +17,6 @@ import (
 	"strings"
 	"text/template"
 	"time"
-    "net"
 )
 
 // DO NOT EDIT THIS FUNCTION; IT MATCHED BY REGEX IN CICD
@@ -328,7 +329,12 @@ func collectUserInput(reader *bufio.Reader) Config {
 			config.HybridSecret = readString(reader, "Enter your secret", "")
 		} 
 
-		config.DashboardDomain = readString(reader, "The public addressable IP address for this node or a domain pointing to it", "")
+		// Try to get public IP as default
+		publicIP := getPublicIP()
+		if publicIP != "" {
+			fmt.Printf("Detected public IP: %s\n", publicIP)
+		}
+		config.DashboardDomain = readString(reader, "The public addressable IP address for this node or a domain pointing to it", publicIP)
 		config.InstallGerbil = true
 	} else {
 		config.BaseDomain = readString(reader, "Enter your base domain (no subdomain e.g. example.com)", "")
@@ -584,6 +590,32 @@ func generateRandomSecretKey() string {
 	return string(b)
 }
 
+func getPublicIP() string {
+	client := &http.Client{
+		Timeout: 10 * time.Second,
+	}
+	
+	resp, err := client.Get("https://ifconfig.io/ip")
+	if err != nil {
+		return ""
+	}
+	defer resp.Body.Close()
+	
+	body, err := io.ReadAll(resp.Body)
+	if err != nil {
+		return ""
+	}
+	
+	ip := strings.TrimSpace(string(body))
+	
+	// Validate that it's a valid IP address
+	if net.ParseIP(ip) != nil {
+		return ip
+	}
+	
+	return ""
+}
+
 // Run external commands with stdio/stderr attached.
 func run(name string, args ...string) error {
 	cmd := exec.Command(name, args...)

From 60d392742d08244d3cf8e546a7924e6c85f5e14e Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Sat, 6 Sep 2025 22:37:02 -0700
Subject: [PATCH 022/166] update install link

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 287f5e20..bcfef4d4 100644
--- a/README.md
+++ b/README.md
@@ -20,7 +20,7 @@ _Pangolin tunnels your services to the internet so you can access anything from
         Website
       </a>
       <span> | </span>
-      <a href="https://docs.digpangolin.com/self-host/quick-install">
+      <a href="https://docs.digpangolin.com/self-host/quick-install-managed">
         Install Guide
       </a>
       <span> | </span>

From cbee67e475dcf969196a8f2db1927366a96f83d9 Mon Sep 17 00:00:00 2001
From: Pallavi <pallavilpmt1995@gmail.com>
Date: Sun, 7 Sep 2025 22:47:06 +0530
Subject: [PATCH 023/166] Include region field in ExitNode query to match
 schema

---
 server/lib/exitNodes/exitNodes.ts | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/lib/exitNodes/exitNodes.ts b/server/lib/exitNodes/exitNodes.ts
index 06539bb0..7b571682 100644
--- a/server/lib/exitNodes/exitNodes.ts
+++ b/server/lib/exitNodes/exitNodes.ts
@@ -30,7 +30,8 @@ export async function listExitNodes(orgId: string, filterOnline = false) {
             maxConnections: exitNodes.maxConnections,
             online: exitNodes.online,
             lastPing: exitNodes.lastPing,
-            type: exitNodes.type
+            type: exitNodes.type,
+            region: exitNodes.region
         })
         .from(exitNodes);
 

From 068d8484fb3af07816885f32a6bc3719a61ded36 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 7 Sep 2025 10:46:44 -0700
Subject: [PATCH 024/166] Fix #1423

---
 .../integration/verifyApiKeySetResourceUsers.ts        | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/server/middlewares/integration/verifyApiKeySetResourceUsers.ts b/server/middlewares/integration/verifyApiKeySetResourceUsers.ts
index 9c96e6ec..51a8f3fc 100644
--- a/server/middlewares/integration/verifyApiKeySetResourceUsers.ts
+++ b/server/middlewares/integration/verifyApiKeySetResourceUsers.ts
@@ -19,6 +19,11 @@ export async function verifyApiKeySetResourceUsers(
         );
     }
 
+    if (apiKey.isRoot) {
+        // Root keys can access any key in any org
+        return next();
+    }
+
     if (!req.apiKeyOrg) {
         return next(
             createHttpError(
@@ -32,11 +37,6 @@ export async function verifyApiKeySetResourceUsers(
         return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid user IDs"));
     }
 
-    if (apiKey.isRoot) {
-        // Root keys can access any key in any org
-        return next();
-    }
-
     if (userIds.length === 0) {
         return next();
     }

From a6df41cb434c59ae4992697d573f653702886017 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 8 Sep 2025 17:37:30 -0700
Subject: [PATCH 025/166] Add resource niceId

---
 server/db/pg/schema.ts                      |  2 +-
 server/db/sqlite/schema.ts                  |  2 +-
 server/routers/external.ts                  |  6 ++
 server/routers/resource/getResource.ts      | 73 ++++++++++++++-------
 server/routers/resource/listResources.ts    |  4 +-
 src/app/[orgId]/settings/resources/page.tsx |  6 +-
 src/components/ResourcesTable.tsx           | 20 +++++-
 7 files changed, 84 insertions(+), 29 deletions(-)

diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index 1f571ab4..1e634cc9 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -71,7 +71,7 @@ export const resources = pgTable("resources", {
             onDelete: "cascade"
         })
         .notNull(),
-    niceId: text("niceId"), // TODO: SHOULD THIS BE NULLABLE?
+    niceId: text("niceId").notNull(),
     name: varchar("name").notNull(),
     subdomain: varchar("subdomain"),
     fullDomain: varchar("fullDomain"),
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 90b09734..2db0fdc4 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -77,7 +77,7 @@ export const resources = sqliteTable("resources", {
             onDelete: "cascade"
         })
         .notNull(),
-    niceId: text("niceId"), // TODO: SHOULD THIS BE NULLABLE?
+    niceId: text("niceId").notNull(),
     name: text("name").notNull(),
     subdomain: text("subdomain"),
     fullDomain: text("fullDomain"),
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 6d00eb3c..22bfe8bb 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -343,6 +343,12 @@ authenticated.get(
     verifyUserHasAction(ActionsEnum.getResource),
     resource.getResource
 );
+authenticated.get(
+    "/org/:orgId/resource/:niceId",
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.getResource),
+    resource.getResource
+);
 authenticated.post(
     "/resource/:resourceId",
     verifyResourceAccess,
diff --git a/server/routers/resource/getResource.ts b/server/routers/resource/getResource.ts
index a2c1c0d1..d2aebedd 100644
--- a/server/routers/resource/getResource.ts
+++ b/server/routers/resource/getResource.ts
@@ -2,32 +2,72 @@ import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
 import { Resource, resources, sites } from "@server/db";
-import { eq } from "drizzle-orm";
+import { eq, and } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
+import stoi from "@server/lib/stoi";
 import { OpenAPITags, registry } from "@server/openApi";
 
 const getResourceSchema = z
     .object({
         resourceId: z
             .string()
-            .transform(Number)
-            .pipe(z.number().int().positive())
+            .optional()
+            .transform(stoi)
+            .pipe(z.number().int().positive().optional())
+            .optional(),
+        niceId: z.string().optional(),
+        orgId: z.string().optional()
     })
     .strict();
 
-export type GetResourceResponse = Resource;
+async function query(resourceId?: number, niceId?: string, orgId?: string) {
+    if (resourceId) {
+        const [res] = await db
+            .select()
+            .from(resources)
+            .where(eq(resources.resourceId, resourceId))
+            .limit(1);
+        return res;
+    } else if (niceId && orgId) {
+        const [res] = await db
+            .select()
+            .from(resources)
+            .where(and(eq(resources.niceId, niceId), eq(resources.orgId, orgId)))
+            .limit(1);
+        return res;
+    }
+}
+
+export type GetResourceResponse = NonNullable<Awaited<ReturnType<typeof query>>>;
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/resource/{niceId}",
+    description:
+        "Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.",
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
+    request: {
+        params: z.object({
+            orgId: z.string(),
+            niceId: z.string()
+        })
+    },
+    responses: {}
+});
 
 registry.registerPath({
     method: "get",
     path: "/resource/{resourceId}",
-    description: "Get a resource.",
+    description: "Get a resource by resourceId.",
     tags: [OpenAPITags.Resource],
     request: {
-        params: getResourceSchema
+        params: z.object({
+            resourceId: z.number()
+        })
     },
     responses: {}
 });
@@ -48,29 +88,18 @@ export async function getResource(
             );
         }
 
-        const { resourceId } = parsedParams.data;
+        const { resourceId, niceId, orgId } = parsedParams.data;
 
-        const [resp] = await db
-            .select()
-            .from(resources)
-            .where(eq(resources.resourceId, resourceId))
-            .limit(1);
-
-        const resource = resp;
+        const resource = await query(resourceId, niceId, orgId);
 
         if (!resource) {
             return next(
-                createHttpError(
-                    HttpCode.NOT_FOUND,
-                    `Resource with ID ${resourceId} not found`
-                )
+                createHttpError(HttpCode.NOT_FOUND, "Resource not found")
             );
         }
 
-        return response(res, {
-            data: {
-                ...resource
-            },
+        return response<GetResourceResponse>(res, {
+            data: resource,
             success: true,
             error: false,
             message: "Resource retrieved successfully",
diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts
index 54878bfc..45d225ed 100644
--- a/server/routers/resource/listResources.ts
+++ b/server/routers/resource/listResources.ts
@@ -16,6 +16,7 @@ import logger from "@server/logger";
 import stoi from "@server/lib/stoi";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
+import { warn } from "console";
 
 const listResourcesParamsSchema = z
     .object({
@@ -54,7 +55,8 @@ function queryResources(accessibleResourceIds: number[], orgId: string) {
             protocol: resources.protocol,
             proxyPort: resources.proxyPort,
             enabled: resources.enabled,
-            domainId: resources.domainId
+            domainId: resources.domainId,
+            niceId: resources.niceId
         })
         .from(resources)
         .leftJoin(
diff --git a/src/app/[orgId]/settings/resources/page.tsx b/src/app/[orgId]/settings/resources/page.tsx
index b1b907e6..97abdd4c 100644
--- a/src/app/[orgId]/settings/resources/page.tsx
+++ b/src/app/[orgId]/settings/resources/page.tsx
@@ -76,8 +76,7 @@ export default async function ResourcesPage(props: ResourcesPageProps) {
             id: resource.resourceId,
             name: resource.name,
             orgId: params.orgId,
-
-
+            nice: resource.niceId,
             domain: `${resource.ssl ? "https://" : "http://"}${toUnicode(resource.fullDomain || "")}`,
             protocol: resource.protocol,
             proxyPort: resource.proxyPort,
@@ -91,7 +90,8 @@ export default async function ResourcesPage(props: ResourcesPageProps) {
                   ? "protected"
                   : "not_protected",
             enabled: resource.enabled,
-            domainId: resource.domainId || undefined
+            domainId: resource.domainId || undefined,
+            ssl: resource.ssl
         };
     });
 
diff --git a/src/components/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
index 622d42da..8a62c14b 100644
--- a/src/components/ResourcesTable.tsx
+++ b/src/components/ResourcesTable.tsx
@@ -66,6 +66,7 @@ import { Alert, AlertDescription } from "@app/components/ui/alert";
 
 export type ResourceRow = {
     id: number;
+    nice: string | null;
     name: string;
     orgId: string;
     domain: string;
@@ -75,6 +76,7 @@ export type ResourceRow = {
     proxyPort: number | null;
     enabled: boolean;
     domainId?: string;
+    ssl: boolean;
 };
 
 export type InternalResourceRow = {
@@ -336,12 +338,28 @@ export default function ResourcesTable({
                 );
             }
         },
+        {
+            accessorKey: "nice",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("resource")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
         {
             accessorKey: "protocol",
             header: t("protocol"),
             cell: ({ row }) => {
                 const resourceRow = row.original;
-                return <span>{resourceRow.protocol.toUpperCase()}</span>;
+                return <span>{resourceRow.http ? (resourceRow.ssl ? "HTTPS" : "HTTP") : resourceRow.protocol.toUpperCase()}</span>;
             }
         },
         {

From d1890a27562c37cfa941fd7f354aa731d231bdd2 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 8 Sep 2025 17:50:07 -0700
Subject: [PATCH 026/166] Resource identified with niceId now

---
 server/db/names.ts                            | 21 ++++++++++++++++++-
 server/routers/resource/createResource.ts     |  7 +++++++
 .../authentication/page.tsx                   |  0
 .../general/page.tsx                          |  0
 .../{[resourceId] => [niceId]}/layout.tsx     | 12 +++++------
 .../{[resourceId] => [niceId]}/page.tsx       |  4 ++--
 .../{[resourceId] => [niceId]}/proxy/page.tsx |  6 +++---
 .../{[resourceId] => [niceId]}/rules/page.tsx | 10 ++++-----
 src/components/ResourcesTable.tsx             |  2 +-
 9 files changed, 44 insertions(+), 18 deletions(-)
 rename src/app/[orgId]/settings/resources/{[resourceId] => [niceId]}/authentication/page.tsx (100%)
 rename src/app/[orgId]/settings/resources/{[resourceId] => [niceId]}/general/page.tsx (100%)
 rename src/app/[orgId]/settings/resources/{[resourceId] => [niceId]}/layout.tsx (89%)
 rename src/app/[orgId]/settings/resources/{[resourceId] => [niceId]}/page.tsx (53%)
 rename src/app/[orgId]/settings/resources/{[resourceId] => [niceId]}/proxy/page.tsx (99%)
 rename src/app/[orgId]/settings/resources/{[resourceId] => [niceId]}/rules/page.tsx (98%)

diff --git a/server/db/names.ts b/server/db/names.ts
index 41f4c170..9c671a22 100644
--- a/server/db/names.ts
+++ b/server/db/names.ts
@@ -1,6 +1,6 @@
 import { join } from "path";
 import { readFileSync } from "fs";
-import { db } from "@server/db";
+import { db, resources } from "@server/db";
 import { exitNodes, sites } from "@server/db";
 import { eq, and } from "drizzle-orm";
 import { __DIRNAME } from "@server/lib/consts";
@@ -34,6 +34,25 @@ export async function getUniqueSiteName(orgId: string): Promise<string> {
     }
 }
 
+export async function getUniqueResourceName(orgId: string): Promise<string> {
+    let loops = 0;
+    while (true) {
+        if (loops > 100) {
+            throw new Error("Could not generate a unique name");
+        }
+
+        const name = generateName();
+        const count = await db
+            .select({ niceId: resources.niceId, orgId: resources.orgId })
+            .from(resources)
+            .where(and(eq(resources.niceId, name), eq(resources.orgId, orgId)));
+        if (count.length === 0) {
+            return name;
+        }
+        loops++;
+    }
+}
+
 export async function getUniqueExitNodeEndpointName(): Promise<string> {
     let loops = 0;
     const count = await db
diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts
index 5b27cb41..3616140a 100644
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -21,6 +21,7 @@ import { subdomainSchema } from "@server/lib/schemas";
 import config from "@server/lib/config";
 import { OpenAPITags, registry } from "@server/openApi";
 import { build } from "@server/build";
+import { getUniqueResourceName } from "@server/db/names";
 
 const createResourceParamsSchema = z
     .object({
@@ -283,10 +284,13 @@ async function createHttpResource(
 
     let resource: Resource | undefined;
 
+    const niceId = await getUniqueResourceName(orgId);
+
     await db.transaction(async (trx) => {
         const newResource = await trx
             .insert(resources)
             .values({
+                niceId,
                 fullDomain,
                 domainId,
                 orgId,
@@ -391,10 +395,13 @@ async function createRawResource(
 
     let resource: Resource | undefined;
 
+    const niceId = await getUniqueResourceName(orgId);
+
     await db.transaction(async (trx) => {
         const newResource = await trx
             .insert(resources)
             .values({
+                niceId,
                 orgId,
                 name,
                 http,
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/authentication/page.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
rename to src/app/[orgId]/settings/resources/[niceId]/authentication/page.tsx
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
similarity index 100%
rename from src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
rename to src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/layout.tsx b/src/app/[orgId]/settings/resources/[niceId]/layout.tsx
similarity index 89%
rename from src/app/[orgId]/settings/resources/[resourceId]/layout.tsx
rename to src/app/[orgId]/settings/resources/[niceId]/layout.tsx
index 8a5d0997..3f8425ce 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/layout.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/layout.tsx
@@ -18,7 +18,7 @@ import { getTranslations } from 'next-intl/server';
 
 interface ResourceLayoutProps {
     children: React.ReactNode;
-    params: Promise<{ resourceId: number | string; orgId: string }>;
+    params: Promise<{ niceId: string; orgId: string }>;
 }
 
 export default async function ResourceLayout(props: ResourceLayoutProps) {
@@ -31,7 +31,7 @@ export default async function ResourceLayout(props: ResourceLayoutProps) {
     let resource = null;
     try {
         const res = await internal.get<AxiosResponse<GetResourceResponse>>(
-            `/resource/${params.resourceId}`,
+            `/org/${params.orgId}/resource/${params.niceId}`,
             await authCookieHeader()
         );
         resource = res.data.data;
@@ -77,22 +77,22 @@ export default async function ResourceLayout(props: ResourceLayoutProps) {
     const navItems = [
         {
             title: t('general'),
-            href: `/{orgId}/settings/resources/{resourceId}/general`
+            href: `/{orgId}/settings/resources/{niceId}/general`
         },
         {
             title: t('proxy'),
-            href: `/{orgId}/settings/resources/{resourceId}/proxy`
+            href: `/{orgId}/settings/resources/{niceId}/proxy`
         }
     ];
 
     if (resource.http) {
         navItems.push({
             title: t('authentication'),
-            href: `/{orgId}/settings/resources/{resourceId}/authentication`
+            href: `/{orgId}/settings/resources/{niceId}/authentication`
         });
         navItems.push({
             title: t('rules'),
-            href: `/{orgId}/settings/resources/{resourceId}/rules`
+            href: `/{orgId}/settings/resources/{niceId}/rules`
         });
     }
 
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/page.tsx
similarity index 53%
rename from src/app/[orgId]/settings/resources/[resourceId]/page.tsx
rename to src/app/[orgId]/settings/resources/[niceId]/page.tsx
index a0d45a94..41995661 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/page.tsx
@@ -1,10 +1,10 @@
 import { redirect } from "next/navigation";
 
 export default async function ResourcePage(props: {
-    params: Promise<{ resourceId: number | string; orgId: string }>;
+    params: Promise<{ niceId: string; orgId: string }>;
 }) {
     const params = await props.params;
     redirect(
-        `/${params.orgId}/settings/resources/${params.resourceId}/proxy`
+        `/${params.orgId}/settings/resources/${params.niceId}/proxy`
     );
 }
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
similarity index 99%
rename from src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx
rename to src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 87c3dd13..27c795ef 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -256,7 +256,7 @@ export default function ReverseProxyTargets(props: {
         const fetchTargets = async () => {
             try {
                 const res = await api.get<AxiosResponse<ListTargetsResponse>>(
-                    `/resource/${params.resourceId}/targets`
+                    `/resource/${resource.resourceId}/targets`
                 );
 
                 if (res.status === 200) {
@@ -447,7 +447,7 @@ export default function ReverseProxyTargets(props: {
                 if (target.new) {
                     const res = await api.put<
                         AxiosResponse<CreateTargetResponse>
-                    >(`/resource/${params.resourceId}/target`, data);
+                    >(`/resource/${resource.resourceId}/target`, data);
                     target.targetId = res.data.data.targetId;
                     target.new = false;
                 } else if (target.updated) {
@@ -475,7 +475,7 @@ export default function ReverseProxyTargets(props: {
                 };
 
                 // Single API call to update all settings
-                await api.post(`/resource/${params.resourceId}`, payload);
+                await api.post(`/resource/${resource.resourceId}`, payload);
 
                 // Update local resource context
                 updateResource({
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
similarity index 98%
rename from src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx
rename to src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
index 424d7973..8b5e4709 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
@@ -128,7 +128,7 @@ export default function ResourceRules(props: {
             try {
                 const res = await api.get<
                     AxiosResponse<ListResourceRulesResponse>
-                >(`/resource/${params.resourceId}/rules`);
+                >(`/resource/${resource.resourceId}/rules`);
                 if (res.status === 200) {
                     setRules(res.data.data.rules);
                 }
@@ -251,7 +251,7 @@ export default function ResourceRules(props: {
 
             // Save rules enabled state
             const res = await api
-                .post(`/resource/${params.resourceId}`, {
+                .post(`/resource/${resource.resourceId}`, {
                     applyRules: rulesEnabled
                 })
                 .catch((err) => {
@@ -336,13 +336,13 @@ export default function ResourceRules(props: {
 
                 if (rule.new) {
                     const res = await api.put(
-                        `/resource/${params.resourceId}/rule`,
+                        `/resource/${resource.resourceId}/rule`,
                         data
                     );
                     rule.ruleId = res.data.data.ruleId;
                 } else if (rule.updated) {
                     await api.post(
-                        `/resource/${params.resourceId}/rule/${rule.ruleId}`,
+                        `/resource/${resource.resourceId}/rule/${rule.ruleId}`,
                         data
                     );
                 }
@@ -361,7 +361,7 @@ export default function ResourceRules(props: {
 
             for (const ruleId of rulesToRemove) {
                 await api.delete(
-                    `/resource/${params.resourceId}/rule/${ruleId}`
+                    `/resource/${resource.resourceId}/rule/${ruleId}`
                 );
                 setRules(rules.filter((r) => r.ruleId !== ruleId));
             }
diff --git a/src/components/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
index 8a62c14b..3352c4fa 100644
--- a/src/components/ResourcesTable.tsx
+++ b/src/components/ResourcesTable.tsx
@@ -481,7 +481,7 @@ export default function ResourcesTable({
                             </DropdownMenuContent>
                         </DropdownMenu>
                         <Link
-                            href={`/${resourceRow.orgId}/settings/resources/${resourceRow.id}`}
+                            href={`/${resourceRow.orgId}/settings/resources/${resourceRow.nice}`}
                         >
                             <Button
                                 variant={"secondary"}

From 1cdecf8480ba66cbab7b14690b113ca38d1d9f3b Mon Sep 17 00:00:00 2001
From: Pallavi <pallavilpmt1995@gmail.com>
Date: Sun, 7 Sep 2025 23:45:35 +0530
Subject: [PATCH 027/166] inconsistent destinationIp validation between create
 and update

---
 server/routers/siteResource/updateSiteResource.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts
index 82e2fe68..f6f71124 100644
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -28,7 +28,7 @@ const updateSiteResourceSchema = z
         protocol: z.enum(["tcp", "udp"]).optional(),
         proxyPort: z.number().int().positive().optional(),
         destinationPort: z.number().int().positive().optional(),
-        destinationIp: z.string().ip().optional(),
+        destinationIp: z.string().optional(),
         enabled: z.boolean().optional()
     })
     .strict();

From 1b9ed8aab454454993448577c9cd5352b2429e5c Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 4 Sep 2025 11:39:58 -0700
Subject: [PATCH 028/166] New translations en-us.json (Korean)

---
 messages/ko-KR.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index 616456da..b0d83e94 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "업데이트 가능",
     "newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
     "domainPickerEnterDomain": "도메인",
-    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "리소스의 전체 도메인을 입력하여 사용 가능한 옵션을 확인하십시오.",
     "domainPickerDescriptionSaas": "전체 도메인, 서브도메인 또는 이름을 입력하여 사용 가능한 옵션을 확인하십시오.",
     "domainPickerTabAll": "모두",

From 2814d2410b387517257779837d4909b90c331721 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 4 Sep 2025 11:40:00 -0700
Subject: [PATCH 029/166] New translations en-us.json (Dutch)

---
 messages/nl-NL.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 6252d752..8c3ac1eb 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Update beschikbaar",
     "newtUpdateAvailableInfo": "Er is een nieuwe versie van Newt beschikbaar. Update naar de nieuwste versie voor de beste ervaring.",
     "domainPickerEnterDomain": "Domein",
-    "domainPickerPlaceholder": "mijnapp.voorbeeld.com, api.v1.mijndomein.com, of gewoon mijnapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Voer de volledige domein van de bron in om beschikbare opties te zien.",
     "domainPickerDescriptionSaas": "Voer een volledig domein, subdomein of gewoon een naam in om beschikbare opties te zien",
     "domainPickerTabAll": "Alles",

From f889e54052f0463037f1f272ced696711deb2995 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 4 Sep 2025 11:40:02 -0700
Subject: [PATCH 030/166] New translations en-us.json (Portuguese)

---
 messages/pt-PT.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 84afb6aa..87482c86 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Nova Atualização Disponível",
     "newtUpdateAvailableInfo": "Uma nova versão do Newt está disponível. Atualize para a versão mais recente para uma melhor experiência.",
     "domainPickerEnterDomain": "Domínio",
-    "domainPickerPlaceholder": "meuapp.exemplo.com, api.v1.meudominio.com, ou apenas meuapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Insira o domínio completo do recurso para ver as opções disponíveis.",
     "domainPickerDescriptionSaas": "Insira um domínio completo, subdomínio ou apenas um nome para ver as opções disponíveis",
     "domainPickerTabAll": "Todos",

From 227c8985831487197813d83166059c4db4bb3769 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 4 Sep 2025 11:40:06 -0700
Subject: [PATCH 031/166] New translations en-us.json (Chinese Simplified)

---
 messages/zh-CN.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index 1eaa2263..50f86499 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "更新可用",
     "newtUpdateAvailableInfo": "新版本的 Newt 已可用。请更新到最新版本以获得最佳体验。",
     "domainPickerEnterDomain": "域名",
-    "domainPickerPlaceholder": "myapp.example.com、api.v1.mydomain.com 或仅 myapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "输入资源的完整域名以查看可用选项。",
     "domainPickerDescriptionSaas": "输入完整域名、子域或名称以查看可用选项。",
     "domainPickerTabAll": "所有",

From 791bcb2df13afef49ae82e9e4ac0db0d6adf7184 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 4 Sep 2025 11:40:07 -0700
Subject: [PATCH 032/166] New translations en-us.json (Norwegian Bokmal)

---
 messages/nb-NO.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index 6d1ae86a..4c9d9a3c 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -1234,7 +1234,7 @@
     "newtUpdateAvailable": "Oppdatering tilgjengelig",
     "newtUpdateAvailableInfo": "En ny versjon av Newt er tilgjengelig. Vennligst oppdater til den nyeste versjonen for den beste opplevelsen.",
     "domainPickerEnterDomain": "Domene",
-    "domainPickerPlaceholder": "minapp.eksempel.com, api.v1.mittdomene.com, eller bare minapp",
+    "domainPickerPlaceholder": "myapp.example.com",
     "domainPickerDescription": "Skriv inn hele domenet til ressursen for å se tilgjengelige alternativer.",
     "domainPickerDescriptionSaas": "Skriv inn et fullt domene, underdomene eller bare et navn for å se tilgjengelige alternativer",
     "domainPickerTabAll": "Alle",

From 58ebd1275bfab55c84cf61e657d6c09482928e6d Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:43 -0700
Subject: [PATCH 033/166] New translations en-us.json (French)

---
 messages/fr-FR.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index a7d4a74f..eff4b2e8 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Une erreur s'est produite lors de l'ajout de l'utilisateur au rôle.",
     "userSaved": "Utilisateur enregistré",
     "userSavedDescription": "L'utilisateur a été mis à jour.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Gérer ce que cet utilisateur peut accéder et faire dans l'organisation",
     "accessControlsSubmit": "Enregistrer les contrôles d'accès",
     "roles": "Rôles",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Connecté",
     "idpErrorConnectingTo": "Un problème est survenu lors de la connexion à {name}. Veuillez contacter votre administrateur.",
     "idpErrorNotFound": "IdP introuvable",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Invitation invalide",
     "inviteInvalidDescription": "Le lien d'invitation n'est pas valide.",
     "inviteErrorWrongUser": "L'invitation n'est pas pour cet utilisateur",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Édition Professionnelle Requise",
     "licenseTierProfessionalRequiredDescription": "Cette fonctionnalité n'est disponible que dans l'Édition Professionnelle.",
     "actionGetOrg": "Obtenir l'organisation",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Mettre à jour l'organisation",
     "actionUpdateUser": "Mettre à jour l'utilisateur",
     "actionGetUser": "Obtenir l'utilisateur",
@@ -1496,5 +1502,7 @@
         "convertButton": "Convertir ce noeud en auto-hébergé géré"
     },
     "internationaldomaindetected": "Domaine international détecté",
-    "willbestoredas": "Sera stocké comme :"
+    "willbestoredas": "Sera stocké comme :",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 3538bb793e129bac3fb417f4a8338af16eecb6d9 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:45 -0700
Subject: [PATCH 034/166] New translations en-us.json (Spanish)

---
 messages/es-ES.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/es-ES.json b/messages/es-ES.json
index a4fb0646..3be67893 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Ocurrió un error mientras se añadía el usuario al rol.",
     "userSaved": "Usuario guardado",
     "userSavedDescription": "El usuario ha sido actualizado.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Administrar lo que este usuario puede acceder y hacer en la organización",
     "accessControlsSubmit": "Guardar controles de acceso",
     "roles": "Roles",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Conectado",
     "idpErrorConnectingTo": "Hubo un problema al conectar con {name}. Por favor, póngase en contacto con su administrador.",
     "idpErrorNotFound": "IdP no encontrado",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Invitación inválida",
     "inviteInvalidDescription": "El enlace de invitación no es válido.",
     "inviteErrorWrongUser": "La invitación no es para este usuario",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Edición Profesional requerida",
     "licenseTierProfessionalRequiredDescription": "Esta característica sólo está disponible en la Edición Profesional.",
     "actionGetOrg": "Obtener organización",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Actualizar organización",
     "actionUpdateUser": "Actualizar usuario",
     "actionGetUser": "Obtener usuario",
@@ -1496,5 +1502,7 @@
         "convertButton": "Convierte este nodo a autoalojado administrado"
     },
     "internationaldomaindetected": "Dominio Internacional detectado",
-    "willbestoredas": "Se almacenará como:"
+    "willbestoredas": "Se almacenará como:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 553cc3083602f40ea23dc76ac6552aced5aef755 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:46 -0700
Subject: [PATCH 035/166] New translations en-us.json (Bulgarian)

---
 messages/bg-BG.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index a388c4d9..9208a18d 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "An error occurred while adding user to the role.",
     "userSaved": "User saved",
     "userSavedDescription": "The user has been updated.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Manage what this user can access and do in the organization",
     "accessControlsSubmit": "Save Access Controls",
     "roles": "Roles",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Connected",
     "idpErrorConnectingTo": "There was a problem connecting to {name}. Please contact your administrator.",
     "idpErrorNotFound": "IdP not found",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Invalid Invite",
     "inviteInvalidDescription": "The invite link is invalid.",
     "inviteErrorWrongUser": "Invite is not for this user",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Professional Edition Required",
     "licenseTierProfessionalRequiredDescription": "This feature is only available in the Professional Edition.",
     "actionGetOrg": "Get Organization",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Update Organization",
     "actionUpdateUser": "Update User",
     "actionGetUser": "Get User",
@@ -1496,5 +1502,7 @@
         "convertButton": "Convert This Node to Managed Self-Hosted"
     },
     "internationaldomaindetected": "International Domain Detected",
-    "willbestoredas": "Will be stored as:"
+    "willbestoredas": "Will be stored as:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 38c8f576e09882939d384134ceacccf9ce47299c Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:47 -0700
Subject: [PATCH 036/166] New translations en-us.json (Czech)

---
 messages/cs-CZ.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index eae522ee..d1b2703e 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "An error occurred while adding user to the role.",
     "userSaved": "User saved",
     "userSavedDescription": "The user has been updated.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Manage what this user can access and do in the organization",
     "accessControlsSubmit": "Save Access Controls",
     "roles": "Roles",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Connected",
     "idpErrorConnectingTo": "There was a problem connecting to {name}. Please contact your administrator.",
     "idpErrorNotFound": "IdP not found",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Invalid Invite",
     "inviteInvalidDescription": "The invite link is invalid.",
     "inviteErrorWrongUser": "Invite is not for this user",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Professional Edition Required",
     "licenseTierProfessionalRequiredDescription": "This feature is only available in the Professional Edition.",
     "actionGetOrg": "Get Organization",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Update Organization",
     "actionUpdateUser": "Update User",
     "actionGetUser": "Get User",
@@ -1496,5 +1502,7 @@
         "convertButton": "Convert This Node to Managed Self-Hosted"
     },
     "internationaldomaindetected": "International Domain Detected",
-    "willbestoredas": "Will be stored as:"
+    "willbestoredas": "Will be stored as:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From dac9608bef73716557f477f7a19be3bb992f80a2 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:48 -0700
Subject: [PATCH 037/166] New translations en-us.json (German)

---
 messages/de-DE.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index e97ca32d..d5b3d5c8 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Beim Hinzufügen des Benutzers zur Rolle ist ein Fehler aufgetreten.",
     "userSaved": "Benutzer gespeichert",
     "userSavedDescription": "Der Benutzer wurde aktualisiert.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Verwalten Sie, worauf dieser Benutzer in der Organisation zugreifen und was er tun kann",
     "accessControlsSubmit": "Zugriffskontrollen speichern",
     "roles": "Rollen",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Verbunden",
     "idpErrorConnectingTo": "Es gab ein Problem bei der Verbindung zu {name}. Bitte kontaktieren Sie Ihren Administrator.",
     "idpErrorNotFound": "IdP nicht gefunden",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Ungültige Einladung",
     "inviteInvalidDescription": "Der Einladungslink ist ungültig.",
     "inviteErrorWrongUser": "Einladung ist nicht für diesen Benutzer",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Professional Edition erforderlich",
     "licenseTierProfessionalRequiredDescription": "Diese Funktion ist nur in der Professional Edition verfügbar.",
     "actionGetOrg": "Organisation abrufen",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Organisation aktualisieren",
     "actionUpdateUser": "Benutzer aktualisieren",
     "actionGetUser": "Benutzer abrufen",
@@ -1496,5 +1502,7 @@
         "convertButton": "Diesen Knoten in Managed Self-Hosted umwandeln"
     },
     "internationaldomaindetected": "Internationale Domain erkannt",
-    "willbestoredas": "Wird gespeichert als:"
+    "willbestoredas": "Wird gespeichert als:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From c9dfff290bb59c2ad1dc2775fd04a48620b7daf2 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:49 -0700
Subject: [PATCH 038/166] New translations en-us.json (Italian)

---
 messages/it-IT.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/it-IT.json b/messages/it-IT.json
index 489a5bcd..377fe4ce 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Si è verificato un errore durante l'aggiunta dell'utente al ruolo.",
     "userSaved": "Utente salvato",
     "userSavedDescription": "L'utente è stato aggiornato.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Gestisci cosa questo utente può accedere e fare nell'organizzazione",
     "accessControlsSubmit": "Salva Controlli di Accesso",
     "roles": "Ruoli",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Connesso",
     "idpErrorConnectingTo": "Si è verificato un problema durante la connessione a {name}. Contatta il tuo amministratore.",
     "idpErrorNotFound": "IdP non trovato",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Invito Non Valido",
     "inviteInvalidDescription": "Il link di invito non è valido.",
     "inviteErrorWrongUser": "L'invito non è per questo utente",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Edizione Professional Richiesta",
     "licenseTierProfessionalRequiredDescription": "Questa funzionalità è disponibile solo nell'Edizione Professional.",
     "actionGetOrg": "Ottieni Organizzazione",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Aggiorna Organizzazione",
     "actionUpdateUser": "Aggiorna Utente",
     "actionGetUser": "Ottieni Utente",
@@ -1496,5 +1502,7 @@
         "convertButton": "Converti questo nodo in auto-ospitato gestito"
     },
     "internationaldomaindetected": "Dominio Internazionale Rilevato",
-    "willbestoredas": "Verrà conservato come:"
+    "willbestoredas": "Verrà conservato come:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 452338e67b6f2f087d81a7d4c4c57b09b0aea7aa Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:51 -0700
Subject: [PATCH 039/166] New translations en-us.json (Korean)

---
 messages/ko-KR.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index b0d83e94..722e83ac 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "사용자를 역할에 추가하는 동안 오류가 발생했습니다.",
     "userSaved": "사용자 저장됨",
     "userSavedDescription": "사용자가 업데이트되었습니다.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "이 사용자가 조직에서 접근하고 수행할 수 있는 작업을 관리하세요",
     "accessControlsSubmit": "접근 제어 저장",
     "roles": "역할",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "연결됨",
     "idpErrorConnectingTo": "{name}에 연결하는 데 문제가 발생했습니다. 관리자에게 문의하십시오.",
     "idpErrorNotFound": "IdP를 찾을 수 없습니다.",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "유효하지 않은 초대",
     "inviteInvalidDescription": "초대 링크가 유효하지 않습니다.",
     "inviteErrorWrongUser": "이 초대는 이 사용자에게 해당되지 않습니다",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "전문 에디션이 필요합니다.",
     "licenseTierProfessionalRequiredDescription": "이 기능은 Professional Edition에서만 사용할 수 있습니다.",
     "actionGetOrg": "조직 가져오기",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "조직 업데이트",
     "actionUpdateUser": "사용자 업데이트",
     "actionGetUser": "사용자 조회",
@@ -1496,5 +1502,7 @@
         "convertButton": "이 노드를 관리 자체 호스팅으로 변환"
     },
     "internationaldomaindetected": "국제 도메인 감지됨",
-    "willbestoredas": "다음으로 저장됩니다:"
+    "willbestoredas": "다음으로 저장됩니다:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 567e74046d252239f4cc38f47a8bb43700479e0b Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:52 -0700
Subject: [PATCH 040/166] New translations en-us.json (Dutch)

---
 messages/nl-NL.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 8c3ac1eb..4c209e09 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Er is een fout opgetreden tijdens het toevoegen van de rol.",
     "userSaved": "Gebruiker opgeslagen",
     "userSavedDescription": "De gebruiker is bijgewerkt.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Beheer wat deze gebruiker toegang heeft tot en doet in de organisatie",
     "accessControlsSubmit": "Bewaar Toegangsbesturing",
     "roles": "Rollen",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Verbonden",
     "idpErrorConnectingTo": "Er was een probleem bij het verbinden met {name}. Neem contact op met uw beheerder.",
     "idpErrorNotFound": "IdP niet gevonden",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Ongeldige uitnodiging",
     "inviteInvalidDescription": "Uitnodigingslink is ongeldig.",
     "inviteErrorWrongUser": "Uitnodiging is niet voor deze gebruiker",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Professionele editie vereist",
     "licenseTierProfessionalRequiredDescription": "Deze functie is alleen beschikbaar in de Professional Edition.",
     "actionGetOrg": "Krijg Organisatie",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Organisatie bijwerken",
     "actionUpdateUser": "Gebruiker bijwerken",
     "actionGetUser": "Gebruiker ophalen",
@@ -1496,5 +1502,7 @@
         "convertButton": "Converteer deze node naar Beheerde Zelf-Hosted"
     },
     "internationaldomaindetected": "Internationaal Domein Gedetecteerd",
-    "willbestoredas": "Zal worden opgeslagen als:"
+    "willbestoredas": "Zal worden opgeslagen als:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From f7afdca5c0bddb98bd5be5d9fda069f651f31c66 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:53 -0700
Subject: [PATCH 041/166] New translations en-us.json (Polish)

---
 messages/pl-PL.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index 5a8a1437..4ad81acc 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Wystąpił błąd podczas dodawania użytkownika do roli.",
     "userSaved": "Użytkownik zapisany",
     "userSavedDescription": "Użytkownik został zaktualizowany.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Zarządzaj tym, do czego użytkownik ma dostęp i co może robić w organizacji",
     "accessControlsSubmit": "Zapisz kontrole dostępu",
     "roles": "Role",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Połączono",
     "idpErrorConnectingTo": "Wystąpił problem z połączeniem z {name}. Skontaktuj się z administratorem.",
     "idpErrorNotFound": "Nie znaleziono IdP",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Nieprawidłowe zaproszenie",
     "inviteInvalidDescription": "Link zapraszający jest nieprawidłowy.",
     "inviteErrorWrongUser": "Zaproszenie nie jest dla tego użytkownika",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Wymagana edycja Professional",
     "licenseTierProfessionalRequiredDescription": "Ta funkcja jest dostępna tylko w edycji Professional.",
     "actionGetOrg": "Pobierz organizację",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Aktualizuj organizację",
     "actionUpdateUser": "Zaktualizuj użytkownika",
     "actionGetUser": "Pobierz użytkownika",
@@ -1496,5 +1502,7 @@
         "convertButton": "Konwertuj ten węzeł do zarządzanego samodzielnie"
     },
     "internationaldomaindetected": "Wykryto międzynarodową domenę",
-    "willbestoredas": "Będą przechowywane jako:"
+    "willbestoredas": "Będą przechowywane jako:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 01fef8ab097823bade0285a7bc28fc9bceaf5774 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:54 -0700
Subject: [PATCH 042/166] New translations en-us.json (Portuguese)

---
 messages/pt-PT.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 87482c86..585983d7 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Ocorreu um erro ao adicionar usuário à função.",
     "userSaved": "Usuário salvo",
     "userSavedDescription": "O usuário foi atualizado.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Gerencie o que este usuário pode acessar e fazer na organização",
     "accessControlsSubmit": "Salvar Controles de Acesso",
     "roles": "Funções",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Conectado",
     "idpErrorConnectingTo": "Ocorreu um problema ao ligar a {name}. Por favor, contacte o seu administrador.",
     "idpErrorNotFound": "IdP não encontrado",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Convite Inválido",
     "inviteInvalidDescription": "O link do convite é inválido.",
     "inviteErrorWrongUser": "O convite não é para este usuário",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Edição Profissional Necessária",
     "licenseTierProfessionalRequiredDescription": "Esta funcionalidade só está disponível na Edição Profissional.",
     "actionGetOrg": "Obter Organização",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Atualizar Organização",
     "actionUpdateUser": "Atualizar Usuário",
     "actionGetUser": "Obter Usuário",
@@ -1496,5 +1502,7 @@
         "convertButton": "Converter este nó para Auto-Hospedado Gerenciado"
     },
     "internationaldomaindetected": "Domínio Internacional Detectado",
-    "willbestoredas": "Será armazenado como:"
+    "willbestoredas": "Será armazenado como:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 60a4e31ff529b437ac9ab47146fc201a68138a3e Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:55 -0700
Subject: [PATCH 043/166] New translations en-us.json (Russian)

---
 messages/ru-RU.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index 284f4e63..7b8b2d67 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Произошла ошибка при добавлении пользователя в роль.",
     "userSaved": "Пользователь сохранён",
     "userSavedDescription": "Пользователь был обновлён.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Управляйте тем, к чему этот пользователь может получить доступ и что делать в организации",
     "accessControlsSubmit": "Сохранить контроль доступа",
     "roles": "Роли",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Подключено",
     "idpErrorConnectingTo": "Возникла проблема при подключении к {name}. Пожалуйста, свяжитесь с вашим администратором.",
     "idpErrorNotFound": "IdP не найден",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Недействительное приглашение",
     "inviteInvalidDescription": "Ссылка на приглашение недействительна.",
     "inviteErrorWrongUser": "Приглашение не для этого пользователя",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Требуется профессиональная версия",
     "licenseTierProfessionalRequiredDescription": "Эта функция доступна только в профессиональной версии.",
     "actionGetOrg": "Получить организацию",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Обновить организацию",
     "actionUpdateUser": "Обновить пользователя",
     "actionGetUser": "Получить пользователя",
@@ -1496,5 +1502,7 @@
         "convertButton": "Конвертировать этот узел в управляемый себе-хост"
     },
     "internationaldomaindetected": "Обнаружен международный домен",
-    "willbestoredas": "Будет храниться как:"
+    "willbestoredas": "Будет храниться как:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From fb0fee244fa7d69c455823149bfe308dfa7c7f65 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:57 -0700
Subject: [PATCH 044/166] New translations en-us.json (Turkish)

---
 messages/tr-TR.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index 16ed968d..6008f2dc 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Kullanıcı role eklenirken bir hata oluştu.",
     "userSaved": "Kullanıcı kaydedildi",
     "userSavedDescription": "Kullanıcı güncellenmiştir.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Bu kullanıcının organizasyonda neleri erişebileceğini ve yapabileceğini yönetin",
     "accessControlsSubmit": "Erişim Kontrollerini Kaydet",
     "roles": "Roller",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Bağlandı",
     "idpErrorConnectingTo": "{name} ile bağlantı kurarken bir sorun meydana geldi. Lütfen yöneticiye danışın.",
     "idpErrorNotFound": "IdP bulunamadı",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Geçersiz Davet",
     "inviteInvalidDescription": "Davet bağlantısı geçersiz.",
     "inviteErrorWrongUser": "Davet bu kullanıcı için değil",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Profesyonel Sürüme Gereklidir",
     "licenseTierProfessionalRequiredDescription": "Bu özellik yalnızca Professional Edition'da kullanılabilir.",
     "actionGetOrg": "Kuruluşu Al",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Kuruluşu Güncelle",
     "actionUpdateUser": "Kullanıcıyı Güncelle",
     "actionGetUser": "Kullanıcıyı Getir",
@@ -1496,5 +1502,7 @@
         "convertButton": "Bu Düğümü Yönetilen Kendi Kendine Barındırma Dönüştürün"
     },
     "internationaldomaindetected": "Uluslararası Alan Adı Tespit Edildi",
-    "willbestoredas": "Şu şekilde depolanacak:"
+    "willbestoredas": "Şu şekilde depolanacak:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 4a70868d82a0e7e78dc39691375cdc4d4cfdd6a9 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:58 -0700
Subject: [PATCH 045/166] New translations en-us.json (Chinese Simplified)

---
 messages/zh-CN.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index 50f86499..25f09780 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "添加用户到角色时出错。",
     "userSaved": "用户已保存",
     "userSavedDescription": "用户已更新。",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "管理此用户在组织中可以访问和做什么",
     "accessControlsSubmit": "保存访问控制",
     "roles": "角色",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "已连接",
     "idpErrorConnectingTo": "无法连接到 {name}，请联系管理员协助处理。",
     "idpErrorNotFound": "找不到 IdP",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "无效邀请",
     "inviteInvalidDescription": "邀请链接无效。",
     "inviteErrorWrongUser": "邀请不是该用户的",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "需要专业版",
     "licenseTierProfessionalRequiredDescription": "此功能仅在专业版可用。",
     "actionGetOrg": "获取组织",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "更新组织",
     "actionUpdateUser": "更新用户",
     "actionGetUser": "获取用户",
@@ -1496,5 +1502,7 @@
         "convertButton": "将此节点转换为管理自托管的"
     },
     "internationaldomaindetected": "检测到国际域",
-    "willbestoredas": "储存为："
+    "willbestoredas": "储存为：",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From 34d9641aab9ba3110dc26fe3682ee7603b0ce1a3 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Fri, 5 Sep 2025 17:16:59 -0700
Subject: [PATCH 046/166] New translations en-us.json (Norwegian Bokmal)

---
 messages/nb-NO.json | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index 4c9d9a3c..ca2dec97 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -454,6 +454,8 @@
     "accessRoleErrorAddDescription": "Det oppstod en feil under tilordning av brukeren til rollen.",
     "userSaved": "Bruker lagret",
     "userSavedDescription": "Brukeren har blitt oppdatert.",
+    "autoProvisioned": "Auto Provisioned",
+    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
     "accessControlsDescription": "Administrer hva denne brukeren kan få tilgang til og gjøre i organisasjonen",
     "accessControlsSubmit": "Lagre tilgangskontroller",
     "roles": "Roller",
@@ -911,6 +913,8 @@
     "idpConnectingToFinished": "Tilkoblet",
     "idpErrorConnectingTo": "Det oppstod et problem med å koble til {name}. Vennligst kontakt din administrator.",
     "idpErrorNotFound": "IdP ikke funnet",
+    "idpGoogleAlt": "Google",
+    "idpAzureAlt": "Azure",
     "inviteInvalid": "Ugyldig invitasjon",
     "inviteInvalidDescription": "Invitasjonslenken er ugyldig.",
     "inviteErrorWrongUser": "Invitasjonen er ikke for denne brukeren",
@@ -982,6 +986,8 @@
     "licenseTierProfessionalRequired": "Profesjonell utgave påkrevd",
     "licenseTierProfessionalRequiredDescription": "Denne funksjonen er kun tilgjengelig i den profesjonelle utgaven.",
     "actionGetOrg": "Hent organisasjon",
+    "updateOrgUser": "Update Org User",
+    "createOrgUser": "Create Org User",
     "actionUpdateOrg": "Oppdater organisasjon",
     "actionUpdateUser": "Oppdater bruker",
     "actionGetUser": "Hent bruker",
@@ -1496,5 +1502,7 @@
         "convertButton": "Konverter denne noden til manuelt bruk"
     },
     "internationaldomaindetected": "Internasjonalt domene oppdaget",
-    "willbestoredas": "Vil bli lagret som:"
+    "willbestoredas": "Vil bli lagret som:",
+    "idpGoogleDescription": "Google OAuth2/OIDC provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
 }

From d040ca4208d02bbed82cc85084a97c12e0c2e713 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Mon, 8 Sep 2025 16:55:21 -0700
Subject: [PATCH 047/166] pull api base url from config for axios

---
 src/lib/api/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/api/index.ts b/src/lib/api/index.ts
index edb281b7..5cef9f0e 100644
--- a/src/lib/api/index.ts
+++ b/src/lib/api/index.ts
@@ -22,7 +22,7 @@ export function createApiClient({ env }: { env: Env }): AxiosInstance {
         axios.defaults.withCredentials = true;
     } else {
         // user is accessing through a proxy
-        baseURL = window.location.origin + `/${suffix}`;
+        baseURL = `${env.app.dashboardUrl}/${suffix}`;
     }
 
     if (!baseURL) {

From cf11ac8853cb6f4189735b8762aa4e12dd675985 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Mon, 8 Sep 2025 17:25:01 -0700
Subject: [PATCH 048/166] add common domain validation func

---
 server/lib/domainUtils.ts                     | 112 ++++++++++++++++++
 server/routers/resource/createResource.ts     |  70 ++---------
 server/routers/resource/updateResource.ts     |  77 ++----------
 .../resources/[niceId]/general/page.tsx       |   6 +-
 4 files changed, 130 insertions(+), 135 deletions(-)
 create mode 100644 server/lib/domainUtils.ts

diff --git a/server/lib/domainUtils.ts b/server/lib/domainUtils.ts
new file mode 100644
index 00000000..d043ca51
--- /dev/null
+++ b/server/lib/domainUtils.ts
@@ -0,0 +1,112 @@
+import { db } from "@server/db";
+import { domains, orgDomains } from "@server/db";
+import { eq, and } from "drizzle-orm";
+import { subdomainSchema } from "@server/lib/schemas";
+import { fromError } from "zod-validation-error";
+
+export type DomainValidationResult = {
+    success: true;
+    fullDomain: string;
+    subdomain: string | null;
+} | {
+    success: false;
+    error: string;
+};
+
+/**
+ * Validates a domain and constructs the full domain based on domain type and subdomain.
+ * 
+ * @param domainId - The ID of the domain to validate
+ * @param orgId - The organization ID to check domain access
+ * @param subdomain - Optional subdomain to append (for ns and wildcard domains)
+ * @returns DomainValidationResult with success status and either fullDomain/subdomain or error message
+ */
+export async function validateAndConstructDomain(
+    domainId: string,
+    orgId: string,
+    subdomain?: string | null
+): Promise<DomainValidationResult> {
+    try {
+        // Query domain with organization access check
+        const [domainRes] = await db
+            .select()
+            .from(domains)
+            .where(eq(domains.domainId, domainId))
+            .leftJoin(
+                orgDomains,
+                and(eq(orgDomains.orgId, orgId), eq(orgDomains.domainId, domainId))
+            );
+
+        // Check if domain exists
+        if (!domainRes || !domainRes.domains) {
+            return {
+                success: false,
+                error: `Domain with ID ${domainId} not found`
+            };
+        }
+
+        // Check if organization has access to domain
+        if (domainRes.orgDomains && domainRes.orgDomains.orgId !== orgId) {
+            return {
+                success: false,
+                error: `Organization does not have access to domain with ID ${domainId}`
+            };
+        }
+
+        // Check if domain is verified
+        if (!domainRes.domains.verified) {
+            return {
+                success: false,
+                error: `Domain with ID ${domainId} is not verified`
+            };
+        }
+
+        // Construct full domain based on domain type
+        let fullDomain = "";
+        let finalSubdomain = subdomain;
+
+        if (domainRes.domains.type === "ns") {
+            if (subdomain) {
+                fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
+            } else {
+                fullDomain = domainRes.domains.baseDomain;
+            }
+        } else if (domainRes.domains.type === "cname") {
+            fullDomain = domainRes.domains.baseDomain;
+            finalSubdomain = null; // CNAME domains don't use subdomains
+        } else if (domainRes.domains.type === "wildcard") {
+            if (subdomain !== undefined && subdomain !== null) {
+                // Validate subdomain format for wildcard domains
+                const parsedSubdomain = subdomainSchema.safeParse(subdomain);
+                if (!parsedSubdomain.success) {
+                    return {
+                        success: false,
+                        error: fromError(parsedSubdomain.error).toString()
+                    };
+                }
+                fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
+            } else {
+                fullDomain = domainRes.domains.baseDomain;
+            }
+        }
+
+        // If the full domain equals the base domain, set subdomain to null
+        if (fullDomain === domainRes.domains.baseDomain) {
+            finalSubdomain = null;
+        }
+
+        // Convert to lowercase
+        fullDomain = fullDomain.toLowerCase();
+
+        return {
+            success: true,
+            fullDomain,
+            subdomain: finalSubdomain ?? null
+        };
+    } catch (error) {
+        return {
+            success: false,
+            error: `An error occurred while validating domain: ${error instanceof Error ? error.message : 'Unknown error'}`
+        };
+    }
+}
diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts
index 3616140a..806a5a58 100644
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -22,6 +22,7 @@ import config from "@server/lib/config";
 import { OpenAPITags, registry } from "@server/openApi";
 import { build } from "@server/build";
 import { getUniqueResourceName } from "@server/db/names";
+import { validateAndConstructDomain } from "@server/lib/domainUtils";
 
 const createResourceParamsSchema = z
     .object({
@@ -194,76 +195,21 @@ async function createHttpResource(
     }
 
     const { name, domainId } = parsedBody.data;
-    let subdomain = parsedBody.data.subdomain;
+    const subdomain = parsedBody.data.subdomain;
 
-    const [domainRes] = await db
-        .select()
-        .from(domains)
-        .where(eq(domains.domainId, domainId))
-        .leftJoin(
-            orgDomains,
-            and(eq(orgDomains.orgId, orgId), eq(orgDomains.domainId, domainId))
-        );
+    // Validate domain and construct full domain
+    const domainResult = await validateAndConstructDomain(domainId, orgId, subdomain);
 
-    if (!domainRes || !domainRes.domains) {
-        return next(
-            createHttpError(
-                HttpCode.NOT_FOUND,
-                `Domain with ID ${domainId} not found`
-            )
-        );
-    }
-
-    if (domainRes.orgDomains && domainRes.orgDomains.orgId !== orgId) {
-        return next(
-            createHttpError(
-                HttpCode.FORBIDDEN,
-                `Organization does not have access to domain with ID ${domainId}`
-            )
-        );
-    }
-
-    if (!domainRes.domains.verified) {
+    if (!domainResult.success) {
         return next(
             createHttpError(
                 HttpCode.BAD_REQUEST,
-                `Domain with ID ${domainRes.domains.domainId} is not verified`
+                domainResult.error
             )
         );
     }
 
-    let fullDomain = "";
-    if (domainRes.domains.type == "ns") {
-        if (subdomain) {
-            fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
-        } else {
-            fullDomain = domainRes.domains.baseDomain;
-        }
-    } else if (domainRes.domains.type == "cname") {
-        fullDomain = domainRes.domains.baseDomain;
-    } else if (domainRes.domains.type == "wildcard") {
-        if (subdomain) {
-            // the subdomain cant have a dot in it
-            const parsedSubdomain = subdomainSchema.safeParse(subdomain);
-            if (!parsedSubdomain.success) {
-                return next(
-                    createHttpError(
-                        HttpCode.BAD_REQUEST,
-                        fromError(parsedSubdomain.error).toString()
-                    )
-                );
-            }
-            fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
-        } else {
-            fullDomain = domainRes.domains.baseDomain;
-        }
-    }
-
-    if (fullDomain === domainRes.domains.baseDomain) {
-        subdomain = null;
-    }
-
-    fullDomain = fullDomain.toLowerCase();
+    const { fullDomain, subdomain: finalSubdomain } = domainResult;
 
     logger.debug(`Full domain: ${fullDomain}`);
 
@@ -295,7 +241,7 @@ async function createHttpResource(
                 domainId,
                 orgId,
                 name,
-                subdomain,
+                subdomain: finalSubdomain,
                 http: true,
                 protocol: "tcp",
                 ssl: true
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index 30acc0c1..05f1cf66 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -20,6 +20,7 @@ import { tlsNameSchema } from "@server/lib/schemas";
 import { subdomainSchema } from "@server/lib/schemas";
 import { registry } from "@server/openApi";
 import { OpenAPITags } from "@server/openApi";
+import { validateAndConstructDomain } from "@server/lib/domainUtils";
 
 const updateResourceParamsSchema = z
     .object({
@@ -230,78 +231,19 @@ async function updateHttpResource(
     if (updateData.domainId) {
         const domainId = updateData.domainId;
 
-        const [domainRes] = await db
-            .select()
-            .from(domains)
-            .where(eq(domains.domainId, domainId))
-            .leftJoin(
-                orgDomains,
-                and(
-                    eq(orgDomains.orgId, resource.orgId),
-                    eq(orgDomains.domainId, domainId)
-                )
-            );
-
-        if (!domainRes || !domainRes.domains) {
-            return next(
-                createHttpError(
-                    HttpCode.NOT_FOUND,
-                    `Domain with ID ${updateData.domainId} not found`
-                )
-            );
-        }
-
-        if (
-            domainRes.orgDomains &&
-            domainRes.orgDomains.orgId !== resource.orgId
-        ) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    `You do not have permission to use domain with ID ${updateData.domainId}`
-                )
-            );
-        }
-
-        if (!domainRes.domains.verified) {
+        // Validate domain and construct full domain
+        const domainResult = await validateAndConstructDomain(domainId, resource.orgId, updateData.subdomain);
+        
+        if (!domainResult.success) {
             return next(
                 createHttpError(
                     HttpCode.BAD_REQUEST,
-                    `Domain with ID ${updateData.domainId} is not verified`
+                    domainResult.error
                 )
             );
         }
 
-        let fullDomain = "";
-        if (domainRes.domains.type == "ns") {
-            if (updateData.subdomain) {
-                fullDomain = `${updateData.subdomain}.${domainRes.domains.baseDomain}`;
-            } else {
-                fullDomain = domainRes.domains.baseDomain;
-            }
-        } else if (domainRes.domains.type == "cname") {
-            fullDomain = domainRes.domains.baseDomain;
-        } else if (domainRes.domains.type == "wildcard") {
-            if (updateData.subdomain !== undefined) {
-                // the subdomain cant have a dot in it
-                const parsedSubdomain = subdomainSchema.safeParse(
-                    updateData.subdomain
-                );
-                if (!parsedSubdomain.success) {
-                    return next(
-                        createHttpError(
-                            HttpCode.BAD_REQUEST,
-                            fromError(parsedSubdomain.error).toString()
-                        )
-                    );
-                }
-                fullDomain = `${updateData.subdomain}.${domainRes.domains.baseDomain}`;
-            } else {
-                fullDomain = domainRes.domains.baseDomain;
-            }
-        }
-
-        fullDomain = fullDomain.toLowerCase();
+        const { fullDomain, subdomain: finalSubdomain } = domainResult;
 
         logger.debug(`Full domain: ${fullDomain}`);
 
@@ -332,9 +274,8 @@ async function updateHttpResource(
                 .where(eq(resources.resourceId, resource.resourceId));
         }
 
-        if (fullDomain === domainRes.domains.baseDomain) {
-            updateData.subdomain = null;
-        }
+        // Update the subdomain in the update data
+        updateData.subdomain = finalSubdomain;
     }
 
     const updatedResource = await db
diff --git a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
index e2bab1cb..0f201a1a 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
@@ -471,15 +471,11 @@ export default function GeneralForm() {
                                             ? `${sanitizedSubdomain}.${selectedDomain.baseDomain}`
                                             : selectedDomain.baseDomain;
 
-                                        setResourceFullDomain(sanitizedFullDomain);
+                                        setResourceFullDomain(`${resource.ssl ? "https" : "http"}://${sanitizedFullDomain}`);
                                         form.setValue("domainId", selectedDomain.domainId);
                                         form.setValue("subdomain", sanitizedSubdomain);
 
                                         setEditDomainOpen(false);
-
-                                        toast({
-                                            description: `Final domain: ${sanitizedFullDomain}`,
-                                        });
                                     }
                                 }}
                             >

From f46e190f4a9d18773f34b6b5ceb3d96641927eb9 Mon Sep 17 00:00:00 2001
From: AstralDestiny <Astra.Destiny@gmail.com>
Date: Thu, 4 Sep 2025 11:44:20 -0400
Subject: [PATCH 049/166] Update Traefik to not declare an unnecessary path and
 make the config cleaner.

---
 config/traefik/dynamic_config.yml | 13 +++----------
 1 file changed, 3 insertions(+), 10 deletions(-)

diff --git a/config/traefik/dynamic_config.yml b/config/traefik/dynamic_config.yml
index 8fcf8e55..8465a9cf 100644
--- a/config/traefik/dynamic_config.yml
+++ b/config/traefik/dynamic_config.yml
@@ -16,8 +16,9 @@ http:
 
     # Next.js router (handles everything except API and WebSocket paths)
     next-router:
-      rule: "Host(`{{.DashboardDomain}}`) && !PathPrefix(`/api/v1`)"
+      rule: "Host(`{{.DashboardDomain}}`)"
       service: next-service
+      priority: 10
       entryPoints:
         - websecure
       tls:
@@ -27,15 +28,7 @@ http:
     api-router:
       rule: "Host(`{{.DashboardDomain}}`) && PathPrefix(`/api/v1`)"
       service: api-service
-      entryPoints:
-        - websecure
-      tls:
-        certResolver: letsencrypt
-
-    # WebSocket router
-    ws-router:
-      rule: "Host(`{{.DashboardDomain}}`)"
-      service: api-service
+      priority: 100
       entryPoints:
         - websecure
       tls:

From 22b9f926dc43aa66ef10a4ba56745eeedc753770 Mon Sep 17 00:00:00 2001
From: Milo Schwartz <mschwartz10612@gmail.com>
Date: Sun, 7 Sep 2025 01:36:37 -0400
Subject: [PATCH 050/166] Update README.md

---
 README.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index bcfef4d4..818a881a 100644
--- a/README.md
+++ b/README.md
@@ -21,10 +21,10 @@ _Pangolin tunnels your services to the internet so you can access anything from
       </a>
       <span> | </span>
       <a href="https://docs.digpangolin.com/self-host/quick-install-managed">
-        Install Guide
+        Quick Install Guide
       </a>
       <span> | </span>
-      <a href="mailto:numbat@fossorial.io">
+      <a href="mailto:contact@fossorial.io">
         Contact Us
       </a>
   </h5>

From 383f70f92f65e7e1f27374e4eb1590fcbcb58f7b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 01:32:59 +0000
Subject: [PATCH 051/166] Bump actions/stale from 9 to 10

Bumps [actions/stale](https://github.com/actions/stale) from 9 to 10.
- [Release notes](https://github.com/actions/stale/releases)
- [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/stale/compare/v9...v10)

---
updated-dependencies:
- dependency-name: actions/stale
  dependency-version: '10'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/stale-bot.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/stale-bot.yml b/.github/workflows/stale-bot.yml
index d0ca1685..4a574d91 100644
--- a/.github/workflows/stale-bot.yml
+++ b/.github/workflows/stale-bot.yml
@@ -14,7 +14,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9
+      - uses: actions/stale@v10
         with:
           days-before-stale: 14
           days-before-close: 14

From d868545d0da624aedc39cd9a77fb51659281dc2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 01:32:10 +0000
Subject: [PATCH 052/166] Bump actions/setup-go from 5 to 6

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5 to 6.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/cicd.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index fb0b516a..111b0222 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -28,7 +28,7 @@ jobs:
               run: echo "TAG=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
 
             - name: Install Go
-              uses: actions/setup-go@v5
+              uses: actions/setup-go@v6
               with:
                   go-version: 1.24
 

From 16c16b81bc1d9490b980cfa41009f9c0ad7cc198 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 8 Sep 2025 01:32:04 +0000
Subject: [PATCH 053/166] Bump actions/setup-node from 4 to 5

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](https://github.com/actions/setup-node/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .github/workflows/linting.yml | 2 +-
 .github/workflows/test.yml    | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/linting.yml b/.github/workflows/linting.yml
index c3db3738..f2129300 100644
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -21,7 +21,7 @@ jobs:
               uses: actions/checkout@v5
 
             - name: Set up Node.js
-              uses: actions/setup-node@v4
+              uses: actions/setup-node@v5
               with:
                 node-version: '22'
 
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
index 12316cd7..7d22c300 100644
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -13,7 +13,7 @@ jobs:
     steps:
       - uses: actions/checkout@v5
 
-      - uses: actions/setup-node@v4
+      - uses: actions/setup-node@v5
         with:
           node-version: '22'
 

From f404b3bf3547b9e41a09ff58edb2ddd939cc02e7 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Wed, 10 Sep 2025 14:20:25 -0700
Subject: [PATCH 054/166] fixed email undefined error on request email code

---
 server/routers/external.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routers/external.ts b/server/routers/external.ts
index 22bfe8bb..c48a41a7 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -946,7 +946,7 @@ authRouter.post(
         windowMs: 15 * 60 * 1000,
         max: 15,
         keyGenerator: (req) =>
-            `requestEmailVerificationCode:${req.body.email || ipKeyGenerator(req.ip || "")}`,
+            `requestEmailVerificationCode:${req.user?.email || ipKeyGenerator(req.ip || "")}`,
         handler: (req, res, next) => {
             const message = `You can only request an email verification code ${15} times every ${15} minutes. Please try again later.`;
             return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));

From 65b4b530648a3038340decfc018664c7a886a63c Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 10 Sep 2025 15:33:56 -0700
Subject: [PATCH 055/166] Add basic blueprints

---
 server/lib/blueprints/applyBlueprint.ts       | 118 +++
 .../blueprints/applyNewtDockerBlueprint.ts    |  53 ++
 .../lib/blueprints/parseDockerContainers.ts   | 284 +++++++
 server/lib/blueprints/parseDotNotation.ts     | 109 +++
 server/lib/blueprints/resources.ts            | 745 ++++++++++++++++++
 server/lib/blueprints/types.ts                | 232 ++++++
 .../newt/handleApplyBlueprintMessage.ts       |  73 ++
 .../routers/newt/handleNewtRegisterMessage.ts |  10 +
 server/routers/newt/handleSocketMessages.ts   |  12 +
 server/routers/newt/index.ts                  |   3 +-
 server/routers/ws/messageHandlers.ts          |   6 +-
 11 files changed, 1642 insertions(+), 3 deletions(-)
 create mode 100644 server/lib/blueprints/applyBlueprint.ts
 create mode 100644 server/lib/blueprints/applyNewtDockerBlueprint.ts
 create mode 100644 server/lib/blueprints/parseDockerContainers.ts
 create mode 100644 server/lib/blueprints/parseDotNotation.ts
 create mode 100644 server/lib/blueprints/resources.ts
 create mode 100644 server/lib/blueprints/types.ts
 create mode 100644 server/routers/newt/handleApplyBlueprintMessage.ts

diff --git a/server/lib/blueprints/applyBlueprint.ts b/server/lib/blueprints/applyBlueprint.ts
new file mode 100644
index 00000000..6f5fc4ee
--- /dev/null
+++ b/server/lib/blueprints/applyBlueprint.ts
@@ -0,0 +1,118 @@
+import { db, newts, Target } from "@server/db";
+import { Config, ConfigSchema } from "./types";
+import { ResourcesResults, updateResources } from "./resources";
+import { fromError } from "zod-validation-error";
+import logger from "@server/logger";
+import { resources, targets, sites } from "@server/db";
+import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm";
+import { addTargets } from "@server/routers/newt/targets";
+
+export async function applyBlueprint(
+    orgId: string,
+    configData: unknown,
+    siteId?: number
+): Promise<void> {
+    // Validate the input data
+    const validationResult = ConfigSchema.safeParse(configData);
+    if (!validationResult.success) {
+        throw new Error(fromError(validationResult.error).toString());
+    }
+
+    const config: Config = validationResult.data;
+
+    try {
+        let resourcesResults: ResourcesResults = [];
+        await db.transaction(async (trx) => {
+            resourcesResults = await updateResources(orgId, config, trx, siteId);
+        });
+
+        logger.debug(
+            `Successfully updated resources for org ${orgId}: ${JSON.stringify(resourcesResults)}`
+        );
+
+        // We need to update the targets on the newts from the successfully updated information
+        for (const result of resourcesResults) {
+            for (const target of result.targetsToUpdate) {
+                const [site] = await db
+                    .select()
+                    .from(sites)
+                    .innerJoin(newts, eq(sites.siteId, newts.siteId))
+                    .where(
+                        and(
+                            eq(sites.siteId, target.siteId),
+                            eq(sites.orgId, orgId),
+                            eq(sites.type, "newt"),
+                            isNotNull(sites.pubKey)
+                        )
+                    )
+                    .limit(1);
+
+                if (site) {
+                    logger.debug(
+                        `Updating target ${target.targetId} on site ${site.sites.siteId}`
+                    );
+
+                    await addTargets(
+                        site.newt.newtId,
+                        [target],
+                        result.resource.protocol,
+                        result.resource.proxyPort
+                    );
+                }
+            }
+        }
+    } catch (error) {
+        logger.error(`Failed to update database from config: ${error}`);
+        throw error;
+    }
+}
+
+// await updateDatabaseFromConfig("org_i21aifypnlyxur2", {
+//     resources: {
+//         "resource-nice-id": {
+//             name: "this is my resource",
+//             protocol: "http",
+//             "full-domain": "level1.test.example.com",
+//             "host-header": "example.com",
+//             "tls-server-name": "example.com",
+//             auth: {
+//                 pincode: 123456,
+//                 password: "sadfasdfadsf",
+//                 "sso-enabled": true,
+//                 "sso-roles": ["Member"],
+//                 "sso-users": ["owen@fossorial.io"],
+//                 "whitelist-users": ["owen@fossorial.io"]
+//             },
+//             targets: [
+//                 {
+//                     site: "glossy-plains-viscacha-rat",
+//                     hostname: "localhost",
+//                     method: "http",
+//                     port: 8000,
+//                     healthcheck: {
+//                         port: 8000,
+//                         hostname: "localhost"
+//                     }
+//                 },
+//                 {
+//                     site: "glossy-plains-viscacha-rat",
+//                     hostname: "localhost",
+//                     method: "http",
+//                     port: 8001
+//                 }
+//             ]
+//         },
+        // "resource-nice-id2": {
+        //     name: "http server",
+        //     protocol: "tcp",
+        //     "proxy-port": 3000,
+        //     targets: [
+        //         {
+        //             site: "glossy-plains-viscacha-rat",
+        //             hostname: "localhost",
+        //             port: 3000,
+        //         }
+        //     ]
+        // }
+//     }
+// });
diff --git a/server/lib/blueprints/applyNewtDockerBlueprint.ts b/server/lib/blueprints/applyNewtDockerBlueprint.ts
new file mode 100644
index 00000000..f69e4854
--- /dev/null
+++ b/server/lib/blueprints/applyNewtDockerBlueprint.ts
@@ -0,0 +1,53 @@
+import { sendToClient } from "@server/routers/ws";
+import { processContainerLabels } from "./parseDockerContainers";
+import { applyBlueprint } from "./applyBlueprint";
+import { db, sites } from "@server/db";
+import { eq } from "drizzle-orm";
+import logger from "@server/logger";
+
+export async function applyNewtDockerBlueprint(
+    siteId: number,
+    newtId: string,
+    containers: any
+) {
+    const [site] = await db
+        .select()
+        .from(sites)
+        .where(eq(sites.siteId, siteId))
+        .limit(1);
+
+    if (!site) {
+        logger.warn("Site not found in applyNewtDockerBlueprint");
+        return;
+    }
+
+    // logger.debug(`Applying Docker blueprint to site: ${siteId}`);
+    // logger.debug(`Containers: ${JSON.stringify(containers, null, 2)}`);
+
+    try {
+        const blueprint = processContainerLabels(containers);
+
+        logger.debug(`Received Docker blueprint: ${JSON.stringify(blueprint)}`);
+
+        // Update the blueprint in the database
+        await applyBlueprint(site.orgId, blueprint, site.siteId);
+    } catch (error) {
+        logger.error(`Failed to update database from config: ${error}`);
+        await sendToClient(newtId, {
+            type: "newt/blueprint/results",
+            data: {
+                success: false,
+                message: `Failed to update database from config: ${error}`
+            }
+        });
+        return;
+    }
+
+    await sendToClient(newtId, {
+        type: "newt/blueprint/results",
+        data: {
+            success: true,
+            message: "Config updated successfully"
+        }
+    });
+}
diff --git a/server/lib/blueprints/parseDockerContainers.ts b/server/lib/blueprints/parseDockerContainers.ts
new file mode 100644
index 00000000..03ab609f
--- /dev/null
+++ b/server/lib/blueprints/parseDockerContainers.ts
@@ -0,0 +1,284 @@
+import logger from "@server/logger";
+import { setNestedProperty } from "./parseDotNotation";
+
+export type DockerLabels = {
+    [key: string]: string;
+};
+
+export type ParsedObject = {
+    [key: string]: any;
+};
+
+type ContainerPort = {
+    privatePort: number;
+    publicPort: number;
+    type: string;
+    ip: string;
+};
+
+type Container = {
+    id: string;
+    name: string;
+    image: string;
+    state: string;
+    status: string;
+    ports: ContainerPort[] | null;
+    labels: DockerLabels;
+    created: number;
+    networks: { [key: string]: any };
+    hostname: string;
+};
+
+type Target = {
+    hostname?: string;
+    port?: number;
+    method?: string;
+    enabled?: boolean;
+    [key: string]: any;
+};
+
+type ResourceConfig = {
+    [key: string]: any;
+    targets?: (Target | null)[];
+};
+
+function getContainerPort(container: Container): number | null {
+    if (!container.ports || container.ports.length === 0) {
+        return null;
+    }
+    // Return the first port's privatePort
+    return container.ports[0].privatePort;
+    // return container.ports[0].publicPort;
+}
+
+export function processContainerLabels(containers: Container[]): {
+    resources: { [key: string]: ResourceConfig };
+} {
+    const result: { resources: { [key: string]: ResourceConfig } } = {
+        resources: {}
+    };
+
+    // Process each container
+    containers.forEach((container) => {
+        if (container.state !== "running") {
+            return;
+        }
+
+        const resourceLabels: DockerLabels = {};
+
+        // Filter labels that start with "pangolin.resources."
+        Object.entries(container.labels).forEach(([key, value]) => {
+            if (key.startsWith("pangolin.resources.")) {
+                // remove the pangolin. prefix
+                const strippedKey = key.replace("pangolin.", "");
+                resourceLabels[strippedKey] = value;
+            }
+        });
+
+        // Skip containers with no resource labels
+        if (Object.keys(resourceLabels).length === 0) {
+            return;
+        }
+
+        // Parse the labels using the existing parseDockerLabels logic
+        const tempResult: ParsedObject = {};
+        Object.entries(resourceLabels).forEach(([key, value]) => {
+            setNestedProperty(tempResult, key, value);
+        });
+
+        // Merge into main result
+        if (tempResult.resources) {
+            Object.entries(tempResult.resources).forEach(
+                ([resourceKey, resourceConfig]: [string, any]) => {
+                    // Initialize resource if it doesn't exist
+                    if (!result.resources[resourceKey]) {
+                        result.resources[resourceKey] = {};
+                    }
+
+                    // Merge all properties except targets
+                    Object.entries(resourceConfig).forEach(
+                        ([propKey, propValue]) => {
+                            if (propKey !== "targets") {
+                                result.resources[resourceKey][propKey] =
+                                    propValue;
+                            }
+                        }
+                    );
+
+                    // Handle targets specially
+                    if (
+                        resourceConfig.targets &&
+                        Array.isArray(resourceConfig.targets)
+                    ) {
+                        const resource = result.resources[resourceKey];
+                        if (resource) {
+                            if (!resource.targets) {
+                                resource.targets = [];
+                            }
+
+                            resourceConfig.targets.forEach(
+                                (target: any, targetIndex: number) => {
+                                    // check if the target is an empty object
+                                    if (
+                                        typeof target === "object" &&
+                                        Object.keys(target).length === 0
+                                    ) {
+                                        logger.debug(
+                                            `Skipping null target at index ${targetIndex} for resource ${resourceKey}`
+                                        );
+                                        resource.targets!.push(null);
+                                        return;
+                                    }
+
+                                    // Ensure targets array is long enough
+                                    while (
+                                        resource.targets!.length <= targetIndex
+                                    ) {
+                                        resource.targets!.push({});
+                                    }
+
+                                    // Set default hostname and port if not provided
+                                    const finalTarget = { ...target };
+                                    if (!finalTarget.hostname) {
+                                        finalTarget.hostname =
+                                            container.name ||
+                                            container.hostname;
+                                    }
+                                    if (!finalTarget.port) {
+                                        const containerPort =
+                                            getContainerPort(container);
+                                        if (containerPort !== null) {
+                                            finalTarget.port = containerPort;
+                                        }
+                                    }
+
+                                    // Merge with existing target data
+                                    resource.targets![targetIndex] = {
+                                        ...resource.targets![targetIndex],
+                                        ...finalTarget
+                                    };
+                                }
+                            );
+                        }
+                    }
+                }
+            );
+        }
+    });
+
+    return result;
+}
+
+// // Test example
+// const testContainers: Container[] = [
+//     {
+//         id: "57e056cb0e3a",
+//         name: "nginx1",
+//         image: "nginxdemos/hello",
+//         state: "running",
+//         status: "Up 4 days",
+//         ports: [
+//             {
+//                 privatePort: 80,
+//                 publicPort: 8000,
+//                 type: "tcp",
+//                 ip: "0.0.0.0"
+//             }
+//         ],
+//         labels: {
+//             "resources.nginx.name": "nginx",
+//             "resources.nginx.full-domain": "nginx.example.com",
+//             "resources.nginx.protocol": "http",
+//             "resources.nginx.targets[0].enabled": "true"
+//         },
+//         created: 1756942725,
+//         networks: {
+//             owen_default: {
+//                 networkId:
+//                     "cb131c0f1d5d8ef7158660e77fc370508f5a563e1f9829b53a1945ae3725b58c"
+//             }
+//         },
+//         hostname: "57e056cb0e3a"
+//     },
+//     {
+//         id: "58e056cb0e3b",
+//         name: "nginx2",
+//         image: "nginxdemos/hello",
+//         state: "running",
+//         status: "Up 4 days",
+//         ports: [
+//             {
+//                 privatePort: 80,
+//                 publicPort: 8001,
+//                 type: "tcp",
+//                 ip: "0.0.0.0"
+//             }
+//         ],
+//         labels: {
+//             "resources.nginx.name": "nginx",
+//             "resources.nginx.full-domain": "nginx.example.com",
+//             "resources.nginx.protocol": "http",
+//             "resources.nginx.targets[1].enabled": "true"
+//         },
+//         created: 1756942726,
+//         networks: {
+//             owen_default: {
+//                 networkId:
+//                     "cb131c0f1d5d8ef7158660e77fc370508f5a563e1f9829b53a1945ae3725b58c"
+//             }
+//         },
+//         hostname: "58e056cb0e3b"
+//     },
+//     {
+//         id: "59e056cb0e3c",
+//         name: "api-server",
+//         image: "my-api:latest",
+//         state: "running",
+//         status: "Up 2 days",
+//         ports: [
+//             {
+//                 privatePort: 3000,
+//                 publicPort: 3000,
+//                 type: "tcp",
+//                 ip: "0.0.0.0"
+//             }
+//         ],
+//         labels: {
+//             "resources.api.name": "API Server",
+//             "resources.api.protocol": "http",
+//             "resources.api.targets[0].enabled": "true",
+//             "resources.api.targets[0].hostname": "custom-host",
+//             "resources.api.targets[0].port": "3001"
+//         },
+//         created: 1756942727,
+//         networks: {
+//             owen_default: {
+//                 networkId:
+//                     "cb131c0f1d5d8ef7158660e77fc370508f5a563e1f9829b53a1945ae3725b58c"
+//             }
+//         },
+//         hostname: "59e056cb0e3c"
+//     },
+//     {
+//         id: "d0e29b08361c",
+//         name: "beautiful_wilson",
+//         image: "bolkedebruin/rdpgw:latest",
+//         state: "exited",
+//         status: "Exited (0) 4 hours ago",
+//         ports: null,
+//         labels: {},
+//         created: 1757359039,
+//         networks: {
+//             bridge: {
+//                 networkId:
+//                     "ea7f56dfc9cc476b8a3560b5b570d0fe8a6a2bc5e8343ab1ed37822086e89687"
+//             }
+//         },
+//         hostname: "d0e29b08361c"
+//     }
+// ];
+
+// // Test the function
+// const result = processContainerLabels(testContainers);
+// console.log("Processed result:");
+// console.log(JSON.stringify(result, null, 2));
diff --git a/server/lib/blueprints/parseDotNotation.ts b/server/lib/blueprints/parseDotNotation.ts
new file mode 100644
index 00000000..87509d39
--- /dev/null
+++ b/server/lib/blueprints/parseDotNotation.ts
@@ -0,0 +1,109 @@
+export function setNestedProperty(obj: any, path: string, value: string): void {
+    const keys = path.split(".");
+    let current = obj;
+
+    for (let i = 0; i < keys.length - 1; i++) {
+        const key = keys[i];
+
+        // Handle array notation like "targets[0]"
+        const arrayMatch = key.match(/^(.+)\[(\d+)\]$/);
+
+        if (arrayMatch) {
+            const [, arrayKey, indexStr] = arrayMatch;
+            const index = parseInt(indexStr, 10);
+
+            // Initialize array if it doesn't exist
+            if (!current[arrayKey]) {
+                current[arrayKey] = [];
+            }
+
+            // Ensure array is long enough
+            while (current[arrayKey].length <= index) {
+                current[arrayKey].push({});
+            }
+
+            current = current[arrayKey][index];
+        } else {
+            // Regular object property
+            if (!current[key]) {
+                current[key] = {};
+            }
+            current = current[key];
+        }
+    }
+
+    // Set the final value
+    const finalKey = keys[keys.length - 1];
+    const arrayMatch = finalKey.match(/^(.+)\[(\d+)\]$/);
+
+    if (arrayMatch) {
+        const [, arrayKey, indexStr] = arrayMatch;
+        const index = parseInt(indexStr, 10);
+
+        if (!current[arrayKey]) {
+            current[arrayKey] = [];
+        }
+
+        // Ensure array is long enough
+        while (current[arrayKey].length <= index) {
+            current[arrayKey].push(null);
+        }
+
+        current[arrayKey][index] = convertValue(value);
+    } else {
+        current[finalKey] = convertValue(value);
+    }
+}
+
+// Helper function to convert string values to appropriate types
+export function convertValue(value: string): any {
+    // Convert boolean strings
+    if (value === "true") return true;
+    if (value === "false") return false;
+
+    // Convert numeric strings
+    if (/^\d+$/.test(value)) {
+        const num = parseInt(value, 10);
+        return num;
+    }
+
+    if (/^\d*\.\d+$/.test(value)) {
+        const num = parseFloat(value);
+        return num;
+    }
+
+    // Return as string
+    return value;
+}
+
+// // Example usage:
+// const dockerLabels: DockerLabels = {
+//     "resources.resource-nice-id.name": "this is my resource",
+//     "resources.resource-nice-id.protocol": "http",
+//     "resources.resource-nice-id.full-domain": "level1.test3.example.com",
+//     "resources.resource-nice-id.host-header": "example.com",
+//     "resources.resource-nice-id.tls-server-name": "example.com",
+//     "resources.resource-nice-id.auth.pincode": "123456",
+//     "resources.resource-nice-id.auth.password": "sadfasdfadsf",
+//     "resources.resource-nice-id.auth.sso-enabled": "true",
+//     "resources.resource-nice-id.auth.sso-roles[0]": "Member",
+//     "resources.resource-nice-id.auth.sso-users[0]": "owen@fossorial.io",
+//     "resources.resource-nice-id.auth.whitelist-users[0]": "owen@fossorial.io",
+//     "resources.resource-nice-id.targets[0].hostname": "localhost",
+//     "resources.resource-nice-id.targets[0].method": "http",
+//     "resources.resource-nice-id.targets[0].port": "8000",
+//     "resources.resource-nice-id.targets[0].healthcheck.port": "8000",
+//     "resources.resource-nice-id.targets[0].healthcheck.hostname": "localhost",
+//     "resources.resource-nice-id.targets[1].hostname": "localhost",
+//     "resources.resource-nice-id.targets[1].method": "http",
+//     "resources.resource-nice-id.targets[1].port": "8001",
+//     "resources.resource-nice-id2.name": "this is other resource",
+//     "resources.resource-nice-id2.protocol": "tcp",
+//     "resources.resource-nice-id2.proxy-port": "3000",
+//     "resources.resource-nice-id2.targets[0].hostname": "localhost",
+//     "resources.resource-nice-id2.targets[0].port": "3000"
+// };
+
+// // Parse the labels
+// const parsed = parseDockerLabels(dockerLabels);
+// console.log(JSON.stringify(parsed, null, 2));
diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/resources.ts
new file mode 100644
index 00000000..e1c1209f
--- /dev/null
+++ b/server/lib/blueprints/resources.ts
@@ -0,0 +1,745 @@
+import {
+    domains,
+    orgDomains,
+    Resource,
+    resourcePincode,
+    resourceWhitelist,
+    roleResources,
+    roles,
+    Target,
+    Transaction,
+    userOrgs,
+    userResources,
+    users
+} from "@server/db";
+import { resources, targets, sites } from "@server/db";
+import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm";
+import { Config, ConfigSchema, isTargetsOnlyResource, TargetData } from "./types";
+import logger from "@server/logger";
+import { pickPort } from "@server/routers/target/helpers";
+import { resourcePassword } from "@server/db";
+import { hashPassword } from "@server/auth/password";
+
+export type ResourcesResults = {
+    resource: Resource;
+    targetsToUpdate: Target[];
+}[];
+
+export async function updateResources(
+    orgId: string,
+    config: Config,
+    trx: Transaction,
+    siteId?: number
+): Promise<ResourcesResults> {
+    let results: ResourcesResults = [];
+
+    for (const [resourceNiceId, resourceData] of Object.entries(
+        config.resources
+    )) {
+        let targetsToUpdate: Target[] = [];
+        let resource: Resource;
+
+        async function createTarget( // reusable function to create a target
+            resourceId: number,
+            targetData: TargetData
+        ) {
+            let targetSiteId = targetData.site;
+            let site;
+
+            if (targetSiteId) {
+                // Look up site by niceId
+                [site] = await trx
+                    .select({ siteId: sites.siteId })
+                    .from(sites)
+                    .where(
+                        and(
+                            eq(sites.niceId, targetSiteId),
+                            eq(sites.orgId, orgId)
+                        )
+                    )
+                    .limit(1);
+            } else if (siteId) {
+                // Use the provided siteId directly, but verify it belongs to the org
+                [site] = await trx
+                    .select({ siteId: sites.siteId })
+                    .from(sites)
+                    .where(
+                        and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))
+                    )
+                    .limit(1);
+            } else {
+                throw new Error(`Target site ID is required`);
+            }
+
+            if (!site) {
+                throw new Error(
+                    `Site not found: ${targetSiteId} in org ${orgId}`
+                );
+            }
+
+            let internalPortToCreate;
+            if (!targetData["internal-port"]) {
+                const { internalPort, targetIps } = await pickPort(
+                    site.siteId!,
+                    trx
+                );
+                internalPortToCreate = internalPort;
+            } else {
+                internalPortToCreate = targetData["internal-port"];
+            }
+
+            // Create target
+            const [newTarget] = await trx
+                .insert(targets)
+                .values({
+                    resourceId: resourceId,
+                    siteId: site.siteId,
+                    ip: targetData.hostname,
+                    method: targetData.method,
+                    port: targetData.port,
+                    enabled: targetData.enabled,
+                    internalPort: internalPortToCreate
+                })
+                .returning();
+
+            targetsToUpdate.push(newTarget);
+        }
+
+        // Find existing resource by niceId and orgId
+        const [existingResource] = await trx
+            .select()
+            .from(resources)
+            .where(
+                and(
+                    eq(resources.niceId, resourceNiceId),
+                    eq(resources.orgId, orgId)
+                )
+            )
+            .limit(1);
+
+        const http = resourceData.protocol == "http";
+        const protocol =
+            resourceData.protocol == "http" ? "tcp" : resourceData.protocol;
+
+        if (existingResource) {
+            let domain;
+            if (http) {
+                domain = await getDomain(
+                    existingResource.resourceId,
+                    resourceData["full-domain"]!,
+                    orgId,
+                    trx
+                );
+            }
+
+            // check if the only key in the resource is targets, if so, skip the update
+            if (
+                isTargetsOnlyResource(resourceData)
+            ) {
+                logger.debug(
+                    `Skipping update for resource ${existingResource.resourceId} as only targets are provided`
+                );
+                resource = existingResource;
+            } else {
+                // Update existing resource
+                [resource] = await trx
+                    .update(resources)
+                    .set({
+                        name: resourceData.name || "Unnamed Resource",
+                        protocol: protocol || "http",
+                        http: http,
+                        proxyPort: http ? null : resourceData["proxy-port"],
+                        fullDomain: http ? resourceData["full-domain"] : null,
+                        subdomain: domain ? domain.subdomain : null,
+                        domainId: domain ? domain.domainId : null,
+                        enabled: resourceData.enabled ? true : false,
+                        sso: resourceData.auth?.["sso-enabled"] || false,
+                        ssl: resourceData.ssl ? true : false,
+                        setHostHeader: resourceData["host-header"] || null,
+                        tlsServerName: resourceData["tls-server-name"] || null,
+                        emailWhitelistEnabled: resourceData.auth?.[
+                            "whitelist-users"
+                        ]
+                            ? resourceData.auth["whitelist-users"].length > 0
+                            : false
+                    })
+                    .where(
+                        eq(resources.resourceId, existingResource.resourceId)
+                    )
+                    .returning();
+
+                await trx
+                    .delete(resourcePassword)
+                    .where(
+                        eq(
+                            resourcePassword.resourceId,
+                            existingResource.resourceId
+                        )
+                    );
+                if (resourceData.auth?.password) {
+                    const passwordHash = await hashPassword(
+                        resourceData.auth.password
+                    );
+
+                    await trx.insert(resourcePassword).values({
+                        resourceId: existingResource.resourceId,
+                        passwordHash
+                    });
+                }
+
+                await trx
+                    .delete(resourcePincode)
+                    .where(
+                        eq(
+                            resourcePincode.resourceId,
+                            existingResource.resourceId
+                        )
+                    );
+                if (resourceData.auth?.pincode) {
+                    const pincodeHash = await hashPassword(
+                        resourceData.auth.pincode.toString()
+                    );
+
+                    await trx.insert(resourcePincode).values({
+                        resourceId: existingResource.resourceId,
+                        pincodeHash,
+                        digitLength: 6
+                    });
+                }
+
+                if (resourceData.auth?.["sso-roles"]) {
+                    const ssoRoles = resourceData.auth?.["sso-roles"];
+                    await syncRoleResources(
+                        existingResource.resourceId,
+                        ssoRoles,
+                        orgId,
+                        trx
+                    );
+                }
+
+                if (resourceData.auth?.["sso-users"]) {
+                    const ssoUsers = resourceData.auth?.["sso-users"];
+                    await syncUserResources(
+                        existingResource.resourceId,
+                        ssoUsers,
+                        orgId,
+                        trx
+                    );
+                }
+
+                if (resourceData.auth?.["whitelist-users"]) {
+                    const whitelistUsers =
+                        resourceData.auth?.["whitelist-users"];
+                    await syncWhitelistUsers(
+                        existingResource.resourceId,
+                        whitelistUsers,
+                        orgId,
+                        trx
+                    );
+                }
+            }
+
+            const existingResourceTargets = await trx
+                .select()
+                .from(targets)
+                .where(eq(targets.resourceId, existingResource.resourceId))
+                .orderBy(asc(targets.targetId));
+
+            // Create new targets
+            for (const [index, targetData] of resourceData.targets.entries()) {
+                if (!targetData) {
+                    // If targetData is null or an empty object, we can skip it
+                    continue;
+                }
+                const existingTarget = existingResourceTargets[index];
+                if (existingTarget) {
+                    let targetSiteId = targetData.site;
+                    let site;
+
+                    if (targetSiteId) {
+                        // Look up site by niceId
+                        [site] = await trx
+                            .select({ siteId: sites.siteId })
+                            .from(sites)
+                            .where(
+                                and(
+                                    eq(sites.niceId, targetSiteId),
+                                    eq(sites.orgId, orgId)
+                                )
+                            )
+                            .limit(1);
+                    } else if (siteId) {
+                        // Use the provided siteId directly, but verify it belongs to the org
+                        [site] = await trx
+                            .select({ siteId: sites.siteId })
+                            .from(sites)
+                            .where(
+                                and(
+                                    eq(sites.siteId, siteId),
+                                    eq(sites.orgId, orgId)
+                                )
+                            )
+                            .limit(1);
+                    } else {
+                        throw new Error(`Target site ID is required`);
+                    }
+
+                    if (!site) {
+                        throw new Error(
+                            `Site not found: ${targetSiteId} in org ${orgId}`
+                        );
+                    }
+
+                    // update this target
+                    const [updatedTarget] = await trx
+                        .update(targets)
+                        .set({
+                            siteId: site.siteId,
+                            ip: targetData.hostname,
+                            method: http ? targetData.method : null,
+                            port: targetData.port,
+                            enabled: targetData.enabled
+                        })
+                        .where(eq(targets.targetId, existingTarget.targetId))
+                        .returning();
+
+                    if (checkIfTargetChanged(existingTarget, updatedTarget)) {
+                        let internalPortToUpdate;
+                        if (!targetData["internal-port"]) {
+                            const { internalPort, targetIps } = await pickPort(
+                                site.siteId!,
+                                trx
+                            );
+                            internalPortToUpdate = internalPort;
+                        } else {
+                            internalPortToUpdate = targetData["internal-port"];
+                        }
+
+                        const [finalUpdatedTarget] = await trx // this double is so we can check the whole target before and after
+                            .update(targets)
+                            .set({
+                                internalPort: internalPortToUpdate
+                            })
+                            .where(
+                                eq(targets.targetId, existingTarget.targetId)
+                            )
+                            .returning();
+
+                        targetsToUpdate.push(finalUpdatedTarget);
+                    }
+                } else {
+                    await createTarget(existingResource.resourceId, targetData);
+                }
+            }
+
+            if (existingResourceTargets.length > resourceData.targets.length) {
+                const targetsToDelete = existingResourceTargets.slice(
+                    resourceData.targets.length
+                );
+                for (const target of targetsToDelete) {
+                    await trx
+                        .delete(targets)
+                        .where(eq(targets.targetId, target.targetId)); 
+                }
+            }
+
+            logger.debug(`Updated resource ${existingResource.resourceId}`);
+        } else {
+            // create a brand new resource
+            let domain;
+            if (http) {
+                domain = await getDomain(
+                    undefined,
+                    resourceData["full-domain"]!,
+                    orgId,
+                    trx
+                );
+            }
+
+            // Create new resource
+            const [newResource] = await trx
+                .insert(resources)
+                .values({
+                    orgId,
+                    niceId: resourceNiceId,
+                    name: resourceData.name || "Unnamed Resource",
+                    protocol: resourceData.protocol || "http",
+                    http: http,
+                    proxyPort: http ? null : resourceData["proxy-port"],
+                    fullDomain: http ? resourceData["full-domain"] : null,
+                    subdomain: domain ? domain.subdomain : null,
+                    domainId: domain ? domain.domainId : null,
+                    enabled: resourceData.enabled ? true : false,
+                    sso: resourceData.auth?.["sso-enabled"] || false,
+                    setHostHeader: resourceData["host-header"] || null,
+                    tlsServerName: resourceData["tls-server-name"] || null,
+                    ssl: resourceData.ssl ? true : false
+                })
+                .returning();
+
+            if (resourceData.auth?.password) {
+                const passwordHash = await hashPassword(
+                    resourceData.auth.password
+                );
+
+                await trx.insert(resourcePassword).values({
+                    resourceId: newResource.resourceId,
+                    passwordHash
+                });
+            }
+
+            if (resourceData.auth?.pincode) {
+                const pincodeHash = await hashPassword(
+                    resourceData.auth.pincode.toString()
+                );
+
+                await trx.insert(resourcePincode).values({
+                    resourceId: newResource.resourceId,
+                    pincodeHash,
+                    digitLength: 6
+                });
+            }
+
+            resource = newResource;
+
+            const [adminRole] = await trx
+                .select()
+                .from(roles)
+                .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
+                .limit(1);
+
+            if (!adminRole) {
+                throw new Error(`Admin role not found`);
+            }
+
+            await trx.insert(roleResources).values({
+                roleId: adminRole.roleId,
+                resourceId: newResource.resourceId
+            });
+
+            if (resourceData.auth?.["sso-roles"]) {
+                const ssoRoles = resourceData.auth?.["sso-roles"];
+                await syncRoleResources(
+                    newResource.resourceId,
+                    ssoRoles,
+                    orgId,
+                    trx
+                );
+            }
+
+            if (resourceData.auth?.["sso-users"]) {
+                const ssoUsers = resourceData.auth?.["sso-users"];
+                await syncUserResources(
+                    newResource.resourceId,
+                    ssoUsers,
+                    orgId,
+                    trx
+                );
+            }
+
+            if (resourceData.auth?.["whitelist-users"]) {
+                const whitelistUsers = resourceData.auth?.["whitelist-users"];
+                await syncWhitelistUsers(
+                    newResource.resourceId,
+                    whitelistUsers,
+                    orgId,
+                    trx
+                );
+            }
+
+            // Create new targets
+            for (const targetData of resourceData.targets) {
+                if (!targetData) {
+                    // If targetData is null or an empty object, we can skip it
+                    continue;
+                }
+                await createTarget(newResource.resourceId, targetData);
+            }
+
+            logger.debug(`Created resource ${newResource.resourceId}`);
+        }
+
+        results.push({
+            resource: resource,
+            targetsToUpdate,
+        });
+    }
+
+    return results;
+}
+
+async function syncRoleResources(
+    resourceId: number,
+    ssoRoles: string[],
+    orgId: string,
+    trx: Transaction
+) {
+    const existingRoleResources = await trx
+        .select()
+        .from(roleResources)
+        .where(eq(roleResources.resourceId, resourceId));
+
+    for (const roleName of ssoRoles) {
+        if (roleName === "Admin") {
+            continue; // never add admin access
+        }
+
+        const [role] = await trx
+            .select()
+            .from(roles)
+            .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
+            .limit(1);
+
+        if (!role) {
+            throw new Error(`Role not found: ${roleName} in org ${orgId}`);
+        }
+
+        const existingRoleResource = existingRoleResources.find(
+            (rr) => rr.roleId === role.roleId
+        );
+
+        if (!existingRoleResource) {
+            await trx.insert(roleResources).values({
+                roleId: role.roleId,
+                resourceId: resourceId
+            });
+        }
+    }
+
+    for (const existingRoleResource of existingRoleResources) {
+        const [role] = await trx
+            .select()
+            .from(roles)
+            .where(eq(roles.roleId, existingRoleResource.roleId))
+            .limit(1);
+
+        if (role.isAdmin) {
+            continue; // never remove admin access
+        }
+
+        if (role && !ssoRoles.includes(role.name)) {
+            await trx
+                .delete(roleResources)
+                .where(
+                    and(
+                        eq(roleResources.roleId, existingRoleResource.roleId),
+                        eq(roleResources.resourceId, resourceId)
+                    )
+                );
+        }
+    }
+}
+
+async function syncUserResources(
+    resourceId: number,
+    ssoUsers: string[],
+    orgId: string,
+    trx: Transaction
+) {
+    const existingUserResources = await trx
+        .select()
+        .from(userResources)
+        .where(eq(userResources.resourceId, resourceId));
+
+    for (const email of ssoUsers) {
+        const [user] = await trx
+            .select()
+            .from(users)
+            .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+            .where(and(eq(users.email, email), eq(userOrgs.orgId, orgId)))
+            .limit(1);
+
+        if (!user) {
+            throw new Error(`User not found: ${email} in org ${orgId}`);
+        }
+
+        const existingUserResource = existingUserResources.find(
+            (rr) => rr.userId === user.user.userId
+        );
+
+        if (!existingUserResource) {
+            await trx.insert(userResources).values({
+                userId: user.user.userId,
+                resourceId: resourceId
+            });
+        }
+    }
+
+    for (const existingUserResource of existingUserResources) {
+        const [user] = await trx
+            .select()
+            .from(users)
+            .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+            .where(
+                and(
+                    eq(users.userId, existingUserResource.userId),
+                    eq(userOrgs.orgId, orgId)
+                )
+            )
+            .limit(1);
+
+        if (user && user.user.email && !ssoUsers.includes(user.user.email)) {
+            await trx
+                .delete(userResources)
+                .where(
+                    and(
+                        eq(userResources.userId, existingUserResource.userId),
+                        eq(userResources.resourceId, resourceId)
+                    )
+                );
+        }
+    }
+}
+
+async function syncWhitelistUsers(
+    resourceId: number,
+    whitelistUsers: string[],
+    orgId: string,
+    trx: Transaction
+) {
+    const existingWhitelist = await trx
+        .select()
+        .from(resourceWhitelist)
+        .where(eq(resourceWhitelist.resourceId, resourceId));
+
+    for (const email of whitelistUsers) {
+        const [user] = await trx
+            .select()
+            .from(users)
+            .innerJoin(userOrgs, eq(users.userId, userOrgs.userId))
+            .where(and(eq(users.email, email), eq(userOrgs.orgId, orgId)))
+            .limit(1);
+
+        if (!user) {
+            throw new Error(`User not found: ${email} in org ${orgId}`);
+        }
+
+        const existingWhitelistEntry = existingWhitelist.find(
+            (w) => w.email === email
+        );
+
+        if (!existingWhitelistEntry) {
+            await trx.insert(resourceWhitelist).values({
+                email,
+                resourceId: resourceId
+            });
+        }
+    }
+
+    for (const existingWhitelistEntry of existingWhitelist) {
+        if (!whitelistUsers.includes(existingWhitelistEntry.email)) {
+            await trx
+                .delete(resourceWhitelist)
+                .where(
+                    and(
+                        eq(resourceWhitelist.resourceId, resourceId),
+                        eq(
+                            resourceWhitelist.email,
+                            existingWhitelistEntry.email
+                        )
+                    )
+                );
+        }
+    }
+}
+
+function checkIfTargetChanged(
+    existing: Target | undefined,
+    incoming: Target | undefined
+): boolean {
+    if (!existing && incoming) return true;
+    if (existing && !incoming) return true;
+    if (!existing || !incoming) return false;
+
+    if (existing.ip !== incoming.ip) return true;
+    if (existing.port !== incoming.port) return true;
+    if (existing.siteId !== incoming.siteId) return true;
+
+    return false;
+}
+
+async function getDomain(
+    resourceId: number | undefined,
+    fullDomain: string,
+    orgId: string,
+    trx: Transaction
+) {
+    const [fullDomainExists] = await trx
+        .select({ resourceId: resources.resourceId })
+        .from(resources)
+        .where(
+            and(
+                eq(resources.fullDomain, fullDomain),
+                eq(resources.orgId, orgId),
+                resourceId
+                    ? ne(resources.resourceId, resourceId)
+                    : isNotNull(resources.resourceId)
+            )
+        )
+        .limit(1);
+
+    if (fullDomainExists) {
+        throw new Error(
+            `Resource already exists: ${fullDomain} in org ${orgId}`
+        );
+    }
+
+    const domain = await getDomainId(orgId, fullDomain, trx);
+
+    if (!domain) {
+        throw new Error(
+            `Domain not found for full-domain: ${fullDomain} in org ${orgId}`
+        );
+    }
+
+    return domain;
+}
+
+async function getDomainId(
+    orgId: string,
+    fullDomain: string,
+    trx: Transaction
+): Promise<{ subdomain: string | null; domainId: string } | null> {
+    const possibleDomains = await trx
+        .select()
+        .from(domains)
+        .innerJoin(orgDomains, eq(domains.domainId, orgDomains.domainId))
+        .where(and(eq(orgDomains.orgId, orgId), eq(domains.verified, true)))
+        .execute();
+
+    if (possibleDomains.length === 0) {
+        return null;
+    }
+
+    const validDomains = possibleDomains.filter((domain) => {
+        if (domain.domains.type == "ns") {
+            return (
+                fullDomain === domain.domains.baseDomain ||
+                fullDomain.endsWith(`.${domain.domains.baseDomain}`)
+            );
+        } else if (domain.domains.type == "cname") {
+            return fullDomain === domain.domains.baseDomain;
+        }
+    });
+
+    if (validDomains.length === 0) {
+        return null;
+    }
+
+    const domainSelection = validDomains[0].domains;
+    const baseDomain = domainSelection.baseDomain;
+
+    // remove the base domain of the domain
+    let subdomain = null;
+    if (domainSelection.type == "ns") {
+        if (fullDomain != baseDomain) {
+            subdomain = fullDomain.replace(`.${baseDomain}`, "");
+        }
+    }
+
+    // Return the first valid domain
+    return {
+        subdomain: subdomain,
+        domainId: domainSelection.domainId
+    };
+}
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
new file mode 100644
index 00000000..62e390a8
--- /dev/null
+++ b/server/lib/blueprints/types.ts
@@ -0,0 +1,232 @@
+import { z } from "zod";
+
+export const SiteSchema = z.object({
+    name: z.string().min(1).max(100),
+    "docker-socket-enabled": z.boolean().optional().default(true)
+});
+
+// Schema for individual target within a resource
+export const TargetSchema = z.object({
+    site: z.string().optional(),
+    method: z.enum(["http", "https", "h2c"]).optional(),
+    hostname: z.string(),
+    port: z.number().int().min(1).max(65535),
+    enabled: z.boolean().optional().default(true),
+    "internal-port": z.number().int().min(1).max(65535).optional(),
+});
+export type TargetData = z.infer<typeof TargetSchema>;
+
+export const AuthSchema = z.object({
+    // pincode has to have 6 digits
+    pincode: z.number().min(100000).max(999999).optional(),
+    password: z.string().min(1).optional(),
+    "sso-enabled": z.boolean().optional().default(false),
+    "sso-roles": z
+        .array(z.string())
+        .optional()
+        .default([])
+        .refine((roles) => !roles.includes("Admin"), {
+            message: "Admin role cannot be included in sso-roles"
+        }),
+    "sso-users": z.array(z.string().email()).optional().default([]),
+    "whitelist-users": z.array(z.string().email()).optional().default([])
+});
+
+// Schema for individual resource
+export const ResourceSchema = z
+    .object({
+        name: z.string().optional(),
+        protocol: z.enum(["http", "tcp", "udp"]).optional(),
+        ssl: z.boolean().optional(),
+        "full-domain": z.string().optional(),
+        "proxy-port": z.number().int().min(1).max(65535).optional(),
+        enabled: z.boolean().optional(),
+        targets: z.array(TargetSchema.nullable()).optional().default([]),
+        auth: AuthSchema.optional(),
+        "host-header": z.string().optional(),
+        "tls-server-name": z.string().optional()
+    })
+    .refine(
+        (resource) => {
+            if (isTargetsOnlyResource(resource)) {
+                return true;
+            }
+
+            // Otherwise, require name and protocol for full resource definition
+            return (
+                resource.name !== undefined && resource.protocol !== undefined
+            );
+        },
+        {
+            message:
+                "Resource must either be targets-only (only 'targets' field) or have both 'name' and 'protocol' fields at a minimum",
+            path: ["name", "protocol"]
+        }
+    )
+    .refine(
+        (resource) => {
+            if (isTargetsOnlyResource(resource)) {
+                return true;
+            }
+
+            // If protocol is http, all targets must have method field
+            if (resource.protocol === "http") {
+                return resource.targets.every(
+                    (target) => target == null || target.method !== undefined
+                );
+            }
+            // If protocol is tcp or udp, no target should have method field
+            if (resource.protocol === "tcp" || resource.protocol === "udp") {
+                return resource.targets.every(
+                    (target) => target == null || target.method === undefined
+                );
+            }
+            return true;
+        },
+        (resource) => {
+            if (resource.protocol === "http") {
+                return {
+                    message:
+                        "When protocol is 'http', all targets must have a 'method' field",
+                    path: ["targets"]
+                };
+            }
+            return {
+                message:
+                    "When protocol is 'tcp' or 'udp', targets must not have a 'method' field",
+                path: ["targets"]
+            };
+        }
+    )
+    .refine(
+        (resource) => {
+            if (isTargetsOnlyResource(resource)) {
+                return true;
+            }
+
+            // If protocol is http, it must have a full-domain
+            if (resource.protocol === "http") {
+                return (
+                    resource["full-domain"] !== undefined &&
+                    resource["full-domain"].length > 0
+                );
+            }
+            return true;
+        },
+        {
+            message:
+                "When protocol is 'http', a 'full-domain' must be provided",
+            path: ["full-domain"]
+        }
+    )
+    .refine(
+        (resource) => {
+            if (isTargetsOnlyResource(resource)) {
+                return true;
+            }
+
+            // If protocol is tcp or udp, it must have both proxy-port
+            if (resource.protocol === "tcp" || resource.protocol === "udp") {
+                return resource["proxy-port"] !== undefined;
+            }
+            return true;
+        },
+        {
+            message:
+                "When protocol is 'tcp' or 'udp', 'proxy-port' must be provided",
+            path: ["proxy-port", "exit-node"]
+        }
+    )
+    .refine(
+        (resource) => {
+            // Skip validation for targets-only resources
+            if (isTargetsOnlyResource(resource)) {
+                return true;
+            }
+
+            // If protocol is tcp or udp, it must not have auth
+            if (resource.protocol === "tcp" || resource.protocol === "udp") {
+                return resource.auth === undefined;
+            }
+            return true;
+        },
+        {
+            message:
+                "When protocol is 'tcp' or 'udp', 'auth' must not be provided",
+            path: ["auth"]
+        }
+    );
+
+export function isTargetsOnlyResource(resource: any): boolean {
+    return Object.keys(resource).length === 1 && resource.targets;
+}
+
+// Schema for the entire configuration object
+export const ConfigSchema = z
+    .object({
+        resources: z.record(z.string(), ResourceSchema).optional().default({}),
+        sites: z.record(z.string(), SiteSchema).optional().default({})
+    })
+    .refine(
+        // Enforce the full-domain uniqueness across resources in the same stack
+        (config) => {
+            // Extract all full-domain values with their resource keys
+            const fullDomainMap = new Map<string, string[]>();
+
+            Object.entries(config.resources).forEach(
+                ([resourceKey, resource]) => {
+                    const fullDomain = resource["full-domain"];
+                    if (fullDomain) {
+                        // Only process if full-domain is defined
+                        if (!fullDomainMap.has(fullDomain)) {
+                            fullDomainMap.set(fullDomain, []);
+                        }
+                        fullDomainMap.get(fullDomain)!.push(resourceKey);
+                    }
+                }
+            );
+
+            // Find duplicates
+            const duplicates = Array.from(fullDomainMap.entries()).filter(
+                ([_, resourceKeys]) => resourceKeys.length > 1
+            );
+
+            return duplicates.length === 0;
+        },
+        (config) => {
+            // Extract duplicates for error message
+            const fullDomainMap = new Map<string, string[]>();
+
+            Object.entries(config.resources).forEach(
+                ([resourceKey, resource]) => {
+                    const fullDomain = resource["full-domain"];
+                    if (fullDomain) {
+                        // Only process if full-domain is defined
+                        if (!fullDomainMap.has(fullDomain)) {
+                            fullDomainMap.set(fullDomain, []);
+                        }
+                        fullDomainMap.get(fullDomain)!.push(resourceKey);
+                    }
+                }
+            );
+
+            const duplicates = Array.from(fullDomainMap.entries())
+                .filter(([_, resourceKeys]) => resourceKeys.length > 1)
+                .map(
+                    ([fullDomain, resourceKeys]) =>
+                        `'${fullDomain}' used by resources: ${resourceKeys.join(", ")}`
+                )
+                .join("; ");
+
+            return {
+                message: `Duplicate 'full-domain' values found: ${duplicates}`,
+                path: ["resources"]
+            };
+        }
+    );
+
+// Type inference from the schema
+export type Site = z.infer<typeof SiteSchema>;
+export type Target = z.infer<typeof TargetSchema>;
+export type Resource = z.infer<typeof ResourceSchema>;
+export type Config = z.infer<typeof ConfigSchema>;
diff --git a/server/routers/newt/handleApplyBlueprintMessage.ts b/server/routers/newt/handleApplyBlueprintMessage.ts
new file mode 100644
index 00000000..68158799
--- /dev/null
+++ b/server/routers/newt/handleApplyBlueprintMessage.ts
@@ -0,0 +1,73 @@
+import { db, newts } from "@server/db";
+import { MessageHandler } from "../ws";
+import { exitNodes, Newt, resources, sites, Target, targets } from "@server/db";
+import { eq, and, sql, inArray } from "drizzle-orm";
+import logger from "@server/logger";
+import { applyBlueprint } from "@server/lib/blueprints/applyBlueprint";
+
+export const handleApplyBlueprintMessage: MessageHandler = async (context) => {
+    const { message, client, sendToClient } = context;
+    const newt = client as Newt;
+
+    logger.debug("Handling apply blueprint message!");
+
+    if (!newt) {
+        logger.warn("Newt not found");
+        return;
+    }
+
+    if (!newt.siteId) {
+        logger.warn("Newt has no site!"); // TODO: Maybe we create the site here?
+        return;
+    }
+
+    // get the site
+    const [site] = await db
+        .select()
+        .from(sites)
+        .where(eq(sites.siteId, newt.siteId));
+
+    if (!site) {
+        logger.warn("Site not found for newt");
+        return;
+    }
+
+    const { blueprint } = message.data;
+    if (!blueprint) {
+        logger.warn("No blueprint provided");
+        return;
+    }
+
+    logger.debug(`Received blueprint: ${blueprint}`);
+
+    try {
+        const blueprintParsed = JSON.parse(blueprint);
+        // Update the blueprint in the database
+        await applyBlueprint(site.orgId, blueprintParsed, site.siteId);
+    } catch (error) {
+        logger.error(`Failed to update database from config: ${error}`);
+        return {
+            message: {
+                type: "newt/blueprint/results",
+                data: {
+                    success: false,
+                    message: `Failed to update database from config: ${error}`
+                }
+            },
+            broadcast: false, // Send to all clients
+            excludeSender: false // Include sender in broadcast
+        };
+    }
+
+    return {
+        message: {
+            type: "newt/blueprint/results",
+            data: {
+                success: true,
+                message: "Config updated successfully"
+            }
+        },
+        broadcast: false, // Send to all clients
+        excludeSender: false // Include sender in broadcast
+    };
+};
diff --git a/server/routers/newt/handleNewtRegisterMessage.ts b/server/routers/newt/handleNewtRegisterMessage.ts
index 3c7ecaff..eef78765 100644
--- a/server/routers/newt/handleNewtRegisterMessage.ts
+++ b/server/routers/newt/handleNewtRegisterMessage.ts
@@ -10,6 +10,7 @@ import {
     getNextAvailableClientSubnet
 } from "@server/lib/ip";
 import { selectBestExitNode, verifyExitNodeOrgAccess } from "@server/lib/exitNodes";
+import { fetchContainers } from "./dockerSocket";
 
 export type ExitNodePingResult = {
     exitNodeId: number;
@@ -76,6 +77,15 @@ export const handleNewtRegisterMessage: MessageHandler = async (context) => {
         return;
     }
 
+    logger.debug(`Docker socket enabled: ${oldSite.dockerSocketEnabled}`);
+
+    if (oldSite.dockerSocketEnabled) {
+        logger.debug(
+            "Site has docker socket enabled - requesting docker containers"
+        );
+        fetchContainers(newt.newtId);
+    }
+
     let siteSubnet = oldSite.subnet;
     let exitNodeIdToQuery = oldSite.exitNodeId;
     if (exitNodeId && (oldSite.exitNodeId !== exitNodeId || !oldSite.subnet)) {
diff --git a/server/routers/newt/handleSocketMessages.ts b/server/routers/newt/handleSocketMessages.ts
index 01b7be60..aceca37d 100644
--- a/server/routers/newt/handleSocketMessages.ts
+++ b/server/routers/newt/handleSocketMessages.ts
@@ -2,6 +2,7 @@ import { MessageHandler } from "../ws";
 import logger from "@server/logger";
 import { dockerSocketCache } from "./dockerSocket";
 import { Newt } from "@server/db";
+import { applyNewtDockerBlueprint } from "@server/lib/blueprints/applyNewtDockerBlueprint";
 
 export const handleDockerStatusMessage: MessageHandler = async (context) => {
     const { message, client, sendToClient } = context;
@@ -57,4 +58,15 @@ export const handleDockerContainersMessage: MessageHandler = async (
     } else {
         logger.warn(`Newt ${newt.newtId} does not have Docker containers`);
     }
+
+    if (!newt.siteId) {
+        logger.warn("Newt has no site!");
+        return;
+    }
+
+    await applyNewtDockerBlueprint(
+        newt.siteId,
+        newt.newtId,
+        containers
+    );
 };
diff --git a/server/routers/newt/index.ts b/server/routers/newt/index.ts
index 08f047e3..9642a637 100644
--- a/server/routers/newt/index.ts
+++ b/server/routers/newt/index.ts
@@ -4,4 +4,5 @@ export * from "./handleNewtRegisterMessage";
 export * from "./handleReceiveBandwidthMessage";
 export * from "./handleGetConfigMessage";
 export * from "./handleSocketMessages";
-export * from "./handleNewtPingRequestMessage";
\ No newline at end of file
+export * from "./handleNewtPingRequestMessage";
+export * from "./handleApplyBlueprintMessage";
\ No newline at end of file
diff --git a/server/routers/ws/messageHandlers.ts b/server/routers/ws/messageHandlers.ts
index a30daf43..8ca33b8a 100644
--- a/server/routers/ws/messageHandlers.ts
+++ b/server/routers/ws/messageHandlers.ts
@@ -4,7 +4,8 @@ import {
     handleGetConfigMessage,
     handleDockerStatusMessage,
     handleDockerContainersMessage,
-    handleNewtPingRequestMessage
+    handleNewtPingRequestMessage,
+    handleApplyBlueprintMessage
 } from "../newt";
 import {
     handleOlmRegisterMessage,
@@ -23,7 +24,8 @@ export const messageHandlers: Record<string, MessageHandler> = {
     "olm/ping": handleOlmPingMessage,
     "newt/socket/status": handleDockerStatusMessage,
     "newt/socket/containers": handleDockerContainersMessage,
-    "newt/ping/request": handleNewtPingRequestMessage
+    "newt/ping/request": handleNewtPingRequestMessage,
+    "newt/blueprint/apply": handleApplyBlueprintMessage,
 };
 
 startOlmOfflineChecker(); // this is to handle the offline check for olms

From 22f3dc9dac21307fa5348b850e351397dd38c4ab Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 10 Sep 2025 17:28:00 -0700
Subject: [PATCH 056/166] Apply blueprint over api call

---
 messages/en-US.json                     |   1 +
 server/auth/actions.ts                  |   3 +-
 server/routers/integration.ts           |   7 ++
 server/routers/org/applyBlueprint.ts    | 122 ++++++++++++++++++++++++
 server/routers/org/index.ts             |   1 +
 src/components/PermissionsSelectBox.tsx |   3 +-
 6 files changed, 135 insertions(+), 2 deletions(-)
 create mode 100644 server/routers/org/applyBlueprint.ts

diff --git a/messages/en-US.json b/messages/en-US.json
index bd43a9c0..4312e0e2 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -997,6 +997,7 @@
     "actionDeleteSite": "Delete Site",
     "actionGetSite": "Get Site",
     "actionListSites": "List Sites",
+    "actionApplyBlueprint": "Apply Blueprint",
     "setupToken": "Setup Token",
     "setupTokenDescription": "Enter the setup token from the server console.",
     "setupTokenRequired": "Setup token is required",
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index 9636efa0..f020c2ff 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -102,7 +102,8 @@ export enum ActionsEnum {
     createOrgDomain = "createOrgDomain",
     deleteOrgDomain = "deleteOrgDomain",
     restartOrgDomain = "restartOrgDomain",
-    updateOrgUser = "updateOrgUser"
+    updateOrgUser = "updateOrgUser",
+    applyBlueprint = "applyBlueprint"
 }
 
 export async function checkUserActionPermission(
diff --git a/server/routers/integration.ts b/server/routers/integration.ts
index 69bdbb42..6a43aaa7 100644
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -644,3 +644,10 @@ authenticated.post(
     verifyApiKeyHasAction(ActionsEnum.updateClient),
     client.updateClient
 );
+
+authenticated.put(
+    "/org/:orgId/blueprint",
+    verifyApiKeyOrgAccess,
+    verifyApiKeyHasAction(ActionsEnum.applyBlueprint),
+    org.applyBlueprint
+);
\ No newline at end of file
diff --git a/server/routers/org/applyBlueprint.ts b/server/routers/org/applyBlueprint.ts
new file mode 100644
index 00000000..7fba3f3b
--- /dev/null
+++ b/server/routers/org/applyBlueprint.ts
@@ -0,0 +1,122 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import { eq } from "drizzle-orm";
+import {
+    apiKeyOrg,
+    apiKeys,
+    domains,
+    Org,
+    orgDomains,
+    orgs,
+    roleActions,
+    roles,
+    userOrgs,
+    users,
+    actions
+} from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import config from "@server/lib/config";
+import { fromError } from "zod-validation-error";
+import { defaultRoleAllowedActions } from "../role";
+import { OpenAPITags, registry } from "@server/openApi";
+import { isValidCIDR } from "@server/lib/validators";
+import { applyBlueprint as applyBlueprintFunc } from "@server/lib/blueprints/applyBlueprint";
+
+const applyBlueprintSchema = z
+    .object({
+        blueprint: z.string()
+    })
+    .strict();
+
+const applyBlueprintParamsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
+registry.registerPath({
+    method: "put",
+    path: "/org/{orgId}/blueprint",
+    description: "Apply a blueprint to an organization",
+    tags: [OpenAPITags.Org],
+    request: {
+        body: {
+            content: {
+                "application/json": {
+                    schema: applyBlueprintSchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function applyBlueprint(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = applyBlueprintParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
+
+        const parsedBody = applyBlueprintSchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { blueprint } = parsedBody.data;
+
+        if (!blueprint) {
+            logger.warn("No blueprint provided");
+            return;
+        }
+
+        logger.debug(`Received blueprint: ${blueprint}`);
+
+        try {
+            const blueprintParsed = JSON.parse(blueprint);
+            // Update the blueprint in the database
+            await applyBlueprintFunc(orgId, blueprintParsed);
+        } catch (error) {
+            logger.error(`Failed to update database from config: ${error}`);
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `Failed to update database from config: ${error}`
+                )
+            );
+        }
+
+        return response(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "Blueprint applied successfully",
+            status: HttpCode.CREATED
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/org/index.ts b/server/routers/org/index.ts
index c9a44d8d..754def66 100644
--- a/server/routers/org/index.ts
+++ b/server/routers/org/index.ts
@@ -7,3 +7,4 @@ export * from "./checkId";
 export * from "./getOrgOverview";
 export * from "./listOrgs";
 export * from "./pickOrgDefaults";
+export * from "./applyBlueprint";
\ No newline at end of file
diff --git a/src/components/PermissionsSelectBox.tsx b/src/components/PermissionsSelectBox.tsx
index 3334cca5..4760aeef 100644
--- a/src/components/PermissionsSelectBox.tsx
+++ b/src/components/PermissionsSelectBox.tsx
@@ -29,7 +29,8 @@ function getActionsCategories(root: boolean) {
             [t('actionListUsers')]: "listUsers",
             [t('actionListOrgDomains')]: "listOrgDomains",
             [t('updateOrgUser')]: "updateOrgUser",
-            [t('createOrgUser')]: "createOrgUser"
+            [t('createOrgUser')]: "createOrgUser",
+            [t('actionApplyBlueprint')]: "applyBlueprint",
         },
 
         Site: {

From 764778ecc2b6f58b56d9e6cf0a8c2f4f3dc768fe Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 10:12:27 -0700
Subject: [PATCH 057/166] Testing cross site issue

---
 blueprint.py                         | 77 ++++++++++++++++++++++++++++
 blueprint.yaml                       | 37 +++++++++++++
 messages/en-US.json                  |  4 +-
 server/lib/blueprints/resources.ts   |  4 +-
 server/routers/org/applyBlueprint.ts |  8 ++-
 5 files changed, 124 insertions(+), 6 deletions(-)
 create mode 100644 blueprint.py
 create mode 100644 blueprint.yaml

diff --git a/blueprint.py b/blueprint.py
new file mode 100644
index 00000000..6490ebd5
--- /dev/null
+++ b/blueprint.py
@@ -0,0 +1,77 @@
+import requests
+import yaml
+import json
+import base64
+
+# The file path for the YAML file to be read
+# You can change this to the path of your YAML file
+YAML_FILE_PATH = 'blueprint.yaml'
+
+# The API endpoint and headers from the curl request
+API_URL = 'http://localhost:3004/v1/org/test/blueprint'
+HEADERS = {
+    'accept': '*/*',
+    'Authorization': 'Bearer v7ix7xha1bmq2on.tzsden374mtmkeczm3tx44uzxsljnrst7nmg7ccr',
+    'Content-Type': 'application/json'
+}
+
+def convert_and_send(file_path, url, headers):
+    """
+    Reads a YAML file, converts its content to a JSON payload,
+    and sends it via a PUT request to a specified URL.
+    """
+    try:
+        # Read the YAML file content
+        with open(file_path, 'r') as file:
+            yaml_content = file.read()
+
+        # Parse the YAML string to a Python dictionary
+        # This will be used to ensure the YAML is valid before sending
+        parsed_yaml = yaml.safe_load(yaml_content)
+
+        # Create the JSON payload. The curl request shows the value
+        # of "blueprint" is a string, which means the raw YAML content
+        # should be sent as a string value for that key.
+        json_payload = {
+            "blueprint": yaml_content
+        }
+
+        # Convert the payload to a JSON string
+        json_string = json.dumps(json_payload)
+
+        # Base64 encode the JSON string
+        encoded_json = base64.b64encode(json_string.encode('utf-8')).decode('utf-8')
+
+        # Create the final payload with the base64 encoded data
+        final_payload = {
+            "blueprint": encoded_json
+        }
+
+        print("Sending the following Base64 encoded JSON payload:")
+        print(final_payload)
+        print("-" * 20)
+
+        # Make the PUT request with the base64 encoded payload
+        response = requests.put(url, headers=headers, json=final_payload)
+
+        # Print the API response for debugging
+        print(f"API Response Status Code: {response.status_code}")
+        print("API Response Content:")
+        print(response.text)
+
+        # Raise an exception for bad status codes (4xx or 5xx)
+        response.raise_for_status()
+
+    except FileNotFoundError:
+        print(f"Error: The file '{file_path}' was not found.")
+    except yaml.YAMLError as e:
+        print(f"Error parsing YAML file: {e}")
+    except requests.exceptions.RequestException as e:
+        print(f"An error occurred during the API request: {e}")
+    except Exception as e:
+        print(f"An unexpected error occurred: {e}")
+
+# Run the function
+if __name__ == "__main__":
+    convert_and_send(YAML_FILE_PATH, API_URL, HEADERS)
+
diff --git a/blueprint.yaml b/blueprint.yaml
new file mode 100644
index 00000000..da1498cd
--- /dev/null
+++ b/blueprint.yaml
@@ -0,0 +1,37 @@
+resources:
+  resource-nice-id:
+    name: this is my resource
+    protocol: http
+    full-domain: level1.test3.example.com
+    # host-header: example.com
+    # tls-server-name: example.com
+    auth:
+      pincode: 123456
+      password: sadfasdfadsf
+      sso-enabled: true
+      sso-roles:
+      - Member
+      sso-users:
+      - owen@fossorial.io
+      whitelist-users:
+      - owen@fossorial.io
+    targets:
+    # - site: glossy-plains-viscacha-rat
+    # - hostname: localhost
+    #   method: http
+    #   port: 8000
+    #   healthcheck:
+    #     port: 8000
+    #     hostname: localhost
+    # - site: glossy-plains-viscacha-rat
+    # - hostname: localhost
+    #   method: http
+    #   port: 8001
+  # resource-nice-id2:
+  #   name: this is other resource
+  #   protocol: tcp
+  #   proxy-port: 3000
+  #   targets:
+  #   # - site: glossy-plains-viscacha-rat
+  #   - hostname: localhost
+  #     port: 3000
\ No newline at end of file
diff --git a/messages/en-US.json b/messages/en-US.json
index 4312e0e2..be4359f8 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1140,8 +1140,8 @@
     "sidebarLicense": "License",
     "sidebarClients": "Clients (Beta)",
     "sidebarDomains": "Domains",
-    "enableDockerSocket": "Enable Docker Socket",
-    "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.",
+    "enableDockerSocket": "Enable Docker Blueprint",
+    "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to Newt.",
     "enableDockerSocketLink": "Learn More",
     "viewDockerContainers": "View Docker Containers",
     "containersIn": "Containers in {siteName}",
diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/resources.ts
index e1c1209f..b1556f18 100644
--- a/server/lib/blueprints/resources.ts
+++ b/server/lib/blueprints/resources.ts
@@ -68,7 +68,7 @@ export async function updateResources(
                     )
                     .limit(1);
             } else {
-                throw new Error(`Target site ID is required`);
+                throw new Error(`Target site is required`);
             }
 
             if (!site) {
@@ -712,7 +712,7 @@ async function getDomainId(
     }
 
     const validDomains = possibleDomains.filter((domain) => {
-        if (domain.domains.type == "ns") {
+        if (domain.domains.type == "ns" || domain.domains.type == "wildcard") {
             return (
                 fullDomain === domain.domains.baseDomain ||
                 fullDomain.endsWith(`.${domain.domains.baseDomain}`)
diff --git a/server/routers/org/applyBlueprint.ts b/server/routers/org/applyBlueprint.ts
index 7fba3f3b..3e97da09 100644
--- a/server/routers/org/applyBlueprint.ts
+++ b/server/routers/org/applyBlueprint.ts
@@ -41,9 +41,10 @@ const applyBlueprintParamsSchema = z
 registry.registerPath({
     method: "put",
     path: "/org/{orgId}/blueprint",
-    description: "Apply a blueprint to an organization",
+    description: "Apply a base64 encoded blueprint to an organization",
     tags: [OpenAPITags.Org],
     request: {
+        params: applyBlueprintParamsSchema,
         body: {
             content: {
                 "application/json": {
@@ -93,7 +94,10 @@ export async function applyBlueprint(
         logger.debug(`Received blueprint: ${blueprint}`);
 
         try {
-            const blueprintParsed = JSON.parse(blueprint);
+            // first base64 decode the blueprint
+            const decoded = Buffer.from(blueprint, "base64").toString("utf-8");
+            // then parse the json
+            const blueprintParsed = JSON.parse(decoded);
             // Update the blueprint in the database
             await applyBlueprintFunc(orgId, blueprintParsed);
         } catch (error) {

From 3a1eddea4372afa6034eb962b020f1727dd7fc78 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 11:42:37 -0700
Subject: [PATCH 058/166] Work accross sites?

---
 blueprint.py                         | 15 +++-------
 blueprint.yaml                       | 45 ++++++++++++++--------------
 server/lib/blueprints/resources.ts   | 14 +++++++--
 server/routers/org/applyBlueprint.ts |  1 +
 4 files changed, 40 insertions(+), 35 deletions(-)

diff --git a/blueprint.py b/blueprint.py
index 6490ebd5..b3017b5b 100644
--- a/blueprint.py
+++ b/blueprint.py
@@ -29,18 +29,11 @@ def convert_and_send(file_path, url, headers):
         # This will be used to ensure the YAML is valid before sending
         parsed_yaml = yaml.safe_load(yaml_content)
 
-        # Create the JSON payload. The curl request shows the value
-        # of "blueprint" is a string, which means the raw YAML content
-        # should be sent as a string value for that key.
-        json_payload = {
-            "blueprint": yaml_content
-        }
+        # convert the parsed YAML to a JSON string
+        json_payload = json.dumps(parsed_yaml)
 
-        # Convert the payload to a JSON string
-        json_string = json.dumps(json_payload)
-
-        # Base64 encode the JSON string
-        encoded_json = base64.b64encode(json_string.encode('utf-8')).decode('utf-8')
+        # Encode the JSON string to Base64
+        encoded_json = base64.b64encode(json_payload.encode('utf-8')).decode('utf-8')
 
         # Create the final payload with the base64 encoded data
         final_payload = {
diff --git a/blueprint.yaml b/blueprint.yaml
index da1498cd..bb6cd531 100644
--- a/blueprint.yaml
+++ b/blueprint.yaml
@@ -1,10 +1,10 @@
 resources:
-  resource-nice-id:
+  resource-nice-id-duce:
     name: this is my resource
     protocol: http
     full-domain: level1.test3.example.com
-    # host-header: example.com
-    # tls-server-name: example.com
+    host-header: example.com
+    tls-server-name: example.com
     auth:
       pincode: 123456
       password: sadfasdfadsf
@@ -16,22 +16,23 @@ resources:
       whitelist-users:
       - owen@fossorial.io
     targets:
-    # - site: glossy-plains-viscacha-rat
-    # - hostname: localhost
-    #   method: http
-    #   port: 8000
-    #   healthcheck:
-    #     port: 8000
-    #     hostname: localhost
-    # - site: glossy-plains-viscacha-rat
-    # - hostname: localhost
-    #   method: http
-    #   port: 8001
-  # resource-nice-id2:
-  #   name: this is other resource
-  #   protocol: tcp
-  #   proxy-port: 3000
-  #   targets:
-  #   # - site: glossy-plains-viscacha-rat
-  #   - hostname: localhost
-  #     port: 3000
\ No newline at end of file
+    - site: lively-yosemite-toad
+      hostname: localhost
+      method: http
+      port: 8000
+    - site: slim-alpine-chipmunk
+      hostname: localhost
+      method: http
+      port: 8001
+    - site: glossy-plains-viscacha-rat
+      hostname: localhost
+      method: http
+      port: 8001
+  resource-nice-id2:
+    name: this is other resource
+    protocol: tcp
+    proxy-port: 3000
+    targets:
+    - site: glossy-plains-viscacha-rat
+      hostname: localhost
+      port: 3000
\ No newline at end of file
diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/resources.ts
index b1556f18..8499156e 100644
--- a/server/lib/blueprints/resources.ts
+++ b/server/lib/blueprints/resources.ts
@@ -247,11 +247,12 @@ export async function updateResources(
 
             // Create new targets
             for (const [index, targetData] of resourceData.targets.entries()) {
-                if (!targetData) {
+                if (!targetData || (typeof targetData === 'object' && Object.keys(targetData).length === 0)) {
                     // If targetData is null or an empty object, we can skip it
                     continue;
                 }
                 const existingTarget = existingResourceTargets[index];
+
                 if (existingTarget) {
                     let targetSiteId = targetData.site;
                     let site;
@@ -281,7 +282,7 @@ export async function updateResources(
                             )
                             .limit(1);
                     } else {
-                        throw new Error(`Target site ID is required`);
+                        throw new Error(`Target site is required`);
                     }
 
                     if (!site) {
@@ -336,7 +337,16 @@ export async function updateResources(
                 const targetsToDelete = existingResourceTargets.slice(
                     resourceData.targets.length
                 );
+                logger.debug(`Targets to delete: ${JSON.stringify(targetsToDelete)}`);
                 for (const target of targetsToDelete) {
+                    if (!target) {
+                        continue;
+                    } 
+                    if (siteId && target.siteId !== siteId) {
+                        logger.debug(`Skipping target ${target.targetId} for deletion. Site ID does not match filter.`);
+                        continue; // only delete targets for the specified siteId
+                    }
+                    logger.debug(`Deleting target ${target.targetId}`);
                     await trx
                         .delete(targets)
                         .where(eq(targets.targetId, target.targetId)); 
diff --git a/server/routers/org/applyBlueprint.ts b/server/routers/org/applyBlueprint.ts
index 3e97da09..982258ee 100644
--- a/server/routers/org/applyBlueprint.ts
+++ b/server/routers/org/applyBlueprint.ts
@@ -98,6 +98,7 @@ export async function applyBlueprint(
             const decoded = Buffer.from(blueprint, "base64").toString("utf-8");
             // then parse the json
             const blueprintParsed = JSON.parse(decoded);
+
             // Update the blueprint in the database
             await applyBlueprintFunc(orgId, blueprintParsed);
         } catch (error) {

From 997cbca98eaf2851a50aad56082ae2242196397f Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 12:20:50 -0700
Subject: [PATCH 059/166] Get the headers into the traefik config

---
 blueprint.py                               |  2 +
 blueprint.yaml                             | 29 +++++----
 server/db/pg/schema.ts                     |  1 +
 server/db/sqlite/schema.ts                 |  3 +-
 server/lib/blueprints/resources.ts         | 21 +++++--
 server/lib/blueprints/types.ts             |  3 +-
 server/routers/traefik/getTraefikConfig.ts | 71 ++++++++++++++--------
 7 files changed, 84 insertions(+), 46 deletions(-)

diff --git a/blueprint.py b/blueprint.py
index b3017b5b..b4f1a99c 100644
--- a/blueprint.py
+++ b/blueprint.py
@@ -31,6 +31,8 @@ def convert_and_send(file_path, url, headers):
 
         # convert the parsed YAML to a JSON string
         json_payload = json.dumps(parsed_yaml)
+        print("Converted JSON payload:")
+        print(json_payload)
 
         # Encode the JSON string to Base64
         encoded_json = base64.b64encode(json_payload.encode('utf-8')).decode('utf-8')
diff --git a/blueprint.yaml b/blueprint.yaml
index bb6cd531..8a0d208f 100644
--- a/blueprint.yaml
+++ b/blueprint.yaml
@@ -5,16 +5,19 @@ resources:
     full-domain: level1.test3.example.com
     host-header: example.com
     tls-server-name: example.com
-    auth:
-      pincode: 123456
-      password: sadfasdfadsf
-      sso-enabled: true
-      sso-roles:
-      - Member
-      sso-users:
-      - owen@fossorial.io
-      whitelist-users:
-      - owen@fossorial.io
+    # auth:
+      # pincode: 123456
+      # password: sadfasdfadsf
+      # sso-enabled: true
+      # sso-roles:
+      #   - Member
+      # sso-users:
+      #   - owen@fossorial.io
+      # whitelist-users:
+      #   - owen@fossorial.io
+    headers:
+      - X-Example-Header: example-value
+      - X-Another-Header: another-value
     targets:
     - site: lively-yosemite-toad
       hostname: localhost
@@ -24,15 +27,11 @@ resources:
       hostname: localhost
       method: http
       port: 8001
-    - site: glossy-plains-viscacha-rat
-      hostname: localhost
-      method: http
-      port: 8001
   resource-nice-id2:
     name: this is other resource
     protocol: tcp
     proxy-port: 3000
     targets:
-    - site: glossy-plains-viscacha-rat
+    - site: lively-yosemite-toad 
       hostname: localhost
       port: 3000
\ No newline at end of file
diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index 1e634cc9..8c6fb4b8 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -96,6 +96,7 @@ export const resources = pgTable("resources", {
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
         onDelete: "cascade"
     }),
+    headers: text("headers"), // comma-separated list of headers to add to the request
 });
 
 export const targets = pgTable("targets", {
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 2db0fdc4..912604d6 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -107,7 +107,8 @@ export const resources = sqliteTable("resources", {
     enableProxy: integer("enableProxy", { mode: "boolean" }).default(true),
     skipToIdpId: integer("skipToIdpId").references(() => idp.idpId, {
         onDelete: "cascade"
-    })
+    }),
+    headers: text("headers"), // comma-separated list of headers to add to the request
 });
 
 export const targets = sqliteTable("targets", {
diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/resources.ts
index 8499156e..1ca928ef 100644
--- a/server/lib/blueprints/resources.ts
+++ b/server/lib/blueprints/resources.ts
@@ -120,6 +120,17 @@ export async function updateResources(
         const http = resourceData.protocol == "http";
         const protocol =
             resourceData.protocol == "http" ? "tcp" : resourceData.protocol;
+        const resourceEnabled = resourceData.enabled == undefined || resourceData.enabled == null ? true : resourceData.enabled;
+        let headers = "";
+        for (const headerObj of resourceData.headers || []) {
+            for (const [key, value] of Object.entries(headerObj)) {
+                headers += `${key}: ${value},`;
+            }
+        }
+        // if there are headers, remove the trailing comma
+        if (headers.endsWith(",")) {
+            headers = headers.slice(0, -1);
+        }
 
         if (existingResource) {
             let domain;
@@ -152,7 +163,7 @@ export async function updateResources(
                         fullDomain: http ? resourceData["full-domain"] : null,
                         subdomain: domain ? domain.subdomain : null,
                         domainId: domain ? domain.domainId : null,
-                        enabled: resourceData.enabled ? true : false,
+                        enabled: resourceEnabled,
                         sso: resourceData.auth?.["sso-enabled"] || false,
                         ssl: resourceData.ssl ? true : false,
                         setHostHeader: resourceData["host-header"] || null,
@@ -161,7 +172,8 @@ export async function updateResources(
                             "whitelist-users"
                         ]
                             ? resourceData.auth["whitelist-users"].length > 0
-                            : false
+                            : false,
+                        headers: headers || null,
                     })
                     .where(
                         eq(resources.resourceId, existingResource.resourceId)
@@ -379,11 +391,12 @@ export async function updateResources(
                     fullDomain: http ? resourceData["full-domain"] : null,
                     subdomain: domain ? domain.subdomain : null,
                     domainId: domain ? domain.domainId : null,
-                    enabled: resourceData.enabled ? true : false,
+                    enabled: resourceEnabled,
                     sso: resourceData.auth?.["sso-enabled"] || false,
                     setHostHeader: resourceData["host-header"] || null,
                     tlsServerName: resourceData["tls-server-name"] || null,
-                    ssl: resourceData.ssl ? true : false
+                    ssl: resourceData.ssl ? true : false,
+                    headers: headers || null
                 })
                 .returning();
 
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 62e390a8..7dd85e12 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -44,7 +44,8 @@ export const ResourceSchema = z
         targets: z.array(TargetSchema.nullable()).optional().default([]),
         auth: AuthSchema.optional(),
         "host-header": z.string().optional(),
-        "tls-server-name": z.string().optional()
+        "tls-server-name": z.string().optional(),
+        headers: z.array(z.record(z.string(), z.string())).optional().default([]),
     })
     .refine(
         (resource) => {
diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index 1a55f2bd..957dab17 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -54,7 +54,8 @@ export async function traefikConfigProvider(
             config.getRawConfig().traefik.site_types
         );
 
-        if (traefikConfig?.http?.middlewares) { // BECAUSE SOMETIMES THE CONFIG CAN BE EMPTY IF THERE IS NOTHING
+        if (traefikConfig?.http?.middlewares) {
+            // BECAUSE SOMETIMES THE CONFIG CAN BE EMPTY IF THERE IS NOTHING
             traefikConfig.http.middlewares[badgerMiddlewareName] = {
                 plugin: {
                     [badgerMiddlewareName]: {
@@ -124,6 +125,7 @@ export async function getTraefikConfig(
                 tlsServerName: resources.tlsServerName,
                 setHostHeader: resources.setHostHeader,
                 enableProxy: resources.enableProxy,
+                headers: resources.headers,
                 // Target fields
                 targetId: targets.targetId,
                 targetEnabled: targets.enabled,
@@ -152,7 +154,7 @@ export async function getTraefikConfig(
                     inArray(sites.type, siteTypes),
                     config.getRawConfig().traefik.allow_raw_resources
                         ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
-                        : eq(resources.http, true),
+                        : eq(resources.http, true)
                 )
             );
 
@@ -177,7 +179,8 @@ export async function getTraefikConfig(
                     tlsServerName: row.tlsServerName,
                     setHostHeader: row.setHostHeader,
                     enableProxy: row.enableProxy,
-                    targets: []
+                    targets: [],
+                    headers: row.headers
                 });
             }
 
@@ -296,13 +299,52 @@ export async function getTraefikConfig(
             const additionalMiddlewares =
                 config.getRawConfig().traefik.additional_middlewares || [];
 
+            let routerMiddlewares = [
+                badgerMiddlewareName,
+                ...additionalMiddlewares
+            ];
+
+            if (resource.headers && resource.headers.length > 0) {
+                const headersMiddlewareName = `${resource.resourceId}-headers-middleware`;
+                // if there are headers, parse them into an object
+                let headersObj: { [key: string]: string } = {};
+                const headersArr = resource.headers.split(",");
+                for (const header of headersArr) {
+                    const [key, value] = header
+                        .split(":")
+                        .map((s: string) => s.trim());
+                    if (key && value) {
+                        headersObj[key] = value;
+                    }
+                }
+
+                if (resource.setHostHeader) {
+                    headersObj["Host"] = resource.setHostHeader;
+                }
+
+                // check if the object is not empty
+                if (Object.keys(headersObj).length > 0) {
+                    // Add the headers middleware
+                    if (!config_output.http.middlewares) {
+                        config_output.http.middlewares = {};
+                    }
+                    config_output.http.middlewares[headersMiddlewareName] = {
+                        headers: {
+                            customRequestHeaders: headersObj
+                        }
+                    };
+
+                    routerMiddlewares.push(headersMiddlewareName);
+                }
+            }
+
             config_output.http.routers![routerName] = {
                 entryPoints: [
                     resource.ssl
                         ? config.getRawConfig().traefik.https_entrypoint
                         : config.getRawConfig().traefik.http_entrypoint
                 ],
-                middlewares: [badgerMiddlewareName, ...additionalMiddlewares],
+                middlewares: routerMiddlewares,
                 service: serviceName,
                 rule: `Host(\`${fullDomain}\`)`,
                 priority: 100,
@@ -413,27 +455,6 @@ export async function getTraefikConfig(
                     serviceName
                 ].loadBalancer.serversTransport = transportName;
             }
-
-            // Add the host header middleware
-            if (resource.setHostHeader) {
-                if (!config_output.http.middlewares) {
-                    config_output.http.middlewares = {};
-                }
-                config_output.http.middlewares[hostHeaderMiddlewareName] = {
-                    headers: {
-                        customRequestHeaders: {
-                            Host: resource.setHostHeader
-                        }
-                    }
-                };
-                if (!config_output.http.routers![routerName].middlewares) {
-                    config_output.http.routers![routerName].middlewares = [];
-                }
-                config_output.http.routers![routerName].middlewares = [
-                    ...config_output.http.routers![routerName].middlewares,
-                    hostHeaderMiddlewareName
-                ];
-            }
         } else {
             // Non-HTTP (TCP/UDP) configuration
             if (!resource.enableProxy) {

From 50e94d2d1fe68d7e4d965596f5773cee338b9fce Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 13:58:12 -0700
Subject: [PATCH 060/166] Headers input working on resource

---
 messages/en-US.json                           |   7 +-
 server/lib/validators.ts                      |  34 ++
 server/routers/resource/updateResource.ts     |  16 +-
 .../resources/[niceId]/proxy/page.tsx         | 300 ++++++++++++------
 src/components/HeadersInput.tsx               |  69 ++++
 5 files changed, 326 insertions(+), 100 deletions(-)
 create mode 100644 src/components/HeadersInput.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index be4359f8..fffd01ef 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1505,5 +1505,8 @@
     "internationaldomaindetected": "International Domain Detected",
     "willbestoredas": "Will be stored as:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
-}
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Custom Headers",
+    "customHeadersDescription": "Headers new line separated: Header-Name: value",
+    "headersValidationError": "Headers must be in the format: Header-Name: value"
+}
\ No newline at end of file
diff --git a/server/lib/validators.ts b/server/lib/validators.ts
index 6c581e47..522e5018 100644
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -129,6 +129,40 @@ export function isValidDomain(domain: string): boolean {
     return true;
 }
 
+export function validateHeaders(headers: string): boolean {
+    // Validate comma-separated headers in format "Header-Name: value"
+    const headerPairs = headers.split(",").map((pair) => pair.trim());
+    return headerPairs.every((pair) => {
+        // Check if the pair contains exactly one colon
+        const colonCount = (pair.match(/:/g) || []).length;
+        if (colonCount !== 1) {
+            return false;
+        }
+
+        const colonIndex = pair.indexOf(":");
+        if (colonIndex === 0 || colonIndex === pair.length - 1) {
+            return false;
+        }
+
+        const headerName = pair.substring(0, colonIndex).trim();
+        const headerValue = pair.substring(colonIndex + 1).trim();
+
+        // Header name should not be empty and should contain valid characters
+        // Header names are case-insensitive and can contain alphanumeric, hyphens
+        const headerNameRegex = /^[a-zA-Z0-9\-_]+$/;
+        if (!headerName || !headerNameRegex.test(headerName)) {
+            return false;
+        }
+
+        // Header value should not be empty and should not contain colons
+        if (!headerValue || headerValue.includes(":")) {
+            return false;
+        }
+
+        return true;
+    });
+}
+
 const validTlds = [
     "AAA",
     "AARP",
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index 05f1cf66..ab2b05b3 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -21,6 +21,7 @@ import { subdomainSchema } from "@server/lib/schemas";
 import { registry } from "@server/openApi";
 import { OpenAPITags } from "@server/openApi";
 import { validateAndConstructDomain } from "@server/lib/domainUtils";
+import { validateHeaders } from "@server/lib/validators";
 
 const updateResourceParamsSchema = z
     .object({
@@ -45,7 +46,8 @@ const updateHttpResourceBodySchema = z
         stickySession: z.boolean().optional(),
         tlsServerName: z.string().nullable().optional(),
         setHostHeader: z.string().nullable().optional(),
-        skipToIdpId: z.number().int().positive().nullable().optional()
+        skipToIdpId: z.number().int().positive().nullable().optional(),
+        headers: z.string().nullable().optional()
     })
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
@@ -83,6 +85,18 @@ const updateHttpResourceBodySchema = z
             message:
                 "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
         }
+    )
+    .refine(
+        (data) => {
+            if (data.headers) {
+                return validateHeaders(data.headers)
+            }
+            return true;
+        },
+        {
+            message:
+                "Invalid headers format. Use comma-separated format: 'Header-Name: value, Another-Header: another-value'. Header values cannot contain colons."
+        }
     );
 
 export type UpdateResourceResponse = Resource;
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 27c795ef..2c98b07a 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -95,6 +95,7 @@ import {
 } from "@app/components/ui/command";
 import { Badge } from "@app/components/ui/badge";
 import { parseHostTarget } from "@app/lib/parseHostTarget";
+import { HeadersInput } from "@app/components/HeadersInput";
 
 const addTargetSchema = z.object({
     ip: z.string().refine(isTargetValid),
@@ -129,7 +130,9 @@ export default function ReverseProxyTargets(props: {
     const [targets, setTargets] = useState<LocalTarget[]>([]);
     const [targetsToRemove, setTargetsToRemove] = useState<number[]>([]);
     const [sites, setSites] = useState<ListSitesResponse["sites"]>([]);
-    const [dockerStates, setDockerStates] = useState<Map<number, DockerState>>(new Map());
+    const [dockerStates, setDockerStates] = useState<Map<number, DockerState>>(
+        new Map()
+    );
 
     const initializeDockerForSite = async (siteId: number) => {
         if (dockerStates.has(siteId)) {
@@ -139,14 +142,14 @@ export default function ReverseProxyTargets(props: {
         const dockerManager = new DockerManager(api, siteId);
         const dockerState = await dockerManager.initializeDocker();
 
-        setDockerStates(prev => new Map(prev.set(siteId, dockerState)));
+        setDockerStates((prev) => new Map(prev.set(siteId, dockerState)));
     };
 
     const refreshContainersForSite = async (siteId: number) => {
         const dockerManager = new DockerManager(api, siteId);
         const containers = await dockerManager.fetchContainers();
 
-        setDockerStates(prev => {
+        setDockerStates((prev) => {
             const newMap = new Map(prev);
             const existingState = newMap.get(siteId);
             if (existingState) {
@@ -157,11 +160,13 @@ export default function ReverseProxyTargets(props: {
     };
 
     const getDockerStateForSite = (siteId: number): DockerState => {
-        return dockerStates.get(siteId) || {
-            isEnabled: false,
-            isAvailable: false,
-            containers: []
-        };
+        return (
+            dockerStates.get(siteId) || {
+                isEnabled: false,
+                isAvailable: false,
+                containers: []
+            }
+        );
     };
 
     const [httpsTlsLoading, setHttpsTlsLoading] = useState(false);
@@ -185,7 +190,8 @@ export default function ReverseProxyTargets(props: {
                 {
                     message: t("proxyErrorInvalidHeader")
                 }
-            )
+            ),
+        headers: z.string().optional()
     });
 
     const tlsSettingsSchema = z.object({
@@ -241,7 +247,8 @@ export default function ReverseProxyTargets(props: {
     const proxySettingsForm = useForm<ProxySettingsValues>({
         resolver: zodResolver(proxySettingsSchema),
         defaultValues: {
-            setHostHeader: resource.setHostHeader || ""
+            setHostHeader: resource.setHostHeader || "",
+            headers: resource.headers || ""
         }
     });
 
@@ -298,7 +305,9 @@ export default function ReverseProxyTargets(props: {
                 setSites(res.data.data.sites);
 
                 // Initialize Docker for newt sites
-                const newtSites = res.data.data.sites.filter(site => site.type === "newt");
+                const newtSites = res.data.data.sites.filter(
+                    (site) => site.type === "newt"
+                );
                 for (const site of newtSites) {
                     initializeDockerForSite(site.siteId);
                 }
@@ -418,11 +427,11 @@ export default function ReverseProxyTargets(props: {
             targets.map((target) =>
                 target.targetId === targetId
                     ? {
-                        ...target,
-                        ...data,
-                        updated: true,
-                        siteType: site?.type || null
-                    }
+                          ...target,
+                          ...data,
+                          updated: true,
+                          siteType: site?.type || null
+                      }
                     : target
             )
         );
@@ -471,7 +480,8 @@ export default function ReverseProxyTargets(props: {
                     stickySession: stickySessionData.stickySession,
                     ssl: tlsData.ssl,
                     tlsServerName: tlsData.tlsServerName || null,
-                    setHostHeader: proxyData.setHostHeader || null
+                    setHostHeader: proxyData.setHostHeader || null,
+                    headers: proxyData.headers || null
                 };
 
                 // Single API call to update all settings
@@ -483,7 +493,8 @@ export default function ReverseProxyTargets(props: {
                     stickySession: stickySessionData.stickySession,
                     ssl: tlsData.ssl,
                     tlsServerName: tlsData.tlsServerName || null,
-                    setHostHeader: proxyData.setHostHeader || null
+                    setHostHeader: proxyData.setHostHeader || null,
+                    headers: proxyData.headers || null
                 });
             }
 
@@ -546,7 +557,7 @@ export default function ReverseProxyTargets(props: {
                                     className={cn(
                                         "justify-between flex-1",
                                         !row.original.siteId &&
-                                        "text-muted-foreground"
+                                            "text-muted-foreground"
                                     )}
                                 >
                                     {row.original.siteId
@@ -597,49 +608,59 @@ export default function ReverseProxyTargets(props: {
                                 </Command>
                             </PopoverContent>
                         </Popover>
-                        {selectedSite && selectedSite.type === "newt" && (() => {
-                            const dockerState = getDockerStateForSite(selectedSite.siteId);
-                            return (
-                                <ContainersSelector
-                                    site={selectedSite}
-                                    containers={dockerState.containers}
-                                    isAvailable={dockerState.isAvailable}
-                                    onContainerSelect={handleContainerSelectForTarget}
-                                    onRefresh={() => refreshContainersForSite(selectedSite.siteId)}
-                                />
-                            );
-                        })()}
+                        {selectedSite &&
+                            selectedSite.type === "newt" &&
+                            (() => {
+                                const dockerState = getDockerStateForSite(
+                                    selectedSite.siteId
+                                );
+                                return (
+                                    <ContainersSelector
+                                        site={selectedSite}
+                                        containers={dockerState.containers}
+                                        isAvailable={dockerState.isAvailable}
+                                        onContainerSelect={
+                                            handleContainerSelectForTarget
+                                        }
+                                        onRefresh={() =>
+                                            refreshContainersForSite(
+                                                selectedSite.siteId
+                                            )
+                                        }
+                                    />
+                                );
+                            })()}
                     </div>
                 );
             }
         },
         ...(resource.http
             ? [
-                {
-                    accessorKey: "method",
-                    header: t("method"),
-                    cell: ({ row }: { row: Row<LocalTarget> }) => (
-                        <Select
-                            defaultValue={row.original.method ?? ""}
-                            onValueChange={(value) =>
-                                updateTarget(row.original.targetId, {
-                                    ...row.original,
-                                    method: value
-                                })
-                            }
-                        >
-                            <SelectTrigger>
-                                {row.original.method}
-                            </SelectTrigger>
-                            <SelectContent>
-                                <SelectItem value="http">http</SelectItem>
-                                <SelectItem value="https">https</SelectItem>
-                                <SelectItem value="h2c">h2c</SelectItem>
-                            </SelectContent>
-                        </Select>
-                    )
-                }
-            ]
+                  {
+                      accessorKey: "method",
+                      header: t("method"),
+                      cell: ({ row }: { row: Row<LocalTarget> }) => (
+                          <Select
+                              defaultValue={row.original.method ?? ""}
+                              onValueChange={(value) =>
+                                  updateTarget(row.original.targetId, {
+                                      ...row.original,
+                                      method: value
+                                  })
+                              }
+                          >
+                              <SelectTrigger>
+                                  {row.original.method}
+                              </SelectTrigger>
+                              <SelectContent>
+                                  <SelectItem value="http">http</SelectItem>
+                                  <SelectItem value="https">https</SelectItem>
+                                  <SelectItem value="h2c">h2c</SelectItem>
+                              </SelectContent>
+                          </Select>
+                      )
+                  }
+              ]
             : []),
         {
             accessorKey: "ip",
@@ -658,9 +679,13 @@ export default function ReverseProxyTargets(props: {
                             if (parsed) {
                                 updateTarget(row.original.targetId, {
                                     ...row.original,
-                                    method: hasProtocol ? parsed.protocol : row.original.method,
+                                    method: hasProtocol
+                                        ? parsed.protocol
+                                        : row.original.method,
                                     ip: parsed.host,
-                                    port: hasPort ? parsed.port : row.original.port
+                                    port: hasPort
+                                        ? parsed.port
+                                        : row.original.port
                                 });
                             } else {
                                 updateTarget(row.original.targetId, {
@@ -807,21 +832,21 @@ export default function ReverseProxyTargets(props: {
                                                                     className={cn(
                                                                         "justify-between flex-1",
                                                                         !field.value &&
-                                                                        "text-muted-foreground"
+                                                                            "text-muted-foreground"
                                                                     )}
                                                                 >
                                                                     {field.value
                                                                         ? sites.find(
-                                                                            (
-                                                                                site
-                                                                            ) =>
-                                                                                site.siteId ===
-                                                                                field.value
-                                                                        )
-                                                                            ?.name
+                                                                              (
+                                                                                  site
+                                                                              ) =>
+                                                                                  site.siteId ===
+                                                                                  field.value
+                                                                          )
+                                                                              ?.name
                                                                         : t(
-                                                                            "siteSelect"
-                                                                        )}
+                                                                              "siteSelect"
+                                                                          )}
                                                                     <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
                                                                 </Button>
                                                             </FormControl>
@@ -887,18 +912,35 @@ export default function ReverseProxyTargets(props: {
                                                                 );
                                                             return selectedSite &&
                                                                 selectedSite.type ===
-                                                                "newt" ? (() => {
-                                                                    const dockerState = getDockerStateForSite(selectedSite.siteId);
-                                                                    return (
-                                                                        <ContainersSelector
-                                                                            site={selectedSite}
-                                                                            containers={dockerState.containers}
-                                                                            isAvailable={dockerState.isAvailable}
-                                                                            onContainerSelect={handleContainerSelect}
-                                                                            onRefresh={() => refreshContainersForSite(selectedSite.siteId)}
-                                                                        />
-                                                                    );
-                                                                })() : null;
+                                                                    "newt"
+                                                                ? (() => {
+                                                                      const dockerState =
+                                                                          getDockerStateForSite(
+                                                                              selectedSite.siteId
+                                                                          );
+                                                                      return (
+                                                                          <ContainersSelector
+                                                                              site={
+                                                                                  selectedSite
+                                                                              }
+                                                                              containers={
+                                                                                  dockerState.containers
+                                                                              }
+                                                                              isAvailable={
+                                                                                  dockerState.isAvailable
+                                                                              }
+                                                                              onContainerSelect={
+                                                                                  handleContainerSelect
+                                                                              }
+                                                                              onRefresh={() =>
+                                                                                  refreshContainersForSite(
+                                                                                      selectedSite.siteId
+                                                                                  )
+                                                                              }
+                                                                          />
+                                                                      );
+                                                                  })()
+                                                                : null;
                                                         })()}
                                                 </div>
                                                 <FormMessage />
@@ -964,25 +1006,59 @@ export default function ReverseProxyTargets(props: {
                                         name="ip"
                                         render={({ field }) => (
                                             <FormItem className="relative">
-                                                <FormLabel>{t("targetAddr")}</FormLabel>
+                                                <FormLabel>
+                                                    {t("targetAddr")}
+                                                </FormLabel>
                                                 <FormControl>
                                                     <Input
                                                         id="ip"
                                                         {...field}
                                                         onBlur={(e) => {
-                                                            const input = e.target.value.trim();
-                                                            const hasProtocol = /^(https?|h2c):\/\//.test(input);
-                                                            const hasPort = /:\d+(?:\/|$)/.test(input);
+                                                            const input =
+                                                                e.target.value.trim();
+                                                            const hasProtocol =
+                                                                /^(https?|h2c):\/\//.test(
+                                                                    input
+                                                                );
+                                                            const hasPort =
+                                                                /:\d+(?:\/|$)/.test(
+                                                                    input
+                                                                );
 
-                                                            if (hasProtocol || hasPort) {
-                                                                const parsed = parseHostTarget(input);
+                                                            if (
+                                                                hasProtocol ||
+                                                                hasPort
+                                                            ) {
+                                                                const parsed =
+                                                                    parseHostTarget(
+                                                                        input
+                                                                    );
                                                                 if (parsed) {
-                                                                    if (hasProtocol || !addTargetForm.getValues("method")) {
-                                                                        addTargetForm.setValue("method", parsed.protocol);
+                                                                    if (
+                                                                        hasProtocol ||
+                                                                        !addTargetForm.getValues(
+                                                                            "method"
+                                                                        )
+                                                                    ) {
+                                                                        addTargetForm.setValue(
+                                                                            "method",
+                                                                            parsed.protocol
+                                                                        );
                                                                     }
-                                                                    addTargetForm.setValue("ip", parsed.host);
-                                                                    if (hasPort || !addTargetForm.getValues("port")) {
-                                                                        addTargetForm.setValue("port", parsed.port);
+                                                                    addTargetForm.setValue(
+                                                                        "ip",
+                                                                        parsed.host
+                                                                    );
+                                                                    if (
+                                                                        hasPort ||
+                                                                        !addTargetForm.getValues(
+                                                                            "port"
+                                                                        )
+                                                                    ) {
+                                                                        addTargetForm.setValue(
+                                                                            "port",
+                                                                            parsed.port
+                                                                        );
                                                                     }
                                                                 }
                                                             } else {
@@ -1091,12 +1167,12 @@ export default function ReverseProxyTargets(props: {
                                                                 {header.isPlaceholder
                                                                     ? null
                                                                     : flexRender(
-                                                                        header
-                                                                            .column
-                                                                            .columnDef
-                                                                            .header,
-                                                                        header.getContext()
-                                                                    )}
+                                                                          header
+                                                                              .column
+                                                                              .columnDef
+                                                                              .header,
+                                                                          header.getContext()
+                                                                      )}
                                                             </TableHead>
                                                         )
                                                     )}
@@ -1256,6 +1332,36 @@ export default function ReverseProxyTargets(props: {
                                             </FormItem>
                                         )}
                                     />
+                                    <FormField
+                                        control={proxySettingsForm.control}
+                                        name="headers"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel className="text-base font-semibold">
+                                                    {t("customHeaders")}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <HeadersInput
+                                                        value={
+                                                            field.value || ""
+                                                        }
+                                                        onChange={(value) => {
+                                                            field.onChange(
+                                                                value
+                                                            );
+                                                        }}
+                                                        rows={4}
+                                                    />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t(
+                                                        "customHeadersDescription"
+                                                    )}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
                                 </form>
                             </Form>
                         </SettingsSectionForm>
diff --git a/src/components/HeadersInput.tsx b/src/components/HeadersInput.tsx
new file mode 100644
index 00000000..35f3e587
--- /dev/null
+++ b/src/components/HeadersInput.tsx
@@ -0,0 +1,69 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import { Textarea } from "@/components/ui/textarea";
+
+interface HeadersInputProps {
+    value?: string;
+    onChange: (value: string) => void;
+    placeholder?: string;
+    rows?: number;
+    className?: string;
+}
+
+export function HeadersInput({ 
+    value = "", 
+    onChange, 
+    placeholder = `X-Example-Header: example-value
+X-Another-Header: another-value`,
+    rows = 4,
+    className
+}: HeadersInputProps) {
+    const [internalValue, setInternalValue] = useState("");
+
+    // Convert comma-separated to newline-separated for display
+    const convertToNewlineSeparated = (commaSeparated: string): string => {
+        if (!commaSeparated || commaSeparated.trim() === "") return "";
+        
+        return commaSeparated
+            .split(',')
+            .map(header => header.trim())
+            .filter(header => header.length > 0)
+            .join('\n');
+    };
+
+    // Convert newline-separated to comma-separated for output
+    const convertToCommaSeparated = (newlineSeparated: string): string => {
+        if (!newlineSeparated || newlineSeparated.trim() === "") return "";
+        
+        return newlineSeparated
+            .split('\n')
+            .map(header => header.trim())
+            .filter(header => header.length > 0)
+            .join(', ');
+    };
+
+    // Update internal value when external value changes
+    useEffect(() => {
+        setInternalValue(convertToNewlineSeparated(value));
+    }, [value]);
+
+    const handleChange = (e: React.ChangeEvent<HTMLTextAreaElement>) => {
+        const newValue = e.target.value;
+        setInternalValue(newValue);
+        
+        // Convert back to comma-separated format for the parent
+        const commaSeparatedValue = convertToCommaSeparated(newValue);
+        onChange(commaSeparatedValue);
+    };
+
+    return (
+        <Textarea
+            value={internalValue}
+            onChange={handleChange}
+            placeholder={placeholder}
+            rows={rows}
+            className={className}
+        />
+    );
+}

From bd425f5cfeb9f5e38e00a6e1188b983b6cd1290e Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 15:30:07 -0700
Subject: [PATCH 061/166] Handle different routers based on target path

---
 server/db/pg/schema.ts                     |  4 +-
 server/db/sqlite/schema.ts                 |  4 +-
 server/routers/traefik/getTraefikConfig.ts | 73 +++++++++++++++-------
 3 files changed, 58 insertions(+), 23 deletions(-)

diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index 8c6fb4b8..c31b790e 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -115,7 +115,9 @@ export const targets = pgTable("targets", {
     method: varchar("method"),
     port: integer("port").notNull(),
     internalPort: integer("internalPort"),
-    enabled: boolean("enabled").notNull().default(true)
+    enabled: boolean("enabled").notNull().default(true),
+    path: text("path"),
+    pathMatchType: text("pathMatchType"), // exact, prefix, regex
 });
 
 export const exitNodes = pgTable("exitNodes", {
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 912604d6..ad3c4bfc 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -127,7 +127,9 @@ export const targets = sqliteTable("targets", {
     method: text("method"),
     port: integer("port").notNull(),
     internalPort: integer("internalPort"),
-    enabled: integer("enabled", { mode: "boolean" }).notNull().default(true)
+    enabled: integer("enabled", { mode: "boolean" }).notNull().default(true),
+    path: text("path"),
+    pathMatchType: text("pathMatchType"), // exact, prefix, regex
 });
 
 export const exitNodes = sqliteTable("exitNodes", {
diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index 957dab17..596757a5 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -105,11 +105,9 @@ export async function getTraefikConfig(
         };
     };
 
-    // Get all resources with related data
-    const allResources = await db.transaction(async (tx) => {
         // Get resources with their targets and sites in a single optimized query
         // Start from sites on this exit node, then join to targets and resources
-        const resourcesWithTargetsAndSites = await tx
+        const resourcesWithTargetsAndSites = await db
             .select({
                 // Resource fields
                 resourceId: resources.resourceId,
@@ -133,6 +131,9 @@ export async function getTraefikConfig(
                 method: targets.method,
                 port: targets.port,
                 internalPort: targets.internalPort,
+                path: targets.path,
+                pathMatchType: targets.pathMatchType,
+
                 // Site fields
                 siteId: sites.siteId,
                 siteType: sites.type,
@@ -163,9 +164,15 @@ export async function getTraefikConfig(
 
         resourcesWithTargetsAndSites.forEach((row) => {
             const resourceId = row.resourceId;
+            const targetPath = sanitizePath(row.path) || ""; // Handle null/undefined paths
+            const pathMatchType = row.pathMatchType || "";
 
-            if (!resourcesMap.has(resourceId)) {
-                resourcesMap.set(resourceId, {
+            // Create a unique key combining resourceId and path+pathMatchType
+            const pathKey = [targetPath, pathMatchType].filter(Boolean).join("-");
+            const mapKey = [resourceId, pathKey].filter(Boolean).join("-");
+
+            if (!resourcesMap.has(mapKey)) {
+                resourcesMap.set(mapKey, {
                     resourceId: row.resourceId,
                     fullDomain: row.fullDomain,
                     ssl: row.ssl,
@@ -180,12 +187,14 @@ export async function getTraefikConfig(
                     setHostHeader: row.setHostHeader,
                     enableProxy: row.enableProxy,
                     targets: [],
-                    headers: row.headers
+                    headers: row.headers,
+                    path: row.path, // the targets will all have the same path
+                    pathMatchType: row.pathMatchType // the targets will all have the same pathMatchType
                 });
             }
 
             // Add target with its associated site data
-            resourcesMap.get(resourceId).targets.push({
+            resourcesMap.get(mapKey).targets.push({
                 resourceId: row.resourceId,
                 targetId: row.targetId,
                 ip: row.ip,
@@ -203,10 +212,13 @@ export async function getTraefikConfig(
             });
         });
 
-        return Array.from(resourcesMap.values());
-    });
+    
+    // convert the map to an object for printing
 
-    if (!allResources.length) {
+    logger.debug(`Resources: ${JSON.stringify(Object.fromEntries(resourcesMap), null, 2)}`);
+
+    // make sure we have at least one resource
+    if (resourcesMap.size === 0) {
         return {};
     }
 
@@ -222,14 +234,15 @@ export async function getTraefikConfig(
         }
     };
 
-    for (const resource of allResources) {
+    // get the key and the resource
+    for (const [key, resource] of resourcesMap.entries()) {
         const targets = resource.targets;
 
-        const routerName = `${resource.resourceId}-router`;
-        const serviceName = `${resource.resourceId}-service`;
+        const routerName = `${key}-router`;
+        const serviceName = `${key}-service`;
         const fullDomain = `${resource.fullDomain}`;
-        const transportName = `${resource.resourceId}-transport`;
-        const hostHeaderMiddlewareName = `${resource.resourceId}-host-header-middleware`;
+        const transportName = `${key}-transport`;
+        const headersMiddlewareName = `${key}-headers-middleware`;
 
         if (!resource.enabled) {
             continue;
@@ -241,9 +254,6 @@ export async function getTraefikConfig(
             }
 
             if (!resource.fullDomain) {
-                logger.error(
-                    `Resource ${resource.resourceId} has no fullDomain`
-                );
                 continue;
             }
 
@@ -305,7 +315,6 @@ export async function getTraefikConfig(
             ];
 
             if (resource.headers && resource.headers.length > 0) {
-                const headersMiddlewareName = `${resource.resourceId}-headers-middleware`;
                 // if there are headers, parse them into an object
                 let headersObj: { [key: string]: string } = {};
                 const headersArr = resource.headers.split(",");
@@ -338,6 +347,18 @@ export async function getTraefikConfig(
                 }
             }
 
+            let rule = `Host(\`${fullDomain}\`)`;
+            if (resource.path && resource.pathMatchType) {
+                // add path to rule based on match type
+                if (resource.pathMatchType === "exact") {
+                    rule += ` && Path(\`${resource.path}\`)`;
+                } else if (resource.pathMatchType === "prefix") {
+                    rule += ` && PathPrefix(\`${resource.path}\`)`;
+                } else if (resource.pathMatchType === "regex") {
+                    rule += ` && PathRegexp(\`${resource.path}\`)`;
+                }
+            }
+
             config_output.http.routers![routerName] = {
                 entryPoints: [
                     resource.ssl
@@ -346,7 +367,7 @@ export async function getTraefikConfig(
                 ],
                 middlewares: routerMiddlewares,
                 service: serviceName,
-                rule: `Host(\`${fullDomain}\`)`,
+                rule: rule,
                 priority: 100,
                 ...(resource.ssl ? { tls } : {})
             };
@@ -358,7 +379,7 @@ export async function getTraefikConfig(
                     ],
                     middlewares: [redirectHttpsMiddlewareName],
                     service: serviceName,
-                    rule: `Host(\`${fullDomain}\`)`,
+                    rule: rule,
                     priority: 100
                 };
             }
@@ -550,3 +571,13 @@ export async function getTraefikConfig(
     }
     return config_output;
 }
+
+function sanitizePath(path: string | null | undefined): string | undefined {
+    if (!path) return undefined;
+    // clean any non alphanumeric characters from the path and replace with dashes
+    // the path cant be too long either, so limit to 50 characters
+    if (path.length > 50) {
+        path = path.substring(0, 50);
+    }
+    return path.replace(/[^a-zA-Z0-9]/g, "");
+}
\ No newline at end of file

From 471a15f3a0a0fe67610ecd86a24f98409ba414d5 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 21:20:33 -0700
Subject: [PATCH 062/166] Add prefix to ui and resource

---
 blueprint.yaml                                |   4 +
 server/lib/blueprints/resources.ts            |  13 +-
 server/lib/blueprints/types.ts                |   2 +
 server/routers/target/createTarget.ts         |   4 +-
 server/routers/target/listTargets.ts          |   4 +-
 server/routers/target/updateTarget.ts         |   4 +-
 .../resources/[niceId]/proxy/page.tsx         | 133 +++++++++++++++++-
 .../settings/resources/create/page.tsx        | 133 +++++++++++++++++-
 8 files changed, 280 insertions(+), 17 deletions(-)

diff --git a/blueprint.yaml b/blueprint.yaml
index 8a0d208f..6854e55f 100644
--- a/blueprint.yaml
+++ b/blueprint.yaml
@@ -20,11 +20,15 @@ resources:
       - X-Another-Header: another-value
     targets:
     - site: lively-yosemite-toad
+      path: /path
+      pathMatchType: prefix
       hostname: localhost
       method: http
       port: 8000
     - site: slim-alpine-chipmunk
       hostname: localhost
+      path: /yoman
+      pathMatchType: exact
       method: http
       port: 8001
   resource-nice-id2:
diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/resources.ts
index 1ca928ef..bc7eda08 100644
--- a/server/lib/blueprints/resources.ts
+++ b/server/lib/blueprints/resources.ts
@@ -98,7 +98,9 @@ export async function updateResources(
                     method: targetData.method,
                     port: targetData.port,
                     enabled: targetData.enabled,
-                    internalPort: internalPortToCreate
+                    internalPort: internalPortToCreate,
+                    path: targetData.path,
+                    pathMatchType: targetData.pathMatchType
                 })
                 .returning();
 
@@ -121,6 +123,7 @@ export async function updateResources(
         const protocol =
             resourceData.protocol == "http" ? "tcp" : resourceData.protocol;
         const resourceEnabled = resourceData.enabled == undefined || resourceData.enabled == null ? true : resourceData.enabled;
+        const resourceSsl = resourceData.ssl == undefined || resourceData.ssl == null ? true : resourceData.ssl;
         let headers = "";
         for (const headerObj of resourceData.headers || []) {
             for (const [key, value] of Object.entries(headerObj)) {
@@ -165,7 +168,7 @@ export async function updateResources(
                         domainId: domain ? domain.domainId : null,
                         enabled: resourceEnabled,
                         sso: resourceData.auth?.["sso-enabled"] || false,
-                        ssl: resourceData.ssl ? true : false,
+                        ssl: resourceSsl,
                         setHostHeader: resourceData["host-header"] || null,
                         tlsServerName: resourceData["tls-server-name"] || null,
                         emailWhitelistEnabled: resourceData.auth?.[
@@ -311,7 +314,9 @@ export async function updateResources(
                             ip: targetData.hostname,
                             method: http ? targetData.method : null,
                             port: targetData.port,
-                            enabled: targetData.enabled
+                            enabled: targetData.enabled,
+                            path: targetData.path,
+                            pathMatchType: targetData.pathMatchType
                         })
                         .where(eq(targets.targetId, existingTarget.targetId))
                         .returning();
@@ -395,7 +400,7 @@ export async function updateResources(
                     sso: resourceData.auth?.["sso-enabled"] || false,
                     setHostHeader: resourceData["host-header"] || null,
                     tlsServerName: resourceData["tls-server-name"] || null,
-                    ssl: resourceData.ssl ? true : false,
+                    ssl: resourceSsl,
                     headers: headers || null
                 })
                 .returning();
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 7dd85e12..d668c894 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -13,6 +13,8 @@ export const TargetSchema = z.object({
     port: z.number().int().min(1).max(65535),
     enabled: z.boolean().optional().default(true),
     "internal-port": z.number().int().min(1).max(65535).optional(),
+    path: z.string().optional(),
+    pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable()
 });
 export type TargetData = z.infer<typeof TargetSchema>;
 
diff --git a/server/routers/target/createTarget.ts b/server/routers/target/createTarget.ts
index f58c236e..fb85f566 100644
--- a/server/routers/target/createTarget.ts
+++ b/server/routers/target/createTarget.ts
@@ -30,7 +30,9 @@ const createTargetSchema = z
         ip: z.string().refine(isTargetValid),
         method: z.string().optional().nullable(),
         port: z.number().int().min(1).max(65535),
-        enabled: z.boolean().default(true)
+        enabled: z.boolean().default(true),
+        path: z.string().optional().nullable(),
+        pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable()
     })
     .strict();
 
diff --git a/server/routers/target/listTargets.ts b/server/routers/target/listTargets.ts
index eab8f1c8..ca1159d2 100644
--- a/server/routers/target/listTargets.ts
+++ b/server/routers/target/listTargets.ts
@@ -44,7 +44,9 @@ function queryTargets(resourceId: number) {
             enabled: targets.enabled,
             resourceId: targets.resourceId,
             siteId: targets.siteId,
-            siteType: sites.type
+            siteType: sites.type,
+            path: targets.path,
+            pathMatchType: targets.pathMatchType
         })
         .from(targets)
         .leftJoin(sites, eq(sites.siteId, targets.siteId))
diff --git a/server/routers/target/updateTarget.ts b/server/routers/target/updateTarget.ts
index 47300619..928a1a55 100644
--- a/server/routers/target/updateTarget.ts
+++ b/server/routers/target/updateTarget.ts
@@ -26,7 +26,9 @@ const updateTargetBodySchema = z
         ip: z.string().refine(isTargetValid),
         method: z.string().min(1).max(10).optional().nullable(),
         port: z.number().int().min(1).max(65535).optional(),
-        enabled: z.boolean().optional()
+        enabled: z.boolean().optional(),
+        path: z.string().optional().nullable(),
+        pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable()
     })
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 2c98b07a..9d5f5ce3 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -101,8 +101,42 @@ const addTargetSchema = z.object({
     ip: z.string().refine(isTargetValid),
     method: z.string().nullable(),
     port: z.coerce.number().int().positive(),
-    siteId: z.number().int().positive()
-});
+    siteId: z.number().int().positive(),
+    path: z.string().optional().nullable(),
+    pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable()
+}).refine(
+    (data) => {
+        // If path is provided, pathMatchType must be provided
+        if (data.path && !data.pathMatchType) {
+            return false;
+        }
+        // If pathMatchType is provided, path must be provided
+        if (data.pathMatchType && !data.path) {
+            return false;
+        }
+        // Validate path based on pathMatchType
+        if (data.path && data.pathMatchType) {
+            switch (data.pathMatchType) {
+                case "exact":
+                case "prefix":
+                    // Path should start with /
+                    return data.path.startsWith("/");
+                case "regex":
+                    // Validate regex
+                    try {
+                        new RegExp(data.path);
+                        return true;
+                    } catch {
+                        return false;
+                    }
+            }
+        }
+        return true;
+    },
+    {
+        message: "Invalid path configuration"
+    }
+);
 
 const targetsSettingsSchema = z.object({
     stickySession: z.boolean()
@@ -221,7 +255,9 @@ export default function ReverseProxyTargets(props: {
         defaultValues: {
             ip: "",
             method: resource.http ? "http" : null,
-            port: "" as any as number
+            port: "" as any as number,
+            path: null,
+            pathMatchType: null
         } as z.infer<typeof addTargetSchema>
     });
 
@@ -396,6 +432,8 @@ export default function ReverseProxyTargets(props: {
 
         const newTarget: LocalTarget = {
             ...data,
+            path: data.path || null,
+            pathMatchType: data.pathMatchType || null,
             siteType: site?.type || null,
             enabled: true,
             targetId: new Date().getTime(),
@@ -407,7 +445,9 @@ export default function ReverseProxyTargets(props: {
         addTargetForm.reset({
             ip: "",
             method: resource.http ? "http" : null,
-            port: "" as any as number
+            port: "" as any as number,
+            path: null,
+            pathMatchType: null
         });
     }
 
@@ -450,7 +490,9 @@ export default function ReverseProxyTargets(props: {
                     port: target.port,
                     method: target.method,
                     enabled: target.enabled,
-                    siteId: target.siteId
+                    siteId: target.siteId,
+                    path: target.path,
+                    pathMatchType: target.pathMatchType
                 };
 
                 if (target.new) {
@@ -720,6 +762,87 @@ export default function ReverseProxyTargets(props: {
                 />
             )
         },
+        {
+            accessorKey: "path",
+            header: t("path"),
+            cell: ({ row }) => {
+                const [showPathInput, setShowPathInput] = useState(
+                    !!(row.original.path || row.original.pathMatchType)
+                );
+                
+                if (!showPathInput) {
+                    return (
+                        <Button
+                            variant="outline"
+                            onClick={() => setShowPathInput(true)}
+                        >
+                            + Path
+                        </Button>
+                    );
+                }
+
+                return (
+                    <div className="flex gap-2 min-w-[200px]">
+                        <Select
+                            defaultValue={row.original.pathMatchType || "exact"}
+                            onValueChange={(value) =>
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    pathMatchType: value as "exact" | "prefix" | "regex"
+                                })
+                            }
+                        >
+                            <SelectTrigger className="w-25">
+                                <SelectValue />
+                            </SelectTrigger>
+                            <SelectContent>
+                                <SelectItem value="exact">Exact</SelectItem>
+                                <SelectItem value="prefix">Prefix</SelectItem>
+                                <SelectItem value="regex">Regex</SelectItem>
+                            </SelectContent>
+                        </Select>
+                        <Input
+                            placeholder={
+                                row.original.pathMatchType === "regex" 
+                                    ? "^/api/.*" 
+                                    : "/path"
+                            }
+                            defaultValue={row.original.path || ""}
+                            className="flex-1 min-w-[150px]"
+                            onBlur={(e) => {
+                                const value = e.target.value.trim();
+                                if (!value) {
+                                    setShowPathInput(false);
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: null,
+                                        pathMatchType: null
+                                    });
+                                } else {
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: value
+                                    });
+                                }
+                            }}
+                        />
+                        <Button
+                            variant="outline"
+                            onClick={() => {
+                                setShowPathInput(false);
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    path: null,
+                                    pathMatchType: null
+                                });
+                            }}
+                        >
+                            ×
+                        </Button>
+                    </div>
+                );
+            }
+        },
         // {
         //     accessorKey: "protocol",
         //     header: t('targetProtocol'),
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index c28f5a5f..5876cadf 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -112,8 +112,42 @@ const addTargetSchema = z.object({
     ip: z.string().refine(isTargetValid),
     method: z.string().nullable(),
     port: z.coerce.number().int().positive(),
-    siteId: z.number().int().positive()
-});
+    siteId: z.number().int().positive(),
+    path: z.string().optional().nullable(),
+    pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable()
+}).refine(
+    (data) => {
+        // If path is provided, pathMatchType must be provided
+        if (data.path && !data.pathMatchType) {
+            return false;
+        }
+        // If pathMatchType is provided, path must be provided
+        if (data.pathMatchType && !data.path) {
+            return false;
+        }
+        // Validate path based on pathMatchType
+        if (data.path && data.pathMatchType) {
+            switch (data.pathMatchType) {
+                case "exact":
+                case "prefix":
+                    // Path should start with /
+                    return data.path.startsWith("/");
+                case "regex":
+                    // Validate regex
+                    try {
+                        new RegExp(data.path);
+                        return true;
+                    } catch {
+                        return false;
+                    }
+            }
+        }
+        return true;
+    },
+    {
+        message: "Invalid path configuration"
+    }
+);
 
 type BaseResourceFormValues = z.infer<typeof baseResourceFormSchema>;
 type HttpResourceFormValues = z.infer<typeof httpResourceFormSchema>;
@@ -202,7 +236,9 @@ export default function Page() {
         defaultValues: {
             ip: "",
             method: baseForm.watch("http") ? "http" : null,
-            port: "" as any as number
+            port: "" as any as number,
+            path: null,
+            pathMatchType: null
         } as z.infer<typeof addTargetSchema>
     });
 
@@ -273,6 +309,8 @@ export default function Page() {
 
         const newTarget: LocalTarget = {
             ...data,
+            path: data.path || null,
+            pathMatchType: data.pathMatchType || null,
             siteType: site?.type || null,
             enabled: true,
             targetId: new Date().getTime(),
@@ -284,7 +322,9 @@ export default function Page() {
         addTargetForm.reset({
             ip: "",
             method: baseForm.watch("http") ? "http" : null,
-            port: "" as any as number
+            port: "" as any as number,
+            path: null,
+            pathMatchType: null
         });
     }
 
@@ -370,7 +410,9 @@ export default function Page() {
                                 port: target.port,
                                 method: target.method,
                                 enabled: target.enabled,
-                                siteId: target.siteId
+                                siteId: target.siteId,
+                                path: target.path,
+                                pathMatchType: target.pathMatchType
                             };
 
                             await api.put(`/resource/${id}/target`, data);
@@ -666,6 +708,87 @@ export default function Page() {
                 />
             )
         },
+        {
+            accessorKey: "path",
+            header: t("path"),
+            cell: ({ row }) => {
+                const [showPathInput, setShowPathInput] = useState(
+                    !!(row.original.path || row.original.pathMatchType)
+                );
+                
+                if (!showPathInput) {
+                    return (
+                        <Button
+                            variant="outline"
+                            onClick={() => setShowPathInput(true)}
+                        >
+                            + Path
+                        </Button>
+                    );
+                }
+
+                return (
+                    <div className="flex gap-2 min-w-[200px]">
+                        <Select
+                            defaultValue={row.original.pathMatchType || "exact"}
+                            onValueChange={(value) =>
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    pathMatchType: value as "exact" | "prefix" | "regex"
+                                })
+                            }
+                        >
+                            <SelectTrigger className="w-25">
+                                <SelectValue />
+                            </SelectTrigger>
+                            <SelectContent>
+                                <SelectItem value="exact">Exact</SelectItem>
+                                <SelectItem value="prefix">Prefix</SelectItem>
+                                <SelectItem value="regex">Regex</SelectItem>
+                            </SelectContent>
+                        </Select>
+                        <Input
+                            placeholder={
+                                row.original.pathMatchType === "regex" 
+                                    ? "^/api/.*" 
+                                    : "/path"
+                            }
+                            defaultValue={row.original.path || ""}
+                            className="flex-1 min-w-[150px]"
+                            onBlur={(e) => {
+                                const value = e.target.value.trim();
+                                if (!value) {
+                                    setShowPathInput(false);
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: null,
+                                        pathMatchType: null
+                                    });
+                                } else {
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: value
+                                    });
+                                }
+                            }}
+                        />
+                        <Button
+                            variant="outline"
+                            onClick={() => {
+                                setShowPathInput(false);
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    path: null,
+                                    pathMatchType: null
+                                });
+                            }}
+                        >
+                            ×
+                        </Button>
+                    </div>
+                );
+            }
+        },
         {
             accessorKey: "enabled",
             header: t("enabled"),

From 599228274f2d2c811b0f8bbf6f9fe0254ba1232e Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Wed, 10 Sep 2025 15:36:05 -0700
Subject: [PATCH 063/166] add hide free domain option to domain picker

---
 messages/en-US.json             | 17 ++++++++--
 src/components/DomainPicker.tsx | 58 +++++++++++++++++----------------
 2 files changed, 45 insertions(+), 30 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index fffd01ef..a337c092 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1508,5 +1508,18 @@
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Custom Headers",
     "customHeadersDescription": "Headers new line separated: Header-Name: value",
-    "headersValidationError": "Headers must be in the format: Header-Name: value"
-}
\ No newline at end of file
+    "headersValidationError": "Headers must be in the format: Header-Name: value",
+    "domainPickerProvidedDomain": "Provided Domain",
+    "domainPickerFreeProvidedDomain": "Free Provided Domain",
+    "domainPickerVerified": "Verified",
+    "domainPickerUnverified": "Unverified",
+    "domainPickerInvalidSubdomainStructure": "This subdomain contains invalid characters or structure. It will be sanitized automatically when you save.",
+    "domainPickerError": "Error",
+    "domainPickerErrorLoadDomains": "Failed to load organization domains",
+    "domainPickerErrorCheckAvailability": "Failed to check domain availability",
+    "domainPickerInvalidSubdomain": "Invalid subdomain",
+    "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
+    "domainPickerSubdomainSanitized": "Subdomain sanitized",
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\""
+}
diff --git a/src/components/DomainPicker.tsx b/src/components/DomainPicker.tsx
index f00292ee..c14374d5 100644
--- a/src/components/DomainPicker.tsx
+++ b/src/components/DomainPicker.tsx
@@ -79,12 +79,14 @@ interface DomainPicker2Props {
         baseDomain: string;
     }) => void;
     cols?: number;
+    hideFreeDomain?: boolean;
 }
 
 export default function DomainPicker2({
     orgId,
     onDomainChange,
-    cols = 2
+    cols = 2,
+    hideFreeDomain = false
 }: DomainPicker2Props) {
     const { env } = useEnvContext();
     const api = createApiClient({ env });
@@ -153,12 +155,12 @@ export default function DomainPicker2({
                             fullDomain: firstOrgDomain.baseDomain,
                             baseDomain: firstOrgDomain.baseDomain
                         });
-                    } else if (build === "saas" || build === "enterprise") {
+                    } else if ((build === "saas" || build === "enterprise") && !hideFreeDomain) {
                         // If no organization domains, select the provided domain option
                         const domainOptionText =
                             build === "enterprise"
-                                ? "Provided Domain"
-                                : "Free Provided Domain";
+                                ? t("domainPickerProvidedDomain")
+                                : t("domainPickerFreeProvidedDomain");
                         const freeDomainOption: DomainOption = {
                             id: "provided-search",
                             domain: domainOptionText,
@@ -171,8 +173,8 @@ export default function DomainPicker2({
                 console.error("Failed to load organization domains:", error);
                 toast({
                     variant: "destructive",
-                    title: "Error",
-                    description: "Failed to load organization domains"
+                    title: t("domainPickerError"),
+                    description: t("domainPickerErrorLoadDomains")
                 });
             } finally {
                 setLoadingDomains(false);
@@ -180,7 +182,7 @@ export default function DomainPicker2({
         };
 
         loadOrganizationDomains();
-    }, [orgId, api]);
+    }, [orgId, api, hideFreeDomain]);
 
     const checkAvailability = useCallback(
         async (input: string) => {
@@ -202,8 +204,8 @@ export default function DomainPicker2({
                 setAvailableOptions([]);
                 toast({
                     variant: "destructive",
-                    title: "Error",
-                    description: "Failed to check domain availability"
+                    title: t("domainPickerError"),
+                    description: t("domainPickerErrorCheckAvailability")
                 });
             } finally {
                 setIsChecking(false);
@@ -246,11 +248,11 @@ export default function DomainPicker2({
             });
         });
 
-        if (build === "saas" || build === "enterprise") {
+        if ((build === "saas" || build === "enterprise") && !hideFreeDomain) {
             const domainOptionText =
                 build === "enterprise"
-                    ? "Provided Domain"
-                    : "Free Provided Domain";
+                    ? t("domainPickerProvidedDomain")
+                    : t("domainPickerFreeProvidedDomain");
             options.push({
                 id: "provided-search",
                 domain: domainOptionText,
@@ -269,8 +271,8 @@ export default function DomainPicker2({
         if (!sanitized) {
             toast({
                 variant: "destructive",
-                title: "Invalid subdomain",
-                description: `The input "${sub}" was removed because it's not valid.`,
+                title: t("domainPickerInvalidSubdomain"),
+                description: t("domainPickerInvalidSubdomainRemoved", { sub }),
             });
             return "";
         }
@@ -283,16 +285,16 @@ export default function DomainPicker2({
         if (!ok) {
             toast({
                 variant: "destructive",
-                title: "Invalid subdomain",
-                description: `"${sub}" could not be made valid for ${base.domain}.`,
+                title: t("domainPickerInvalidSubdomain"),
+                description: t("domainPickerInvalidSubdomainCannotMakeValid", { sub, domain: base.domain }),
             });
             return "";
         }
 
         if (sub !== sanitized) {
             toast({
-                title: "Subdomain sanitized",
-                description: `"${sub}" was corrected to "${sanitized}"`,
+                title: t("domainPickerSubdomainSanitized"),
+                description: t("domainPickerSubdomainCorrected", { sub, sanitized }),
             });
         }
 
@@ -453,7 +455,7 @@ export default function DomainPicker2({
                     />
                     {showSubdomainInput && subdomainInput && !isValidSubdomainStructure(subdomainInput) && (
                         <p className="text-sm text-red-500">
-                            This subdomain contains invalid characters or structure. It will be sanitized automatically when you save.
+                            {t("domainPickerInvalidSubdomainStructure")}
                         </p>
                     )}
                     {showSubdomainInput && !subdomainInput && (
@@ -555,8 +557,8 @@ export default function DomainPicker2({
                                                                     {orgDomain.type.toUpperCase()}{" "}
                                                                     •{" "}
                                                                     {orgDomain.verified
-                                                                        ? "Verified"
-                                                                        : "Unverified"}
+                                                                        ? t("domainPickerVerified")
+                                                                        : t("domainPickerUnverified")}
                                                                 </span>
                                                             </div>
                                                             <Check
@@ -574,14 +576,14 @@ export default function DomainPicker2({
                                             </CommandList>
                                         </CommandGroup>
                                         {(build === "saas" ||
-                                            build === "enterprise") && (
+                                            build === "enterprise") && !hideFreeDomain && (
                                                 <CommandSeparator className="my-2" />
                                             )}
                                     </>
                                 )}
 
                                 {(build === "saas" ||
-                                    build === "enterprise") && (
+                                    build === "enterprise") && !hideFreeDomain && (
                                         <CommandGroup
                                             heading={
                                                 build === "enterprise"
@@ -601,8 +603,8 @@ export default function DomainPicker2({
                                                             domain:
                                                                 build ===
                                                                     "enterprise"
-                                                                    ? "Provided Domain"
-                                                                    : "Free Provided Domain",
+                                                                    ? t("domainPickerProvidedDomain")
+                                                                    : t("domainPickerFreeProvidedDomain"),
                                                             type: "provided-search"
                                                         })
                                                     }
@@ -614,8 +616,8 @@ export default function DomainPicker2({
                                                     <div className="flex flex-col flex-1 min-w-0">
                                                         <span className="font-medium truncate">
                                                             {build === "enterprise"
-                                                                ? "Provided Domain"
-                                                                : "Free Provided Domain"}
+                                                                ? t("domainPickerProvidedDomain")
+                                                                : t("domainPickerFreeProvidedDomain")}
                                                         </span>
                                                         <span className="text-xs text-muted-foreground">
                                                             {t(
@@ -771,4 +773,4 @@ function debounce<T extends (...args: any[]) => any>(
             func(...args);
         }, wait);
     };
-}
\ No newline at end of file
+}

From 1ea1e2806eb93d8a9b05c53bcc81d3928e2b9d26 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 10 Sep 2025 17:15:54 -0700
Subject: [PATCH 064/166] Add migrations for 1.10.0

---
 server/lib/consts.ts                 |  2 +-
 server/setup/migrationsPg.ts         |  4 +-
 server/setup/migrationsSqlite.ts     |  2 +
 server/setup/scriptsPg/1.10.0.ts     | 81 +++++++++++++++++++++++++++
 server/setup/scriptsSqlite/1.10.0.ts | 83 ++++++++++++++++++++++++++++
 5 files changed, 170 insertions(+), 2 deletions(-)
 create mode 100644 server/setup/scriptsPg/1.10.0.ts
 create mode 100644 server/setup/scriptsSqlite/1.10.0.ts

diff --git a/server/lib/consts.ts b/server/lib/consts.ts
index b9afa792..30efc07e 100644
--- a/server/lib/consts.ts
+++ b/server/lib/consts.ts
@@ -2,7 +2,7 @@ import path from "path";
 import { fileURLToPath } from "url";
 
 // This is a placeholder value replaced by the build process
-export const APP_VERSION = "1.9.0";
+export const APP_VERSION = "1.10.0";
 
 export const __FILENAME = fileURLToPath(import.meta.url);
 export const __DIRNAME = path.dirname(__FILENAME);
diff --git a/server/setup/migrationsPg.ts b/server/setup/migrationsPg.ts
index 6b3f20b9..c5950e1d 100644
--- a/server/setup/migrationsPg.ts
+++ b/server/setup/migrationsPg.ts
@@ -9,6 +9,7 @@ import m1 from "./scriptsPg/1.6.0";
 import m2 from "./scriptsPg/1.7.0";
 import m3 from "./scriptsPg/1.8.0";
 import m4 from "./scriptsPg/1.9.0";
+import m5 from "./scriptsPg/1.10.0";
 
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -18,7 +19,8 @@ const migrations = [
     { version: "1.6.0", run: m1 },
     { version: "1.7.0", run: m2 },
     { version: "1.8.0", run: m3 },
-    { version: "1.9.0", run: m4 }
+    { version: "1.9.0", run: m4 },
+    { version: "1.10.0", run: m5 },
     // Add new migrations here as they are created
 ] as {
     version: string;
diff --git a/server/setup/migrationsSqlite.ts b/server/setup/migrationsSqlite.ts
index 5b0850c8..79a7d0ab 100644
--- a/server/setup/migrationsSqlite.ts
+++ b/server/setup/migrationsSqlite.ts
@@ -26,6 +26,7 @@ import m21 from "./scriptsSqlite/1.6.0";
 import m22 from "./scriptsSqlite/1.7.0";
 import m23 from "./scriptsSqlite/1.8.0";
 import m24 from "./scriptsSqlite/1.9.0";
+import m25 from "./scriptsSqlite/1.10.0";
 
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -51,6 +52,7 @@ const migrations = [
     { version: "1.7.0", run: m22 },
     { version: "1.8.0", run: m23 },
     { version: "1.9.0", run: m24 },
+    { version: "1.10.0", run: m25 },
     // Add new migrations here as they are created
 ] as const;
 
diff --git a/server/setup/scriptsPg/1.10.0.ts b/server/setup/scriptsPg/1.10.0.ts
new file mode 100644
index 00000000..7eb101d5
--- /dev/null
+++ b/server/setup/scriptsPg/1.10.0.ts
@@ -0,0 +1,81 @@
+import { db } from "@server/db/pg/driver";
+import { sql } from "drizzle-orm";
+import { __DIRNAME, APP_PATH } from "@server/lib/consts";
+import { readFileSync } from "fs";
+import path, { join } from "path";
+
+const version = "1.10.0";
+
+export default async function migration() {
+    console.log(`Running setup script ${version}...`);
+
+    try {
+        const resources = await db.execute(sql`
+            SELECT "resourceId" FROM "resources" WHERE "siteId" IS NOT NULL
+        `);
+
+        await db.execute(sql`BEGIN`);
+
+        await db.execute(sql`ALTER TABLE "exitNodes" ADD COLUMN "region" text;`);
+        
+        await db.execute(sql`ALTER TABLE "idpOidcConfig" ADD COLUMN "variant" text DEFAULT 'oidc' NOT NULL;`);
+        
+        await db.execute(sql`ALTER TABLE "resources" ADD COLUMN "niceId" text DEFAULT '' NOT NULL;`);
+        
+        await db.execute(sql`ALTER TABLE "userOrgs" ADD COLUMN "autoProvisioned" boolean DEFAULT false;`);
+
+        let usedNiceIds: string[] = [];
+
+        for (const resource of resources.rows) {
+            // Generate a unique name and ensure it's unique
+            let niceId = "";
+            let loops = 0;
+            while (true) {
+                if (loops > 100) {
+                    throw new Error("Could not generate a unique name");
+                }
+
+                niceId = generateName();
+                if (!usedNiceIds.includes(niceId)) {
+                    usedNiceIds.push(niceId);
+                    break;
+                }
+                loops++;
+            }
+            await db.execute(sql`
+                UPDATE "resources" SET "niceId" = ${niceId} WHERE "resourceId" = ${resource.resourceId}
+            `);
+        }
+
+        await db.execute(sql`COMMIT`);
+        console.log(`Migrated database`);
+    } catch (e) {
+        await db.execute(sql`ROLLBACK`);
+        console.log("Failed to migrate db:", e);
+        throw e;
+    }
+}
+
+const dev = process.env.ENVIRONMENT !== "prod";
+let file;
+if (!dev) {
+    file = join(__DIRNAME, "names.json");
+} else {
+    file = join("server/db/names.json");
+}
+export const names = JSON.parse(readFileSync(file, "utf-8"));
+
+export function generateName(): string {
+    const name = (
+        names.descriptors[
+            Math.floor(Math.random() * names.descriptors.length)
+        ] +
+        "-" +
+        names.animals[Math.floor(Math.random() * names.animals.length)]
+    )
+        .toLowerCase()
+        .replace(/\s/g, "-");
+
+    // clean out any non-alphanumeric characters except for dashes
+    return name.replace(/[^a-z0-9-]/g, "");
+}
diff --git a/server/setup/scriptsSqlite/1.10.0.ts b/server/setup/scriptsSqlite/1.10.0.ts
new file mode 100644
index 00000000..a4c27862
--- /dev/null
+++ b/server/setup/scriptsSqlite/1.10.0.ts
@@ -0,0 +1,83 @@
+import { __DIRNAME, APP_PATH } from "@server/lib/consts";
+import Database from "better-sqlite3";
+import { readFileSync } from "fs";
+import path, { join } from "path";
+
+const version = "1.10.0";
+
+export default async function migration() {
+    console.log(`Running setup script ${version}...`);
+
+    const location = path.join(APP_PATH, "db", "db.sqlite");
+    const db = new Database(location);
+
+    const resourceSiteMap = new Map<number, number>();
+	let firstSiteId: number = 1;
+
+    try {
+		const resources = db
+			.prepare(
+				"SELECT resourceId FROM resources WHERE siteId IS NOT NULL"
+			)
+			.all() as Array<{ resourceId: number; }>;
+
+        db.transaction(() => {
+            db.exec(`
+                ALTER TABLE 'exitNodes' ADD 'region' text;
+                ALTER TABLE 'idpOidcConfig' ADD 'variant' text DEFAULT 'oidc' NOT NULL;
+                ALTER TABLE 'resources' ADD 'niceId' text DEFAULT '' NOT NULL;
+                ALTER TABLE 'userOrgs' ADD 'autoProvisioned' integer DEFAULT false;
+            `); // this diverges from the schema a bit because the schema does not have a default on niceId but was required for the migration and I dont think it will effect much down the line...
+
+            let usedNiceIds: string[] = [];
+
+            for (const resourceId of resources) {
+                // Generate a unique name and ensure it's unique
+                let niceId = "";
+                let loops = 0;
+                while (true) {
+                    if (loops > 100) {
+                        throw new Error("Could not generate a unique name");
+                    }
+
+                    niceId = generateName();
+                    if (!usedNiceIds.includes(niceId)) {
+                        usedNiceIds.push(niceId);
+                        break;
+                    }
+                    loops++;
+                }
+                db.prepare(`UPDATE resources SET niceId = ? WHERE resourceId = ?`).run(niceId, resourceId.resourceId);
+            }
+        })();
+
+        console.log(`Migrated database`);
+    } catch (e) {
+        console.log("Failed to migrate db:", e);
+        throw e;
+    }
+}
+
+const dev = process.env.ENVIRONMENT !== "prod";
+let file;
+if (!dev) {
+    file = join(__DIRNAME, "names.json");
+} else {
+    file = join("server/db/names.json");
+}
+export const names = JSON.parse(readFileSync(file, "utf-8"));
+
+export function generateName(): string {
+    const name = (
+        names.descriptors[
+            Math.floor(Math.random() * names.descriptors.length)
+        ] +
+        "-" +
+        names.animals[Math.floor(Math.random() * names.animals.length)]
+    )
+        .toLowerCase()
+        .replace(/\s/g, "-");
+
+    // clean out any non-alphanumeric characters except for dashes
+    return name.replace(/[^a-z0-9-]/g, "");
+}

From bb57f7537ee1469c7eda440ce21d5042dfacb8f0 Mon Sep 17 00:00:00 2001
From: hetlelid <spam@hetlelid.no>
Date: Thu, 11 Sep 2025 11:11:36 +0200
Subject: [PATCH 065/166] Update page.tsx

Added default location for the config files, for reference
---
 src/app/[orgId]/settings/resources/create/page.tsx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 5876cadf..a63530b7 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -1543,6 +1543,7 @@ export default function Page() {
                                             <h3 className="text-lg font-semibold">
                                                 {t("resourceAddEntrypoints")}
                                             </h3>
+                                            (Edit file: config/traefik/traefik_config.yml)
                                             <CopyTextBox
                                                 text={`entryPoints:
   ${tcpUdpForm.getValues("protocol")}-${tcpUdpForm.getValues("proxyPort")}:
@@ -1555,6 +1556,7 @@ export default function Page() {
                                             <h3 className="text-lg font-semibold">
                                                 {t("resourceExposePorts")}
                                             </h3>
+                                            (Edit file: docker-compose.yml)
                                             <CopyTextBox
                                                 text={`ports:
   - ${tcpUdpForm.getValues("proxyPort")}:${tcpUdpForm.getValues("proxyPort")}${tcpUdpForm.getValues("protocol") === "tcp" ? "" : "/" + tcpUdpForm.getValues("protocol")}`}

From 4220f518d02124683fa2013e468b0481a7511879 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 10:24:40 -0700
Subject: [PATCH 066/166] Just style it a bit

---
 src/app/[orgId]/settings/resources/create/page.tsx | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index a63530b7..16e2bf41 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -355,6 +355,8 @@ export default function Page() {
     }
 
     async function onSubmit() {
+                    setShowSnippets(true);
+                    router.refresh();
         setCreateLoading(true);
 
         const baseData = baseForm.getValues();
@@ -1543,7 +1545,9 @@ export default function Page() {
                                             <h3 className="text-lg font-semibold">
                                                 {t("resourceAddEntrypoints")}
                                             </h3>
-                                            (Edit file: config/traefik/traefik_config.yml)
+                                            <p className="text-sm text-muted-foreground">
+                                                (Edit file: config/traefik/traefik_config.yml)
+                                            </p>
                                             <CopyTextBox
                                                 text={`entryPoints:
   ${tcpUdpForm.getValues("protocol")}-${tcpUdpForm.getValues("proxyPort")}:
@@ -1556,7 +1560,9 @@ export default function Page() {
                                             <h3 className="text-lg font-semibold">
                                                 {t("resourceExposePorts")}
                                             </h3>
-                                            (Edit file: docker-compose.yml)
+                                            <p className="text-sm text-muted-foreground">
+                                                (Edit file: docker-compose.yml)
+                                            </p>
                                             <CopyTextBox
                                                 text={`ports:
   - ${tcpUdpForm.getValues("proxyPort")}:${tcpUdpForm.getValues("proxyPort")}${tcpUdpForm.getValues("protocol") === "tcp" ? "" : "/" + tcpUdpForm.getValues("protocol")}`}

From 52c659feb943c48474987e19e68af30d3efd98d8 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 10:27:02 -0700
Subject: [PATCH 067/166] Eslint fix

---
 server/setup/scriptsPg/1.10.0.ts     | 2 +-
 server/setup/scriptsSqlite/1.10.0.ts | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/setup/scriptsPg/1.10.0.ts b/server/setup/scriptsPg/1.10.0.ts
index 7eb101d5..f33906cf 100644
--- a/server/setup/scriptsPg/1.10.0.ts
+++ b/server/setup/scriptsPg/1.10.0.ts
@@ -24,7 +24,7 @@ export default async function migration() {
         
         await db.execute(sql`ALTER TABLE "userOrgs" ADD COLUMN "autoProvisioned" boolean DEFAULT false;`);
 
-        let usedNiceIds: string[] = [];
+        const usedNiceIds: string[] = [];
 
         for (const resource of resources.rows) {
             // Generate a unique name and ensure it's unique
diff --git a/server/setup/scriptsSqlite/1.10.0.ts b/server/setup/scriptsSqlite/1.10.0.ts
index a4c27862..f5f6c3a3 100644
--- a/server/setup/scriptsSqlite/1.10.0.ts
+++ b/server/setup/scriptsSqlite/1.10.0.ts
@@ -12,7 +12,7 @@ export default async function migration() {
     const db = new Database(location);
 
     const resourceSiteMap = new Map<number, number>();
-	let firstSiteId: number = 1;
+	const firstSiteId: number = 1;
 
     try {
 		const resources = db
@@ -29,7 +29,7 @@ export default async function migration() {
                 ALTER TABLE 'userOrgs' ADD 'autoProvisioned' integer DEFAULT false;
             `); // this diverges from the schema a bit because the schema does not have a default on niceId but was required for the migration and I dont think it will effect much down the line...
 
-            let usedNiceIds: string[] = [];
+            const usedNiceIds: string[] = [];
 
             for (const resourceId of resources) {
                 // Generate a unique name and ensure it's unique

From f63668dc1a4f2686de09b609b11f9f977f88f2b1 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:22 -0700
Subject: [PATCH 068/166] New translations en-us.json (French)

---
 messages/fr-FR.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index eff4b2e8..1ccadb89 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Une erreur s'est produite lors de l'ajout de l'utilisateur au rôle.",
     "userSaved": "Utilisateur enregistré",
     "userSavedDescription": "L'utilisateur a été mis à jour.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Auto-provisionné",
+    "autoProvisionedDescription": "Permettre à cet utilisateur d'être géré automatiquement par le fournisseur d'identité",
     "accessControlsDescription": "Gérer ce que cet utilisateur peut accéder et faire dans l'organisation",
     "accessControlsSubmit": "Enregistrer les contrôles d'accès",
     "roles": "Rôles",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Édition Professionnelle Requise",
     "licenseTierProfessionalRequiredDescription": "Cette fonctionnalité n'est disponible que dans l'Édition Professionnelle.",
     "actionGetOrg": "Obtenir l'organisation",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Mise à jour de l'utilisateur Org",
+    "createOrgUser": "Créer un utilisateur Org",
     "actionUpdateOrg": "Mettre à jour l'organisation",
     "actionUpdateUser": "Mettre à jour l'utilisateur",
     "actionGetUser": "Obtenir l'utilisateur",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "Mise à jour disponible",
     "newtUpdateAvailableInfo": "Une nouvelle version de Newt est disponible. Veuillez mettre à jour vers la dernière version pour une meilleure expérience.",
     "domainPickerEnterDomain": "Domaine",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "monapp.exemple.com",
     "domainPickerDescription": "Entrez le domaine complet de la ressource pour voir les options disponibles.",
     "domainPickerDescriptionSaas": "Entrez un domaine complet, un sous-domaine ou juste un nom pour voir les options disponibles",
     "domainPickerTabAll": "Tous",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Domaine international détecté",
     "willbestoredas": "Sera stocké comme :",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Domaine fourni",
+    "domainPickerFreeProvidedDomain": "Domaine fourni gratuitement",
+    "domainPickerVerified": "Vérifié",
+    "domainPickerUnverified": "Non vérifié",
+    "domainPickerInvalidSubdomainStructure": "Ce sous-domaine contient des caractères ou une structure non valide. Il sera automatiquement nettoyé lorsque vous enregistrez.",
+    "domainPickerError": "Erreur",
+    "domainPickerErrorLoadDomains": "Impossible de charger les domaines de l'organisation",
+    "domainPickerErrorCheckAvailability": "Impossible de vérifier la disponibilité du domaine",
+    "domainPickerInvalidSubdomain": "Sous-domaine invalide",
+    "domainPickerInvalidSubdomainRemoved": "L'entrée \"{sub}\" a été supprimée car elle n'est pas valide.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "La «{sub}» n'a pas pu être validée pour {domain}.",
+    "domainPickerSubdomainSanitized": "Sous-domaine nettoyé",
+    "domainPickerSubdomainCorrected": "\"{sub}\" a été corrigé à \"{sanitized}\""
 }

From c2ac48400badef94e4b399328f1e88100c804ee7 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:23 -0700
Subject: [PATCH 069/166] New translations en-us.json (Spanish)

---
 messages/es-ES.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/messages/es-ES.json b/messages/es-ES.json
index 3be67893..08cb32ab 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Ocurrió un error mientras se añadía el usuario al rol.",
     "userSaved": "Usuario guardado",
     "userSavedDescription": "El usuario ha sido actualizado.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Auto asegurado",
+    "autoProvisionedDescription": "Permitir a este usuario ser administrado automáticamente por el proveedor de identidad",
     "accessControlsDescription": "Administrar lo que este usuario puede acceder y hacer en la organización",
     "accessControlsSubmit": "Guardar controles de acceso",
     "roles": "Roles",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Edición Profesional requerida",
     "licenseTierProfessionalRequiredDescription": "Esta característica sólo está disponible en la Edición Profesional.",
     "actionGetOrg": "Obtener organización",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Actualizar usuario Org",
+    "createOrgUser": "Crear usuario Org",
     "actionUpdateOrg": "Actualizar organización",
     "actionUpdateUser": "Actualizar usuario",
     "actionGetUser": "Obtener usuario",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "Nueva actualización disponible",
     "newtUpdateAvailableInfo": "Hay una nueva versión de Newt disponible. Actualice a la última versión para la mejor experiencia.",
     "domainPickerEnterDomain": "Dominio",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "miapp.ejemplo.com",
     "domainPickerDescription": "Ingresa el dominio completo del recurso para ver las opciones disponibles.",
     "domainPickerDescriptionSaas": "Ingresa un dominio completo, subdominio o simplemente un nombre para ver las opciones disponibles",
     "domainPickerTabAll": "Todo",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Dominio Internacional detectado",
     "willbestoredas": "Se almacenará como:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Proveedor OAuth2/OIDC de Google",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Dominio proporcionado",
+    "domainPickerFreeProvidedDomain": "Dominio proporcionado gratis",
+    "domainPickerVerified": "Verificado",
+    "domainPickerUnverified": "Sin verificar",
+    "domainPickerInvalidSubdomainStructure": "Este subdominio contiene caracteres o estructura no válidos. Se limpiará automáticamente al guardar.",
+    "domainPickerError": "Error",
+    "domainPickerErrorLoadDomains": "Error al cargar los dominios de la organización",
+    "domainPickerErrorCheckAvailability": "No se pudo comprobar la disponibilidad del dominio",
+    "domainPickerInvalidSubdomain": "Subdominio inválido",
+    "domainPickerInvalidSubdomainRemoved": "La entrada \"{sub}\" fue eliminada porque no es válida.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "No se ha podido hacer válido \"{sub}\" para {domain}.",
+    "domainPickerSubdomainSanitized": "Subdominio saneado",
+    "domainPickerSubdomainCorrected": "\"{sub}\" fue corregido a \"{sanitized}\""
 }

From 96e4a28a2a5783a3edd7b48807408dc402e2afc8 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:25 -0700
Subject: [PATCH 070/166] New translations en-us.json (Bulgarian)

---
 messages/bg-BG.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index 9208a18d..f8688445 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -1504,5 +1504,18 @@
     "internationaldomaindetected": "International Domain Detected",
     "willbestoredas": "Will be stored as:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Provided Domain",
+    "domainPickerFreeProvidedDomain": "Free Provided Domain",
+    "domainPickerVerified": "Verified",
+    "domainPickerUnverified": "Unverified",
+    "domainPickerInvalidSubdomainStructure": "This subdomain contains invalid characters or structure. It will be sanitized automatically when you save.",
+    "domainPickerError": "Error",
+    "domainPickerErrorLoadDomains": "Failed to load organization domains",
+    "domainPickerErrorCheckAvailability": "Failed to check domain availability",
+    "domainPickerInvalidSubdomain": "Invalid subdomain",
+    "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
+    "domainPickerSubdomainSanitized": "Subdomain sanitized",
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\""
 }

From 824e8a2818dab36fd88a1929ceb7308904a6ce68 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:26 -0700
Subject: [PATCH 071/166] New translations en-us.json (Czech)

---
 messages/cs-CZ.json | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index d1b2703e..0b99e527 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -1504,5 +1504,18 @@
     "internationaldomaindetected": "International Domain Detected",
     "willbestoredas": "Will be stored as:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Provided Domain",
+    "domainPickerFreeProvidedDomain": "Free Provided Domain",
+    "domainPickerVerified": "Verified",
+    "domainPickerUnverified": "Unverified",
+    "domainPickerInvalidSubdomainStructure": "This subdomain contains invalid characters or structure. It will be sanitized automatically when you save.",
+    "domainPickerError": "Error",
+    "domainPickerErrorLoadDomains": "Failed to load organization domains",
+    "domainPickerErrorCheckAvailability": "Failed to check domain availability",
+    "domainPickerInvalidSubdomain": "Invalid subdomain",
+    "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
+    "domainPickerSubdomainSanitized": "Subdomain sanitized",
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\""
 }

From 5223de6b92623962c13dfa90b429843483e9aab1 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:27 -0700
Subject: [PATCH 072/166] New translations en-us.json (German)

---
 messages/de-DE.json | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index d5b3d5c8..06f221cf 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Beim Hinzufügen des Benutzers zur Rolle ist ein Fehler aufgetreten.",
     "userSaved": "Benutzer gespeichert",
     "userSavedDescription": "Der Benutzer wurde aktualisiert.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Automatisch vorgesehen",
+    "autoProvisionedDescription": "Erlaube diesem Benutzer die automatische Verwaltung durch Identitätsanbieter",
     "accessControlsDescription": "Verwalten Sie, worauf dieser Benutzer in der Organisation zugreifen und was er tun kann",
     "accessControlsSubmit": "Zugriffskontrollen speichern",
     "roles": "Rollen",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Professional Edition erforderlich",
     "licenseTierProfessionalRequiredDescription": "Diese Funktion ist nur in der Professional Edition verfügbar.",
     "actionGetOrg": "Organisation abrufen",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Org Benutzer aktualisieren",
+    "createOrgUser": "Org Benutzer erstellen",
     "actionUpdateOrg": "Organisation aktualisieren",
     "actionUpdateUser": "Benutzer aktualisieren",
     "actionGetUser": "Benutzer abrufen",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Internationale Domain erkannt",
     "willbestoredas": "Wird gespeichert als:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Google OAuth2/OIDC Provider",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Angegebene Domain",
+    "domainPickerFreeProvidedDomain": "Kostenlose Domain",
+    "domainPickerVerified": "Verifiziert",
+    "domainPickerUnverified": "Nicht verifiziert",
+    "domainPickerInvalidSubdomainStructure": "Diese Subdomain enthält ungültige Zeichen oder Struktur. Sie wird beim Speichern automatisch bereinigt.",
+    "domainPickerError": "Fehler",
+    "domainPickerErrorLoadDomains": "Fehler beim Laden der Organisations-Domänen",
+    "domainPickerErrorCheckAvailability": "Fehler beim Prüfen der Domain-Verfügbarkeit",
+    "domainPickerInvalidSubdomain": "Ungültige Subdomain",
+    "domainPickerInvalidSubdomainRemoved": "Die Eingabe \"{sub}\" wurde entfernt, weil sie nicht gültig ist.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" konnte nicht für {domain} gültig gemacht werden.",
+    "domainPickerSubdomainSanitized": "Subdomain bereinigt",
+    "domainPickerSubdomainCorrected": "\"{sub}\" wurde korrigiert zu \"{sanitized}\""
 }

From e93a2a6f4d0e7ed0f2ac8f1c06f5e41acdc972c1 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:29 -0700
Subject: [PATCH 073/166] New translations en-us.json (Italian)

---
 messages/it-IT.json | 21 +++++++++++++++++----
 1 file changed, 17 insertions(+), 4 deletions(-)

diff --git a/messages/it-IT.json b/messages/it-IT.json
index 377fe4ce..21c480ad 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -455,7 +455,7 @@
     "userSaved": "Utente salvato",
     "userSavedDescription": "L'utente è stato aggiornato.",
     "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisionedDescription": "Permetti a questo utente di essere gestito automaticamente dal provider di identità",
     "accessControlsDescription": "Gestisci cosa questo utente può accedere e fare nell'organizzazione",
     "accessControlsSubmit": "Salva Controlli di Accesso",
     "roles": "Ruoli",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Edizione Professional Richiesta",
     "licenseTierProfessionalRequiredDescription": "Questa funzionalità è disponibile solo nell'Edizione Professional.",
     "actionGetOrg": "Ottieni Organizzazione",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Aggiorna Utente Org",
+    "createOrgUser": "Crea Utente Org",
     "actionUpdateOrg": "Aggiorna Organizzazione",
     "actionUpdateUser": "Aggiorna Utente",
     "actionGetUser": "Ottieni Utente",
@@ -1504,5 +1504,18 @@
     "internationaldomaindetected": "Dominio Internazionale Rilevato",
     "willbestoredas": "Verrà conservato come:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Dominio Fornito",
+    "domainPickerFreeProvidedDomain": "Dominio Fornito Gratuito",
+    "domainPickerVerified": "Verificato",
+    "domainPickerUnverified": "Non Verificato",
+    "domainPickerInvalidSubdomainStructure": "Questo sottodominio contiene caratteri o struttura non validi. Sarà sanificato automaticamente quando si salva.",
+    "domainPickerError": "Errore",
+    "domainPickerErrorLoadDomains": "Impossibile caricare i domini dell'organizzazione",
+    "domainPickerErrorCheckAvailability": "Impossibile verificare la disponibilità del dominio",
+    "domainPickerInvalidSubdomain": "Sottodominio non valido",
+    "domainPickerInvalidSubdomainRemoved": "L'input \"{sub}\" è stato rimosso perché non è valido.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" non può essere reso valido per {domain}.",
+    "domainPickerSubdomainSanitized": "Sottodominio igienizzato",
+    "domainPickerSubdomainCorrected": "\"{sub}\" è stato corretto in \"{sanitized}\""
 }

From 0d684c1d01993195ca7be60c7dff3ba6ebc82ce7 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:30 -0700
Subject: [PATCH 074/166] New translations en-us.json (Korean)

---
 messages/ko-KR.json | 29 +++++++++++++++++++++--------
 1 file changed, 21 insertions(+), 8 deletions(-)

diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index 722e83ac..b95bf34f 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "사용자를 역할에 추가하는 동안 오류가 발생했습니다.",
     "userSaved": "사용자 저장됨",
     "userSavedDescription": "사용자가 업데이트되었습니다.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "자동 프로비저닝됨",
+    "autoProvisionedDescription": "이 사용자가 ID 공급자에 의해 자동으로 관리될 수 있도록 허용합니다",
     "accessControlsDescription": "이 사용자가 조직에서 접근하고 수행할 수 있는 작업을 관리하세요",
     "accessControlsSubmit": "접근 제어 저장",
     "roles": "역할",
@@ -913,8 +913,8 @@
     "idpConnectingToFinished": "연결됨",
     "idpErrorConnectingTo": "{name}에 연결하는 데 문제가 발생했습니다. 관리자에게 문의하십시오.",
     "idpErrorNotFound": "IdP를 찾을 수 없습니다.",
-    "idpGoogleAlt": "Google",
-    "idpAzureAlt": "Azure",
+    "idpGoogleAlt": "구글",
+    "idpAzureAlt": "애저",
     "inviteInvalid": "유효하지 않은 초대",
     "inviteInvalidDescription": "초대 링크가 유효하지 않습니다.",
     "inviteErrorWrongUser": "이 초대는 이 사용자에게 해당되지 않습니다",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "전문 에디션이 필요합니다.",
     "licenseTierProfessionalRequiredDescription": "이 기능은 Professional Edition에서만 사용할 수 있습니다.",
     "actionGetOrg": "조직 가져오기",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "조직 사용자 업데이트",
+    "createOrgUser": "조직 사용자 생성",
     "actionUpdateOrg": "조직 업데이트",
     "actionUpdateUser": "사용자 업데이트",
     "actionGetUser": "사용자 조회",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "국제 도메인 감지됨",
     "willbestoredas": "다음으로 저장됩니다:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Google OAuth2/OIDC 공급자",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC 공급자",
+    "domainPickerProvidedDomain": "제공된 도메인",
+    "domainPickerFreeProvidedDomain": "무료 제공된 도메인",
+    "domainPickerVerified": "검증됨",
+    "domainPickerUnverified": "검증되지 않음",
+    "domainPickerInvalidSubdomainStructure": "이 하위 도메인은 잘못된 문자 또는 구조를 포함하고 있습니다. 저장 시 자동으로 정리됩니다.",
+    "domainPickerError": "오류",
+    "domainPickerErrorLoadDomains": "조직 도메인 로드 실패",
+    "domainPickerErrorCheckAvailability": "도메인 가용성 확인 실패",
+    "domainPickerInvalidSubdomain": "잘못된 하위 도메인",
+    "domainPickerInvalidSubdomainRemoved": "입력 \"{sub}\"이(가) 유효하지 않으므로 제거되었습니다.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\"을(를) {domain}에 대해 유효하게 만들 수 없습니다.",
+    "domainPickerSubdomainSanitized": "하위 도메인 정리됨",
+    "domainPickerSubdomainCorrected": "\"{sub}\"이(가) \"{sanitized}\"로 수정되었습니다"
 }

From 2bacfa8002c0965c37841e1b966abbf11679b3ef Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:32 -0700
Subject: [PATCH 075/166] New translations en-us.json (Dutch)

---
 messages/nl-NL.json | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 4c209e09..c6c83995 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Er is een fout opgetreden tijdens het toevoegen van de rol.",
     "userSaved": "Gebruiker opgeslagen",
     "userSavedDescription": "De gebruiker is bijgewerkt.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Automatisch bevestigen",
+    "autoProvisionedDescription": "Toestaan dat deze gebruiker automatisch wordt beheerd door een identiteitsprovider",
     "accessControlsDescription": "Beheer wat deze gebruiker toegang heeft tot en doet in de organisatie",
     "accessControlsSubmit": "Bewaar Toegangsbesturing",
     "roles": "Rollen",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Professionele editie vereist",
     "licenseTierProfessionalRequiredDescription": "Deze functie is alleen beschikbaar in de Professional Edition.",
     "actionGetOrg": "Krijg Organisatie",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Org gebruiker bijwerken",
+    "createOrgUser": "Org gebruiker aanmaken",
     "actionUpdateOrg": "Organisatie bijwerken",
     "actionUpdateUser": "Gebruiker bijwerken",
     "actionGetUser": "Gebruiker ophalen",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "Update beschikbaar",
     "newtUpdateAvailableInfo": "Er is een nieuwe versie van Newt beschikbaar. Update naar de nieuwste versie voor de beste ervaring.",
     "domainPickerEnterDomain": "Domein",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "mijnapp.voorbeeld.nl",
     "domainPickerDescription": "Voer de volledige domein van de bron in om beschikbare opties te zien.",
     "domainPickerDescriptionSaas": "Voer een volledig domein, subdomein of gewoon een naam in om beschikbare opties te zien",
     "domainPickerTabAll": "Alles",
@@ -1504,5 +1504,18 @@
     "internationaldomaindetected": "Internationaal Domein Gedetecteerd",
     "willbestoredas": "Zal worden opgeslagen als:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Opgegeven domein",
+    "domainPickerFreeProvidedDomain": "Gratis verstrekt domein",
+    "domainPickerVerified": "Geverifieerd",
+    "domainPickerUnverified": "Ongeverifieerd",
+    "domainPickerInvalidSubdomainStructure": "Dit subdomein bevat ongeldige tekens of structuur. Het zal automatisch worden gesaneerd wanneer u opslaat.",
+    "domainPickerError": "Foutmelding",
+    "domainPickerErrorLoadDomains": "Fout bij het laden van organisatiedomeinen",
+    "domainPickerErrorCheckAvailability": "Kan domein beschikbaarheid niet controleren",
+    "domainPickerInvalidSubdomain": "Ongeldig subdomein",
+    "domainPickerInvalidSubdomainRemoved": "De invoer \"{sub}\" is verwijderd omdat het niet geldig is.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kon niet geldig worden gemaakt voor {domain}.",
+    "domainPickerSubdomainSanitized": "Subdomein gesaniseerd",
+    "domainPickerSubdomainCorrected": "\"{sub}\" was gecorrigeerd op \"{sanitized}\""
 }

From b503d73e467a9ce30fc5ee2fe0d17dec26749356 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:33 -0700
Subject: [PATCH 076/166] New translations en-us.json (Polish)

---
 messages/pl-PL.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index 4ad81acc..547cc39b 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Wystąpił błąd podczas dodawania użytkownika do roli.",
     "userSaved": "Użytkownik zapisany",
     "userSavedDescription": "Użytkownik został zaktualizowany.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Przesłane automatycznie",
+    "autoProvisionedDescription": "Pozwól temu użytkownikowi na automatyczne zarządzanie przez dostawcę tożsamości",
     "accessControlsDescription": "Zarządzaj tym, do czego użytkownik ma dostęp i co może robić w organizacji",
     "accessControlsSubmit": "Zapisz kontrole dostępu",
     "roles": "Role",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Wymagana edycja Professional",
     "licenseTierProfessionalRequiredDescription": "Ta funkcja jest dostępna tylko w edycji Professional.",
     "actionGetOrg": "Pobierz organizację",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Aktualizuj użytkownika Org",
+    "createOrgUser": "Utwórz użytkownika Org",
     "actionUpdateOrg": "Aktualizuj organizację",
     "actionUpdateUser": "Zaktualizuj użytkownika",
     "actionGetUser": "Pobierz użytkownika",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "Dostępna aktualizacja",
     "newtUpdateAvailableInfo": "Nowa wersja Newt jest dostępna. Prosimy o aktualizację do najnowszej wersji dla najlepszej pracy.",
     "domainPickerEnterDomain": "Domena",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "mojapp.example.com",
     "domainPickerDescription": "Wpisz pełną domenę zasobu, aby zobaczyć dostępne opcje.",
     "domainPickerDescriptionSaas": "Wprowadź pełną domenę, subdomenę lub po prostu nazwę, aby zobaczyć dostępne opcje",
     "domainPickerTabAll": "Wszystko",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Wykryto międzynarodową domenę",
     "willbestoredas": "Będą przechowywane jako:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Dostawca Google OAuth2/OIDC",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Dostarczona domena",
+    "domainPickerFreeProvidedDomain": "Darmowa oferowana domena",
+    "domainPickerVerified": "Zweryfikowano",
+    "domainPickerUnverified": "Niezweryfikowane",
+    "domainPickerInvalidSubdomainStructure": "Ta subdomena zawiera nieprawidłowe znaki lub strukturę. Zostanie ona automatycznie oczyszczona po zapisaniu.",
+    "domainPickerError": "Błąd",
+    "domainPickerErrorLoadDomains": "Nie udało się załadować domen organizacji",
+    "domainPickerErrorCheckAvailability": "Nie udało się sprawdzić dostępności domeny",
+    "domainPickerInvalidSubdomain": "Nieprawidłowa subdomena",
+    "domainPickerInvalidSubdomainRemoved": "Wejście \"{sub}\" zostało usunięte, ponieważ jest nieprawidłowe.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" nie może być poprawne dla {domain}.",
+    "domainPickerSubdomainSanitized": "Poddomena oczyszczona",
+    "domainPickerSubdomainCorrected": "\"{sub}\" został skorygowany do \"{sanitized}\""
 }

From 47eb1262e0cc95c92f447e95be470277bcfebffb Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:34 -0700
Subject: [PATCH 077/166] New translations en-us.json (Portuguese)

---
 messages/pt-PT.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 585983d7..86584761 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Ocorreu um erro ao adicionar usuário à função.",
     "userSaved": "Usuário salvo",
     "userSavedDescription": "O usuário foi atualizado.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Auto provisionado",
+    "autoProvisionedDescription": "Permitir que este usuário seja gerenciado automaticamente pelo provedor de identidade",
     "accessControlsDescription": "Gerencie o que este usuário pode acessar e fazer na organização",
     "accessControlsSubmit": "Salvar Controles de Acesso",
     "roles": "Funções",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Edição Profissional Necessária",
     "licenseTierProfessionalRequiredDescription": "Esta funcionalidade só está disponível na Edição Profissional.",
     "actionGetOrg": "Obter Organização",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Atualizar usuário Org",
+    "createOrgUser": "Criar usuário Org",
     "actionUpdateOrg": "Atualizar Organização",
     "actionUpdateUser": "Atualizar Usuário",
     "actionGetUser": "Obter Usuário",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "Nova Atualização Disponível",
     "newtUpdateAvailableInfo": "Uma nova versão do Newt está disponível. Atualize para a versão mais recente para uma melhor experiência.",
     "domainPickerEnterDomain": "Domínio",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "myapp.exemplo.com",
     "domainPickerDescription": "Insira o domínio completo do recurso para ver as opções disponíveis.",
     "domainPickerDescriptionSaas": "Insira um domínio completo, subdomínio ou apenas um nome para ver as opções disponíveis",
     "domainPickerTabAll": "Todos",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Domínio Internacional Detectado",
     "willbestoredas": "Será armazenado como:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Provedor Google OAuth2/OIDC",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Domínio fornecido",
+    "domainPickerFreeProvidedDomain": "Domínio fornecido grátis",
+    "domainPickerVerified": "Verificada",
+    "domainPickerUnverified": "Não verificado",
+    "domainPickerInvalidSubdomainStructure": "Este subdomínio contém caracteres ou estrutura inválidos. Ele será eliminado automaticamente quando você salvar.",
+    "domainPickerError": "ERRO",
+    "domainPickerErrorLoadDomains": "Falha ao carregar domínios da organização",
+    "domainPickerErrorCheckAvailability": "Não foi possível verificar a disponibilidade do domínio",
+    "domainPickerInvalidSubdomain": "Subdomínio inválido",
+    "domainPickerInvalidSubdomainRemoved": "A entrada \"{sub}\" foi removida porque ela não é válida.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" não pôde ser válido para {domain}.",
+    "domainPickerSubdomainSanitized": "Subdomínio banalizado",
+    "domainPickerSubdomainCorrected": "\"{sub}\" foi corrigido para \"{sanitized}\""
 }

From 0522b93369e6fe3cf95d1ee9db98beda7088af7e Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:35 -0700
Subject: [PATCH 078/166] New translations en-us.json (Russian)

---
 messages/ru-RU.json | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index 7b8b2d67..37dad23f 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Произошла ошибка при добавлении пользователя в роль.",
     "userSaved": "Пользователь сохранён",
     "userSavedDescription": "Пользователь был обновлён.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Автоподбор",
+    "autoProvisionedDescription": "Разрешить автоматическое управление этим пользователем",
     "accessControlsDescription": "Управляйте тем, к чему этот пользователь может получить доступ и что делать в организации",
     "accessControlsSubmit": "Сохранить контроль доступа",
     "roles": "Роли",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Требуется профессиональная версия",
     "licenseTierProfessionalRequiredDescription": "Эта функция доступна только в профессиональной версии.",
     "actionGetOrg": "Получить организацию",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Обновить пользователя Org",
+    "createOrgUser": "Создать пользователя Org",
     "actionUpdateOrg": "Обновить организацию",
     "actionUpdateUser": "Обновить пользователя",
     "actionGetUser": "Получить пользователя",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Обнаружен международный домен",
     "willbestoredas": "Будет храниться как:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Google OAuth2/OIDC провайдер",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Домен предоставлен",
+    "domainPickerFreeProvidedDomain": "Бесплатный домен",
+    "domainPickerVerified": "Подтверждено",
+    "domainPickerUnverified": "Не подтверждено",
+    "domainPickerInvalidSubdomainStructure": "Этот поддомен содержит недопустимые символы или структуру. Он будет очищен автоматически при сохранении.",
+    "domainPickerError": "Ошибка",
+    "domainPickerErrorLoadDomains": "Не удалось загрузить домены организации",
+    "domainPickerErrorCheckAvailability": "Не удалось проверить доступность домена",
+    "domainPickerInvalidSubdomain": "Неверный поддомен",
+    "domainPickerInvalidSubdomainRemoved": "Ввод \"{sub}\" был удален, потому что он недействителен.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" не может быть действительным для {domain}.",
+    "domainPickerSubdomainSanitized": "Субдомен очищен",
+    "domainPickerSubdomainCorrected": "\"{sub}\" был исправлен на \"{sanitized}\""
 }

From d27ed4d5231f538890a81a56d097470d12905a08 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:37 -0700
Subject: [PATCH 079/166] New translations en-us.json (Turkish)

---
 messages/tr-TR.json | 25 +++++++++++++++++++------
 1 file changed, 19 insertions(+), 6 deletions(-)

diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index 6008f2dc..dd3b66a4 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Kullanıcı role eklenirken bir hata oluştu.",
     "userSaved": "Kullanıcı kaydedildi",
     "userSavedDescription": "Kullanıcı güncellenmiştir.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Otomatik Sağlandı",
+    "autoProvisionedDescription": "Bu kullanıcının kimlik sağlayıcısı tarafından otomatik olarak yönetilmesine izin ver",
     "accessControlsDescription": "Bu kullanıcının organizasyonda neleri erişebileceğini ve yapabileceğini yönetin",
     "accessControlsSubmit": "Erişim Kontrollerini Kaydet",
     "roles": "Roller",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Profesyonel Sürüme Gereklidir",
     "licenseTierProfessionalRequiredDescription": "Bu özellik yalnızca Professional Edition'da kullanılabilir.",
     "actionGetOrg": "Kuruluşu Al",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Organizasyon Kullanıcısını Güncelle",
+    "createOrgUser": "Organizasyon Kullanıcısı Oluştur",
     "actionUpdateOrg": "Kuruluşu Güncelle",
     "actionUpdateUser": "Kullanıcıyı Güncelle",
     "actionGetUser": "Kullanıcıyı Getir",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Uluslararası Alan Adı Tespit Edildi",
     "willbestoredas": "Şu şekilde depolanacak:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Google OAuth2/OIDC sağlayıcısı",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC sağlayıcısı",
+    "domainPickerProvidedDomain": "Sağlanan Alan Adı",
+    "domainPickerFreeProvidedDomain": "Ücretsiz Sağlanan Alan Adı",
+    "domainPickerVerified": "Doğrulandı",
+    "domainPickerUnverified": "Doğrulanmadı",
+    "domainPickerInvalidSubdomainStructure": "Bu alt alan adı geçersiz karakterler veya yapı içeriyor. Kaydettiğinizde otomatik olarak temizlenecektir.",
+    "domainPickerError": "Hata",
+    "domainPickerErrorLoadDomains": "Organizasyon alan adları yüklenemedi",
+    "domainPickerErrorCheckAvailability": "Alan adı kullanılabilirliği kontrol edilemedi",
+    "domainPickerInvalidSubdomain": "Geçersiz alt alan adı",
+    "domainPickerInvalidSubdomainRemoved": "Girdi \"{sub}\" geçersiz olduğu için kaldırıldı.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" {domain} için geçerli yapılamadı.",
+    "domainPickerSubdomainSanitized": "Alt alan adı temizlendi",
+    "domainPickerSubdomainCorrected": "\"{sub}\" \"{sanitized}\" olarak düzeltildi"
 }

From 3027a0dc135528bd92c9ac3bc94e04d4919fb540 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:38 -0700
Subject: [PATCH 080/166] New translations en-us.json (Chinese Simplified)

---
 messages/zh-CN.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index 25f09780..e40297fb 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "添加用户到角色时出错。",
     "userSaved": "用户已保存",
     "userSavedDescription": "用户已更新。",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "自动设置",
+    "autoProvisionedDescription": "允许此用户由身份提供商自动管理",
     "accessControlsDescription": "管理此用户在组织中可以访问和做什么",
     "accessControlsSubmit": "保存访问控制",
     "roles": "角色",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "需要专业版",
     "licenseTierProfessionalRequiredDescription": "此功能仅在专业版可用。",
     "actionGetOrg": "获取组织",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "更新组织用户",
+    "createOrgUser": "创建组织用户",
     "actionUpdateOrg": "更新组织",
     "actionUpdateUser": "更新用户",
     "actionGetUser": "获取用户",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "更新可用",
     "newtUpdateAvailableInfo": "新版本的 Newt 已可用。请更新到最新版本以获得最佳体验。",
     "domainPickerEnterDomain": "域名",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "example.com",
     "domainPickerDescription": "输入资源的完整域名以查看可用选项。",
     "domainPickerDescriptionSaas": "输入完整域名、子域或名称以查看可用选项。",
     "domainPickerTabAll": "所有",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "检测到国际域",
     "willbestoredas": "储存为：",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Google OAuth2/OIDC 提供商",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "提供的域",
+    "domainPickerFreeProvidedDomain": "免费提供的域",
+    "domainPickerVerified": "已验证",
+    "domainPickerUnverified": "未验证",
+    "domainPickerInvalidSubdomainStructure": "此子域包含无效的字符或结构。当您保存时，它将被自动清除。",
+    "domainPickerError": "错误",
+    "domainPickerErrorLoadDomains": "加载组织域名失败",
+    "domainPickerErrorCheckAvailability": "检查域可用性失败",
+    "domainPickerInvalidSubdomain": "无效的子域",
+    "domainPickerInvalidSubdomainRemoved": "输入 \"{sub}\" 已被移除，因为其无效。",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" 无法为 {domain} 变为有效。",
+    "domainPickerSubdomainSanitized": "子域已净化",
+    "domainPickerSubdomainCorrected": "\"{sub}\" 已被更正为 \"{sanitized}\""
 }

From 597c15b83d4ba23af70b84db0da190744d5d623e Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 10:35:39 -0700
Subject: [PATCH 081/166] New translations en-us.json (Norwegian Bokmal)

---
 messages/nb-NO.json | 27 ++++++++++++++++++++-------
 1 file changed, 20 insertions(+), 7 deletions(-)

diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index ca2dec97..3990c5e2 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -454,8 +454,8 @@
     "accessRoleErrorAddDescription": "Det oppstod en feil under tilordning av brukeren til rollen.",
     "userSaved": "Bruker lagret",
     "userSavedDescription": "Brukeren har blitt oppdatert.",
-    "autoProvisioned": "Auto Provisioned",
-    "autoProvisionedDescription": "Allow this user to be automatically managed by identity provider",
+    "autoProvisioned": "Auto avlyst",
+    "autoProvisionedDescription": "Tillat denne brukeren å bli automatisk administrert av en identitetsleverandør",
     "accessControlsDescription": "Administrer hva denne brukeren kan få tilgang til og gjøre i organisasjonen",
     "accessControlsSubmit": "Lagre tilgangskontroller",
     "roles": "Roller",
@@ -986,8 +986,8 @@
     "licenseTierProfessionalRequired": "Profesjonell utgave påkrevd",
     "licenseTierProfessionalRequiredDescription": "Denne funksjonen er kun tilgjengelig i den profesjonelle utgaven.",
     "actionGetOrg": "Hent organisasjon",
-    "updateOrgUser": "Update Org User",
-    "createOrgUser": "Create Org User",
+    "updateOrgUser": "Oppdater org.bruker",
+    "createOrgUser": "Opprett Org bruker",
     "actionUpdateOrg": "Oppdater organisasjon",
     "actionUpdateUser": "Oppdater bruker",
     "actionGetUser": "Hent bruker",
@@ -1240,7 +1240,7 @@
     "newtUpdateAvailable": "Oppdatering tilgjengelig",
     "newtUpdateAvailableInfo": "En ny versjon av Newt er tilgjengelig. Vennligst oppdater til den nyeste versjonen for den beste opplevelsen.",
     "domainPickerEnterDomain": "Domene",
-    "domainPickerPlaceholder": "myapp.example.com",
+    "domainPickerPlaceholder": "minapp.eksempel.no",
     "domainPickerDescription": "Skriv inn hele domenet til ressursen for å se tilgjengelige alternativer.",
     "domainPickerDescriptionSaas": "Skriv inn et fullt domene, underdomene eller bare et navn for å se tilgjengelige alternativer",
     "domainPickerTabAll": "Alle",
@@ -1503,6 +1503,19 @@
     },
     "internationaldomaindetected": "Internasjonalt domene oppdaget",
     "willbestoredas": "Vil bli lagret som:",
-    "idpGoogleDescription": "Google OAuth2/OIDC provider",
-    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider"
+    "idpGoogleDescription": "Google OAuth2/OIDC leverandør",
+    "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "domainPickerProvidedDomain": "Gitt domene",
+    "domainPickerFreeProvidedDomain": "Gratis oppgitt domene",
+    "domainPickerVerified": "Bekreftet",
+    "domainPickerUnverified": "Uverifisert",
+    "domainPickerInvalidSubdomainStructure": "Dette underdomenet inneholder ugyldige tegn eller struktur. Det vil automatisk bli utsatt når du lagrer.",
+    "domainPickerError": "Feil",
+    "domainPickerErrorLoadDomains": "Kan ikke laste organisasjonens domener",
+    "domainPickerErrorCheckAvailability": "Kunne ikke kontrollere domenetilgjengelighet",
+    "domainPickerInvalidSubdomain": "Ugyldig underdomene",
+    "domainPickerInvalidSubdomainRemoved": "Inndata \"{sub}\" ble fjernet fordi det ikke er gyldig.",
+    "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kunne ikke gjøres gyldig for {domain}.",
+    "domainPickerSubdomainSanitized": "Underdomenet som ble sanivert",
+    "domainPickerSubdomainCorrected": "\"{sub}\" var korrigert til \"{sanitized}\""
 }

From 75de3118ab8ece8d1bb76319b00772ec4d8e33c6 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 21:28:15 -0700
Subject: [PATCH 082/166] Update migrations

---
 server/setup/scriptsPg/1.10.0.ts     | 32 ++++++++++++++++++++++------
 server/setup/scriptsSqlite/1.10.0.ts | 19 +++++++++++------
 2 files changed, 37 insertions(+), 14 deletions(-)

diff --git a/server/setup/scriptsPg/1.10.0.ts b/server/setup/scriptsPg/1.10.0.ts
index f33906cf..7cb1fa5a 100644
--- a/server/setup/scriptsPg/1.10.0.ts
+++ b/server/setup/scriptsPg/1.10.0.ts
@@ -16,13 +16,31 @@ export default async function migration() {
 
         await db.execute(sql`BEGIN`);
 
-        await db.execute(sql`ALTER TABLE "exitNodes" ADD COLUMN "region" text;`);
-        
-        await db.execute(sql`ALTER TABLE "idpOidcConfig" ADD COLUMN "variant" text DEFAULT 'oidc' NOT NULL;`);
-        
-        await db.execute(sql`ALTER TABLE "resources" ADD COLUMN "niceId" text DEFAULT '' NOT NULL;`);
-        
-        await db.execute(sql`ALTER TABLE "userOrgs" ADD COLUMN "autoProvisioned" boolean DEFAULT false;`);
+        await db.execute(
+            sql`ALTER TABLE "exitNodes" ADD COLUMN "region" text;`
+        );
+
+        await db.execute(
+            sql`ALTER TABLE "idpOidcConfig" ADD COLUMN "variant" text DEFAULT 'oidc' NOT NULL;`
+        );
+
+        await db.execute(
+            sql`ALTER TABLE "resources" ADD COLUMN "niceId" text DEFAULT '' NOT NULL;`
+        );
+
+        await db.execute(
+            sql`ALTER TABLE "userOrgs" ADD COLUMN "autoProvisioned" boolean DEFAULT false;`
+        );
+
+        await db.execute(
+            sql`ALTER TABLE "targets" ADD COLUMN "pathMatchType" text;`
+        );
+
+        await db.execute(sql`ALTER TABLE "targets" ADD COLUMN "path" text;`);
+
+        await db.execute(
+            sql`ALTER TABLE "resources" ADD COLUMN "headers" text;`
+        );
 
         const usedNiceIds: string[] = [];
 
diff --git a/server/setup/scriptsSqlite/1.10.0.ts b/server/setup/scriptsSqlite/1.10.0.ts
index f5f6c3a3..359e80e1 100644
--- a/server/setup/scriptsSqlite/1.10.0.ts
+++ b/server/setup/scriptsSqlite/1.10.0.ts
@@ -12,14 +12,14 @@ export default async function migration() {
     const db = new Database(location);
 
     const resourceSiteMap = new Map<number, number>();
-	const firstSiteId: number = 1;
+    const firstSiteId: number = 1;
 
     try {
-		const resources = db
-			.prepare(
-				"SELECT resourceId FROM resources WHERE siteId IS NOT NULL"
-			)
-			.all() as Array<{ resourceId: number; }>;
+        const resources = db
+            .prepare(
+                "SELECT resourceId FROM resources WHERE siteId IS NOT NULL"
+            )
+            .all() as Array<{ resourceId: number }>;
 
         db.transaction(() => {
             db.exec(`
@@ -27,6 +27,9 @@ export default async function migration() {
                 ALTER TABLE 'idpOidcConfig' ADD 'variant' text DEFAULT 'oidc' NOT NULL;
                 ALTER TABLE 'resources' ADD 'niceId' text DEFAULT '' NOT NULL;
                 ALTER TABLE 'userOrgs' ADD 'autoProvisioned' integer DEFAULT false;
+                ALTER TABLE 'targets' ADD 'pathMatchType' text;
+                ALTER TABLE 'targets' ADD 'path' text;
+                ALTER TABLE 'resources' ADD 'headers' text;
             `); // this diverges from the schema a bit because the schema does not have a default on niceId but was required for the migration and I dont think it will effect much down the line...
 
             const usedNiceIds: string[] = [];
@@ -47,7 +50,9 @@ export default async function migration() {
                     }
                     loops++;
                 }
-                db.prepare(`UPDATE resources SET niceId = ? WHERE resourceId = ?`).run(niceId, resourceId.resourceId);
+                db.prepare(
+                    `UPDATE resources SET niceId = ? WHERE resourceId = ?`
+                ).run(niceId, resourceId.resourceId);
             }
         })();
 

From fc2433198847b7fcf27a1fbec35df6b18c299dc7 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 21:32:12 -0700
Subject: [PATCH 083/166] Eslint fix

---
 server/lib/blueprints/resources.ts         | 8 ++++----
 server/routers/resource/updateResource.ts  | 2 +-
 server/routers/traefik/getTraefikConfig.ts | 4 ++--
 3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/resources.ts
index bc7eda08..ed766c7d 100644
--- a/server/lib/blueprints/resources.ts
+++ b/server/lib/blueprints/resources.ts
@@ -31,19 +31,19 @@ export async function updateResources(
     trx: Transaction,
     siteId?: number
 ): Promise<ResourcesResults> {
-    let results: ResourcesResults = [];
+    const results: ResourcesResults = [];
 
     for (const [resourceNiceId, resourceData] of Object.entries(
         config.resources
     )) {
-        let targetsToUpdate: Target[] = [];
+        const targetsToUpdate: Target[] = [];
         let resource: Resource;
 
         async function createTarget( // reusable function to create a target
             resourceId: number,
             targetData: TargetData
         ) {
-            let targetSiteId = targetData.site;
+            const targetSiteId = targetData.site;
             let site;
 
             if (targetSiteId) {
@@ -269,7 +269,7 @@ export async function updateResources(
                 const existingTarget = existingResourceTargets[index];
 
                 if (existingTarget) {
-                    let targetSiteId = targetData.site;
+                    const targetSiteId = targetData.site;
                     let site;
 
                     if (targetSiteId) {
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index ab2b05b3..7c0f9c63 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -89,7 +89,7 @@ const updateHttpResourceBodySchema = z
     .refine(
         (data) => {
             if (data.headers) {
-                return validateHeaders(data.headers)
+                return validateHeaders(data.headers);
             }
             return true;
         },
diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index 596757a5..08c94ad0 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -309,14 +309,14 @@ export async function getTraefikConfig(
             const additionalMiddlewares =
                 config.getRawConfig().traefik.additional_middlewares || [];
 
-            let routerMiddlewares = [
+            const routerMiddlewares = [
                 badgerMiddlewareName,
                 ...additionalMiddlewares
             ];
 
             if (resource.headers && resource.headers.length > 0) {
                 // if there are headers, parse them into an object
-                let headersObj: { [key: string]: string } = {};
+                const headersObj: { [key: string]: string } = {};
                 const headersArr = resource.headers.split(",");
                 for (const header of headersArr) {
                     const [key, value] = header

From ef5f713bfb45c861475a44fc51fe2b1b4351829e Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Fri, 12 Sep 2025 11:45:03 -0700
Subject: [PATCH 084/166] Adjust styling to make it more clear

---
 messages/en-US.json                           |   1 +
 .../resources/[niceId]/proxy/page.tsx         | 168 +++++++++---------
 .../settings/resources/create/page.tsx        | 168 +++++++++---------
 3 files changed, 171 insertions(+), 166 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index a337c092..9d4cb95f 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Invalid IP address format",
     "ipAddressErrorInvalidOctet": "Invalid IP address octet",
     "path": "Path",
+    "matchPath": "Match Path",
     "ipAddressRange": "IP Range",
     "rulesErrorFetch": "Failed to fetch rules",
     "rulesErrorFetchDescription": "An error occurred while fetching rules",
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 9d5f5ce3..b9c45b8b 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -71,7 +71,9 @@ import {
     Heart,
     Check,
     CircleCheck,
-    CircleX
+    CircleX,
+    ArrowRight,
+    MoveRight
 } from "lucide-react";
 import { ContainersSelector } from "@app/components/ContainersSelector";
 import { useTranslations } from "next-intl";
@@ -565,6 +567,89 @@ export default function ReverseProxyTargets(props: {
     }
 
     const columns: ColumnDef<LocalTarget>[] = [
+        {
+            accessorKey: "path",
+            header: t("matchPath"),
+            cell: ({ row }) => {
+                const [showPathInput, setShowPathInput] = useState(
+                    !!(row.original.path || row.original.pathMatchType)
+                );
+                
+                if (!showPathInput) {
+                    return (
+                        <Button
+                            variant="outline"
+                            onClick={() => setShowPathInput(true)}
+                        >
+                           + {t("matchPath")} 
+                        </Button>
+                    );
+                }
+
+                return (
+                    <div className="flex gap-2 min-w-[200px] items-center">
+                        <Select
+                            defaultValue={row.original.pathMatchType || "exact"}
+                            onValueChange={(value) =>
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    pathMatchType: value as "exact" | "prefix" | "regex"
+                                })
+                            }
+                        >
+                            <SelectTrigger className="w-25">
+                                <SelectValue />
+                            </SelectTrigger>
+                            <SelectContent>
+                                <SelectItem value="exact">Exact</SelectItem>
+                                <SelectItem value="prefix">Prefix</SelectItem>
+                                <SelectItem value="regex">Regex</SelectItem>
+                            </SelectContent>
+                        </Select>
+                        <Input
+                            placeholder={
+                                row.original.pathMatchType === "regex" 
+                                    ? "^/api/.*" 
+                                    : "/path"
+                            }
+                            defaultValue={row.original.path || ""}
+                            className="flex-1 min-w-[150px]"
+                            onBlur={(e) => {
+                                const value = e.target.value.trim();
+                                if (!value) {
+                                    setShowPathInput(false);
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: null,
+                                        pathMatchType: null
+                                    });
+                                } else {
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: value
+                                    });
+                                }
+                            }}
+                        />
+                        <Button
+                            variant="outline"
+                            onClick={() => {
+                                setShowPathInput(false);
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    path: null,
+                                    pathMatchType: null
+                                });
+                            }}
+                        >
+                            ×
+                        </Button>
+
+                        <MoveRight className="ml-4 h-4 w-4" />
+                    </div>
+                );
+            }
+        },
         {
             accessorKey: "siteId",
             header: t("site"),
@@ -762,87 +847,6 @@ export default function ReverseProxyTargets(props: {
                 />
             )
         },
-        {
-            accessorKey: "path",
-            header: t("path"),
-            cell: ({ row }) => {
-                const [showPathInput, setShowPathInput] = useState(
-                    !!(row.original.path || row.original.pathMatchType)
-                );
-                
-                if (!showPathInput) {
-                    return (
-                        <Button
-                            variant="outline"
-                            onClick={() => setShowPathInput(true)}
-                        >
-                            + Path
-                        </Button>
-                    );
-                }
-
-                return (
-                    <div className="flex gap-2 min-w-[200px]">
-                        <Select
-                            defaultValue={row.original.pathMatchType || "exact"}
-                            onValueChange={(value) =>
-                                updateTarget(row.original.targetId, {
-                                    ...row.original,
-                                    pathMatchType: value as "exact" | "prefix" | "regex"
-                                })
-                            }
-                        >
-                            <SelectTrigger className="w-25">
-                                <SelectValue />
-                            </SelectTrigger>
-                            <SelectContent>
-                                <SelectItem value="exact">Exact</SelectItem>
-                                <SelectItem value="prefix">Prefix</SelectItem>
-                                <SelectItem value="regex">Regex</SelectItem>
-                            </SelectContent>
-                        </Select>
-                        <Input
-                            placeholder={
-                                row.original.pathMatchType === "regex" 
-                                    ? "^/api/.*" 
-                                    : "/path"
-                            }
-                            defaultValue={row.original.path || ""}
-                            className="flex-1 min-w-[150px]"
-                            onBlur={(e) => {
-                                const value = e.target.value.trim();
-                                if (!value) {
-                                    setShowPathInput(false);
-                                    updateTarget(row.original.targetId, {
-                                        ...row.original,
-                                        path: null,
-                                        pathMatchType: null
-                                    });
-                                } else {
-                                    updateTarget(row.original.targetId, {
-                                        ...row.original,
-                                        path: value
-                                    });
-                                }
-                            }}
-                        />
-                        <Button
-                            variant="outline"
-                            onClick={() => {
-                                setShowPathInput(false);
-                                updateTarget(row.original.targetId, {
-                                    ...row.original,
-                                    path: null,
-                                    pathMatchType: null
-                                });
-                            }}
-                        >
-                            ×
-                        </Button>
-                    </div>
-                );
-            }
-        },
         // {
         //     accessorKey: "protocol",
         //     header: t('targetProtocol'),
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 16e2bf41..946f563d 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -58,7 +58,7 @@ import {
 } from "@app/components/ui/popover";
 import { CaretSortIcon, CheckIcon } from "@radix-ui/react-icons";
 import { cn } from "@app/lib/cn";
-import { SquareArrowOutUpRight } from "lucide-react";
+import { ArrowRight, MoveRight, SquareArrowOutUpRight } from "lucide-react";
 import CopyTextBox from "@app/components/CopyTextBox";
 import Link from "next/link";
 import { useTranslations } from "next-intl";
@@ -355,8 +355,6 @@ export default function Page() {
     }
 
     async function onSubmit() {
-                    setShowSnippets(true);
-                    router.refresh();
         setCreateLoading(true);
 
         const baseData = baseForm.getValues();
@@ -537,6 +535,89 @@ export default function Page() {
     }, []);
 
     const columns: ColumnDef<LocalTarget>[] = [
+        {
+            accessorKey: "path",
+            header: t("matchPath"),
+            cell: ({ row }) => {
+                const [showPathInput, setShowPathInput] = useState(
+                    !!(row.original.path || row.original.pathMatchType)
+                );
+                
+                if (!showPathInput) {
+                    return (
+                        <Button
+                            variant="outline"
+                            onClick={() => setShowPathInput(true)}
+                        >
+                            + {t("matchPath")}
+                        </Button>
+                    );
+                }
+
+                return (
+                    <div className="flex gap-2 min-w-[200px] items-center">
+                        <Select
+                            defaultValue={row.original.pathMatchType || "exact"}
+                            onValueChange={(value) =>
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    pathMatchType: value as "exact" | "prefix" | "regex"
+                                })
+                            }
+                        >
+                            <SelectTrigger className="w-25">
+                                <SelectValue />
+                            </SelectTrigger>
+                            <SelectContent>
+                                <SelectItem value="exact">Exact</SelectItem>
+                                <SelectItem value="prefix">Prefix</SelectItem>
+                                <SelectItem value="regex">Regex</SelectItem>
+                            </SelectContent>
+                        </Select>
+                        <Input
+                            placeholder={
+                                row.original.pathMatchType === "regex" 
+                                    ? "^/api/.*" 
+                                    : "/path"
+                            }
+                            defaultValue={row.original.path || ""}
+                            className="flex-1 min-w-[150px]"
+                            onBlur={(e) => {
+                                const value = e.target.value.trim();
+                                if (!value) {
+                                    setShowPathInput(false);
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: null,
+                                        pathMatchType: null
+                                    });
+                                } else {
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        path: value
+                                    });
+                                }
+                            }}
+                        />
+                        <Button
+                            variant="outline"
+                            onClick={() => {
+                                setShowPathInput(false);
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    path: null,
+                                    pathMatchType: null
+                                });
+                            }}
+                        >
+                            ×
+                        </Button>
+
+                        <MoveRight className="ml-4 h-4 w-4" />
+                    </div>
+                );
+            }
+        },
         {
             accessorKey: "siteId",
             header: t("site"),
@@ -710,87 +791,6 @@ export default function Page() {
                 />
             )
         },
-        {
-            accessorKey: "path",
-            header: t("path"),
-            cell: ({ row }) => {
-                const [showPathInput, setShowPathInput] = useState(
-                    !!(row.original.path || row.original.pathMatchType)
-                );
-                
-                if (!showPathInput) {
-                    return (
-                        <Button
-                            variant="outline"
-                            onClick={() => setShowPathInput(true)}
-                        >
-                            + Path
-                        </Button>
-                    );
-                }
-
-                return (
-                    <div className="flex gap-2 min-w-[200px]">
-                        <Select
-                            defaultValue={row.original.pathMatchType || "exact"}
-                            onValueChange={(value) =>
-                                updateTarget(row.original.targetId, {
-                                    ...row.original,
-                                    pathMatchType: value as "exact" | "prefix" | "regex"
-                                })
-                            }
-                        >
-                            <SelectTrigger className="w-25">
-                                <SelectValue />
-                            </SelectTrigger>
-                            <SelectContent>
-                                <SelectItem value="exact">Exact</SelectItem>
-                                <SelectItem value="prefix">Prefix</SelectItem>
-                                <SelectItem value="regex">Regex</SelectItem>
-                            </SelectContent>
-                        </Select>
-                        <Input
-                            placeholder={
-                                row.original.pathMatchType === "regex" 
-                                    ? "^/api/.*" 
-                                    : "/path"
-                            }
-                            defaultValue={row.original.path || ""}
-                            className="flex-1 min-w-[150px]"
-                            onBlur={(e) => {
-                                const value = e.target.value.trim();
-                                if (!value) {
-                                    setShowPathInput(false);
-                                    updateTarget(row.original.targetId, {
-                                        ...row.original,
-                                        path: null,
-                                        pathMatchType: null
-                                    });
-                                } else {
-                                    updateTarget(row.original.targetId, {
-                                        ...row.original,
-                                        path: value
-                                    });
-                                }
-                            }}
-                        />
-                        <Button
-                            variant="outline"
-                            onClick={() => {
-                                setShowPathInput(false);
-                                updateTarget(row.original.targetId, {
-                                    ...row.original,
-                                    path: null,
-                                    pathMatchType: null
-                                });
-                            }}
-                        >
-                            ×
-                        </Button>
-                    </div>
-                );
-            }
-        },
         {
             accessorKey: "enabled",
             header: t("enabled"),

From 6d210b128de81a05e5cf4df973f875b3d34d3134 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 14 Sep 2025 15:57:41 -0700
Subject: [PATCH 085/166] Site resources for the blueprint

---
 messages/en-US.json                           |   6 +-
 server/db/names.ts                            |  21 ++-
 server/db/pg/schema.ts                        |   1 +
 server/db/sqlite/schema.ts                    |   1 +
 server/lib/blueprints/applyBlueprint.ts       |  94 +++++++++---
 server/lib/blueprints/clientResources.ts      | 117 +++++++++++++++
 .../lib/blueprints/parseDockerContainers.ts   |   4 +-
 .../{resources.ts => proxyResources.ts}       | 130 ++++++++++++++---
 server/lib/blueprints/types.ts                | 134 +++++++++++++++++-
 .../siteResource/createSiteResource.ts        |   4 +
 .../routers/siteResource/getSiteResource.ts   |  71 ++++++++--
 .../CreateInternalResourceDialog.tsx          |   4 +-
 src/components/EditInternalResourceDialog.tsx |   4 +-
 13 files changed, 520 insertions(+), 71 deletions(-)
 create mode 100644 server/lib/blueprints/clientResources.ts
 rename server/lib/blueprints/{resources.ts => proxyResources.ts} (85%)

diff --git a/messages/en-US.json b/messages/en-US.json
index 9d4cb95f..51845e6f 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1400,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocol",
     "editInternalResourceDialogSitePort": "Site Port",
     "editInternalResourceDialogTargetConfiguration": "Target Configuration",
-    "editInternalResourceDialogDestinationIP": "Destination IP",
-    "editInternalResourceDialogDestinationPort": "Destination Port",
     "editInternalResourceDialogCancel": "Cancel",
     "editInternalResourceDialogSaveResource": "Save Resource",
     "editInternalResourceDialogSuccess": "Success",
@@ -1432,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Site Port",
     "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.",
     "createInternalResourceDialogTargetConfiguration": "Target Configuration",
-    "createInternalResourceDialogDestinationIP": "Destination IP",
-    "createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.",
-    "createInternalResourceDialogDestinationPort": "Destination Port",
+    "createInternalResourceDialogDestinationIPDescription": "The IP or hostname address of the resource on the site's network.",
     "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.",
     "createInternalResourceDialogCancel": "Cancel",
     "createInternalResourceDialogCreateResource": "Create Resource",
diff --git a/server/db/names.ts b/server/db/names.ts
index 9c671a22..2da38f10 100644
--- a/server/db/names.ts
+++ b/server/db/names.ts
@@ -1,6 +1,6 @@
 import { join } from "path";
 import { readFileSync } from "fs";
-import { db, resources } from "@server/db";
+import { db, resources, siteResources } from "@server/db";
 import { exitNodes, sites } from "@server/db";
 import { eq, and } from "drizzle-orm";
 import { __DIRNAME } from "@server/lib/consts";
@@ -53,6 +53,25 @@ export async function getUniqueResourceName(orgId: string): Promise<string> {
     }
 }
 
+export async function getUniqueSiteResourceName(orgId: string): Promise<string> {
+    let loops = 0;
+    while (true) {
+        if (loops > 100) {
+            throw new Error("Could not generate a unique name");
+        }
+
+        const name = generateName();
+        const count = await db
+            .select({ niceId: siteResources.niceId, orgId: siteResources.orgId })
+            .from(siteResources)
+            .where(and(eq(siteResources.niceId, name), eq(siteResources.orgId, orgId)));
+        if (count.length === 0) {
+            return name;
+        }
+        loops++;
+    }
+}
+
 export async function getUniqueExitNodeEndpointName(): Promise<string> {
     let loops = 0;
     const count = await db
diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index c31b790e..3cb5486b 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -143,6 +143,7 @@ export const siteResources = pgTable("siteResources", { // this is for the clien
     orgId: varchar("orgId")
         .notNull()
         .references(() => orgs.orgId, { onDelete: "cascade" }),
+    niceId: varchar("niceId").notNull(),
     name: varchar("name").notNull(),
     protocol: varchar("protocol").notNull(),
     proxyPort: integer("proxyPort").notNull(),
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index ad3c4bfc..c623fae3 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -158,6 +158,7 @@ export const siteResources = sqliteTable("siteResources", {
     orgId: text("orgId")
         .notNull()
         .references(() => orgs.orgId, { onDelete: "cascade" }),
+    niceId: text("niceId").notNull(),
     name: text("name").notNull(),
     protocol: text("protocol").notNull(),
     proxyPort: integer("proxyPort").notNull(),
diff --git a/server/lib/blueprints/applyBlueprint.ts b/server/lib/blueprints/applyBlueprint.ts
index 6f5fc4ee..47193420 100644
--- a/server/lib/blueprints/applyBlueprint.ts
+++ b/server/lib/blueprints/applyBlueprint.ts
@@ -1,11 +1,16 @@
 import { db, newts, Target } from "@server/db";
 import { Config, ConfigSchema } from "./types";
-import { ResourcesResults, updateResources } from "./resources";
+import { ProxyResourcesResults, updateProxyResources } from "./proxyResources";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { resources, targets, sites } from "@server/db";
 import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm";
-import { addTargets } from "@server/routers/newt/targets";
+import { addTargets as addProxyTargets } from "@server/routers/newt/targets";
+import { addTargets as addClientTargets } from "@server/routers/client/targets";
+import {
+    ClientResourcesResults,
+    updateClientResources
+} from "./clientResources";
 
 export async function applyBlueprint(
     orgId: string,
@@ -21,17 +26,29 @@ export async function applyBlueprint(
     const config: Config = validationResult.data;
 
     try {
-        let resourcesResults: ResourcesResults = [];
+        let proxyResourcesResults: ProxyResourcesResults = [];
+        let clientResourcesResults: ClientResourcesResults = [];
         await db.transaction(async (trx) => {
-            resourcesResults = await updateResources(orgId, config, trx, siteId);
+            proxyResourcesResults = await updateProxyResources(
+                orgId,
+                config,
+                trx,
+                siteId
+            );
+            clientResourcesResults = await updateClientResources(
+                orgId,
+                config,
+                trx,
+                siteId
+            );
         });
 
         logger.debug(
-            `Successfully updated resources for org ${orgId}: ${JSON.stringify(resourcesResults)}`
+            `Successfully updated proxy resources for org ${orgId}: ${JSON.stringify(proxyResourcesResults)}`
         );
 
         // We need to update the targets on the newts from the successfully updated information
-        for (const result of resourcesResults) {
+        for (const result of proxyResourcesResults) {
             for (const target of result.targetsToUpdate) {
                 const [site] = await db
                     .select()
@@ -52,15 +69,50 @@ export async function applyBlueprint(
                         `Updating target ${target.targetId} on site ${site.sites.siteId}`
                     );
 
-                    await addTargets(
+                    await addProxyTargets(
                         site.newt.newtId,
                         [target],
-                        result.resource.protocol,
-                        result.resource.proxyPort
+                        result.proxyResource.protocol,
+                        result.proxyResource.proxyPort
                     );
                 }
             }
         }
+
+        logger.debug(
+            `Successfully updated client resources for org ${orgId}: ${JSON.stringify(clientResourcesResults)}`
+        );
+
+        // We need to update the targets on the newts from the successfully updated information
+        for (const result of clientResourcesResults) {
+            const [site] = await db
+                .select()
+                .from(sites)
+                .innerJoin(newts, eq(sites.siteId, newts.siteId))
+                .where(
+                    and(
+                        eq(sites.siteId, result.resource.siteId),
+                        eq(sites.orgId, orgId),
+                        eq(sites.type, "newt"),
+                        isNotNull(sites.pubKey)
+                    )
+                )
+                .limit(1);
+
+            if (site) {
+                logger.debug(
+                    `Updating client resource ${result.resource.siteResourceId} on site ${site.sites.siteId}`
+                );
+
+                await addClientTargets(
+                    site.newt.newtId,
+                    result.resource.destinationIp,
+                    result.resource.destinationPort,
+                    result.resource.protocol,
+                    result.resource.proxyPort
+                );
+            }
+        }
     } catch (error) {
         logger.error(`Failed to update database from config: ${error}`);
         throw error;
@@ -102,17 +154,17 @@ export async function applyBlueprint(
 //                 }
 //             ]
 //         },
-        // "resource-nice-id2": {
-        //     name: "http server",
-        //     protocol: "tcp",
-        //     "proxy-port": 3000,
-        //     targets: [
-        //         {
-        //             site: "glossy-plains-viscacha-rat",
-        //             hostname: "localhost",
-        //             port: 3000,
-        //         }
-        //     ]
-        // }
+// "resource-nice-id2": {
+//     name: "http server",
+//     protocol: "tcp",
+//     "proxy-port": 3000,
+//     targets: [
+//         {
+//             site: "glossy-plains-viscacha-rat",
+//             hostname: "localhost",
+//             port: 3000,
+//         }
+//     ]
+// }
 //     }
 // });
diff --git a/server/lib/blueprints/clientResources.ts b/server/lib/blueprints/clientResources.ts
new file mode 100644
index 00000000..59bbc346
--- /dev/null
+++ b/server/lib/blueprints/clientResources.ts
@@ -0,0 +1,117 @@
+import {
+    SiteResource,
+    siteResources,
+    Transaction,
+} from "@server/db";
+import { sites } from "@server/db";
+import { eq, and } from "drizzle-orm";
+import {
+    Config,
+} from "./types";
+import logger from "@server/logger";
+
+export type ClientResourcesResults = {
+    resource: SiteResource;
+}[];
+
+export async function updateClientResources(
+    orgId: string,
+    config: Config,
+    trx: Transaction,
+    siteId?: number
+): Promise<ClientResourcesResults> {
+    const results: ClientResourcesResults = [];
+
+    for (const [resourceNiceId, resourceData] of Object.entries(
+        config["client-resources"]
+    )) {
+        const [existingResource] = await trx
+            .select()
+            .from(siteResources)
+            .where(
+                and(
+                    eq(siteResources.orgId, orgId),
+                    eq(siteResources.niceId, resourceNiceId)
+                )
+            )
+            .limit(1);
+
+        const resourceSiteId = resourceData.site;
+        let site;
+
+        if (resourceSiteId) {
+            // Look up site by niceId
+            [site] = await trx
+                .select({ siteId: sites.siteId })
+                .from(sites)
+                .where(
+                    and(
+                        eq(sites.niceId, resourceSiteId),
+                        eq(sites.orgId, orgId)
+                    )
+                )
+                .limit(1);
+        } else if (siteId) {
+            // Use the provided siteId directly, but verify it belongs to the org
+            [site] = await trx
+                .select({ siteId: sites.siteId })
+                .from(sites)
+                .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId)))
+                .limit(1);
+        } else {
+            throw new Error(`Target site is required`);
+        }
+
+        if (!site) {
+            throw new Error(
+                `Site not found: ${resourceSiteId} in org ${orgId}`
+            );
+        }
+
+        if (existingResource) {
+            // Update existing resource
+            const [updatedResource] = await trx
+                .update(siteResources)
+                .set({
+                    name: resourceData.name || resourceNiceId,
+                    siteId: site.siteId,
+                    proxyPort: resourceData["proxy-port"]!,
+                    destinationIp: resourceData.hostname,
+                    destinationPort: resourceData["internal-port"],
+                    protocol: resourceData.protocol
+                })
+                .where(
+                    eq(
+                        siteResources.siteResourceId,
+                        existingResource.siteResourceId
+                    )
+                )
+                .returning();
+
+                results.push({ resource: updatedResource });
+        } else {
+            // Create new resource
+            const [newResource] = await trx
+                .insert(siteResources)
+                .values({
+                    orgId: orgId,
+                    siteId: site.siteId,
+                    niceId: resourceNiceId,
+                    name: resourceData.name || resourceNiceId,
+                    proxyPort: resourceData["proxy-port"]!,
+                    destinationIp: resourceData.hostname,
+                    destinationPort: resourceData["internal-port"],
+                    protocol: resourceData.protocol
+                })
+                .returning();
+
+            logger.info(
+                `Created new client resource ${newResource.name} (${newResource.siteResourceId}) for org ${orgId}`
+            );
+
+            results.push({ resource: newResource });
+        }
+    }
+
+    return results;
+}
diff --git a/server/lib/blueprints/parseDockerContainers.ts b/server/lib/blueprints/parseDockerContainers.ts
index 03ab609f..d00cbd73 100644
--- a/server/lib/blueprints/parseDockerContainers.ts
+++ b/server/lib/blueprints/parseDockerContainers.ts
@@ -66,9 +66,9 @@ export function processContainerLabels(containers: Container[]): {
 
         const resourceLabels: DockerLabels = {};
 
-        // Filter labels that start with "pangolin.resources."
+        // Filter labels that start with "pangolin.proxy-resources."
         Object.entries(container.labels).forEach(([key, value]) => {
-            if (key.startsWith("pangolin.resources.")) {
+            if (key.startsWith("pangolin.proxy-resources.") || key.startsWith("pangolin.client-resources.")) {
                 // remove the pangolin. prefix
                 const strippedKey = key.replace("pangolin.", "");
                 resourceLabels[strippedKey] = value;
diff --git a/server/lib/blueprints/resources.ts b/server/lib/blueprints/proxyResources.ts
similarity index 85%
rename from server/lib/blueprints/resources.ts
rename to server/lib/blueprints/proxyResources.ts
index ed766c7d..ecaa00cb 100644
--- a/server/lib/blueprints/resources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -3,6 +3,7 @@ import {
     orgDomains,
     Resource,
     resourcePincode,
+    resourceRules,
     resourceWhitelist,
     roleResources,
     roles,
@@ -14,27 +15,33 @@ import {
 } from "@server/db";
 import { resources, targets, sites } from "@server/db";
 import { eq, and, asc, or, ne, count, isNotNull } from "drizzle-orm";
-import { Config, ConfigSchema, isTargetsOnlyResource, TargetData } from "./types";
+import {
+    Config,
+    ConfigSchema,
+    isTargetsOnlyResource,
+    TargetData
+} from "./types";
 import logger from "@server/logger";
 import { pickPort } from "@server/routers/target/helpers";
 import { resourcePassword } from "@server/db";
 import { hashPassword } from "@server/auth/password";
+import { isValidCIDR, isValidIP, isValidUrlGlobPattern } from "../validators";
 
-export type ResourcesResults = {
-    resource: Resource;
+export type ProxyResourcesResults = {
+    proxyResource: Resource;
     targetsToUpdate: Target[];
 }[];
 
-export async function updateResources(
+export async function updateProxyResources(
     orgId: string,
     config: Config,
     trx: Transaction,
     siteId?: number
-): Promise<ResourcesResults> {
-    const results: ResourcesResults = [];
+): Promise<ProxyResourcesResults> {
+    const results: ProxyResourcesResults = [];
 
     for (const [resourceNiceId, resourceData] of Object.entries(
-        config.resources
+        config["proxy-resources"]
     )) {
         const targetsToUpdate: Target[] = [];
         let resource: Resource;
@@ -122,8 +129,14 @@ export async function updateResources(
         const http = resourceData.protocol == "http";
         const protocol =
             resourceData.protocol == "http" ? "tcp" : resourceData.protocol;
-        const resourceEnabled = resourceData.enabled == undefined || resourceData.enabled == null ? true : resourceData.enabled;
-        const resourceSsl = resourceData.ssl == undefined || resourceData.ssl == null ? true : resourceData.ssl;
+        const resourceEnabled =
+            resourceData.enabled == undefined || resourceData.enabled == null
+                ? true
+                : resourceData.enabled;
+        const resourceSsl =
+            resourceData.ssl == undefined || resourceData.ssl == null
+                ? true
+                : resourceData.ssl;
         let headers = "";
         for (const headerObj of resourceData.headers || []) {
             for (const [key, value] of Object.entries(headerObj)) {
@@ -147,9 +160,7 @@ export async function updateResources(
             }
 
             // check if the only key in the resource is targets, if so, skip the update
-            if (
-                isTargetsOnlyResource(resourceData)
-            ) {
+            if (isTargetsOnlyResource(resourceData)) {
                 logger.debug(
                     `Skipping update for resource ${existingResource.resourceId} as only targets are provided`
                 );
@@ -177,6 +188,8 @@ export async function updateResources(
                             ? resourceData.auth["whitelist-users"].length > 0
                             : false,
                         headers: headers || null,
+                        applyRules:
+                            resourceData.rules && resourceData.rules.length > 0
                     })
                     .where(
                         eq(resources.resourceId, existingResource.resourceId)
@@ -262,7 +275,11 @@ export async function updateResources(
 
             // Create new targets
             for (const [index, targetData] of resourceData.targets.entries()) {
-                if (!targetData || (typeof targetData === 'object' && Object.keys(targetData).length === 0)) {
+                if (
+                    !targetData ||
+                    (typeof targetData === "object" &&
+                        Object.keys(targetData).length === 0)
+                ) {
                     // If targetData is null or an empty object, we can skip it
                     continue;
                 }
@@ -354,19 +371,65 @@ export async function updateResources(
                 const targetsToDelete = existingResourceTargets.slice(
                     resourceData.targets.length
                 );
-                logger.debug(`Targets to delete: ${JSON.stringify(targetsToDelete)}`);
+                logger.debug(
+                    `Targets to delete: ${JSON.stringify(targetsToDelete)}`
+                );
                 for (const target of targetsToDelete) {
                     if (!target) {
                         continue;
-                    } 
+                    }
                     if (siteId && target.siteId !== siteId) {
-                        logger.debug(`Skipping target ${target.targetId} for deletion. Site ID does not match filter.`);
+                        logger.debug(
+                            `Skipping target ${target.targetId} for deletion. Site ID does not match filter.`
+                        );
                         continue; // only delete targets for the specified siteId
                     }
                     logger.debug(`Deleting target ${target.targetId}`);
                     await trx
                         .delete(targets)
-                        .where(eq(targets.targetId, target.targetId)); 
+                        .where(eq(targets.targetId, target.targetId));
+                }
+            }
+
+            const existingRules = await trx
+                .select()
+                .from(resourceRules)
+                .where(
+                    eq(resourceRules.resourceId, existingResource.resourceId)
+                )
+                .orderBy(resourceRules.priority);
+
+            // Sync rules
+            for (const [index, rule] of resourceData.rules?.entries() || []) {
+                const existingRule = existingRules[index];
+                if (existingRule) {
+                    if (
+                        existingRule.action !== rule.action ||
+                        existingRule.match !== rule.match ||
+                        existingRule.value !== rule.value
+                    ) {
+                        await trx
+                            .update(resourceRules)
+                            .set({
+                                action: rule.action,
+                                match: rule.match,
+                                value: rule.value
+                            })
+                            .where(
+                                eq(resourceRules.ruleId, existingRule.ruleId)
+                            );
+                    }
+                }
+            }
+
+            if (existingRules.length > (resourceData.rules?.length || 0)) {
+                const rulesToDelete = existingRules.slice(
+                    resourceData.rules?.length || 0
+                );
+                for (const rule of rulesToDelete) {
+                    await trx
+                        .delete(resourceRules)
+                        .where(eq(resourceRules.ruleId, rule.ruleId));
                 }
             }
 
@@ -401,7 +464,9 @@ export async function updateResources(
                     setHostHeader: resourceData["host-header"] || null,
                     tlsServerName: resourceData["tls-server-name"] || null,
                     ssl: resourceSsl,
-                    headers: headers || null
+                    headers: headers || null,
+                    applyRules:
+                        resourceData.rules && resourceData.rules.length > 0
                 })
                 .returning();
 
@@ -484,12 +549,37 @@ export async function updateResources(
                 await createTarget(newResource.resourceId, targetData);
             }
 
+            for (const [index, rule] of resourceData.rules?.entries() || []) {
+                if (rule.match === "cidr") {
+                    if (!isValidCIDR(rule.value)) {
+                        throw new Error(`Invalid CIDR provided: ${rule.value}`);
+                    }
+                } else if (rule.match === "ip") {
+                    if (!isValidIP(rule.value)) {
+                        throw new Error(`Invalid IP provided: ${rule.value}`);
+                    }
+                } else if (rule.match === "path") {
+                    if (!isValidUrlGlobPattern(rule.value)) {
+                        throw new Error(
+                            `Invalid URL glob pattern: ${rule.value}`
+                        );
+                    }
+                }
+                await trx.insert(resourceRules).values({
+                    resourceId: newResource.resourceId,
+                    action: rule.action,
+                    match: rule.match,
+                    value: rule.value,
+                    priority: index + 1 // start priorities at 1
+                });
+            }
+
             logger.debug(`Created resource ${newResource.resourceId}`);
         }
 
         results.push({
-            resource: resource,
-            targetsToUpdate,
+            proxyResource: resource,
+            targetsToUpdate
         });
     }
 
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index d668c894..786e5246 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -31,7 +31,13 @@ export const AuthSchema = z.object({
             message: "Admin role cannot be included in sso-roles"
         }),
     "sso-users": z.array(z.string().email()).optional().default([]),
-    "whitelist-users": z.array(z.string().email()).optional().default([])
+    "whitelist-users": z.array(z.string().email()).optional().default([]),
+});
+
+export const RuleSchema = z.object({
+    action: z.enum(["allow", "deny", "pass"]),
+    match: z.enum(["cidr", "path", "ip", "country"]),
+    value: z.string()
 });
 
 // Schema for individual resource
@@ -48,6 +54,7 @@ export const ResourceSchema = z
         "host-header": z.string().optional(),
         "tls-server-name": z.string().optional(),
         headers: z.array(z.record(z.string(), z.string())).optional().default([]),
+        rules: z.array(RuleSchema).optional().default([]),
     })
     .refine(
         (resource) => {
@@ -164,10 +171,21 @@ export function isTargetsOnlyResource(resource: any): boolean {
     return Object.keys(resource).length === 1 && resource.targets;
 }
 
+export const ClientResourceSchema = z.object({
+    name: z.string().min(2).max(100),
+    site: z.string().min(2).max(100),
+    protocol: z.enum(["tcp", "udp"]),
+    "proxy-port": z.number().min(1).max(65535),
+    "hostname": z.string().min(1).max(255),
+    "internal-port": z.number().min(1).max(65535),
+    enabled: z.boolean().optional().default(true)   
+});
+
 // Schema for the entire configuration object
 export const ConfigSchema = z
     .object({
-        resources: z.record(z.string(), ResourceSchema).optional().default({}),
+        "proxy-resources": z.record(z.string(), ResourceSchema).optional().default({}),
+        "client-resources": z.record(z.string(), ClientResourceSchema).optional().default({}),
         sites: z.record(z.string(), SiteSchema).optional().default({})
     })
     .refine(
@@ -176,7 +194,7 @@ export const ConfigSchema = z
             // Extract all full-domain values with their resource keys
             const fullDomainMap = new Map<string, string[]>();
 
-            Object.entries(config.resources).forEach(
+            Object.entries(config["proxy-resources"]).forEach(
                 ([resourceKey, resource]) => {
                     const fullDomain = resource["full-domain"];
                     if (fullDomain) {
@@ -200,7 +218,7 @@ export const ConfigSchema = z
             // Extract duplicates for error message
             const fullDomainMap = new Map<string, string[]>();
 
-            Object.entries(config.resources).forEach(
+            Object.entries(config["proxy-resources"]).forEach(
                 ([resourceKey, resource]) => {
                     const fullDomain = resource["full-domain"];
                     if (fullDomain) {
@@ -226,6 +244,114 @@ export const ConfigSchema = z
                 path: ["resources"]
             };
         }
+    )
+    .refine(
+        // Enforce proxy-port uniqueness within proxy-resources
+        (config) => {
+            const proxyPortMap = new Map<number, string[]>();
+
+            Object.entries(config["proxy-resources"]).forEach(
+                ([resourceKey, resource]) => {
+                    const proxyPort = resource["proxy-port"];
+                    if (proxyPort !== undefined) {
+                        if (!proxyPortMap.has(proxyPort)) {
+                            proxyPortMap.set(proxyPort, []);
+                        }
+                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                    }
+                }
+            );
+
+            // Find duplicates
+            const duplicates = Array.from(proxyPortMap.entries()).filter(
+                ([_, resourceKeys]) => resourceKeys.length > 1
+            );
+
+            return duplicates.length === 0;
+        },
+        (config) => {
+            // Extract duplicates for error message
+            const proxyPortMap = new Map<number, string[]>();
+
+            Object.entries(config["proxy-resources"]).forEach(
+                ([resourceKey, resource]) => {
+                    const proxyPort = resource["proxy-port"];
+                    if (proxyPort !== undefined) {
+                        if (!proxyPortMap.has(proxyPort)) {
+                            proxyPortMap.set(proxyPort, []);
+                        }
+                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                    }
+                }
+            );
+
+            const duplicates = Array.from(proxyPortMap.entries())
+                .filter(([_, resourceKeys]) => resourceKeys.length > 1)
+                .map(
+                    ([proxyPort, resourceKeys]) =>
+                        `port ${proxyPort} used by proxy-resources: ${resourceKeys.join(", ")}`
+                )
+                .join("; ");
+
+            return {
+                message: `Duplicate 'proxy-port' values found in proxy-resources: ${duplicates}`,
+                path: ["proxy-resources"]
+            };
+        }
+    )
+    .refine(
+        // Enforce proxy-port uniqueness within client-resources
+        (config) => {
+            const proxyPortMap = new Map<number, string[]>();
+
+            Object.entries(config["client-resources"]).forEach(
+                ([resourceKey, resource]) => {
+                    const proxyPort = resource["proxy-port"];
+                    if (proxyPort !== undefined) {
+                        if (!proxyPortMap.has(proxyPort)) {
+                            proxyPortMap.set(proxyPort, []);
+                        }
+                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                    }
+                }
+            );
+
+            // Find duplicates
+            const duplicates = Array.from(proxyPortMap.entries()).filter(
+                ([_, resourceKeys]) => resourceKeys.length > 1
+            );
+
+            return duplicates.length === 0;
+        },
+        (config) => {
+            // Extract duplicates for error message
+            const proxyPortMap = new Map<number, string[]>();
+
+            Object.entries(config["client-resources"]).forEach(
+                ([resourceKey, resource]) => {
+                    const proxyPort = resource["proxy-port"];
+                    if (proxyPort !== undefined) {
+                        if (!proxyPortMap.has(proxyPort)) {
+                            proxyPortMap.set(proxyPort, []);
+                        }
+                        proxyPortMap.get(proxyPort)!.push(resourceKey);
+                    }
+                }
+            );
+
+            const duplicates = Array.from(proxyPortMap.entries())
+                .filter(([_, resourceKeys]) => resourceKeys.length > 1)
+                .map(
+                    ([proxyPort, resourceKeys]) =>
+                        `port ${proxyPort} used by client-resources: ${resourceKeys.join(", ")}`
+                )
+                .join("; ");
+
+            return {
+                message: `Duplicate 'proxy-port' values found in client-resources: ${duplicates}`,
+                path: ["client-resources"]
+            };
+        }
     );
 
 // Type inference from the schema
diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts
index da41c19c..ca223b04 100644
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -10,6 +10,7 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 import { addTargets } from "../client/targets";
+import { getUniqueSiteResourceName } from "@server/db/names";
 
 const createSiteResourceParamsSchema = z
     .object({
@@ -121,11 +122,14 @@ export async function createSiteResource(
             );
         }
 
+        const niceId = await getUniqueSiteResourceName(orgId);
+
         // Create the site resource
         const [newSiteResource] = await db
             .insert(siteResources)
             .values({
                 siteId,
+                niceId,
                 orgId,
                 name,
                 protocol,
diff --git a/server/routers/siteResource/getSiteResource.ts b/server/routers/siteResource/getSiteResource.ts
index 914706cd..09c01eb0 100644
--- a/server/routers/siteResource/getSiteResource.ts
+++ b/server/routers/siteResource/getSiteResource.ts
@@ -12,21 +12,72 @@ import { OpenAPITags, registry } from "@server/openApi";
 
 const getSiteResourceParamsSchema = z
     .object({
-        siteResourceId: z.string().transform(Number).pipe(z.number().int().positive()),
+        siteResourceId: z
+            .string()
+            .optional()
+            .transform((val) => val ? Number(val) : undefined)
+            .pipe(z.number().int().positive().optional())
+            .optional(),
         siteId: z.string().transform(Number).pipe(z.number().int().positive()),
+        niceId: z.string().optional(),
         orgId: z.string()
     })
     .strict();
 
-export type GetSiteResourceResponse = SiteResource;
+async function query(siteResourceId?: number, siteId?: number, niceId?: string, orgId?: string) {
+    if (siteResourceId && siteId && orgId) {
+        const [siteResource] = await db
+            .select()
+            .from(siteResources)
+            .where(and(
+                eq(siteResources.siteResourceId, siteResourceId),
+                eq(siteResources.siteId, siteId),
+                eq(siteResources.orgId, orgId)
+            ))
+            .limit(1);
+        return siteResource;
+    } else if (niceId && siteId && orgId) {
+        const [siteResource] = await db
+            .select()
+            .from(siteResources)
+            .where(and(
+                eq(siteResources.niceId, niceId),
+                eq(siteResources.siteId, siteId),
+                eq(siteResources.orgId, orgId)
+            ))
+            .limit(1);
+        return siteResource;
+    }
+}
+
+export type GetSiteResourceResponse = NonNullable<Awaited<ReturnType<typeof query>>>;
 
 registry.registerPath({
     method: "get",
     path: "/org/{orgId}/site/{siteId}/resource/{siteResourceId}",
-    description: "Get a specific site resource.",
+    description: "Get a specific site resource by siteResourceId.",
     tags: [OpenAPITags.Client, OpenAPITags.Org],
     request: {
-        params: getSiteResourceParamsSchema
+        params: z.object({
+            siteResourceId: z.number(),
+            siteId: z.number(),
+            orgId: z.string()
+        })
+    },
+    responses: {}
+});
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/site/{siteId}/resource/nice/{niceId}",
+    description: "Get a specific site resource by niceId.",
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    request: {
+        params: z.object({
+            niceId: z.string(),
+            siteId: z.number(),
+            orgId: z.string()
+        })
     },
     responses: {}
 });
@@ -47,18 +98,10 @@ export async function getSiteResource(
             );
         }
 
-        const { siteResourceId, siteId, orgId } = parsedParams.data;
+        const { siteResourceId, siteId, niceId, orgId } = parsedParams.data;
 
         // Get the site resource
-        const [siteResource] = await db
-            .select()
-            .from(siteResources)
-            .where(and(
-                eq(siteResources.siteResourceId, siteResourceId),
-                eq(siteResources.siteId, siteId),
-                eq(siteResources.orgId, orgId)
-            ))
-            .limit(1);
+        const siteResource = await query(siteResourceId, siteId, niceId, orgId);
 
         if (!siteResource) {
             return next(
diff --git a/src/components/CreateInternalResourceDialog.tsx b/src/components/CreateInternalResourceDialog.tsx
index ccfddcd8..63dfc11d 100644
--- a/src/components/CreateInternalResourceDialog.tsx
+++ b/src/components/CreateInternalResourceDialog.tsx
@@ -352,7 +352,7 @@ export default function CreateInternalResourceDialog({
                                             render={({ field }) => (
                                                 <FormItem>
                                                     <FormLabel>
-                                                        {t("createInternalResourceDialogDestinationIP")}
+                                                        {t("targetAddr")}
                                                     </FormLabel>
                                                     <FormControl>
                                                         <Input
@@ -373,7 +373,7 @@ export default function CreateInternalResourceDialog({
                                             render={({ field }) => (
                                                 <FormItem>
                                                     <FormLabel>
-                                                        {t("createInternalResourceDialogDestinationPort")}
+                                                        {t("targetPort")}
                                                     </FormLabel>
                                                     <FormControl>
                                                         <Input
diff --git a/src/components/EditInternalResourceDialog.tsx b/src/components/EditInternalResourceDialog.tsx
index adfed1b7..d09f0b6c 100644
--- a/src/components/EditInternalResourceDialog.tsx
+++ b/src/components/EditInternalResourceDialog.tsx
@@ -221,7 +221,7 @@ export default function EditInternalResourceDialog({
                                             name="destinationIp"
                                             render={({ field }) => (
                                                 <FormItem>
-                                                    <FormLabel>{t("editInternalResourceDialogDestinationIP")}</FormLabel>
+                                                    <FormLabel>{t("targetAddr")}</FormLabel>
                                                     <FormControl>
                                                         <Input {...field} />
                                                     </FormControl>
@@ -235,7 +235,7 @@ export default function EditInternalResourceDialog({
                                             name="destinationPort"
                                             render={({ field }) => (
                                                 <FormItem>
-                                                    <FormLabel>{t("editInternalResourceDialogDestinationPort")}</FormLabel>
+                                                    <FormLabel>{t("targetPort")}</FormLabel>
                                                     <FormControl>
                                                         <Input
                                                             type="number"

From 76e19508f0bf0ed0e6520d545e7f2533eb1cf19d Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 14 Sep 2025 17:27:21 -0700
Subject: [PATCH 086/166] Rules, client resources working

---
 blueprint.yaml                                |  34 ++-
 .../lib/blueprints/parseDockerContainers.ts   | 207 ++++++++++--------
 server/lib/blueprints/proxyResources.ts       |  66 ++++--
 server/lib/blueprints/types.ts                |   2 +-
 4 files changed, 188 insertions(+), 121 deletions(-)

diff --git a/blueprint.yaml b/blueprint.yaml
index 6854e55f..53602c26 100644
--- a/blueprint.yaml
+++ b/blueprint.yaml
@@ -1,8 +1,24 @@
-resources:
-  resource-nice-id-duce:
+client-resources:
+  client-resource-nice-id-uno:
+    name: this is my resource
+    protocol: tcp
+    proxy-port: 3001
+    hostname: localhost
+    internal-port: 3000
+    site: lively-yosemite-toad
+  client-resource-nice-id-duce:
+    name: this is my resource
+    protocol: udp
+    proxy-port: 3000
+    hostname: localhost
+    internal-port: 3000
+    site: lively-yosemite-toad
+
+proxy-resources:
+  resource-nice-id-uno:
     name: this is my resource
     protocol: http
-    full-domain: level1.test3.example.com
+    full-domain: duce.test.example.com
     host-header: example.com
     tls-server-name: example.com
     # auth:
@@ -18,6 +34,16 @@ resources:
     headers:
       - X-Example-Header: example-value
       - X-Another-Header: another-value
+    rules:
+      - action: allow
+        match: ip
+        value: 1.1.1.1
+      - action: deny
+        match: cidr 
+        value: 2.2.2.2/32
+      - action: pass
+        match: path
+        value: /admin
     targets:
     - site: lively-yosemite-toad
       path: /path
@@ -31,7 +57,7 @@ resources:
       pathMatchType: exact
       method: http
       port: 8001
-  resource-nice-id2:
+  resource-nice-id-duce:
     name: this is other resource
     protocol: tcp
     proxy-port: 3000
diff --git a/server/lib/blueprints/parseDockerContainers.ts b/server/lib/blueprints/parseDockerContainers.ts
index d00cbd73..1510e6e1 100644
--- a/server/lib/blueprints/parseDockerContainers.ts
+++ b/server/lib/blueprints/parseDockerContainers.ts
@@ -52,10 +52,12 @@ function getContainerPort(container: Container): number | null {
 }
 
 export function processContainerLabels(containers: Container[]): {
-    resources: { [key: string]: ResourceConfig };
+    "proxy-resources": { [key: string]: ResourceConfig };
+    "client-resources": { [key: string]: ResourceConfig };
 } {
-    const result: { resources: { [key: string]: ResourceConfig } } = {
-        resources: {}
+    const result = {
+        "proxy-resources": {} as { [key: string]: ResourceConfig },
+        "client-resources": {} as { [key: string]: ResourceConfig }
     };
 
     // Process each container
@@ -64,111 +66,126 @@ export function processContainerLabels(containers: Container[]): {
             return;
         }
 
-        const resourceLabels: DockerLabels = {};
+        const proxyResourceLabels: DockerLabels = {};
+        const clientResourceLabels: DockerLabels = {};
 
-        // Filter labels that start with "pangolin.proxy-resources."
+        // Filter and separate proxy-resources and client-resources labels
         Object.entries(container.labels).forEach(([key, value]) => {
-            if (key.startsWith("pangolin.proxy-resources.") || key.startsWith("pangolin.client-resources.")) {
-                // remove the pangolin. prefix
-                const strippedKey = key.replace("pangolin.", "");
-                resourceLabels[strippedKey] = value;
+            if (key.startsWith("pangolin.proxy-resources.")) {
+                // remove the pangolin.proxy- prefix to get "resources.xxx"
+                const strippedKey = key.replace("pangolin.proxy-", "");
+                proxyResourceLabels[strippedKey] = value;
+            } else if (key.startsWith("pangolin.client-resources.")) {
+                // remove the pangolin.client- prefix to get "resources.xxx"
+                const strippedKey = key.replace("pangolin.client-", "");
+                clientResourceLabels[strippedKey] = value;
             }
         });
 
-        // Skip containers with no resource labels
-        if (Object.keys(resourceLabels).length === 0) {
-            return;
+        // Process proxy resources
+        if (Object.keys(proxyResourceLabels).length > 0) {
+            processResourceLabels(proxyResourceLabels, container, result["proxy-resources"]);
         }
 
-        // Parse the labels using the existing parseDockerLabels logic
-        const tempResult: ParsedObject = {};
-        Object.entries(resourceLabels).forEach(([key, value]) => {
-            setNestedProperty(tempResult, key, value);
-        });
-
-        // Merge into main result
-        if (tempResult.resources) {
-            Object.entries(tempResult.resources).forEach(
-                ([resourceKey, resourceConfig]: [string, any]) => {
-                    // Initialize resource if it doesn't exist
-                    if (!result.resources[resourceKey]) {
-                        result.resources[resourceKey] = {};
-                    }
-
-                    // Merge all properties except targets
-                    Object.entries(resourceConfig).forEach(
-                        ([propKey, propValue]) => {
-                            if (propKey !== "targets") {
-                                result.resources[resourceKey][propKey] =
-                                    propValue;
-                            }
-                        }
-                    );
-
-                    // Handle targets specially
-                    if (
-                        resourceConfig.targets &&
-                        Array.isArray(resourceConfig.targets)
-                    ) {
-                        const resource = result.resources[resourceKey];
-                        if (resource) {
-                            if (!resource.targets) {
-                                resource.targets = [];
-                            }
-
-                            resourceConfig.targets.forEach(
-                                (target: any, targetIndex: number) => {
-                                    // check if the target is an empty object
-                                    if (
-                                        typeof target === "object" &&
-                                        Object.keys(target).length === 0
-                                    ) {
-                                        logger.debug(
-                                            `Skipping null target at index ${targetIndex} for resource ${resourceKey}`
-                                        );
-                                        resource.targets!.push(null);
-                                        return;
-                                    }
-
-                                    // Ensure targets array is long enough
-                                    while (
-                                        resource.targets!.length <= targetIndex
-                                    ) {
-                                        resource.targets!.push({});
-                                    }
-
-                                    // Set default hostname and port if not provided
-                                    const finalTarget = { ...target };
-                                    if (!finalTarget.hostname) {
-                                        finalTarget.hostname =
-                                            container.name ||
-                                            container.hostname;
-                                    }
-                                    if (!finalTarget.port) {
-                                        const containerPort =
-                                            getContainerPort(container);
-                                        if (containerPort !== null) {
-                                            finalTarget.port = containerPort;
-                                        }
-                                    }
-
-                                    // Merge with existing target data
-                                    resource.targets![targetIndex] = {
-                                        ...resource.targets![targetIndex],
-                                        ...finalTarget
-                                    };
-                                }
-                            );
-                        }
-                    }
-                }
-            );
+        // Process client resources
+        if (Object.keys(clientResourceLabels).length > 0) {
+            processResourceLabels(clientResourceLabels, container, result["client-resources"]);
         }
     });
 
     return result;
 }
 
+function processResourceLabels(
+    resourceLabels: DockerLabels,
+    container: Container,
+    targetResult: { [key: string]: ResourceConfig }
+) {
+    // Parse the labels using the existing parseDockerLabels logic
+    const tempResult: ParsedObject = {};
+    Object.entries(resourceLabels).forEach(([key, value]) => {
+        setNestedProperty(tempResult, key, value);
+    });
+
+    // Merge into target result
+    if (tempResult.resources) {
+        Object.entries(tempResult.resources).forEach(
+            ([resourceKey, resourceConfig]: [string, any]) => {
+                // Initialize resource if it doesn't exist
+                if (!targetResult[resourceKey]) {
+                    targetResult[resourceKey] = {};
+                }
+
+                // Merge all properties except targets
+                Object.entries(resourceConfig).forEach(
+                    ([propKey, propValue]) => {
+                        if (propKey !== "targets") {
+                            targetResult[resourceKey][propKey] = propValue;
+                        }
+                    }
+                );
+
+                // Handle targets specially
+                if (
+                    resourceConfig.targets &&
+                    Array.isArray(resourceConfig.targets)
+                ) {
+                    const resource = targetResult[resourceKey];
+                    if (resource) {
+                        if (!resource.targets) {
+                            resource.targets = [];
+                        }
+
+                        resourceConfig.targets.forEach(
+                            (target: any, targetIndex: number) => {
+                                // check if the target is an empty object
+                                if (
+                                    typeof target === "object" &&
+                                    Object.keys(target).length === 0
+                                ) {
+                                    logger.debug(
+                                        `Skipping null target at index ${targetIndex} for resource ${resourceKey}`
+                                    );
+                                    resource.targets!.push(null);
+                                    return;
+                                }
+
+                                // Ensure targets array is long enough
+                                while (
+                                    resource.targets!.length <= targetIndex
+                                ) {
+                                    resource.targets!.push({});
+                                }
+
+                                // Set default hostname and port if not provided
+                                const finalTarget = { ...target };
+                                if (!finalTarget.hostname) {
+                                    finalTarget.hostname =
+                                        container.name ||
+                                        container.hostname;
+                                }
+                                if (!finalTarget.port) {
+                                    const containerPort =
+                                        getContainerPort(container);
+                                    if (containerPort !== null) {
+                                        finalTarget.port = containerPort;
+                                    }
+                                }
+
+                                // Merge with existing target data
+                                resource.targets![targetIndex] = {
+                                    ...resource.targets![targetIndex],
+                                    ...finalTarget
+                                };
+                            }
+                        );
+                    }
+                }
+            }
+        );
+    }
+}
+
 // // Test example
 // const testContainers: Container[] = [
 //     {
diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts
index ecaa00cb..a66375dd 100644
--- a/server/lib/blueprints/proxyResources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -404,21 +404,31 @@ export async function updateProxyResources(
                 const existingRule = existingRules[index];
                 if (existingRule) {
                     if (
-                        existingRule.action !== rule.action ||
-                        existingRule.match !== rule.match ||
+                        existingRule.action !== getRuleAction(rule.action) ||
+                        existingRule.match !== rule.match.toUpperCase() ||
                         existingRule.value !== rule.value
                     ) {
+                        validateRule(rule);
                         await trx
                             .update(resourceRules)
                             .set({
-                                action: rule.action,
-                                match: rule.match,
+                                action: getRuleAction(rule.action),
+                                match: rule.match.toUpperCase(),
                                 value: rule.value
                             })
                             .where(
                                 eq(resourceRules.ruleId, existingRule.ruleId)
                             );
                     }
+                } else {
+                    validateRule(rule);
+                    await trx.insert(resourceRules).values({
+                        resourceId: existingResource.resourceId,
+                        action: rule.action.toUpperCase(),
+                        match: rule.match.toUpperCase(),
+                        value: rule.value,
+                        priority: index + 1 // start priorities at 1
+                    });
                 }
             }
 
@@ -550,25 +560,11 @@ export async function updateProxyResources(
             }
 
             for (const [index, rule] of resourceData.rules?.entries() || []) {
-                if (rule.match === "cidr") {
-                    if (!isValidCIDR(rule.value)) {
-                        throw new Error(`Invalid CIDR provided: ${rule.value}`);
-                    }
-                } else if (rule.match === "ip") {
-                    if (!isValidIP(rule.value)) {
-                        throw new Error(`Invalid IP provided: ${rule.value}`);
-                    }
-                } else if (rule.match === "path") {
-                    if (!isValidUrlGlobPattern(rule.value)) {
-                        throw new Error(
-                            `Invalid URL glob pattern: ${rule.value}`
-                        );
-                    }
-                }
+                validateRule(rule);
                 await trx.insert(resourceRules).values({
                     resourceId: newResource.resourceId,
-                    action: rule.action,
-                    match: rule.match,
+                    action: getRuleAction(rule.action),
+                    match: rule.match.toUpperCase(),
                     value: rule.value,
                     priority: index + 1 // start priorities at 1
                 });
@@ -586,6 +582,34 @@ export async function updateProxyResources(
     return results;
 }
 
+function getRuleAction(input: string) {
+    let action = "DROP";
+    if (input == "allow") {
+        action = "ACCEPT";
+    } else if (input == "deny") {
+        action = "DROP";
+    } else if (input == "pass") {
+        action = "PASS";
+    }
+    return action;
+}
+
+function validateRule(rule: any) {
+    if (rule.match === "cidr") {
+        if (!isValidCIDR(rule.value)) {
+            throw new Error(`Invalid CIDR provided: ${rule.value}`);
+        }
+    } else if (rule.match === "ip") {
+        if (!isValidIP(rule.value)) {
+            throw new Error(`Invalid IP provided: ${rule.value}`);
+        }
+    } else if (rule.match === "path") {
+        if (!isValidUrlGlobPattern(rule.value)) {
+            throw new Error(`Invalid URL glob pattern: ${rule.value}`);
+        }
+    }
+}
+
 async function syncRoleResources(
     resourceId: number,
     ssoRoles: string[],
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 786e5246..2b2ce5ec 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -173,7 +173,7 @@ export function isTargetsOnlyResource(resource: any): boolean {
 
 export const ClientResourceSchema = z.object({
     name: z.string().min(2).max(100),
-    site: z.string().min(2).max(100),
+    site: z.string().min(2).max(100).optional(),
     protocol: z.enum(["tcp", "udp"]),
     "proxy-port": z.number().min(1).max(65535),
     "hostname": z.string().min(1).max(255),

From 7f4d410cbd4be18765407601f7667b1267e34406 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 14 Sep 2025 17:35:21 -0700
Subject: [PATCH 087/166] Update migrations

---
 server/setup/scriptsPg/1.10.0.ts     | 31 +++++++++++++++++++++++++++-
 server/setup/scriptsSqlite/1.10.0.ts | 30 ++++++++++++++++++++++++++-
 2 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/server/setup/scriptsPg/1.10.0.ts b/server/setup/scriptsPg/1.10.0.ts
index 7cb1fa5a..d566cccb 100644
--- a/server/setup/scriptsPg/1.10.0.ts
+++ b/server/setup/scriptsPg/1.10.0.ts
@@ -11,7 +11,11 @@ export default async function migration() {
 
     try {
         const resources = await db.execute(sql`
-            SELECT "resourceId" FROM "resources" WHERE "siteId" IS NOT NULL
+            SELECT "resourceId" FROM "resources"
+        `);
+
+        const siteResources = await db.execute(sql`
+            SELECT "siteResourceId" FROM "siteResources"
         `);
 
         await db.execute(sql`BEGIN`);
@@ -28,6 +32,10 @@ export default async function migration() {
             sql`ALTER TABLE "resources" ADD COLUMN "niceId" text DEFAULT '' NOT NULL;`
         );
 
+        await db.execute(
+            sql`ALTER TABLE "siteResources" ADD COLUMN "niceId" text DEFAULT '' NOT NULL;`
+        );
+
         await db.execute(
             sql`ALTER TABLE "userOrgs" ADD COLUMN "autoProvisioned" boolean DEFAULT false;`
         );
@@ -65,6 +73,27 @@ export default async function migration() {
             `);
         }
 
+        for (const resource of siteResources.rows) {
+            // Generate a unique name and ensure it's unique
+            let niceId = "";
+            let loops = 0;
+            while (true) {
+                if (loops > 100) {
+                    throw new Error("Could not generate a unique name");
+                }
+
+                niceId = generateName();
+                if (!usedNiceIds.includes(niceId)) {
+                    usedNiceIds.push(niceId);
+                    break;
+                }
+                loops++;
+            }
+            await db.execute(sql`
+                UPDATE "siteResources" SET "niceId" = ${niceId} WHERE "siteResourceId" = ${resource.siteResourceId}
+            `);
+        }
+
         await db.execute(sql`COMMIT`);
         console.log(`Migrated database`);
     } catch (e) {
diff --git a/server/setup/scriptsSqlite/1.10.0.ts b/server/setup/scriptsSqlite/1.10.0.ts
index 359e80e1..41833ac6 100644
--- a/server/setup/scriptsSqlite/1.10.0.ts
+++ b/server/setup/scriptsSqlite/1.10.0.ts
@@ -17,10 +17,16 @@ export default async function migration() {
     try {
         const resources = db
             .prepare(
-                "SELECT resourceId FROM resources WHERE siteId IS NOT NULL"
+                "SELECT resourceId FROM resources"
             )
             .all() as Array<{ resourceId: number }>;
 
+        const siteResources = db
+            .prepare(
+                "SELECT siteResourceId FROM siteResources"
+            )
+            .all() as Array<{ siteResourceId: number }>;
+
         db.transaction(() => {
             db.exec(`
                 ALTER TABLE 'exitNodes' ADD 'region' text;
@@ -30,6 +36,7 @@ export default async function migration() {
                 ALTER TABLE 'targets' ADD 'pathMatchType' text;
                 ALTER TABLE 'targets' ADD 'path' text;
                 ALTER TABLE 'resources' ADD 'headers' text;
+                ALTER TABLE 'siteResources' ADD 'niceId' text NOT NULL;
             `); // this diverges from the schema a bit because the schema does not have a default on niceId but was required for the migration and I dont think it will effect much down the line...
 
             const usedNiceIds: string[] = [];
@@ -54,6 +61,27 @@ export default async function migration() {
                     `UPDATE resources SET niceId = ? WHERE resourceId = ?`
                 ).run(niceId, resourceId.resourceId);
             }
+
+            for (const resourceId of siteResources) {
+                // Generate a unique name and ensure it's unique
+                let niceId = "";
+                let loops = 0;
+                while (true) {
+                    if (loops > 100) {
+                        throw new Error("Could not generate a unique name");
+                    }
+
+                    niceId = generateName();
+                    if (!usedNiceIds.includes(niceId)) {
+                        usedNiceIds.push(niceId);
+                        break;
+                    }
+                    loops++;
+                }
+                db.prepare(
+                    `UPDATE siteResources SET niceId = ? WHERE siteResourceId = ?`
+                ).run(niceId, resourceId.siteResourceId);
+            }
         })();
 
         console.log(`Migrated database`);

From 8f29c42ab473debb723b355a5b103129fe88aadb Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 14 Sep 2025 20:33:06 -0700
Subject: [PATCH 088/166] Working on making blueprints work

---
 server/lib/blueprints/proxyResources.ts    | 6 +++---
 server/lib/blueprints/types.ts             | 2 +-
 server/routers/traefik/getTraefikConfig.ts | 6 ++++--
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts
index a66375dd..b8541518 100644
--- a/server/lib/blueprints/proxyResources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -107,7 +107,7 @@ export async function updateProxyResources(
                     enabled: targetData.enabled,
                     internalPort: internalPortToCreate,
                     path: targetData.path,
-                    pathMatchType: targetData.pathMatchType
+                    pathMatchType: targetData["path-match"]
                 })
                 .returning();
 
@@ -333,7 +333,7 @@ export async function updateProxyResources(
                             port: targetData.port,
                             enabled: targetData.enabled,
                             path: targetData.path,
-                            pathMatchType: targetData.pathMatchType
+                            pathMatchType: targetData["path-match"]
                         })
                         .where(eq(targets.targetId, existingTarget.targetId))
                         .returning();
@@ -424,7 +424,7 @@ export async function updateProxyResources(
                     validateRule(rule);
                     await trx.insert(resourceRules).values({
                         resourceId: existingResource.resourceId,
-                        action: rule.action.toUpperCase(),
+                        action: getRuleAction(rule.action),
                         match: rule.match.toUpperCase(),
                         value: rule.value,
                         priority: index + 1 // start priorities at 1
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 2b2ce5ec..fe360e92 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -14,7 +14,7 @@ export const TargetSchema = z.object({
     enabled: z.boolean().optional().default(true),
     "internal-port": z.number().int().min(1).max(65535).optional(),
     path: z.string().optional(),
-    pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable()
+    "path-match": z.enum(["exact", "prefix", "regex"]).optional().nullable()
 });
 export type TargetData = z.infer<typeof TargetSchema>;
 
diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index 08c94ad0..ac24ba7f 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -348,7 +348,9 @@ export async function getTraefikConfig(
             }
 
             let rule = `Host(\`${fullDomain}\`)`;
+            let priority = 100;
             if (resource.path && resource.pathMatchType) {
+                priority += 1;
                 // add path to rule based on match type
                 if (resource.pathMatchType === "exact") {
                     rule += ` && Path(\`${resource.path}\`)`;
@@ -368,7 +370,7 @@ export async function getTraefikConfig(
                 middlewares: routerMiddlewares,
                 service: serviceName,
                 rule: rule,
-                priority: 100,
+                priority: priority,
                 ...(resource.ssl ? { tls } : {})
             };
 
@@ -380,7 +382,7 @@ export async function getTraefikConfig(
                     middlewares: [redirectHttpsMiddlewareName],
                     service: serviceName,
                     rule: rule,
-                    priority: 100
+                    priority: priority
                 };
             }
 

From 7f6ee7c88d6bf476b3262bcfa8e6e3854ae41be6 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Thu, 11 Sep 2025 21:26:13 -0700
Subject: [PATCH 089/166] Translate

---
 messages/en-US.json                                | 6 ++++--
 src/app/[orgId]/settings/resources/create/page.tsx | 4 ++--
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 51845e6f..6f75f1ff 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1518,5 +1518,7 @@
     "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
     "domainPickerSubdomainSanitized": "Subdomain sanitized",
-    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 946f563d..83d94cd4 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -1546,7 +1546,7 @@ export default function Page() {
                                                 {t("resourceAddEntrypoints")}
                                             </h3>
                                             <p className="text-sm text-muted-foreground">
-                                                (Edit file: config/traefik/traefik_config.yml)
+                                                {t("resourceAddEntrypointsEditFile")}
                                             </p>
                                             <CopyTextBox
                                                 text={`entryPoints:
@@ -1561,7 +1561,7 @@ export default function Page() {
                                                 {t("resourceExposePorts")}
                                             </h3>
                                             <p className="text-sm text-muted-foreground">
-                                                (Edit file: docker-compose.yml)
+                                                {t("resourceExposePortsEditFile")}
                                             </p>
                                             <CopyTextBox
                                                 text={`ports:

From a0b7f14b9ec94922e3c275dab7daa4ac5454aac6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 9 Sep 2025 01:18:58 +0000
Subject: [PATCH 090/166] Bump golang.org/x/term in /install in the
 prod-minor-updates group

Bumps the prod-minor-updates group in /install with 1 update: [golang.org/x/term](https://github.com/golang/term).


Updates `golang.org/x/term` from 0.34.0 to 0.35.0
- [Commits](https://github.com/golang/term/compare/v0.34.0...v0.35.0)

---
updated-dependencies:
- dependency-name: golang.org/x/term
  dependency-version: 0.35.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 install/go.mod | 6 +++---
 install/go.sum | 8 ++++----
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/install/go.mod b/install/go.mod
index b12f9ef4..b1465ac5 100644
--- a/install/go.mod
+++ b/install/go.mod
@@ -1,10 +1,10 @@
 module installer
 
-go 1.24
+go 1.24.0
 
 require (
-	golang.org/x/term v0.34.0
+	golang.org/x/term v0.35.0
 	gopkg.in/yaml.v3 v3.0.1
 )
 
-require golang.org/x/sys v0.35.0 // indirect
+require golang.org/x/sys v0.36.0 // indirect
diff --git a/install/go.sum b/install/go.sum
index 320762f0..789a291b 100644
--- a/install/go.sum
+++ b/install/go.sum
@@ -1,7 +1,7 @@
-golang.org/x/sys v0.35.0 h1:vz1N37gP5bs89s7He8XuIYXpyY0+QlsKmzipCbUtyxI=
-golang.org/x/sys v0.35.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/term v0.34.0 h1:O/2T7POpk0ZZ7MAzMeWFSg6S5IpWd/RXDlM9hgM3DR4=
-golang.org/x/term v0.34.0/go.mod h1:5jC53AEywhIVebHgPVeg0mj8OD3VO9OzclacVrqpaAw=
+golang.org/x/sys v0.36.0 h1:KVRy2GtZBrk1cBYA7MKu5bEZFxQk4NIDV6RLVcC8o0k=
+golang.org/x/sys v0.36.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
+golang.org/x/term v0.35.0 h1:bZBVKBudEyhRcajGcNc3jIfWPqV4y/Kt2XcoigOWtDQ=
+golang.org/x/term v0.35.0/go.mod h1:TPGtkTLesOwf2DE8CgVYiZinHAOuy5AYUYT1lENIZnA=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

From fa36aeca1c6b513673baea1f4424ba022e67c854 Mon Sep 17 00:00:00 2001
From: Milo Schwartz <mschwartz10612@gmail.com>
Date: Sat, 13 Sep 2025 19:15:52 -0400
Subject: [PATCH 091/166] Update README.md

---
 README.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/README.md b/README.md
index 818a881a..1d21b8c8 100644
--- a/README.md
+++ b/README.md
@@ -27,8 +27,17 @@ _Pangolin tunnels your services to the internet so you can access anything from
       <a href="mailto:contact@fossorial.io">
         Contact Us
       </a>
+      <span> | </span>
+      <a href="https://digpangolin.com/slack">
+        Slack
+      </a>
+      <span> | </span>
+      <a href="https://discord.gg/HCJR8Xhme4">
+        Discord
+      </a>
   </h5>
 
+[![Slack](https://img.shields.io/badge/chat-slack-yellow?style=flat-square&logo=slack)](https://digpangolin.com/slack)
 [![Docker](https://img.shields.io/docker/pulls/fosrl/pangolin?style=flat-square)](https://hub.docker.com/r/fosrl/pangolin)
 ![Stars](https://img.shields.io/github/stars/fosrl/pangolin?style=flat-square)
 [![Discord](https://img.shields.io/discord/1325658630518865980?logo=discord&style=flat-square)](https://discord.gg/HCJR8Xhme4)

From f9ea02065efa85feb97b1d6b63586f4f8055089c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 Sep 2025 09:34:35 +0200
Subject: [PATCH 092/166] Bump typescript-eslint in the dev-minor-updates group
 (#331)

Bumps the dev-minor-updates group with 1 update: [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `typescript-eslint` from 8.40.0 to 8.43.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.43.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: typescript-eslint
  dependency-version: 8.43.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 124 +++++++++++++++++++++++-----------------------
 package.json      |   2 +-
 2 files changed, 63 insertions(+), 63 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bcced536..4115f2c8 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -126,7 +126,7 @@
                 "tsc-alias": "1.8.16",
                 "tsx": "4.20.5",
                 "typescript": "^5",
-                "typescript-eslint": "^8.40.0"
+                "typescript-eslint": "^8.43.0"
             }
         },
         "node_modules/@alloc/quick-lru": {
@@ -5113,16 +5113,16 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.40.0.tgz",
-            "integrity": "sha512-w/EboPlBwnmOBtRbiOvzjD+wdiZdgFeo17lkltrtn7X37vagKKWJABvyfsJXTlHe6XBzugmYgd4A4nW+k8Mixw==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.43.0.tgz",
+            "integrity": "sha512-8tg+gt7ENL7KewsKMKDHXR1vm8tt9eMxjJBYINf6swonlWgkYn5NwyIgXpbbDxTNU5DgpDFfj95prcTq2clIQQ==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.40.0",
-                "@typescript-eslint/type-utils": "8.40.0",
-                "@typescript-eslint/utils": "8.40.0",
-                "@typescript-eslint/visitor-keys": "8.40.0",
+                "@typescript-eslint/scope-manager": "8.43.0",
+                "@typescript-eslint/type-utils": "8.43.0",
+                "@typescript-eslint/utils": "8.43.0",
+                "@typescript-eslint/visitor-keys": "8.43.0",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -5136,7 +5136,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.40.0",
+                "@typescript-eslint/parser": "^8.43.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <6.0.0"
             }
@@ -5151,15 +5151,15 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.40.0.tgz",
-            "integrity": "sha512-jCNyAuXx8dr5KJMkecGmZ8KI61KBUhkCob+SD+C+I5+Y1FWI2Y3QmY4/cxMCC5WAsZqoEtEETVhUiUMIGCf6Bw==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.43.0.tgz",
+            "integrity": "sha512-B7RIQiTsCBBmY+yW4+ILd6mF5h1FUwJsVvpqkrgpszYifetQ2Ke+Z4u6aZh0CblkUGIdR59iYVyXqqZGkZ3aBw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.40.0",
-                "@typescript-eslint/types": "8.40.0",
-                "@typescript-eslint/typescript-estree": "8.40.0",
-                "@typescript-eslint/visitor-keys": "8.40.0",
+                "@typescript-eslint/scope-manager": "8.43.0",
+                "@typescript-eslint/types": "8.43.0",
+                "@typescript-eslint/typescript-estree": "8.43.0",
+                "@typescript-eslint/visitor-keys": "8.43.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -5175,13 +5175,13 @@
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.40.0.tgz",
-            "integrity": "sha512-/A89vz7Wf5DEXsGVvcGdYKbVM9F7DyFXj52lNYUDS1L9yJfqjW/fIp5PgMuEJL/KeqVTe2QSbXAGUZljDUpArw==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.43.0.tgz",
+            "integrity": "sha512-htB/+D/BIGoNTQYffZw4uM4NzzuolCoaA/BusuSIcC8YjmBYQioew5VUZAYdAETPjeed0hqCaW7EHg+Robq8uw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.40.0",
-                "@typescript-eslint/types": "^8.40.0",
+                "@typescript-eslint/tsconfig-utils": "^8.43.0",
+                "@typescript-eslint/types": "^8.43.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -5196,13 +5196,13 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.40.0.tgz",
-            "integrity": "sha512-y9ObStCcdCiZKzwqsE8CcpyuVMwRouJbbSrNuThDpv16dFAj429IkM6LNb1dZ2m7hK5fHyzNcErZf7CEeKXR4w==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.43.0.tgz",
+            "integrity": "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.40.0",
-                "@typescript-eslint/visitor-keys": "8.40.0"
+                "@typescript-eslint/types": "8.43.0",
+                "@typescript-eslint/visitor-keys": "8.43.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5213,9 +5213,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.40.0.tgz",
-            "integrity": "sha512-jtMytmUaG9d/9kqSl/W3E3xaWESo4hFDxAIHGVW/WKKtQhesnRIJSAJO6XckluuJ6KDB5woD1EiqknriCtAmcw==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.43.0.tgz",
+            "integrity": "sha512-ALC2prjZcj2YqqL5X/bwWQmHA2em6/94GcbB/KKu5SX3EBDOsqztmmX1kMkvAJHzxk7TazKzJfFiEIagNV3qEA==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5229,14 +5229,14 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.40.0.tgz",
-            "integrity": "sha512-eE60cK4KzAc6ZrzlJnflXdrMqOBaugeukWICO2rB0KNvwdIMaEaYiywwHMzA1qFpTxrLhN9Lp4E/00EgWcD3Ow==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.43.0.tgz",
+            "integrity": "sha512-qaH1uLBpBuBBuRf8c1mLJ6swOfzCXryhKND04Igr4pckzSEW9JX5Aw9AgW00kwfjWJF0kk0ps9ExKTfvXfw4Qg==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.40.0",
-                "@typescript-eslint/typescript-estree": "8.40.0",
-                "@typescript-eslint/utils": "8.40.0",
+                "@typescript-eslint/types": "8.43.0",
+                "@typescript-eslint/typescript-estree": "8.43.0",
+                "@typescript-eslint/utils": "8.43.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -5253,9 +5253,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.40.0.tgz",
-            "integrity": "sha512-ETdbFlgbAmXHyFPwqUIYrfc12ArvpBhEVgGAxVYSwli26dn8Ko+lIo4Su9vI9ykTZdJn+vJprs/0eZU0YMAEQg==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.43.0.tgz",
+            "integrity": "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5266,15 +5266,15 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.40.0.tgz",
-            "integrity": "sha512-k1z9+GJReVVOkc1WfVKs1vBrR5MIKKbdAjDTPvIK3L8De6KbFfPFt6BKpdkdk7rZS2GtC/m6yI5MYX+UsuvVYQ==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.43.0.tgz",
+            "integrity": "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.40.0",
-                "@typescript-eslint/tsconfig-utils": "8.40.0",
-                "@typescript-eslint/types": "8.40.0",
-                "@typescript-eslint/visitor-keys": "8.40.0",
+                "@typescript-eslint/project-service": "8.43.0",
+                "@typescript-eslint/tsconfig-utils": "8.43.0",
+                "@typescript-eslint/types": "8.43.0",
+                "@typescript-eslint/visitor-keys": "8.43.0",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -5346,15 +5346,15 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.40.0.tgz",
-            "integrity": "sha512-Cgzi2MXSZyAUOY+BFwGs17s7ad/7L+gKt6Y8rAVVWS+7o6wrjeFN4nVfTpbE25MNcxyJ+iYUXflbs2xR9h4UBg==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.43.0.tgz",
+            "integrity": "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.40.0",
-                "@typescript-eslint/types": "8.40.0",
-                "@typescript-eslint/typescript-estree": "8.40.0"
+                "@typescript-eslint/scope-manager": "8.43.0",
+                "@typescript-eslint/types": "8.43.0",
+                "@typescript-eslint/typescript-estree": "8.43.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5369,12 +5369,12 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.40.0.tgz",
-            "integrity": "sha512-8CZ47QwalyRjsypfwnbI3hKy5gJDPmrkLjkgMxhi0+DZZ2QNx2naS6/hWoVYUHU7LU2zleF68V9miaVZvhFfTA==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.43.0.tgz",
+            "integrity": "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.40.0",
+                "@typescript-eslint/types": "8.43.0",
                 "eslint-visitor-keys": "^4.2.1"
             },
             "engines": {
@@ -16403,16 +16403,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.40.0",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.40.0.tgz",
-            "integrity": "sha512-Xvd2l+ZmFDPEt4oj1QEXzA4A2uUK6opvKu3eGN9aGjB8au02lIVcLyi375w94hHyejTOmzIU77L8ol2sRg9n7Q==",
+            "version": "8.43.0",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.43.0.tgz",
+            "integrity": "sha512-FyRGJKUGvcFekRRcBKFBlAhnp4Ng8rhe8tuvvkR9OiU0gfd4vyvTRQHEckO6VDlH57jbeUQem2IpqPq9kLJH+w==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.40.0",
-                "@typescript-eslint/parser": "8.40.0",
-                "@typescript-eslint/typescript-estree": "8.40.0",
-                "@typescript-eslint/utils": "8.40.0"
+                "@typescript-eslint/eslint-plugin": "8.43.0",
+                "@typescript-eslint/parser": "8.43.0",
+                "@typescript-eslint/typescript-estree": "8.43.0",
+                "@typescript-eslint/utils": "8.43.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
diff --git a/package.json b/package.json
index 671034eb..3f47ff5a 100644
--- a/package.json
+++ b/package.json
@@ -143,7 +143,7 @@
         "tsc-alias": "1.8.16",
         "tsx": "4.20.5",
         "typescript": "^5",
-        "typescript-eslint": "^8.40.0"
+        "typescript-eslint": "^8.43.0"
     },
     "overrides": {
         "emblor": {

From 009f7b23d9b7a28cfbf639243fe5435f75e67040 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 Sep 2025 09:36:52 +0200
Subject: [PATCH 093/166] Bump the prod-patch-updates group with 7 updates
 (#332)

Bumps the prod-patch-updates group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [@react-email/components](https://github.com/resend/react-email/tree/HEAD/packages/components) | `0.5.0` | `0.5.3` |
| [@react-email/render](https://github.com/resend/react-email/tree/HEAD/packages/render) | `1.2.0` | `1.2.3` |
| [drizzle-orm](https://github.com/drizzle-team/drizzle-orm) | `0.44.4` | `0.44.5` |
| [next-intl](https://github.com/amannn/next-intl) | `4.3.4` | `4.3.8` |
| [nodemailer](https://github.com/nodemailer/nodemailer) | `7.0.5` | `7.0.6` |
| [@types/nodemailer](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/nodemailer) | `6.4.17` | `7.0.1` |
| [tw-animate-css](https://github.com/Wombosvideo/tw-animate-css) | `1.3.7` | `1.3.8` |


Updates `@react-email/components` from 0.5.0 to 0.5.3
- [Release notes](https://github.com/resend/react-email/releases)
- [Changelog](https://github.com/resend/react-email/blob/canary/packages/components/CHANGELOG.md)
- [Commits](https://github.com/resend/react-email/commits/@react-email/components@0.5.3/packages/components)

Updates `@react-email/render` from 1.2.0 to 1.2.3
- [Release notes](https://github.com/resend/react-email/releases)
- [Changelog](https://github.com/resend/react-email/blob/canary/packages/render/CHANGELOG.md)
- [Commits](https://github.com/resend/react-email/commits/@react-email/render@1.2.3/packages/render)

Updates `drizzle-orm` from 0.44.4 to 0.44.5
- [Release notes](https://github.com/drizzle-team/drizzle-orm/releases)
- [Commits](https://github.com/drizzle-team/drizzle-orm/compare/0.44.4...0.44.5)

Updates `next-intl` from 4.3.4 to 4.3.8
- [Release notes](https://github.com/amannn/next-intl/releases)
- [Changelog](https://github.com/amannn/next-intl/blob/main/CHANGELOG.md)
- [Commits](https://github.com/amannn/next-intl/compare/v4.3.4...v4.3.8)

Updates `nodemailer` from 7.0.5 to 7.0.6
- [Release notes](https://github.com/nodemailer/nodemailer/releases)
- [Changelog](https://github.com/nodemailer/nodemailer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/nodemailer/nodemailer/compare/v7.0.5...v7.0.6)

Updates `@types/nodemailer` from 6.4.17 to 7.0.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/nodemailer)

Updates `tw-animate-css` from 1.3.7 to 1.3.8
- [Release notes](https://github.com/Wombosvideo/tw-animate-css/releases)
- [Commits](https://github.com/Wombosvideo/tw-animate-css/compare/v1.3.7...v1.3.8)

---
updated-dependencies:
- dependency-name: "@react-email/components"
  dependency-version: 0.5.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
- dependency-name: "@react-email/render"
  dependency-version: 1.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
- dependency-name: drizzle-orm
  dependency-version: 0.44.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
- dependency-name: next-intl
  dependency-version: 4.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
- dependency-name: nodemailer
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
- dependency-name: "@types/nodemailer"
  dependency-version: 7.0.1
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: prod-patch-updates
- dependency-name: tw-animate-css
  dependency-version: 1.3.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 1473 ++++++++++++++++++++++++++++++++++++++++++++-
 package.json      |   12 +-
 2 files changed, 1447 insertions(+), 38 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 4115f2c8..26a9a700 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -32,7 +32,7 @@
                 "@radix-ui/react-tabs": "1.1.13",
                 "@radix-ui/react-toast": "1.2.15",
                 "@radix-ui/react-tooltip": "^1.2.8",
-                "@react-email/components": "0.5.0",
+                "@react-email/components": "0.5.3",
                 "@react-email/render": "^1.2.0",
                 "@react-email/tailwind": "1.2.2",
                 "@simplewebauthn/browser": "^13.1.0",
@@ -51,7 +51,7 @@
                 "cookies": "^0.9.1",
                 "cors": "2.8.5",
                 "crypto-js": "^4.2.0",
-                "drizzle-orm": "0.44.4",
+                "drizzle-orm": "0.44.5",
                 "eslint": "9.33.0",
                 "eslint-config-next": "15.4.6",
                 "express": "5.1.0",
@@ -67,11 +67,11 @@
                 "lucide-react": "0.539.0",
                 "moment": "2.30.1",
                 "next": "15.4.6",
-                "next-intl": "^4.3.4",
+                "next-intl": "^4.3.8",
                 "next-themes": "0.4.6",
                 "node-cache": "5.1.2",
                 "node-fetch": "3.3.2",
-                "nodemailer": "7.0.5",
+                "nodemailer": "7.0.6",
                 "npm": "^11.5.2",
                 "oslo": "1.2.1",
                 "pg": "^8.16.2",
@@ -85,7 +85,7 @@
                 "semver": "^7.7.2",
                 "swagger-ui-express": "^5.0.1",
                 "tailwind-merge": "3.3.1",
-                "tw-animate-css": "^1.3.7",
+                "tw-animate-css": "^1.3.8",
                 "uuid": "^11.1.0",
                 "vaul": "1.1.2",
                 "winston": "3.17.0",
@@ -109,7 +109,7 @@
                 "@types/js-yaml": "4.0.9",
                 "@types/jsonwebtoken": "^9.0.10",
                 "@types/node": "^24",
-                "@types/nodemailer": "6.4.17",
+                "@types/nodemailer": "7.0.1",
                 "@types/pg": "8.15.5",
                 "@types/react": "19.1.12",
                 "@types/react-dom": "19.1.9",
@@ -154,6 +154,731 @@
                 "zod": "^3.20.2"
             }
         },
+        "node_modules/@aws-crypto/sha256-browser": {
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-browser/-/sha256-browser-5.2.0.tgz",
+            "integrity": "sha512-AXfN/lGotSQwu6HNcEsIASo7kWXZ5HYWvfOmSNKDsEqC4OashTp8alTmaz+F7TC2L083SFv5RdB+qU3Vs1kZqw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-crypto/sha256-js": "^5.2.0",
+                "@aws-crypto/supports-web-crypto": "^5.2.0",
+                "@aws-crypto/util": "^5.2.0",
+                "@aws-sdk/types": "^3.222.0",
+                "@aws-sdk/util-locate-window": "^3.0.0",
+                "@smithy/util-utf8": "^2.0.0",
+                "tslib": "^2.6.2"
+            }
+        },
+        "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/is-array-buffer": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz",
+            "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
+        "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-buffer-from": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz",
+            "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/is-array-buffer": "^2.2.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
+        "node_modules/@aws-crypto/sha256-browser/node_modules/@smithy/util-utf8": {
+            "version": "2.3.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz",
+            "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/util-buffer-from": "^2.2.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
+        "node_modules/@aws-crypto/sha256-js": {
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/@aws-crypto/sha256-js/-/sha256-js-5.2.0.tgz",
+            "integrity": "sha512-FFQQyu7edu4ufvIZ+OadFpHHOt+eSTBaYaki44c+akjg7qZg9oOQeLlk77F6tSYqjDAFClrHJk9tMf0HdVyOvA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-crypto/util": "^5.2.0",
+                "@aws-sdk/types": "^3.222.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=16.0.0"
+            }
+        },
+        "node_modules/@aws-crypto/supports-web-crypto": {
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/@aws-crypto/supports-web-crypto/-/supports-web-crypto-5.2.0.tgz",
+            "integrity": "sha512-iAvUotm021kM33eCdNfwIN//F77/IADDSs58i+MDaOqFrVjZo9bAal0NK7HurRuWLLpF1iLX7gbWrjHjeo+YFg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            }
+        },
+        "node_modules/@aws-crypto/util": {
+            "version": "5.2.0",
+            "resolved": "https://registry.npmjs.org/@aws-crypto/util/-/util-5.2.0.tgz",
+            "integrity": "sha512-4RkU9EsI6ZpBve5fseQlGNUWKMa1RLPQ1dnjnQoe07ldfIzcsGb5hC5W0Dm7u423KWzawlrpbjXBrXCEv9zazQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "^3.222.0",
+                "@smithy/util-utf8": "^2.0.0",
+                "tslib": "^2.6.2"
+            }
+        },
+        "node_modules/@aws-crypto/util/node_modules/@smithy/is-array-buffer": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-2.2.0.tgz",
+            "integrity": "sha512-GGP3O9QFD24uGeAXYUjwSTXARoqpZykHadOmA8G5vfJPK0/DC67qa//0qvqrJzL1xc8WQWX7/yc7fwudjPHPhA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
+        "node_modules/@aws-crypto/util/node_modules/@smithy/util-buffer-from": {
+            "version": "2.2.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-2.2.0.tgz",
+            "integrity": "sha512-IJdWBbTcMQ6DA0gdNhh/BwrLkDR+ADW5Kr1aZmd4k3DIF6ezMV4R2NIAmT08wQJ3yUK82thHWmC/TnK/wpMMIA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/is-array-buffer": "^2.2.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
+        "node_modules/@aws-crypto/util/node_modules/@smithy/util-utf8": {
+            "version": "2.3.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-2.3.0.tgz",
+            "integrity": "sha512-R8Rdn8Hy72KKcebgLiv8jQcQkXoLMOGGv5uI1/k0l+snqkOzQ1R0ChUBCxWMlBsFMekWjq0wRudIweFs7sKT5A==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/util-buffer-from": "^2.2.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=14.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/client-sesv2": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/client-sesv2/-/client-sesv2-3.888.0.tgz",
+            "integrity": "sha512-Zy7AXvj4oVLE5Zkj61qYZxIFgJXbRgTmFJvQ/EqgxE87KPR9+gF5wtC3iqcKEmkqFlWlxWrlhV4K70Vqqj4bZQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-crypto/sha256-browser": "5.2.0",
+                "@aws-crypto/sha256-js": "5.2.0",
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/credential-provider-node": "3.888.0",
+                "@aws-sdk/middleware-host-header": "3.887.0",
+                "@aws-sdk/middleware-logger": "3.887.0",
+                "@aws-sdk/middleware-recursion-detection": "3.887.0",
+                "@aws-sdk/middleware-user-agent": "3.888.0",
+                "@aws-sdk/region-config-resolver": "3.887.0",
+                "@aws-sdk/signature-v4-multi-region": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@aws-sdk/util-endpoints": "3.887.0",
+                "@aws-sdk/util-user-agent-browser": "3.887.0",
+                "@aws-sdk/util-user-agent-node": "3.888.0",
+                "@smithy/config-resolver": "^4.2.1",
+                "@smithy/core": "^3.11.0",
+                "@smithy/fetch-http-handler": "^5.2.1",
+                "@smithy/hash-node": "^4.1.1",
+                "@smithy/invalid-dependency": "^4.1.1",
+                "@smithy/middleware-content-length": "^4.1.1",
+                "@smithy/middleware-endpoint": "^4.2.1",
+                "@smithy/middleware-retry": "^4.2.1",
+                "@smithy/middleware-serde": "^4.1.1",
+                "@smithy/middleware-stack": "^4.1.1",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/node-http-handler": "^4.2.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/url-parser": "^4.1.1",
+                "@smithy/util-base64": "^4.1.0",
+                "@smithy/util-body-length-browser": "^4.1.0",
+                "@smithy/util-body-length-node": "^4.1.0",
+                "@smithy/util-defaults-mode-browser": "^4.1.1",
+                "@smithy/util-defaults-mode-node": "^4.1.1",
+                "@smithy/util-endpoints": "^3.1.1",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-retry": "^4.1.1",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/client-sso": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/client-sso/-/client-sso-3.888.0.tgz",
+            "integrity": "sha512-8CLy/ehGKUmekjH+VtZJ4w40PqDg3u0K7uPziq/4P8Q7LLgsy8YQoHNbuY4am7JU3HWrqLXJI9aaz1+vPGPoWA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-crypto/sha256-browser": "5.2.0",
+                "@aws-crypto/sha256-js": "5.2.0",
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/middleware-host-header": "3.887.0",
+                "@aws-sdk/middleware-logger": "3.887.0",
+                "@aws-sdk/middleware-recursion-detection": "3.887.0",
+                "@aws-sdk/middleware-user-agent": "3.888.0",
+                "@aws-sdk/region-config-resolver": "3.887.0",
+                "@aws-sdk/types": "3.887.0",
+                "@aws-sdk/util-endpoints": "3.887.0",
+                "@aws-sdk/util-user-agent-browser": "3.887.0",
+                "@aws-sdk/util-user-agent-node": "3.888.0",
+                "@smithy/config-resolver": "^4.2.1",
+                "@smithy/core": "^3.11.0",
+                "@smithy/fetch-http-handler": "^5.2.1",
+                "@smithy/hash-node": "^4.1.1",
+                "@smithy/invalid-dependency": "^4.1.1",
+                "@smithy/middleware-content-length": "^4.1.1",
+                "@smithy/middleware-endpoint": "^4.2.1",
+                "@smithy/middleware-retry": "^4.2.1",
+                "@smithy/middleware-serde": "^4.1.1",
+                "@smithy/middleware-stack": "^4.1.1",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/node-http-handler": "^4.2.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/url-parser": "^4.1.1",
+                "@smithy/util-base64": "^4.1.0",
+                "@smithy/util-body-length-browser": "^4.1.0",
+                "@smithy/util-body-length-node": "^4.1.0",
+                "@smithy/util-defaults-mode-browser": "^4.1.1",
+                "@smithy/util-defaults-mode-node": "^4.1.1",
+                "@smithy/util-endpoints": "^3.1.1",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-retry": "^4.1.1",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/core": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/core/-/core-3.888.0.tgz",
+            "integrity": "sha512-L3S2FZywACo4lmWv37Y4TbefuPJ1fXWyWwIJ3J4wkPYFJ47mmtUPqThlVrSbdTHkEjnZgJe5cRfxk0qCLsFh1w==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@aws-sdk/xml-builder": "3.887.0",
+                "@smithy/core": "^3.11.0",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/signature-v4": "^5.1.3",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-base64": "^4.1.0",
+                "@smithy/util-body-length-browser": "^4.1.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-utf8": "^4.1.0",
+                "fast-xml-parser": "5.2.5",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-env": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-env/-/credential-provider-env-3.888.0.tgz",
+            "integrity": "sha512-shPi4AhUKbIk7LugJWvNpeZA8va7e5bOHAEKo89S0Ac8WDZt2OaNzbh/b9l0iSL2eEyte8UgIsYGcFxOwIF1VA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-http": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-http/-/credential-provider-http-3.888.0.tgz",
+            "integrity": "sha512-Jvuk6nul0lE7o5qlQutcqlySBHLXOyoPtiwE6zyKbGc7RVl0//h39Lab7zMeY2drMn8xAnIopL4606Fd8JI/Hw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/fetch-http-handler": "^5.2.1",
+                "@smithy/node-http-handler": "^4.2.1",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-stream": "^4.3.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-ini": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-ini/-/credential-provider-ini-3.888.0.tgz",
+            "integrity": "sha512-M82ItvS5yq+tO6ZOV1ruaVs2xOne+v8HW85GFCXnz8pecrzYdgxh6IsVqEbbWruryG/mUGkWMbkBZoEsy4MgyA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/credential-provider-env": "3.888.0",
+                "@aws-sdk/credential-provider-http": "3.888.0",
+                "@aws-sdk/credential-provider-process": "3.888.0",
+                "@aws-sdk/credential-provider-sso": "3.888.0",
+                "@aws-sdk/credential-provider-web-identity": "3.888.0",
+                "@aws-sdk/nested-clients": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/credential-provider-imds": "^4.0.7",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/shared-ini-file-loader": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-node": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-node/-/credential-provider-node-3.888.0.tgz",
+            "integrity": "sha512-KCrQh1dCDC8Y+Ap3SZa6S81kHk+p+yAaOQ5jC3dak4zhHW3RCrsGR/jYdemTOgbEGcA6ye51UbhWfrrlMmeJSA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/credential-provider-env": "3.888.0",
+                "@aws-sdk/credential-provider-http": "3.888.0",
+                "@aws-sdk/credential-provider-ini": "3.888.0",
+                "@aws-sdk/credential-provider-process": "3.888.0",
+                "@aws-sdk/credential-provider-sso": "3.888.0",
+                "@aws-sdk/credential-provider-web-identity": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/credential-provider-imds": "^4.0.7",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/shared-ini-file-loader": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-process": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-process/-/credential-provider-process-3.888.0.tgz",
+            "integrity": "sha512-+aX6piSukPQ8DUS4JAH344GePg8/+Q1t0+kvSHAZHhYvtQ/1Zek3ySOJWH2TuzTPCafY4nmWLcQcqvU1w9+4Lw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/shared-ini-file-loader": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-sso": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-sso/-/credential-provider-sso-3.888.0.tgz",
+            "integrity": "sha512-b1ZJji7LJ6E/j1PhFTyvp51in2iCOQ3VP6mj5H6f5OUnqn7efm41iNMoinKr87n0IKZw7qput5ggXVxEdPhouA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/client-sso": "3.888.0",
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/token-providers": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/shared-ini-file-loader": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/credential-provider-web-identity": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/credential-provider-web-identity/-/credential-provider-web-identity-3.888.0.tgz",
+            "integrity": "sha512-7P0QNtsDzMZdmBAaY/vY1BsZHwTGvEz3bsn2bm5VSKFAeMmZqsHK1QeYdNsFjLtegnVh+wodxMq50jqLv3LFlA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/nested-clients": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/middleware-host-header": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-host-header/-/middleware-host-header-3.887.0.tgz",
+            "integrity": "sha512-ulzqXv6NNqdu/kr0sgBYupWmahISHY+azpJidtK6ZwQIC+vBUk9NdZeqQpy7KVhIk2xd4+5Oq9rxapPwPI21CA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/middleware-logger": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-logger/-/middleware-logger-3.887.0.tgz",
+            "integrity": "sha512-YbbgLI6jKp2qSoAcHnXrQ5jcuc5EYAmGLVFgMVdk8dfCfJLfGGSaOLxF4CXC7QYhO50s+mPPkhBYejCik02Kug==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/middleware-recursion-detection": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-recursion-detection/-/middleware-recursion-detection-3.887.0.tgz",
+            "integrity": "sha512-tjrUXFtQnFLo+qwMveq5faxP5MQakoLArXtqieHphSqZTXm21wDJM73hgT4/PQQGTwgYjDKqnqsE1hvk0hcfDw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@aws/lambda-invoke-store": "^0.0.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/middleware-sdk-s3": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-sdk-s3/-/middleware-sdk-s3-3.888.0.tgz",
+            "integrity": "sha512-rKOFNfqgqOfrdcLGF8fcO75azWS2aq2ksRHFoIEFru5FJxzu/yDAhY4C2FKiP/X34xeIUS2SbE/gQgrgWHSN2g==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@aws-sdk/util-arn-parser": "3.873.0",
+                "@smithy/core": "^3.11.0",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/signature-v4": "^5.1.3",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-config-provider": "^4.0.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-stream": "^4.3.1",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/middleware-user-agent": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/middleware-user-agent/-/middleware-user-agent-3.888.0.tgz",
+            "integrity": "sha512-ZkcUkoys8AdrNNG7ATjqw2WiXqrhTvT+r4CIK3KhOqIGPHX0p0DQWzqjaIl7ZhSUToKoZ4Ud7MjF795yUr73oA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@aws-sdk/util-endpoints": "3.887.0",
+                "@smithy/core": "^3.11.0",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/nested-clients": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/nested-clients/-/nested-clients-3.888.0.tgz",
+            "integrity": "sha512-py4o4RPSGt+uwGvSBzR6S6cCBjS4oTX5F8hrHFHfPCdIOMVjyOBejn820jXkCrcdpSj3Qg1yUZXxsByvxc9Lyg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-crypto/sha256-browser": "5.2.0",
+                "@aws-crypto/sha256-js": "5.2.0",
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/middleware-host-header": "3.887.0",
+                "@aws-sdk/middleware-logger": "3.887.0",
+                "@aws-sdk/middleware-recursion-detection": "3.887.0",
+                "@aws-sdk/middleware-user-agent": "3.888.0",
+                "@aws-sdk/region-config-resolver": "3.887.0",
+                "@aws-sdk/types": "3.887.0",
+                "@aws-sdk/util-endpoints": "3.887.0",
+                "@aws-sdk/util-user-agent-browser": "3.887.0",
+                "@aws-sdk/util-user-agent-node": "3.888.0",
+                "@smithy/config-resolver": "^4.2.1",
+                "@smithy/core": "^3.11.0",
+                "@smithy/fetch-http-handler": "^5.2.1",
+                "@smithy/hash-node": "^4.1.1",
+                "@smithy/invalid-dependency": "^4.1.1",
+                "@smithy/middleware-content-length": "^4.1.1",
+                "@smithy/middleware-endpoint": "^4.2.1",
+                "@smithy/middleware-retry": "^4.2.1",
+                "@smithy/middleware-serde": "^4.1.1",
+                "@smithy/middleware-stack": "^4.1.1",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/node-http-handler": "^4.2.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/url-parser": "^4.1.1",
+                "@smithy/util-base64": "^4.1.0",
+                "@smithy/util-body-length-browser": "^4.1.0",
+                "@smithy/util-body-length-node": "^4.1.0",
+                "@smithy/util-defaults-mode-browser": "^4.1.1",
+                "@smithy/util-defaults-mode-node": "^4.1.1",
+                "@smithy/util-endpoints": "^3.1.1",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-retry": "^4.1.1",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/region-config-resolver": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/region-config-resolver/-/region-config-resolver-3.887.0.tgz",
+            "integrity": "sha512-VdSMrIqJ3yjJb/fY+YAxrH/lCVv0iL8uA+lbMNfQGtO5tB3Zx6SU9LEpUwBNX8fPK1tUpI65CNE4w42+MY/7Mg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-config-provider": "^4.0.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/signature-v4-multi-region": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/signature-v4-multi-region/-/signature-v4-multi-region-3.888.0.tgz",
+            "integrity": "sha512-FmOHUaJzEhqfcpyh0L7HLwYcYopK13Dbmuf+oUyu56/RoeB1nLnltH1VMQVj8v3Am2IwlGR+/JpFyrdkErN+cA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/middleware-sdk-s3": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/signature-v4": "^5.1.3",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/token-providers": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/token-providers/-/token-providers-3.888.0.tgz",
+            "integrity": "sha512-WA3NF+3W8GEuCMG1WvkDYbB4z10G3O8xuhT7QSjhvLYWQ9CPt3w4VpVIfdqmUn131TCIbhCzD0KN/1VJTjAjyw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/core": "3.888.0",
+                "@aws-sdk/nested-clients": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/property-provider": "^4.0.5",
+                "@smithy/shared-ini-file-loader": "^4.0.5",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/types": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/types/-/types-3.887.0.tgz",
+            "integrity": "sha512-fmTEJpUhsPsovQ12vZSpVTEP/IaRoJAMBGQXlQNjtCpkBp6Iq3KQDa/HDaPINE+3xxo6XvTdtibsNOd5zJLV9A==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/util-arn-parser": {
+            "version": "3.873.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/util-arn-parser/-/util-arn-parser-3.873.0.tgz",
+            "integrity": "sha512-qag+VTqnJWDn8zTAXX4wiVioa0hZDQMtbZcGRERVnLar4/3/VIKBhxX2XibNQXFu1ufgcRn4YntT/XEPecFWcg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/util-endpoints": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/util-endpoints/-/util-endpoints-3.887.0.tgz",
+            "integrity": "sha512-kpegvT53KT33BMeIcGLPA65CQVxLUL/C3gTz9AzlU/SDmeusBHX4nRApAicNzI/ltQ5lxZXbQn18UczzBuwF1w==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/types": "^4.5.0",
+                "@smithy/url-parser": "^4.1.1",
+                "@smithy/util-endpoints": "^3.1.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/util-locate-window": {
+            "version": "3.873.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/util-locate-window/-/util-locate-window-3.873.0.tgz",
+            "integrity": "sha512-xcVhZF6svjM5Rj89T1WzkjQmrTF6dpR2UvIHPMTnSZoNe6CixejPZ6f0JJ2kAhO8H+dUHwNBlsUgOTIKiK/Syg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws-sdk/util-user-agent-browser": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-browser/-/util-user-agent-browser-3.887.0.tgz",
+            "integrity": "sha512-X71UmVsYc6ZTH4KU6hA5urOzYowSXc3qvroagJNLJYU1ilgZ529lP4J9XOYfEvTXkLR1hPFSRxa43SrwgelMjA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/types": "^4.5.0",
+                "bowser": "^2.11.0",
+                "tslib": "^2.6.2"
+            }
+        },
+        "node_modules/@aws-sdk/util-user-agent-node": {
+            "version": "3.888.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/util-user-agent-node/-/util-user-agent-node-3.888.0.tgz",
+            "integrity": "sha512-rSB3OHyuKXotIGfYEo//9sU0lXAUrTY28SUUnxzOGYuQsAt0XR5iYwBAp+RjV6x8f+Hmtbg0PdCsy1iNAXa0UQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@aws-sdk/middleware-user-agent": "3.888.0",
+                "@aws-sdk/types": "3.887.0",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            },
+            "peerDependencies": {
+                "aws-crt": ">=1.0.0"
+            },
+            "peerDependenciesMeta": {
+                "aws-crt": {
+                    "optional": true
+                }
+            }
+        },
+        "node_modules/@aws-sdk/xml-builder": {
+            "version": "3.887.0",
+            "resolved": "https://registry.npmjs.org/@aws-sdk/xml-builder/-/xml-builder-3.887.0.tgz",
+            "integrity": "sha512-lMwgWK1kNgUhHGfBvO/5uLe7TKhycwOn3eRCqsKPT9aPCx/HWuTlpcQp8oW2pCRGLS7qzcxqpQulcD+bbUL7XQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@aws/lambda-invoke-store": {
+            "version": "0.0.1",
+            "resolved": "https://registry.npmjs.org/@aws/lambda-invoke-store/-/lambda-invoke-store-0.0.1.tgz",
+            "integrity": "sha512-ORHRQ2tmvnBXc8t/X9Z8IcSbBA4xTLKuN873FopzklHMeqBst7YG0d+AX97inkvDX+NChYtSr+qGfcqGFaI8Zw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
         "node_modules/@babel/code-frame": {
             "version": "7.27.1",
             "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.27.1.tgz",
@@ -4109,9 +4834,9 @@
             }
         },
         "node_modules/@react-email/components": {
-            "version": "0.5.0",
-            "resolved": "https://registry.npmjs.org/@react-email/components/-/components-0.5.0.tgz",
-            "integrity": "sha512-esRbP+yMmSkNP9hcpiy2RwpDnvSmlxJcJ1HHbzSwlACGlCHTap+ma344QovvzhpVRhMccyWemdClLG822UvVpQ==",
+            "version": "0.5.3",
+            "resolved": "https://registry.npmjs.org/@react-email/components/-/components-0.5.3.tgz",
+            "integrity": "sha512-8G5vsoMehuGOT4cDqaYLdpagtqCYPl4vThXNylClxO6SrN2w9Mh1+i2RNGj/rdqh/woamHORjlXMYCA/kzDMew==",
             "license": "MIT",
             "dependencies": {
                 "@react-email/body": "0.1.0",
@@ -4129,7 +4854,7 @@
                 "@react-email/link": "0.0.12",
                 "@react-email/markdown": "0.0.15",
                 "@react-email/preview": "0.0.13",
-                "@react-email/render": "1.2.0",
+                "@react-email/render": "1.2.3",
                 "@react-email/row": "0.0.12",
                 "@react-email/section": "0.0.16",
                 "@react-email/tailwind": "1.2.2",
@@ -4263,9 +4988,9 @@
             }
         },
         "node_modules/@react-email/render": {
-            "version": "1.2.0",
-            "resolved": "https://registry.npmjs.org/@react-email/render/-/render-1.2.0.tgz",
-            "integrity": "sha512-5fpbV16VYR9Fmk8t7xiwPNAjxjdI8XzVtlx9J9OkhOsIHdr2s5DwAj8/MXzWa9qRYJyLirQ/l7rBSjjgyRAomw==",
+            "version": "1.2.3",
+            "resolved": "https://registry.npmjs.org/@react-email/render/-/render-1.2.3.tgz",
+            "integrity": "sha512-qu3XYNkHGao3teJexVD5CrcgFkNLrzbZvpZN17a7EyQYUN3kHkTkE9saqY4VbvGx6QoNU3p8rsk/Xm++D/+pTw==",
             "license": "MIT",
             "dependencies": {
                 "html-to-text": "^9.0.5",
@@ -4398,6 +5123,643 @@
             "integrity": "sha512-tGSRP1QvsAvsJmnOlRQyw/mvK9gnPtjEc5fg2+m8n+QUa+D7rvrKkOYyfpy42GTs90X3RDOnqJgfHt+qO67/+w==",
             "license": "MIT"
         },
+        "node_modules/@smithy/abort-controller": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.1.1.tgz",
+            "integrity": "sha512-vkzula+IwRvPR6oKQhMYioM3A/oX/lFCZiwuxkQbRhqJS2S4YRY2k7k/SyR2jMf3607HLtbEwlRxi0ndXHMjRg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/config-resolver": {
+            "version": "4.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/config-resolver/-/config-resolver-4.2.1.tgz",
+            "integrity": "sha512-FXil8q4QN7mgKwU2hCLm0ltab8NyY/1RiqEf25Jnf6WLS3wmb11zGAoLETqg1nur2Aoibun4w4MjeN9CMJ4G6A==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-config-provider": "^4.1.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/core": {
+            "version": "3.11.0",
+            "resolved": "https://registry.npmjs.org/@smithy/core/-/core-3.11.0.tgz",
+            "integrity": "sha512-Abs5rdP1o8/OINtE49wwNeWuynCu0kme1r4RI3VXVrHr4odVDG7h7mTnw1WXXfN5Il+c25QOnrdL2y56USfxkA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/middleware-serde": "^4.1.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-base64": "^4.1.0",
+                "@smithy/util-body-length-browser": "^4.1.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-stream": "^4.3.1",
+                "@smithy/util-utf8": "^4.1.0",
+                "@types/uuid": "^9.0.1",
+                "tslib": "^2.6.2",
+                "uuid": "^9.0.1"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/core/node_modules/uuid": {
+            "version": "9.0.1",
+            "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
+            "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
+            "dev": true,
+            "funding": [
+                "https://github.com/sponsors/broofa",
+                "https://github.com/sponsors/ctavan"
+            ],
+            "license": "MIT",
+            "bin": {
+                "uuid": "dist/bin/uuid"
+            }
+        },
+        "node_modules/@smithy/credential-provider-imds": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/credential-provider-imds/-/credential-provider-imds-4.1.1.tgz",
+            "integrity": "sha512-1WdBfM9DwA59pnpIizxnUvBf/de18p4GP+6zP2AqrlFzoW3ERpZaT4QueBR0nS9deDMaQRkBlngpVlnkuuTisQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/property-provider": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/url-parser": "^4.1.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/fetch-http-handler": {
+            "version": "5.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/fetch-http-handler/-/fetch-http-handler-5.2.1.tgz",
+            "integrity": "sha512-5/3wxKNtV3wO/hk1is+CZUhL8a1yy/U+9u9LKQ9kZTkMsHaQjJhc3stFfiujtMnkITjzWfndGA2f7g9Uh9vKng==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/querystring-builder": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-base64": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/hash-node": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/hash-node/-/hash-node-4.1.1.tgz",
+            "integrity": "sha512-H9DIU9WBLhYrvPs9v4sYvnZ1PiAI0oc8CgNQUJ1rpN3pP7QADbTOUjchI2FB764Ub0DstH5xbTqcMJu1pnVqxA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-buffer-from": "^4.1.0",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/invalid-dependency": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/invalid-dependency/-/invalid-dependency-4.1.1.tgz",
+            "integrity": "sha512-1AqLyFlfrrDkyES8uhINRlJXmHA2FkG+3DY8X+rmLSqmFwk3DJnvhyGzyByPyewh2jbmV+TYQBEfngQax8IFGg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/is-array-buffer": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/is-array-buffer/-/is-array-buffer-4.1.0.tgz",
+            "integrity": "sha512-ePTYUOV54wMogio+he4pBybe8fwg4sDvEVDBU8ZlHOZXbXK3/C0XfJgUCu6qAZcawv05ZhZzODGUerFBPsPUDQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/middleware-content-length": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/middleware-content-length/-/middleware-content-length-4.1.1.tgz",
+            "integrity": "sha512-9wlfBBgTsRvC2JxLJxv4xDGNBrZuio3AgSl0lSFX7fneW2cGskXTYpFxCdRYD2+5yzmsiTuaAJD1Wp7gWt9y9w==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/middleware-endpoint": {
+            "version": "4.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/middleware-endpoint/-/middleware-endpoint-4.2.1.tgz",
+            "integrity": "sha512-fUTMmQvQQZakXOuKizfu7fBLDpwvWZjfH6zUK2OLsoNZRZGbNUdNSdLJHpwk1vS208jtDjpUIskh+JoA8zMzZg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/core": "^3.11.0",
+                "@smithy/middleware-serde": "^4.1.1",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/shared-ini-file-loader": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/url-parser": "^4.1.1",
+                "@smithy/util-middleware": "^4.1.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/middleware-retry": {
+            "version": "4.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/middleware-retry/-/middleware-retry-4.2.1.tgz",
+            "integrity": "sha512-JzfvjwSJXWRl7LkLgIRTUTd2Wj639yr3sQGpViGNEOjtb0AkAuYqRAHs+jSOI/LPC0ZTjmFVVtfrCICMuebexw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/service-error-classification": "^4.1.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-retry": "^4.1.1",
+                "@types/uuid": "^9.0.1",
+                "tslib": "^2.6.2",
+                "uuid": "^9.0.1"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/middleware-retry/node_modules/uuid": {
+            "version": "9.0.1",
+            "resolved": "https://registry.npmjs.org/uuid/-/uuid-9.0.1.tgz",
+            "integrity": "sha512-b+1eJOlsR9K8HJpow9Ok3fiWOWSIcIzXodvv0rQjVoOVNpWMpxf1wZNpt4y9h10odCNrqnYp1OBzRktckBe3sA==",
+            "dev": true,
+            "funding": [
+                "https://github.com/sponsors/broofa",
+                "https://github.com/sponsors/ctavan"
+            ],
+            "license": "MIT",
+            "bin": {
+                "uuid": "dist/bin/uuid"
+            }
+        },
+        "node_modules/@smithy/middleware-serde": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/middleware-serde/-/middleware-serde-4.1.1.tgz",
+            "integrity": "sha512-lh48uQdbCoj619kRouev5XbWhCwRKLmphAif16c4J6JgJ4uXjub1PI6RL38d3BLliUvSso6klyB/LTNpWSNIyg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/middleware-stack": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/middleware-stack/-/middleware-stack-4.1.1.tgz",
+            "integrity": "sha512-ygRnniqNcDhHzs6QAPIdia26M7e7z9gpkIMUe/pK0RsrQ7i5MblwxY8078/QCnGq6AmlUUWgljK2HlelsKIb/A==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/node-config-provider": {
+            "version": "4.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/node-config-provider/-/node-config-provider-4.2.1.tgz",
+            "integrity": "sha512-AIA0BJZq2h295J5NeCTKhg1WwtdTA/GqBCaVjk30bDgMHwniUETyh5cP9IiE9VrId7Kt8hS7zvREVMTv1VfA6g==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/property-provider": "^4.1.1",
+                "@smithy/shared-ini-file-loader": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/node-http-handler": {
+            "version": "4.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/node-http-handler/-/node-http-handler-4.2.1.tgz",
+            "integrity": "sha512-REyybygHlxo3TJICPF89N2pMQSf+p+tBJqpVe1+77Cfi9HBPReNjTgtZ1Vg73exq24vkqJskKDpfF74reXjxfw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/abort-controller": "^4.1.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/querystring-builder": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/property-provider": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/property-provider/-/property-provider-4.1.1.tgz",
+            "integrity": "sha512-gm3ZS7DHxUbzC2wr8MUCsAabyiXY0gaj3ROWnhSx/9sPMc6eYLMM4rX81w1zsMaObj2Lq3PZtNCC1J6lpEY7zg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/protocol-http": {
+            "version": "5.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/protocol-http/-/protocol-http-5.2.1.tgz",
+            "integrity": "sha512-T8SlkLYCwfT/6m33SIU/JOVGNwoelkrvGjFKDSDtVvAXj/9gOT78JVJEas5a+ETjOu4SVvpCstKgd0PxSu/aHw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/querystring-builder": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/querystring-builder/-/querystring-builder-4.1.1.tgz",
+            "integrity": "sha512-J9b55bfimP4z/Jg1gNo+AT84hr90p716/nvxDkPGCD4W70MPms0h8KF50RDRgBGZeL83/u59DWNqJv6tEP/DHA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-uri-escape": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/querystring-parser": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/querystring-parser/-/querystring-parser-4.1.1.tgz",
+            "integrity": "sha512-63TEp92YFz0oQ7Pj9IuI3IgnprP92LrZtRAkE3c6wLWJxfy/yOPRt39IOKerVr0JS770olzl0kGafXlAXZ1vng==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/service-error-classification": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/service-error-classification/-/service-error-classification-4.1.1.tgz",
+            "integrity": "sha512-Iam75b/JNXyDE41UvrlM6n8DNOa/r1ylFyvgruTUx7h2Uk7vDNV9AAwP1vfL1fOL8ls0xArwEGVcGZVd7IO/Cw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/shared-ini-file-loader": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/shared-ini-file-loader/-/shared-ini-file-loader-4.1.1.tgz",
+            "integrity": "sha512-YkpikhIqGc4sfXeIbzSj10t2bJI/sSoP5qxLue6zG+tEE3ngOBSm8sO3+djacYvS/R5DfpxN/L9CyZsvwjWOAQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/signature-v4": {
+            "version": "5.2.1",
+            "resolved": "https://registry.npmjs.org/@smithy/signature-v4/-/signature-v4-5.2.1.tgz",
+            "integrity": "sha512-M9rZhWQLjlQVCCR37cSjHfhriGRN+FQ8UfgrYNufv66TJgk+acaggShl3KS5U/ssxivvZLlnj7QH2CUOKlxPyA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/is-array-buffer": "^4.1.0",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-hex-encoding": "^4.1.0",
+                "@smithy/util-middleware": "^4.1.1",
+                "@smithy/util-uri-escape": "^4.1.0",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/smithy-client": {
+            "version": "4.6.1",
+            "resolved": "https://registry.npmjs.org/@smithy/smithy-client/-/smithy-client-4.6.1.tgz",
+            "integrity": "sha512-WolVLDb9UTPMEPPOncrCt6JmAMCSC/V2y5gst2STWJ5r7+8iNac+EFYQnmvDCYMfOLcilOSEpm5yXZXwbLak1Q==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/core": "^3.11.0",
+                "@smithy/middleware-endpoint": "^4.2.1",
+                "@smithy/middleware-stack": "^4.1.1",
+                "@smithy/protocol-http": "^5.2.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-stream": "^4.3.1",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/types": {
+            "version": "4.5.0",
+            "resolved": "https://registry.npmjs.org/@smithy/types/-/types-4.5.0.tgz",
+            "integrity": "sha512-RkUpIOsVlAwUIZXO1dsz8Zm+N72LClFfsNqf173catVlvRZiwPy0x2u0JLEA4byreOPKDZPGjmPDylMoP8ZJRg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/url-parser": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/url-parser/-/url-parser-4.1.1.tgz",
+            "integrity": "sha512-bx32FUpkhcaKlEoOMbScvc93isaSiRM75pQ5IgIBaMkT7qMlIibpPRONyx/0CvrXHzJLpOn/u6YiDX2hcvs7Dg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/querystring-parser": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-base64": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-base64/-/util-base64-4.1.0.tgz",
+            "integrity": "sha512-RUGd4wNb8GeW7xk+AY5ghGnIwM96V0l2uzvs/uVHf+tIuVX2WSvynk5CxNoBCsM2rQRSZElAo9rt3G5mJ/gktQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/util-buffer-from": "^4.1.0",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-body-length-browser": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-body-length-browser/-/util-body-length-browser-4.1.0.tgz",
+            "integrity": "sha512-V2E2Iez+bo6bUMOTENPr6eEmepdY8Hbs+Uc1vkDKgKNA/brTJqOW/ai3JO1BGj9GbCeLqw90pbbH7HFQyFotGQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-body-length-node": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-body-length-node/-/util-body-length-node-4.1.0.tgz",
+            "integrity": "sha512-BOI5dYjheZdgR9XiEM3HJcEMCXSoqbzu7CzIgYrx0UtmvtC3tC2iDGpJLsSRFffUpy8ymsg2ARMP5fR8mtuUQQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-buffer-from": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-buffer-from/-/util-buffer-from-4.1.0.tgz",
+            "integrity": "sha512-N6yXcjfe/E+xKEccWEKzK6M+crMrlwaCepKja0pNnlSkm6SjAeLKKA++er5Ba0I17gvKfN/ThV+ZOx/CntKTVw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/is-array-buffer": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-config-provider": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-config-provider/-/util-config-provider-4.1.0.tgz",
+            "integrity": "sha512-swXz2vMjrP1ZusZWVTB/ai5gK+J8U0BWvP10v9fpcFvg+Xi/87LHvHfst2IgCs1i0v4qFZfGwCmeD/KNCdJZbQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-defaults-mode-browser": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-browser/-/util-defaults-mode-browser-4.1.1.tgz",
+            "integrity": "sha512-hA1AKIHFUMa9Tl6q6y8p0pJ9aWHCCG8s57flmIyLE0W7HcJeYrYtnqXDcGnftvXEhdQnSexyegXnzzTGk8bKLA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/property-provider": "^4.1.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "bowser": "^2.11.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-defaults-mode-node": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/util-defaults-mode-node/-/util-defaults-mode-node-4.1.1.tgz",
+            "integrity": "sha512-RGSpmoBrA+5D2WjwtK7tto6Pc2wO9KSXKLpLONhFZ8VyuCbqlLdiDAfuDTNY9AJe4JoE+Cx806cpTQQoQ71zPQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/config-resolver": "^4.2.1",
+                "@smithy/credential-provider-imds": "^4.1.1",
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/property-provider": "^4.1.1",
+                "@smithy/smithy-client": "^4.6.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-endpoints": {
+            "version": "3.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/util-endpoints/-/util-endpoints-3.1.1.tgz",
+            "integrity": "sha512-qB4R9kO0SetA11Rzu6MVGFIaGYX3p6SGGGfWwsKnC6nXIf0n/0AKVwRTsYsz9ToN8CeNNtNgQRwKFBndGJZdyw==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/node-config-provider": "^4.2.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-hex-encoding": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-hex-encoding/-/util-hex-encoding-4.1.0.tgz",
+            "integrity": "sha512-1LcueNN5GYC4tr8mo14yVYbh/Ur8jHhWOxniZXii+1+ePiIbsLZ5fEI0QQGtbRRP5mOhmooos+rLmVASGGoq5w==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-middleware": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/util-middleware/-/util-middleware-4.1.1.tgz",
+            "integrity": "sha512-CGmZ72mL29VMfESz7S6dekqzCh8ZISj3B+w0g1hZFXaOjGTVaSqfAEFAq8EGp8fUL+Q2l8aqNmt8U1tglTikeg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-retry": {
+            "version": "4.1.1",
+            "resolved": "https://registry.npmjs.org/@smithy/util-retry/-/util-retry-4.1.1.tgz",
+            "integrity": "sha512-jGeybqEZ/LIordPLMh5bnmnoIgsqnp4IEimmUp5c5voZ8yx+5kAlN5+juyr7p+f7AtZTgvhmInQk4Q0UVbrZ0Q==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/service-error-classification": "^4.1.1",
+                "@smithy/types": "^4.5.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-stream": {
+            "version": "4.3.1",
+            "resolved": "https://registry.npmjs.org/@smithy/util-stream/-/util-stream-4.3.1.tgz",
+            "integrity": "sha512-khKkW/Jqkgh6caxMWbMuox9+YfGlsk9OnHOYCGVEdYQb/XVzcORXHLYUubHmmda0pubEDncofUrPNniS9d+uAA==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/fetch-http-handler": "^5.2.1",
+                "@smithy/node-http-handler": "^4.2.1",
+                "@smithy/types": "^4.5.0",
+                "@smithy/util-base64": "^4.1.0",
+                "@smithy/util-buffer-from": "^4.1.0",
+                "@smithy/util-hex-encoding": "^4.1.0",
+                "@smithy/util-utf8": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-uri-escape": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-uri-escape/-/util-uri-escape-4.1.0.tgz",
+            "integrity": "sha512-b0EFQkq35K5NHUYxU72JuoheM6+pytEVUGlTwiFxWFpmddA+Bpz3LgsPRIpBk8lnPE47yT7AF2Egc3jVnKLuPg==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
+        "node_modules/@smithy/util-utf8": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/@smithy/util-utf8/-/util-utf8-4.1.0.tgz",
+            "integrity": "sha512-mEu1/UIXAdNYuBcyEPbjScKi/+MQVXNIuY/7Cm5XLIWe319kDrT5SizBE95jqtmEXoDbGoZxKLCMttdZdqTZKQ==",
+            "dev": true,
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@smithy/util-buffer-from": "^4.1.0",
+                "tslib": "^2.6.2"
+            },
+            "engines": {
+                "node": ">=18.0.0"
+            }
+        },
         "node_modules/@socket.io/component-emitter": {
             "version": "3.1.2",
             "resolved": "https://registry.npmjs.org/@socket.io/component-emitter/-/component-emitter-3.1.2.tgz",
@@ -4983,12 +6345,13 @@
             }
         },
         "node_modules/@types/nodemailer": {
-            "version": "6.4.17",
-            "resolved": "https://registry.npmjs.org/@types/nodemailer/-/nodemailer-6.4.17.tgz",
-            "integrity": "sha512-I9CCaIp6DTldEg7vyUTZi8+9Vo0hi1/T8gv3C89yk1rSAAzoKQ8H8ki/jBYJSFoH/BisgLP8tkZMlQ91CIquww==",
+            "version": "7.0.1",
+            "resolved": "https://registry.npmjs.org/@types/nodemailer/-/nodemailer-7.0.1.tgz",
+            "integrity": "sha512-UfHAghPmGZVzaL8x9y+mKZMWyHC399+iq0MOmya5tIyenWX3lcdSb60vOmp0DocR6gCDTYTozv/ULQnREyyjkg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
+                "@aws-sdk/client-sesv2": "^3.839.0",
                 "@types/node": "*"
             }
         },
@@ -5085,6 +6448,13 @@
             "integrity": "sha512-6WaYesThRMCl19iryMYP7/x2OVgCtbIVflDGFpWnb9irXI3UjYE4AzmYuiUKY1AJstGijoY+MgUszMgRxIYTYw==",
             "license": "MIT"
         },
+        "node_modules/@types/uuid": {
+            "version": "9.0.8",
+            "resolved": "https://registry.npmjs.org/@types/uuid/-/uuid-9.0.8.tgz",
+            "integrity": "sha512-jg+97EGIcY9AGHJJRaaPVgetKDsrTgbRjQ5Msgjh/DQKEFl0DtyRr/VCOyD1T2R1MNeWPK/u7JoGhlDZnKBAfA==",
+            "dev": true,
+            "license": "MIT"
+        },
         "node_modules/@types/ws": {
             "version": "8.18.1",
             "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
@@ -6136,6 +7506,13 @@
                 "node": ">=18"
             }
         },
+        "node_modules/bowser": {
+            "version": "2.12.1",
+            "resolved": "https://registry.npmjs.org/bowser/-/bowser-2.12.1.tgz",
+            "integrity": "sha512-z4rE2Gxh7tvshQ4hluIT7XcFrgLIQaw9X3A+kTTRdovCz5PMukm/0QC/BKSYPj3omF5Qfypn9O/c5kgpmvYUCw==",
+            "dev": true,
+            "license": "MIT"
+        },
         "node_modules/brace-expansion": {
             "version": "1.1.12",
             "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.12.tgz",
@@ -7090,9 +8467,9 @@
             }
         },
         "node_modules/drizzle-orm": {
-            "version": "0.44.4",
-            "resolved": "https://registry.npmjs.org/drizzle-orm/-/drizzle-orm-0.44.4.tgz",
-            "integrity": "sha512-ZyzKFpTC/Ut3fIqc2c0dPZ6nhchQXriTsqTNs4ayRgl6sZcFlMs9QZKPSHXK4bdOf41GHGWf+FrpcDDYwW+W6Q==",
+            "version": "0.44.5",
+            "resolved": "https://registry.npmjs.org/drizzle-orm/-/drizzle-orm-0.44.5.tgz",
+            "integrity": "sha512-jBe37K7d8ZSKptdKfakQFdeljtu3P2Cbo7tJoJSVZADzIKOBo9IAJPOmMsH2bZl90bZgh8FQlD8BjxXA/zuBkQ==",
             "license": "Apache-2.0",
             "peerDependencies": {
                 "@aws-sdk/client-rds-data": ">=3",
@@ -8295,6 +9672,25 @@
             "integrity": "sha512-DCXu6Ifhqcks7TZKY3Hxp3y6qphY5SJZmrWMDrKcERSOXWQdMhU9Ig/PYrzyw/ul9jOIyh0N4M0tbC5hodg8dw==",
             "license": "MIT"
         },
+        "node_modules/fast-xml-parser": {
+            "version": "5.2.5",
+            "resolved": "https://registry.npmjs.org/fast-xml-parser/-/fast-xml-parser-5.2.5.tgz",
+            "integrity": "sha512-pfX9uG9Ki0yekDHx2SiuRIyFdyAr1kMIMitPvb0YBo8SUfKvia7w7FIyd/l6av85pFYRhZscS75MwMnbvY+hcQ==",
+            "dev": true,
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/NaturalIntelligence"
+                }
+            ],
+            "license": "MIT",
+            "dependencies": {
+                "strnum": "^2.1.0"
+            },
+            "bin": {
+                "fxparser": "src/cli/cli.js"
+            }
+        },
         "node_modules/fastq": {
             "version": "1.19.1",
             "resolved": "https://registry.npmjs.org/fastq/-/fastq-1.19.1.tgz",
@@ -10656,9 +12052,9 @@
             }
         },
         "node_modules/next-intl": {
-            "version": "4.3.4",
-            "resolved": "https://registry.npmjs.org/next-intl/-/next-intl-4.3.4.tgz",
-            "integrity": "sha512-VWLIDlGbnL/o4LnveJTJD1NOYN8lh3ZAGTWw2krhfgg53as3VsS4jzUVnArJdqvwtlpU/2BIDbWTZ7V4o1jFEw==",
+            "version": "4.3.8",
+            "resolved": "https://registry.npmjs.org/next-intl/-/next-intl-4.3.8.tgz",
+            "integrity": "sha512-epUuRSL1KRQtDdFVRb5j7ZaaF7Sx/aivVA7VY0fc5g1pmpT90ylK6AaBdNsOnc5n+AERVn+zO5HoBsXO0lhTZA==",
             "funding": [
                 {
                     "type": "individual",
@@ -10669,7 +12065,7 @@
             "dependencies": {
                 "@formatjs/intl-localematcher": "^0.5.4",
                 "negotiator": "^1.0.0",
-                "use-intl": "^4.3.4"
+                "use-intl": "^4.3.8"
             },
             "peerDependencies": {
                 "next": "^12.0.0 || ^13.0.0 || ^14.0.0 || ^15.0.0",
@@ -10783,9 +12179,9 @@
             }
         },
         "node_modules/nodemailer": {
-            "version": "7.0.5",
-            "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.5.tgz",
-            "integrity": "sha512-nsrh2lO3j4GkLLXoeEksAMgAOqxOv6QumNRVQTJwKH4nuiww6iC2y7GyANs9kRAxCexg3+lTWM3PZ91iLlVjfg==",
+            "version": "7.0.6",
+            "resolved": "https://registry.npmjs.org/nodemailer/-/nodemailer-7.0.6.tgz",
+            "integrity": "sha512-F44uVzgwo49xboqbFgBGkRaiMgtoBrBEWCVincJPK9+S9Adkzt/wXCLKbf7dxucmxfTI5gHGB+bEmdyzN6QKjw==",
             "license": "MIT-0",
             "engines": {
                 "node": ">=6.0.0"
@@ -15899,6 +17295,19 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
+        "node_modules/strnum": {
+            "version": "2.1.1",
+            "resolved": "https://registry.npmjs.org/strnum/-/strnum-2.1.1.tgz",
+            "integrity": "sha512-7ZvoFTiCnGxBtDqJ//Cu6fWtZtc7Y3x+QOirG15wztbdngGSkht27o2pyGWrVy0b4WAy3jbKmnoK6g5VlVNUUw==",
+            "dev": true,
+            "funding": [
+                {
+                    "type": "github",
+                    "url": "https://github.com/sponsors/NaturalIntelligence"
+                }
+            ],
+            "license": "MIT"
+        },
         "node_modules/styled-jsx": {
             "version": "5.1.6",
             "resolved": "https://registry.npmjs.org/styled-jsx/-/styled-jsx-5.1.6.tgz",
@@ -16281,9 +17690,9 @@
             }
         },
         "node_modules/tw-animate-css": {
-            "version": "1.3.7",
-            "resolved": "https://registry.npmjs.org/tw-animate-css/-/tw-animate-css-1.3.7.tgz",
-            "integrity": "sha512-lvLb3hTIpB5oGsk8JmLoAjeCHV58nKa2zHYn8yWOoG5JJusH3bhJlF2DLAZ/5NmJ+jyH3ssiAx/2KmbhavJy/A==",
+            "version": "1.3.8",
+            "resolved": "https://registry.npmjs.org/tw-animate-css/-/tw-animate-css-1.3.8.tgz",
+            "integrity": "sha512-Qrk3PZ7l7wUcGYhwZloqfkWCmaXZAoqjkdbIDvzfGshwGtexa/DAs9koXxIkrpEasyevandomzCBAV1Yyop5rw==",
             "license": "MIT",
             "funding": {
                 "url": "https://github.com/sponsors/Wombosvideo"
@@ -16525,9 +17934,9 @@
             }
         },
         "node_modules/use-intl": {
-            "version": "4.3.4",
-            "resolved": "https://registry.npmjs.org/use-intl/-/use-intl-4.3.4.tgz",
-            "integrity": "sha512-sHfiU0QeJ1rirNWRxvCyvlSh9+NczcOzRnPyMeo2rtHXhVnBsvMRjE+UG4eh3lRhCxrvcqei/I0lBxsc59on1w==",
+            "version": "4.3.8",
+            "resolved": "https://registry.npmjs.org/use-intl/-/use-intl-4.3.8.tgz",
+            "integrity": "sha512-L4mcWCriZCw+qySIk5Octy9ioRNTuFu4y2kTw3NIKfKRk0xAvfobX7/5VHk+eCDJFJeBEqJov/qRe83LDfbqyg==",
             "license": "MIT",
             "dependencies": {
                 "@formatjs/fast-memoize": "^2.2.0",
diff --git a/package.json b/package.json
index 3f47ff5a..e53225ee 100644
--- a/package.json
+++ b/package.json
@@ -49,7 +49,7 @@
         "@radix-ui/react-tabs": "1.1.13",
         "@radix-ui/react-toast": "1.2.15",
         "@radix-ui/react-tooltip": "^1.2.8",
-        "@react-email/components": "0.5.0",
+        "@react-email/components": "0.5.3",
         "@react-email/render": "^1.2.0",
         "@react-email/tailwind": "1.2.2",
         "@simplewebauthn/browser": "^13.1.0",
@@ -68,7 +68,7 @@
         "cookies": "^0.9.1",
         "cors": "2.8.5",
         "crypto-js": "^4.2.0",
-        "drizzle-orm": "0.44.4",
+        "drizzle-orm": "0.44.5",
         "eslint": "9.33.0",
         "eslint-config-next": "15.4.6",
         "express": "5.1.0",
@@ -84,11 +84,11 @@
         "lucide-react": "0.539.0",
         "moment": "2.30.1",
         "next": "15.4.6",
-        "next-intl": "^4.3.4",
+        "next-intl": "^4.3.8",
         "next-themes": "0.4.6",
         "node-cache": "5.1.2",
         "node-fetch": "3.3.2",
-        "nodemailer": "7.0.5",
+        "nodemailer": "7.0.6",
         "npm": "^11.5.2",
         "oslo": "1.2.1",
         "pg": "^8.16.2",
@@ -102,7 +102,7 @@
         "semver": "^7.7.2",
         "swagger-ui-express": "^5.0.1",
         "tailwind-merge": "3.3.1",
-        "tw-animate-css": "^1.3.7",
+        "tw-animate-css": "^1.3.8",
         "uuid": "^11.1.0",
         "vaul": "1.1.2",
         "winston": "3.17.0",
@@ -126,7 +126,7 @@
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
         "@types/node": "^24",
-        "@types/nodemailer": "6.4.17",
+        "@types/nodemailer": "7.0.1",
         "@types/pg": "8.15.5",
         "@types/react": "19.1.12",
         "@types/react-dom": "19.1.9",

From 1bc5b6b47209869412f8cee2e70609f248f172b6 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 Sep 2025 09:37:17 +0200
Subject: [PATCH 094/166] Bump the dev-patch-updates group with 6 updates
 (#329)

Bumps the dev-patch-updates group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [@tailwindcss/postcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/@tailwindcss-postcss) | `4.1.12` | `4.1.13` |
| [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) | `24.3.0` | `24.3.3` |
| [@types/react](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/react) | `19.1.12` | `19.1.13` |
| [@types/semver](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/semver) | `7.7.0` | `7.7.1` |
| [react-email](https://github.com/resend/react-email/tree/HEAD/packages/react-email) | `4.2.8` | `4.2.11` |
| [tailwindcss](https://github.com/tailwindlabs/tailwindcss/tree/HEAD/packages/tailwindcss) | `4.1.12` | `4.1.13` |


Updates `@tailwindcss/postcss` from 4.1.12 to 4.1.13
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/@tailwindcss-postcss)

Updates `@types/node` from 24.3.0 to 24.3.3
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `@types/react` from 19.1.12 to 19.1.13
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/react)

Updates `@types/semver` from 7.7.0 to 7.7.1
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/semver)

Updates `react-email` from 4.2.8 to 4.2.11
- [Release notes](https://github.com/resend/react-email/releases)
- [Changelog](https://github.com/resend/react-email/blob/canary/packages/react-email/CHANGELOG.md)
- [Commits](https://github.com/resend/react-email/commits/react-email@4.2.11/packages/react-email)

Updates `tailwindcss` from 4.1.12 to 4.1.13
- [Release notes](https://github.com/tailwindlabs/tailwindcss/releases)
- [Changelog](https://github.com/tailwindlabs/tailwindcss/blob/main/CHANGELOG.md)
- [Commits](https://github.com/tailwindlabs/tailwindcss/commits/v4.1.13/packages/tailwindcss)

---
updated-dependencies:
- dependency-name: "@tailwindcss/postcss"
  dependency-version: 4.1.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: "@types/node"
  dependency-version: 24.3.3
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: "@types/react"
  dependency-version: 19.1.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: "@types/semver"
  dependency-version: 7.7.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: react-email
  dependency-version: 4.2.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: tailwindcss
  dependency-version: 4.1.13
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 207 +++++++++++++++++++++-------------------------
 package.json      |   8 +-
 2 files changed, 97 insertions(+), 118 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 26a9a700..366e1501 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -98,7 +98,7 @@
             "devDependencies": {
                 "@dotenvx/dotenvx": "1.49.0",
                 "@esbuild-plugins/tsconfig-paths": "0.1.2",
-                "@tailwindcss/postcss": "^4.1.12",
+                "@tailwindcss/postcss": "^4.1.13",
                 "@types/better-sqlite3": "7.6.12",
                 "@types/cookie-parser": "1.4.9",
                 "@types/cors": "2.8.19",
@@ -111,9 +111,9 @@
                 "@types/node": "^24",
                 "@types/nodemailer": "7.0.1",
                 "@types/pg": "8.15.5",
-                "@types/react": "19.1.12",
+                "@types/react": "19.1.13",
                 "@types/react-dom": "19.1.9",
-                "@types/semver": "^7.7.0",
+                "@types/semver": "^7.7.1",
                 "@types/swagger-ui-express": "^4.1.8",
                 "@types/ws": "8.18.1",
                 "@types/yargs": "17.0.33",
@@ -121,7 +121,7 @@
                 "esbuild": "0.25.9",
                 "esbuild-node-externals": "1.18.0",
                 "postcss": "^8",
-                "react-email": "4.2.8",
+                "react-email": "4.2.11",
                 "tailwindcss": "^4.1.4",
                 "tsc-alias": "1.8.16",
                 "tsx": "4.20.5",
@@ -5789,9 +5789,9 @@
             }
         },
         "node_modules/@tailwindcss/node": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.1.12.tgz",
-            "integrity": "sha512-3hm9brwvQkZFe++SBt+oLjo4OLDtkvlE8q2WalaD/7QWaeM7KEJbAiY/LJZUaCs7Xa8aUu4xy3uoyX4q54UVdQ==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/node/-/node-4.1.13.tgz",
+            "integrity": "sha512-eq3ouolC1oEFOAvOMOBAmfCIqZBJuvWvvYWh5h5iOYfe1HFC6+GZ6EIL0JdM3/niGRJmnrOc+8gl9/HGUaaptw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -5799,25 +5799,15 @@
                 "enhanced-resolve": "^5.18.3",
                 "jiti": "^2.5.1",
                 "lightningcss": "1.30.1",
-                "magic-string": "^0.30.17",
+                "magic-string": "^0.30.18",
                 "source-map-js": "^1.2.1",
-                "tailwindcss": "4.1.12"
-            }
-        },
-        "node_modules/@tailwindcss/node/node_modules/jiti": {
-            "version": "2.5.1",
-            "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.5.1.tgz",
-            "integrity": "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w==",
-            "dev": true,
-            "license": "MIT",
-            "bin": {
-                "jiti": "lib/jiti-cli.mjs"
+                "tailwindcss": "4.1.13"
             }
         },
         "node_modules/@tailwindcss/oxide": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.1.12.tgz",
-            "integrity": "sha512-gM5EoKHW/ukmlEtphNwaGx45fGoEmP10v51t9unv55voWh6WrOL19hfuIdo2FjxIaZzw776/BUQg7Pck++cIVw==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide/-/oxide-4.1.13.tgz",
+            "integrity": "sha512-CPgsM1IpGRa880sMbYmG1s4xhAy3xEt1QULgTJGQmZUeNgXFR7s1YxYygmJyBGtou4SyEosGAGEeYqY7R53bIA==",
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
@@ -5829,24 +5819,24 @@
                 "node": ">= 10"
             },
             "optionalDependencies": {
-                "@tailwindcss/oxide-android-arm64": "4.1.12",
-                "@tailwindcss/oxide-darwin-arm64": "4.1.12",
-                "@tailwindcss/oxide-darwin-x64": "4.1.12",
-                "@tailwindcss/oxide-freebsd-x64": "4.1.12",
-                "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.12",
-                "@tailwindcss/oxide-linux-arm64-gnu": "4.1.12",
-                "@tailwindcss/oxide-linux-arm64-musl": "4.1.12",
-                "@tailwindcss/oxide-linux-x64-gnu": "4.1.12",
-                "@tailwindcss/oxide-linux-x64-musl": "4.1.12",
-                "@tailwindcss/oxide-wasm32-wasi": "4.1.12",
-                "@tailwindcss/oxide-win32-arm64-msvc": "4.1.12",
-                "@tailwindcss/oxide-win32-x64-msvc": "4.1.12"
+                "@tailwindcss/oxide-android-arm64": "4.1.13",
+                "@tailwindcss/oxide-darwin-arm64": "4.1.13",
+                "@tailwindcss/oxide-darwin-x64": "4.1.13",
+                "@tailwindcss/oxide-freebsd-x64": "4.1.13",
+                "@tailwindcss/oxide-linux-arm-gnueabihf": "4.1.13",
+                "@tailwindcss/oxide-linux-arm64-gnu": "4.1.13",
+                "@tailwindcss/oxide-linux-arm64-musl": "4.1.13",
+                "@tailwindcss/oxide-linux-x64-gnu": "4.1.13",
+                "@tailwindcss/oxide-linux-x64-musl": "4.1.13",
+                "@tailwindcss/oxide-wasm32-wasi": "4.1.13",
+                "@tailwindcss/oxide-win32-arm64-msvc": "4.1.13",
+                "@tailwindcss/oxide-win32-x64-msvc": "4.1.13"
             }
         },
         "node_modules/@tailwindcss/oxide-android-arm64": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.1.12.tgz",
-            "integrity": "sha512-oNY5pq+1gc4T6QVTsZKwZaGpBb2N1H1fsc1GD4o7yinFySqIuRZ2E4NvGasWc6PhYJwGK2+5YT1f9Tp80zUQZQ==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-android-arm64/-/oxide-android-arm64-4.1.13.tgz",
+            "integrity": "sha512-BrpTrVYyejbgGo57yc8ieE+D6VT9GOgnNdmh5Sac6+t0m+v+sKQevpFVpwX3pBrM2qKrQwJ0c5eDbtjouY/+ew==",
             "cpu": [
                 "arm64"
             ],
@@ -5861,9 +5851,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-darwin-arm64": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.1.12.tgz",
-            "integrity": "sha512-cq1qmq2HEtDV9HvZlTtrj671mCdGB93bVY6J29mwCyaMYCP/JaUBXxrQQQm7Qn33AXXASPUb2HFZlWiiHWFytw==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-arm64/-/oxide-darwin-arm64-4.1.13.tgz",
+            "integrity": "sha512-YP+Jksc4U0KHcu76UhRDHq9bx4qtBftp9ShK/7UGfq0wpaP96YVnnjFnj3ZFrUAjc5iECzODl/Ts0AN7ZPOANQ==",
             "cpu": [
                 "arm64"
             ],
@@ -5878,9 +5868,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-darwin-x64": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.1.12.tgz",
-            "integrity": "sha512-6UCsIeFUcBfpangqlXay9Ffty9XhFH1QuUFn0WV83W8lGdX8cD5/+2ONLluALJD5+yJ7k8mVtwy3zMZmzEfbLg==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-darwin-x64/-/oxide-darwin-x64-4.1.13.tgz",
+            "integrity": "sha512-aAJ3bbwrn/PQHDxCto9sxwQfT30PzyYJFG0u/BWZGeVXi5Hx6uuUOQEI2Fa43qvmUjTRQNZnGqe9t0Zntexeuw==",
             "cpu": [
                 "x64"
             ],
@@ -5895,9 +5885,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-freebsd-x64": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.1.12.tgz",
-            "integrity": "sha512-JOH/f7j6+nYXIrHobRYCtoArJdMJh5zy5lr0FV0Qu47MID/vqJAY3r/OElPzx1C/wdT1uS7cPq+xdYYelny1ww==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-freebsd-x64/-/oxide-freebsd-x64-4.1.13.tgz",
+            "integrity": "sha512-Wt8KvASHwSXhKE/dJLCCWcTSVmBj3xhVhp/aF3RpAhGeZ3sVo7+NTfgiN8Vey/Fi8prRClDs6/f0KXPDTZE6nQ==",
             "cpu": [
                 "x64"
             ],
@@ -5912,9 +5902,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-linux-arm-gnueabihf": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.1.12.tgz",
-            "integrity": "sha512-v4Ghvi9AU1SYgGr3/j38PD8PEe6bRfTnNSUE3YCMIRrrNigCFtHZ2TCm8142X8fcSqHBZBceDx+JlFJEfNg5zQ==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm-gnueabihf/-/oxide-linux-arm-gnueabihf-4.1.13.tgz",
+            "integrity": "sha512-mbVbcAsW3Gkm2MGwA93eLtWrwajz91aXZCNSkGTx/R5eb6KpKD5q8Ueckkh9YNboU8RH7jiv+ol/I7ZyQ9H7Bw==",
             "cpu": [
                 "arm"
             ],
@@ -5929,9 +5919,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-linux-arm64-gnu": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.1.12.tgz",
-            "integrity": "sha512-YP5s1LmetL9UsvVAKusHSyPlzSRqYyRB0f+Kl/xcYQSPLEw/BvGfxzbH+ihUciePDjiXwHh+p+qbSP3SlJw+6g==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-gnu/-/oxide-linux-arm64-gnu-4.1.13.tgz",
+            "integrity": "sha512-wdtfkmpXiwej/yoAkrCP2DNzRXCALq9NVLgLELgLim1QpSfhQM5+ZxQQF8fkOiEpuNoKLp4nKZ6RC4kmeFH0HQ==",
             "cpu": [
                 "arm64"
             ],
@@ -5946,9 +5936,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-linux-arm64-musl": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.1.12.tgz",
-            "integrity": "sha512-V8pAM3s8gsrXcCv6kCHSuwyb/gPsd863iT+v1PGXC4fSL/OJqsKhfK//v8P+w9ThKIoqNbEnsZqNy+WDnwQqCA==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-arm64-musl/-/oxide-linux-arm64-musl-4.1.13.tgz",
+            "integrity": "sha512-hZQrmtLdhyqzXHB7mkXfq0IYbxegaqTmfa1p9MBj72WPoDD3oNOh1Lnxf6xZLY9C3OV6qiCYkO1i/LrzEdW2mg==",
             "cpu": [
                 "arm64"
             ],
@@ -5963,9 +5953,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-linux-x64-gnu": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.1.12.tgz",
-            "integrity": "sha512-xYfqYLjvm2UQ3TZggTGrwxjYaLB62b1Wiysw/YE3Yqbh86sOMoTn0feF98PonP7LtjsWOWcXEbGqDL7zv0uW8Q==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-gnu/-/oxide-linux-x64-gnu-4.1.13.tgz",
+            "integrity": "sha512-uaZTYWxSXyMWDJZNY1Ul7XkJTCBRFZ5Fo6wtjrgBKzZLoJNrG+WderJwAjPzuNZOnmdrVg260DKwXCFtJ/hWRQ==",
             "cpu": [
                 "x64"
             ],
@@ -5980,9 +5970,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-linux-x64-musl": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.1.12.tgz",
-            "integrity": "sha512-ha0pHPamN+fWZY7GCzz5rKunlv9L5R8kdh+YNvP5awe3LtuXb5nRi/H27GeL2U+TdhDOptU7T6Is7mdwh5Ar3A==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-linux-x64-musl/-/oxide-linux-x64-musl-4.1.13.tgz",
+            "integrity": "sha512-oXiPj5mi4Hdn50v5RdnuuIms0PVPI/EG4fxAfFiIKQh5TgQgX7oSuDWntHW7WNIi/yVLAiS+CRGW4RkoGSSgVQ==",
             "cpu": [
                 "x64"
             ],
@@ -5997,9 +5987,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-wasm32-wasi": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.1.12.tgz",
-            "integrity": "sha512-4tSyu3dW+ktzdEpuk6g49KdEangu3eCYoqPhWNsZgUhyegEda3M9rG0/j1GV/JjVVsj+lG7jWAyrTlLzd/WEBg==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-wasm32-wasi/-/oxide-wasm32-wasi-4.1.13.tgz",
+            "integrity": "sha512-+LC2nNtPovtrDwBc/nqnIKYh/W2+R69FA0hgoeOn64BdCX522u19ryLh3Vf3F8W49XBcMIxSe665kwy21FkhvA==",
             "bundleDependencies": [
                 "@napi-rs/wasm-runtime",
                 "@emnapi/core",
@@ -6087,9 +6077,9 @@
             "optional": true
         },
         "node_modules/@tailwindcss/oxide-win32-arm64-msvc": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.12.tgz",
-            "integrity": "sha512-iGLyD/cVP724+FGtMWslhcFyg4xyYyM+5F4hGvKA7eifPkXHRAUDFaimu53fpNg9X8dfP75pXx/zFt/jlNF+lg==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-arm64-msvc/-/oxide-win32-arm64-msvc-4.1.13.tgz",
+            "integrity": "sha512-dziTNeQXtoQ2KBXmrjCxsuPk3F3CQ/yb7ZNZNA+UkNTeiTGgfeh+gH5Pi7mRncVgcPD2xgHvkFCh/MhZWSgyQg==",
             "cpu": [
                 "arm64"
             ],
@@ -6104,9 +6094,9 @@
             }
         },
         "node_modules/@tailwindcss/oxide-win32-x64-msvc": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.1.12.tgz",
-            "integrity": "sha512-NKIh5rzw6CpEodv/++r0hGLlfgT/gFN+5WNdZtvh6wpU2BpGNgdjvj6H2oFc8nCM839QM1YOhjpgbAONUb4IxA==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/oxide-win32-x64-msvc/-/oxide-win32-x64-msvc-4.1.13.tgz",
+            "integrity": "sha512-3+LKesjXydTkHk5zXX01b5KMzLV1xl2mcktBJkje7rhFUpUlYJy7IMOLqjIRQncLTa1WZZiFY/foAeB5nmaiTw==",
             "cpu": [
                 "x64"
             ],
@@ -6121,17 +6111,17 @@
             }
         },
         "node_modules/@tailwindcss/postcss": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/@tailwindcss/postcss/-/postcss-4.1.12.tgz",
-            "integrity": "sha512-5PpLYhCAwf9SJEeIsSmCDLgyVfdBhdBpzX1OJ87anT9IVR0Z9pjM0FNixCAUAHGnMBGB8K99SwAheXrT0Kh6QQ==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/@tailwindcss/postcss/-/postcss-4.1.13.tgz",
+            "integrity": "sha512-HLgx6YSFKJT7rJqh9oJs/TkBFhxuMOfUKSBEPYwV+t78POOBsdQ7crhZLzwcH3T0UyUuOzU/GK5pk5eKr3wCiQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@alloc/quick-lru": "^5.2.0",
-                "@tailwindcss/node": "4.1.12",
-                "@tailwindcss/oxide": "4.1.12",
+                "@tailwindcss/node": "4.1.13",
+                "@tailwindcss/oxide": "4.1.13",
                 "postcss": "^8.4.41",
-                "tailwindcss": "4.1.12"
+                "tailwindcss": "4.1.13"
             }
         },
         "node_modules/@tanstack/react-table": {
@@ -6335,9 +6325,9 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.3.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.3.0.tgz",
-            "integrity": "sha512-aPTXCrfwnDLj4VvXrm+UUCQjNEvJgNA8s5F1cvwQU+3KNltTOkBm1j30uNLyqqPNe7gE3KFzImYoZEfLhp4Yow==",
+            "version": "24.3.3",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.3.3.tgz",
+            "integrity": "sha512-GKBNHjoNw3Kra1Qg5UXttsY5kiWMEfoHq2TmXb+b1rcm6N7B3wTrFYIf/oSZ1xNQ+hVVijgLkiDZh7jRRsh+Gw==",
             "devOptional": true,
             "license": "MIT",
             "dependencies": {
@@ -6382,9 +6372,9 @@
             "license": "MIT"
         },
         "node_modules/@types/react": {
-            "version": "19.1.12",
-            "resolved": "https://registry.npmjs.org/@types/react/-/react-19.1.12.tgz",
-            "integrity": "sha512-cMoR+FoAf/Jyq6+Df2/Z41jISvGZZ2eTlnsaJRptmZ76Caldwy1odD4xTr/gNV9VLj0AWgg/nmkevIyUfIIq5w==",
+            "version": "19.1.13",
+            "resolved": "https://registry.npmjs.org/@types/react/-/react-19.1.13.tgz",
+            "integrity": "sha512-hHkbU/eoO3EG5/MZkuFSKmYqPbSVk5byPFa3e7y/8TybHiLMACgI8seVYlicwk7H5K/rI2px9xrQp/C+AUDTiQ==",
             "devOptional": true,
             "license": "MIT",
             "dependencies": {
@@ -6402,9 +6392,9 @@
             }
         },
         "node_modules/@types/semver": {
-            "version": "7.7.0",
-            "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.0.tgz",
-            "integrity": "sha512-k107IF4+Xr7UHjwDc7Cfd6PRQfbdkiRabXGRjo07b4WyPahFBZCZ1sE+BNxYIJPPg73UkfOsVOLwqVc/6ETrIA==",
+            "version": "7.7.1",
+            "resolved": "https://registry.npmjs.org/@types/semver/-/semver-7.7.1.tgz",
+            "integrity": "sha512-FmgJfu+MOcQ370SD0ev7EI8TlCAfKYU+B4m5T3yXc1CiRN94g/SZPtsCkk506aUDtlMnFZvasDwHHUcZUEaYuA==",
             "dev": true,
             "license": "MIT"
         },
@@ -11080,9 +11070,8 @@
             "version": "2.5.1",
             "resolved": "https://registry.npmjs.org/jiti/-/jiti-2.5.1.tgz",
             "integrity": "sha512-twQoecYPiVA5K/h6SxtORw/Bs3ar+mLUtoPSc7iMXzQzK8d7eJ/R09wmTwAjiamETn1cXYPGfNnu7DMoHgu12w==",
+            "devOptional": true,
             "license": "MIT",
-            "optional": true,
-            "peer": true,
             "bin": {
                 "jiti": "lib/jiti-cli.mjs"
             }
@@ -11659,13 +11648,13 @@
             }
         },
         "node_modules/magic-string": {
-            "version": "0.30.17",
-            "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.17.tgz",
-            "integrity": "sha512-sNPKHvyjVf7gyjwS4xGTaW/mCnF8wnjtifKBEhxfZ7E/S8tQ0rssrwGNn6q8JH/ohItJfSQp9mBtQYuTlH5QnA==",
+            "version": "0.30.19",
+            "resolved": "https://registry.npmjs.org/magic-string/-/magic-string-0.30.19.tgz",
+            "integrity": "sha512-2N21sPY9Ws53PZvsEpVtNuSW+ScYbQdp4b9qUaL+9QkHUrGFKo56Lg9Emg5s9V/qrtNBmiR01sYhUOwu3H+VOw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@jridgewell/sourcemap-codec": "^1.5.0"
+                "@jridgewell/sourcemap-codec": "^1.5.5"
             }
         },
         "node_modules/marked": {
@@ -15952,15 +15941,14 @@
             "license": "0BSD"
         },
         "node_modules/react-email": {
-            "version": "4.2.8",
-            "resolved": "https://registry.npmjs.org/react-email/-/react-email-4.2.8.tgz",
-            "integrity": "sha512-Eqzs/xZnS881oghPO/4CQ1cULyESuUhEjfYboXmYNOokXnJ6QP5GKKJZ6zjkg9SnKXxSrIxSo5PxzCI5jReJMA==",
+            "version": "4.2.11",
+            "resolved": "https://registry.npmjs.org/react-email/-/react-email-4.2.11.tgz",
+            "integrity": "sha512-/7TXRgsTrXcV1u7kc5ZXDVlPvZqEBaYcflMhE2FgWIJh3OHLjj2FqctFTgYcp0iwzbR59a7gzJLmSKyD0wYJEQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@babel/parser": "^7.27.0",
                 "@babel/traverse": "^7.27.0",
-                "chalk": "^5.0.0",
                 "chokidar": "^4.0.3",
                 "commander": "^13.0.0",
                 "debounce": "^2.0.0",
@@ -15983,19 +15971,6 @@
                 "node": ">=18.0.0"
             }
         },
-        "node_modules/react-email/node_modules/chalk": {
-            "version": "5.5.0",
-            "resolved": "https://registry.npmjs.org/chalk/-/chalk-5.5.0.tgz",
-            "integrity": "sha512-1tm8DTaJhPBG3bIkVeZt1iZM9GfSX2lzOeDVZH9R9ffRHpmHvxZ/QhgQH/aDTkswQVt+YHdXAdS/In/30OjCbg==",
-            "dev": true,
-            "license": "MIT",
-            "engines": {
-                "node": "^12.17.0 || ^14.13 || >=16.0.0"
-            },
-            "funding": {
-                "url": "https://github.com/chalk/chalk?sponsor=1"
-            }
-        },
         "node_modules/react-email/node_modules/commander": {
             "version": "13.1.0",
             "resolved": "https://registry.npmjs.org/commander/-/commander-13.1.0.tgz",
@@ -17390,19 +17365,23 @@
             }
         },
         "node_modules/tailwindcss": {
-            "version": "4.1.12",
-            "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.12.tgz",
-            "integrity": "sha512-DzFtxOi+7NsFf7DBtI3BJsynR+0Yp6etH+nRPTbpWnS2pZBaSksv/JGctNwSWzbFjp0vxSqknaUylseZqMDGrA==",
+            "version": "4.1.13",
+            "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.13.tgz",
+            "integrity": "sha512-i+zidfmTqtwquj4hMEwdjshYYgMbOrPzb9a0M3ZgNa0JMoZeFC6bxZvO8yr8ozS6ix2SDz0+mvryPeBs2TFE+w==",
             "license": "MIT"
         },
         "node_modules/tapable": {
-            "version": "2.2.2",
-            "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.2.tgz",
-            "integrity": "sha512-Re10+NauLTMCudc7T5WLFLAwDhQ0JWdrMK+9B2M8zR5hRExKmsRDCBA7/aV/pNJFltmBFO5BAMlQFi/vq3nKOg==",
+            "version": "2.2.3",
+            "resolved": "https://registry.npmjs.org/tapable/-/tapable-2.2.3.tgz",
+            "integrity": "sha512-ZL6DDuAlRlLGghwcfmSn9sK3Hr6ArtyudlSAiCqQ6IfE+b+HHbydbYDIG15IfS5do+7XQQBdBiubF/cV2dnDzg==",
             "dev": true,
             "license": "MIT",
             "engines": {
                 "node": ">=6"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/webpack"
             }
         },
         "node_modules/tar": {
diff --git a/package.json b/package.json
index e53225ee..6d5adacd 100644
--- a/package.json
+++ b/package.json
@@ -115,7 +115,7 @@
     "devDependencies": {
         "@dotenvx/dotenvx": "1.49.0",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@tailwindcss/postcss": "^4.1.12",
+        "@tailwindcss/postcss": "^4.1.13",
         "@types/better-sqlite3": "7.6.12",
         "@types/cookie-parser": "1.4.9",
         "@types/cors": "2.8.19",
@@ -128,9 +128,9 @@
         "@types/node": "^24",
         "@types/nodemailer": "7.0.1",
         "@types/pg": "8.15.5",
-        "@types/react": "19.1.12",
+        "@types/react": "19.1.13",
         "@types/react-dom": "19.1.9",
-        "@types/semver": "^7.7.0",
+        "@types/semver": "^7.7.1",
         "@types/swagger-ui-express": "^4.1.8",
         "@types/ws": "8.18.1",
         "@types/yargs": "17.0.33",
@@ -138,7 +138,7 @@
         "esbuild": "0.25.9",
         "esbuild-node-externals": "1.18.0",
         "postcss": "^8",
-        "react-email": "4.2.8",
+        "react-email": "4.2.11",
         "tailwindcss": "^4.1.4",
         "tsc-alias": "1.8.16",
         "tsx": "4.20.5",

From 901c0483c10975d8e8c764d9f85e2f01853bfc5e Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 Sep 2025 09:43:59 +0200
Subject: [PATCH 095/166] Bump uuid from 11.1.0 to 13.0.0 (#334)

---
 package-lock.json | 10 +++++-----
 package.json      |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 366e1501..aef70bf0 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -86,7 +86,7 @@
                 "swagger-ui-express": "^5.0.1",
                 "tailwind-merge": "3.3.1",
                 "tw-animate-css": "^1.3.8",
-                "uuid": "^11.1.0",
+                "uuid": "^13.0.0",
                 "vaul": "1.1.2",
                 "winston": "3.17.0",
                 "winston-daily-rotate-file": "5.0.0",
@@ -17964,16 +17964,16 @@
             "license": "MIT"
         },
         "node_modules/uuid": {
-            "version": "11.1.0",
-            "resolved": "https://registry.npmjs.org/uuid/-/uuid-11.1.0.tgz",
-            "integrity": "sha512-0/A9rDy9P7cJ+8w1c9WD9V//9Wj15Ce2MPz8Ri6032usz+NfePxx5AcN3bN+r6ZL6jEo066/yNYB3tn4pQEx+A==",
+            "version": "13.0.0",
+            "resolved": "https://registry.npmjs.org/uuid/-/uuid-13.0.0.tgz",
+            "integrity": "sha512-XQegIaBTVUjSHliKqcnFqYypAd4S+WCYt5NIeRs6w/UAry7z8Y9j5ZwRRL4kzq9U3sD6v+85er9FvkEaBpji2w==",
             "funding": [
                 "https://github.com/sponsors/broofa",
                 "https://github.com/sponsors/ctavan"
             ],
             "license": "MIT",
             "bin": {
-                "uuid": "dist/esm/bin/uuid"
+                "uuid": "dist-node/bin/uuid"
             }
         },
         "node_modules/vary": {
diff --git a/package.json b/package.json
index 6d5adacd..78a0e019 100644
--- a/package.json
+++ b/package.json
@@ -103,7 +103,7 @@
         "swagger-ui-express": "^5.0.1",
         "tailwind-merge": "3.3.1",
         "tw-animate-css": "^1.3.8",
-        "uuid": "^11.1.0",
+        "uuid": "^13.0.0",
         "vaul": "1.1.2",
         "winston": "3.17.0",
         "winston-daily-rotate-file": "5.0.0",

From 3b74f84665b433b6c9ffdbfb16f40a3a05fa9392 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 Sep 2025 10:08:40 +0200
Subject: [PATCH 096/166] Bump the prod-minor-updates group across 1 directory
 with 7 updates (#335)

---
 package-lock.json | 104 +++++++++++++++++++++++-----------------------
 package.json      |  12 +++---
 2 files changed, 58 insertions(+), 58 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index aef70bf0..768280dc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -40,7 +40,7 @@
                 "@tailwindcss/forms": "^0.5.10",
                 "@tanstack/react-table": "8.21.3",
                 "arctic": "^3.7.0",
-                "axios": "1.11.0",
+                "axios": "1.12.1",
                 "better-sqlite3": "11.7.0",
                 "canvas-confetti": "1.9.3",
                 "class-variance-authority": "^0.7.1",
@@ -52,10 +52,10 @@
                 "cors": "2.8.5",
                 "crypto-js": "^4.2.0",
                 "drizzle-orm": "0.44.5",
-                "eslint": "9.33.0",
-                "eslint-config-next": "15.4.6",
+                "eslint": "9.35.0",
+                "eslint-config-next": "15.5.3",
                 "express": "5.1.0",
-                "express-rate-limit": "8.0.1",
+                "express-rate-limit": "8.1.0",
                 "glob": "11.0.3",
                 "helmet": "8.1.0",
                 "http-errors": "2.0.0",
@@ -72,13 +72,13 @@
                 "node-cache": "5.1.2",
                 "node-fetch": "3.3.2",
                 "nodemailer": "7.0.6",
-                "npm": "^11.5.2",
+                "npm": "^11.6.0",
                 "oslo": "1.2.1",
                 "pg": "^8.16.2",
                 "qrcode.react": "4.2.0",
                 "react": "19.1.1",
                 "react-dom": "19.1.1",
-                "react-easy-sort": "^1.6.0",
+                "react-easy-sort": "^1.7.0",
                 "react-hook-form": "7.62.0",
                 "react-icons": "^5.5.0",
                 "rebuild": "0.1.2",
@@ -1997,9 +1997,9 @@
             }
         },
         "node_modules/@eslint-community/eslint-utils": {
-            "version": "4.7.0",
-            "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.7.0.tgz",
-            "integrity": "sha512-dyybb3AcajC7uha6CvhdVRJqaKyn7w2YKqKyAN37NKYgZT36w+iRb0Dymmc5qEJ549c/S31cMMSFd75bteCpCw==",
+            "version": "4.9.0",
+            "resolved": "https://registry.npmjs.org/@eslint-community/eslint-utils/-/eslint-utils-4.9.0.tgz",
+            "integrity": "sha512-ayVFHdtZ+hsq1t2Dy24wCmGXGe4q9Gu3smhLYALJrr473ZH27MsnSL+LKUlimp4BWJqMDMLmPpx/Q9R3OAlL4g==",
             "license": "MIT",
             "dependencies": {
                 "eslint-visitor-keys": "^3.4.3"
@@ -2094,9 +2094,9 @@
             }
         },
         "node_modules/@eslint/js": {
-            "version": "9.33.0",
-            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.33.0.tgz",
-            "integrity": "sha512-5K1/mKhWaMfreBGJTwval43JJmkip0RmM+3+IuqupeSKNC/Th2Kc7ucaq5ovTSra/OOKB9c58CGSz3QMVbWt0A==",
+            "version": "9.35.0",
+            "resolved": "https://registry.npmjs.org/@eslint/js/-/js-9.35.0.tgz",
+            "integrity": "sha512-30iXE9whjlILfWobBkNerJo+TXYsgVM5ERQwMcMKCHckHflCmf7wXDAHlARoWnh0s1U72WqlbeyE7iAcCzuCPw==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -2845,9 +2845,9 @@
             "license": "MIT"
         },
         "node_modules/@next/eslint-plugin-next": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/eslint-plugin-next/-/eslint-plugin-next-15.4.6.tgz",
-            "integrity": "sha512-2NOu3ln+BTcpnbIDuxx6MNq+pRrCyey4WSXGaJIyt0D2TYicHeO9QrUENNjcf673n3B1s7hsiV5xBYRCK1Q8kA==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/eslint-plugin-next/-/eslint-plugin-next-15.5.3.tgz",
+            "integrity": "sha512-SdhaKdko6dpsSr0DldkESItVrnPYB1NS2NpShCSX5lc7SSQmLZt5Mug6t2xbiuVWEVDLZSuIAoQyYVBYp0dR5g==",
             "license": "MIT",
             "dependencies": {
                 "fast-glob": "3.3.1"
@@ -7377,9 +7377,9 @@
             }
         },
         "node_modules/axios": {
-            "version": "1.11.0",
-            "resolved": "https://registry.npmjs.org/axios/-/axios-1.11.0.tgz",
-            "integrity": "sha512-1Lx3WLFQWm3ooKDYZD1eXmoGO9fxYQjrycfHFC8P0sCfQVXyROp0p9PFWBehewBOdCwHc+f/b8I0fMto5eSfwA==",
+            "version": "1.12.1",
+            "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.1.tgz",
+            "integrity": "sha512-Kn4kbSXpkFHCGE6rBFNwIv0GQs4AvDT80jlveJDKFxjbTYMUeB4QtsdPCv6H8Cm19Je7IU6VFtRl2zWZI0rudQ==",
             "license": "MIT",
             "dependencies": {
                 "follow-redirects": "^1.15.6",
@@ -9086,18 +9086,18 @@
             }
         },
         "node_modules/eslint": {
-            "version": "9.33.0",
-            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.33.0.tgz",
-            "integrity": "sha512-TS9bTNIryDzStCpJN93aC5VRSW3uTx9sClUn4B87pwiCaJh220otoI0X8mJKr+VcPtniMdN8GKjlwgWGUv5ZKA==",
+            "version": "9.35.0",
+            "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.35.0.tgz",
+            "integrity": "sha512-QePbBFMJFjgmlE+cXAlbHZbHpdFVS2E/6vzCy7aKlebddvl1vadiC4JFV5u/wqTkNUwEV8WrQi257jf5f06hrg==",
             "license": "MIT",
             "dependencies": {
-                "@eslint-community/eslint-utils": "^4.2.0",
+                "@eslint-community/eslint-utils": "^4.8.0",
                 "@eslint-community/regexpp": "^4.12.1",
                 "@eslint/config-array": "^0.21.0",
                 "@eslint/config-helpers": "^0.3.1",
                 "@eslint/core": "^0.15.2",
                 "@eslint/eslintrc": "^3.3.1",
-                "@eslint/js": "9.33.0",
+                "@eslint/js": "9.35.0",
                 "@eslint/plugin-kit": "^0.3.5",
                 "@humanfs/node": "^0.16.6",
                 "@humanwhocodes/module-importer": "^1.0.1",
@@ -9146,12 +9146,12 @@
             }
         },
         "node_modules/eslint-config-next": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/eslint-config-next/-/eslint-config-next-15.4.6.tgz",
-            "integrity": "sha512-4uznvw5DlTTjrZgYZjMciSdDDMO2SWIuQgUNaFyC2O3Zw3Z91XeIejeVa439yRq2CnJb/KEvE4U2AeN/66FpUA==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/eslint-config-next/-/eslint-config-next-15.5.3.tgz",
+            "integrity": "sha512-e6j+QhQFOr5pfsc8VJbuTD9xTXJaRvMHYjEeLPA2pFkheNlgPLCkxdvhxhfuM4KGcqSZj2qEnpHisdTVs3BxuQ==",
             "license": "MIT",
             "dependencies": {
-                "@next/eslint-plugin-next": "15.4.6",
+                "@next/eslint-plugin-next": "15.5.3",
                 "@rushstack/eslint-patch": "^1.10.3",
                 "@typescript-eslint/eslint-plugin": "^5.4.2 || ^6.0.0 || ^7.0.0 || ^8.0.0",
                 "@typescript-eslint/parser": "^5.4.2 || ^6.0.0 || ^7.0.0 || ^8.0.0",
@@ -9574,9 +9574,9 @@
             }
         },
         "node_modules/express-rate-limit": {
-            "version": "8.0.1",
-            "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.0.1.tgz",
-            "integrity": "sha512-aZVCnybn7TVmxO4BtlmnvX+nuz8qHW124KKJ8dumsBsmv5ZLxE0pYu7S2nwyRBGHHCAzdmnGyrc5U/rksSPO7Q==",
+            "version": "8.1.0",
+            "resolved": "https://registry.npmjs.org/express-rate-limit/-/express-rate-limit-8.1.0.tgz",
+            "integrity": "sha512-4nLnATuKupnmwqiJc27b4dCFmB/T60ExgmtDD7waf4LdrbJ8CPZzZRHYErDYNhoz+ql8fUdYwM/opf90PoPAQA==",
             "license": "MIT",
             "dependencies": {
                 "ip-address": "10.0.1"
@@ -12187,9 +12187,9 @@
             }
         },
         "node_modules/npm": {
-            "version": "11.5.2",
-            "resolved": "https://registry.npmjs.org/npm/-/npm-11.5.2.tgz",
-            "integrity": "sha512-qsEkHPw/Qdw4eA1kKVxsa5F6QeJCiLM1GaexGt/FpUpfiBxkLXVXIVtscOAeVWVe17pmYwD9Aji8dfsXR4r68w==",
+            "version": "11.6.0",
+            "resolved": "https://registry.npmjs.org/npm/-/npm-11.6.0.tgz",
+            "integrity": "sha512-d/P7DbvYgYNde9Ehfeq99+13/E7E82PfZPw8uYZASr9sQ3ZhBBCA9cXSJRA1COfJ6jDLJ0K36UJnXQWhCvLXuQ==",
             "bundleDependencies": [
                 "@isaacs/string-locale-compare",
                 "@npmcli/arborist",
@@ -12268,8 +12268,8 @@
             ],
             "dependencies": {
                 "@isaacs/string-locale-compare": "^1.1.0",
-                "@npmcli/arborist": "^9.1.3",
-                "@npmcli/config": "^10.3.1",
+                "@npmcli/arborist": "^9.1.4",
+                "@npmcli/config": "^10.4.0",
                 "@npmcli/fs": "^4.0.0",
                 "@npmcli/map-workspaces": "^4.0.2",
                 "@npmcli/package-json": "^6.2.0",
@@ -12293,11 +12293,11 @@
                 "is-cidr": "^5.1.1",
                 "json-parse-even-better-errors": "^4.0.0",
                 "libnpmaccess": "^10.0.1",
-                "libnpmdiff": "^8.0.6",
-                "libnpmexec": "^10.1.5",
-                "libnpmfund": "^7.0.6",
+                "libnpmdiff": "^8.0.7",
+                "libnpmexec": "^10.1.6",
+                "libnpmfund": "^7.0.7",
                 "libnpmorg": "^8.0.0",
-                "libnpmpack": "^9.0.6",
+                "libnpmpack": "^9.0.7",
                 "libnpmpublish": "^11.1.0",
                 "libnpmsearch": "^9.0.0",
                 "libnpmteam": "^8.0.1",
@@ -12449,7 +12449,7 @@
             }
         },
         "node_modules/npm/node_modules/@npmcli/arborist": {
-            "version": "9.1.3",
+            "version": "9.1.4",
             "inBundle": true,
             "license": "ISC",
             "dependencies": {
@@ -12496,7 +12496,7 @@
             }
         },
         "node_modules/npm/node_modules/@npmcli/config": {
-            "version": "10.3.1",
+            "version": "10.4.0",
             "inBundle": true,
             "license": "ISC",
             "dependencies": {
@@ -13376,11 +13376,11 @@
             }
         },
         "node_modules/npm/node_modules/libnpmdiff": {
-            "version": "8.0.6",
+            "version": "8.0.7",
             "inBundle": true,
             "license": "ISC",
             "dependencies": {
-                "@npmcli/arborist": "^9.1.3",
+                "@npmcli/arborist": "^9.1.4",
                 "@npmcli/installed-package-contents": "^3.0.0",
                 "binary-extensions": "^3.0.0",
                 "diff": "^7.0.0",
@@ -13394,11 +13394,11 @@
             }
         },
         "node_modules/npm/node_modules/libnpmexec": {
-            "version": "10.1.5",
+            "version": "10.1.6",
             "inBundle": true,
             "license": "ISC",
             "dependencies": {
-                "@npmcli/arborist": "^9.1.3",
+                "@npmcli/arborist": "^9.1.4",
                 "@npmcli/package-json": "^6.1.1",
                 "@npmcli/run-script": "^9.0.1",
                 "ci-info": "^4.0.0",
@@ -13415,11 +13415,11 @@
             }
         },
         "node_modules/npm/node_modules/libnpmfund": {
-            "version": "7.0.6",
+            "version": "7.0.7",
             "inBundle": true,
             "license": "ISC",
             "dependencies": {
-                "@npmcli/arborist": "^9.1.3"
+                "@npmcli/arborist": "^9.1.4"
             },
             "engines": {
                 "node": "^20.17.0 || >=22.9.0"
@@ -13438,11 +13438,11 @@
             }
         },
         "node_modules/npm/node_modules/libnpmpack": {
-            "version": "9.0.6",
+            "version": "9.0.7",
             "inBundle": true,
             "license": "ISC",
             "dependencies": {
-                "@npmcli/arborist": "^9.1.3",
+                "@npmcli/arborist": "^9.1.4",
                 "@npmcli/run-script": "^9.0.1",
                 "npm-package-arg": "^12.0.0",
                 "pacote": "^21.0.0"
@@ -15918,9 +15918,9 @@
             }
         },
         "node_modules/react-easy-sort": {
-            "version": "1.6.0",
-            "resolved": "https://registry.npmjs.org/react-easy-sort/-/react-easy-sort-1.6.0.tgz",
-            "integrity": "sha512-zd9Nn90wVlZPEwJrpqElN87sf9GZnFR1StfjgNQVbSpR5QTSzCHjEYK6REuwq49Ip+76KOMSln9tg/ST2KLelg==",
+            "version": "1.7.0",
+            "resolved": "https://registry.npmjs.org/react-easy-sort/-/react-easy-sort-1.7.0.tgz",
+            "integrity": "sha512-82I63kXdawFhhlFrWPrI74DL48v2LKs7e7PLf5le2E/eIR9+XyCEdL4Pyjbru8XjvtQ60mPLb6oextc4PPR8Lg==",
             "license": "MIT",
             "dependencies": {
                 "array-move": "^3.0.1",
diff --git a/package.json b/package.json
index 78a0e019..2489fc4b 100644
--- a/package.json
+++ b/package.json
@@ -57,7 +57,7 @@
         "@tailwindcss/forms": "^0.5.10",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",
-        "axios": "1.11.0",
+        "axios": "1.12.1",
         "better-sqlite3": "11.7.0",
         "canvas-confetti": "1.9.3",
         "class-variance-authority": "^0.7.1",
@@ -69,10 +69,10 @@
         "cors": "2.8.5",
         "crypto-js": "^4.2.0",
         "drizzle-orm": "0.44.5",
-        "eslint": "9.33.0",
-        "eslint-config-next": "15.4.6",
+        "eslint": "9.35.0",
+        "eslint-config-next": "15.5.3",
         "express": "5.1.0",
-        "express-rate-limit": "8.0.1",
+        "express-rate-limit": "8.1.0",
         "glob": "11.0.3",
         "helmet": "8.1.0",
         "http-errors": "2.0.0",
@@ -89,13 +89,13 @@
         "node-cache": "5.1.2",
         "node-fetch": "3.3.2",
         "nodemailer": "7.0.6",
-        "npm": "^11.5.2",
+        "npm": "^11.6.0",
         "oslo": "1.2.1",
         "pg": "^8.16.2",
         "qrcode.react": "4.2.0",
         "react": "19.1.1",
         "react-dom": "19.1.1",
-        "react-easy-sort": "^1.6.0",
+        "react-easy-sort": "^1.7.0",
         "react-hook-form": "7.62.0",
         "react-icons": "^5.5.0",
         "rebuild": "0.1.2",

From 52e56744c06a2970dfe8822922ddf527c549c9d3 Mon Sep 17 00:00:00 2001
From: Marvin <127591405+Lokowitz@users.noreply.github.com>
Date: Sat, 13 Sep 2025 10:18:43 +0200
Subject: [PATCH 097/166] layout.tsx aktualisieren

---
 src/app/[orgId]/settings/access/layout.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/[orgId]/settings/access/layout.tsx b/src/app/[orgId]/settings/access/layout.tsx
index 2dd20177..834a888e 100644
--- a/src/app/[orgId]/settings/access/layout.tsx
+++ b/src/app/[orgId]/settings/access/layout.tsx
@@ -1,7 +1,7 @@
 interface AccessLayoutProps {
     children: React.ReactNode;
     params: Promise<{
-        resourceId: number | string;
+        resourceId?: number | string;
         orgId: string;
     }>;
 }

From 48ab3f9a80f416ab28d3e2f9a2e1db225c83c61f Mon Sep 17 00:00:00 2001
From: Marvin <127591405+Lokowitz@users.noreply.github.com>
Date: Sat, 13 Sep 2025 16:42:22 +0200
Subject: [PATCH 098/166] Update layout.tsx

---
 src/app/[orgId]/settings/clients/[clientId]/layout.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
index 84a5f78f..c9c9fd14 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
@@ -10,7 +10,7 @@ import { HorizontalTabs } from "@app/components/HorizontalTabs";
 
 type SettingsLayoutProps = {
     children: React.ReactNode;
-    params: Promise<{ clientId: number; orgId: string }>;
+    params: Promise<{ clientId: number | string; orgId: string }>;
 }
 
 export default async function SettingsLayout(props: SettingsLayoutProps) {

From cc009a14d68efce4e8dbb9c265cfbc8edff29ea1 Mon Sep 17 00:00:00 2001
From: Marvin <127591405+Lokowitz@users.noreply.github.com>
Date: Sat, 13 Sep 2025 16:42:37 +0200
Subject: [PATCH 099/166] Update page.tsx

---
 src/app/[orgId]/settings/clients/[clientId]/page.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/[orgId]/settings/clients/[clientId]/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/page.tsx
index c484ec8c..cbe9fb97 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/page.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/page.tsx
@@ -1,7 +1,7 @@
 import { redirect } from "next/navigation";
 
 export default async function ClientPage(props: {
-    params: Promise<{ orgId: string; clientId: number }>;
+    params: Promise<{ orgId: string; clientId: number | string }>;
 }) {
     const params = await props.params;
     redirect(`/${params.orgId}/settings/clients/${params.clientId}/general`);

From 915fa3e8e105b16ba60dc2d2191ef058f7aefc2a Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 13 Sep 2025 16:49:21 +0200
Subject: [PATCH 100/166] Bump next in the npm_and_yarn group across 1
 directory (#336)

Bumps the npm_and_yarn group with 1 update in the / directory: [next](https://github.com/vercel/next.js).


Updates `next` from 15.4.6 to 15.5.3
- [Release notes](https://github.com/vercel/next.js/releases)
- [Changelog](https://github.com/vercel/next.js/blob/canary/release.js)
- [Commits](https://github.com/vercel/next.js/compare/v15.4.6...v15.5.3)

---
updated-dependencies:
- dependency-name: next
  dependency-version: 15.5.3
  dependency-type: direct:production
  dependency-group: npm_and_yarn
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 package-lock.json | 80 +++++++++++++++++++++++------------------------
 package.json      |  2 +-
 2 files changed, 41 insertions(+), 41 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 768280dc..c2167668 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -66,7 +66,7 @@
                 "jsonwebtoken": "^9.0.2",
                 "lucide-react": "0.539.0",
                 "moment": "2.30.1",
-                "next": "15.4.6",
+                "next": "15.5.3",
                 "next-intl": "^4.3.8",
                 "next-themes": "0.4.6",
                 "node-cache": "5.1.2",
@@ -2839,9 +2839,9 @@
             }
         },
         "node_modules/@next/env": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/env/-/env-15.4.6.tgz",
-            "integrity": "sha512-yHDKVTcHrZy/8TWhj0B23ylKv5ypocuCwey9ZqPyv4rPdUdRzpGCkSi03t04KBPyU96kxVtUqx6O3nE1kpxASQ==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/env/-/env-15.5.3.tgz",
+            "integrity": "sha512-RSEDTRqyihYXygx/OJXwvVupfr9m04+0vH8vyy0HfZ7keRto6VX9BbEk0J2PUk0VGy6YhklJUSrgForov5F9pw==",
             "license": "MIT"
         },
         "node_modules/@next/eslint-plugin-next": {
@@ -2854,9 +2854,9 @@
             }
         },
         "node_modules/@next/swc-darwin-arm64": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.4.6.tgz",
-            "integrity": "sha512-667R0RTP4DwxzmrqTs4Lr5dcEda9OxuZsVFsjVtxVMVhzSpo6nLclXejJVfQo2/g7/Z9qF3ETDmN3h65mTjpTQ==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-darwin-arm64/-/swc-darwin-arm64-15.5.3.tgz",
+            "integrity": "sha512-nzbHQo69+au9wJkGKTU9lP7PXv0d1J5ljFpvb+LnEomLtSbJkbZyEs6sbF3plQmiOB2l9OBtN2tNSvCH1nQ9Jg==",
             "cpu": [
                 "arm64"
             ],
@@ -2870,9 +2870,9 @@
             }
         },
         "node_modules/@next/swc-darwin-x64": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.4.6.tgz",
-            "integrity": "sha512-KMSFoistFkaiQYVQQnaU9MPWtp/3m0kn2Xed1Ces5ll+ag1+rlac20sxG+MqhH2qYWX1O2GFOATQXEyxKiIscg==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-darwin-x64/-/swc-darwin-x64-15.5.3.tgz",
+            "integrity": "sha512-w83w4SkOOhekJOcA5HBvHyGzgV1W/XvOfpkrxIse4uPWhYTTRwtGEM4v/jiXwNSJvfRvah0H8/uTLBKRXlef8g==",
             "cpu": [
                 "x64"
             ],
@@ -2886,9 +2886,9 @@
             }
         },
         "node_modules/@next/swc-linux-arm64-gnu": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.4.6.tgz",
-            "integrity": "sha512-PnOx1YdO0W7m/HWFeYd2A6JtBO8O8Eb9h6nfJia2Dw1sRHoHpNf6lN1U4GKFRzRDBi9Nq2GrHk9PF3Vmwf7XVw==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-gnu/-/swc-linux-arm64-gnu-15.5.3.tgz",
+            "integrity": "sha512-+m7pfIs0/yvgVu26ieaKrifV8C8yiLe7jVp9SpcIzg7XmyyNE7toC1fy5IOQozmr6kWl/JONC51osih2RyoXRw==",
             "cpu": [
                 "arm64"
             ],
@@ -2902,9 +2902,9 @@
             }
         },
         "node_modules/@next/swc-linux-arm64-musl": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.4.6.tgz",
-            "integrity": "sha512-XBbuQddtY1p5FGPc2naMO0kqs4YYtLYK/8aPausI5lyOjr4J77KTG9mtlU4P3NwkLI1+OjsPzKVvSJdMs3cFaw==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-linux-arm64-musl/-/swc-linux-arm64-musl-15.5.3.tgz",
+            "integrity": "sha512-u3PEIzuguSenoZviZJahNLgCexGFhso5mxWCrrIMdvpZn6lkME5vc/ADZG8UUk5K1uWRy4hqSFECrON6UKQBbQ==",
             "cpu": [
                 "arm64"
             ],
@@ -2918,9 +2918,9 @@
             }
         },
         "node_modules/@next/swc-linux-x64-gnu": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.4.6.tgz",
-            "integrity": "sha512-+WTeK7Qdw82ez3U9JgD+igBAP75gqZ1vbK6R8PlEEuY0OIe5FuYXA4aTjL811kWPf7hNeslD4hHK2WoM9W0IgA==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-gnu/-/swc-linux-x64-gnu-15.5.3.tgz",
+            "integrity": "sha512-lDtOOScYDZxI2BENN9m0pfVPJDSuUkAD1YXSvlJF0DKwZt0WlA7T7o3wrcEr4Q+iHYGzEaVuZcsIbCps4K27sA==",
             "cpu": [
                 "x64"
             ],
@@ -2934,9 +2934,9 @@
             }
         },
         "node_modules/@next/swc-linux-x64-musl": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.4.6.tgz",
-            "integrity": "sha512-XP824mCbgQsK20jlXKrUpZoh/iO3vUWhMpxCz8oYeagoiZ4V0TQiKy0ASji1KK6IAe3DYGfj5RfKP6+L2020OQ==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-linux-x64-musl/-/swc-linux-x64-musl-15.5.3.tgz",
+            "integrity": "sha512-9vWVUnsx9PrY2NwdVRJ4dUURAQ8Su0sLRPqcCCxtX5zIQUBES12eRVHq6b70bbfaVaxIDGJN2afHui0eDm+cLg==",
             "cpu": [
                 "x64"
             ],
@@ -2950,9 +2950,9 @@
             }
         },
         "node_modules/@next/swc-win32-arm64-msvc": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.4.6.tgz",
-            "integrity": "sha512-FxrsenhUz0LbgRkNWx6FRRJIPe/MI1JRA4W4EPd5leXO00AZ6YU8v5vfx4MDXTvN77lM/EqsE3+6d2CIeF5NYg==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-win32-arm64-msvc/-/swc-win32-arm64-msvc-15.5.3.tgz",
+            "integrity": "sha512-1CU20FZzY9LFQigRi6jM45oJMU3KziA5/sSG+dXeVaTm661snQP6xu3ykGxxwU5sLG3sh14teO/IOEPVsQMRfA==",
             "cpu": [
                 "arm64"
             ],
@@ -2966,9 +2966,9 @@
             }
         },
         "node_modules/@next/swc-win32-x64-msvc": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.4.6.tgz",
-            "integrity": "sha512-T4ufqnZ4u88ZheczkBTtOF+eKaM14V8kbjud/XrAakoM5DKQWjW09vD6B9fsdsWS2T7D5EY31hRHdta7QKWOng==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/@next/swc-win32-x64-msvc/-/swc-win32-x64-msvc-15.5.3.tgz",
+            "integrity": "sha512-JMoLAq3n3y5tKXPQwCK5c+6tmwkuFDa2XAxz8Wm4+IVthdBZdZGh+lmiLUHg9f9IDwIQpUjp+ysd6OkYTyZRZw==",
             "cpu": [
                 "x64"
             ],
@@ -11989,12 +11989,12 @@
             }
         },
         "node_modules/next": {
-            "version": "15.4.6",
-            "resolved": "https://registry.npmjs.org/next/-/next-15.4.6.tgz",
-            "integrity": "sha512-us++E/Q80/8+UekzB3SAGs71AlLDsadpFMXVNM/uQ0BMwsh9m3mr0UNQIfjKed8vpWXsASe+Qifrnu1oLIcKEQ==",
+            "version": "15.5.3",
+            "resolved": "https://registry.npmjs.org/next/-/next-15.5.3.tgz",
+            "integrity": "sha512-r/liNAx16SQj4D+XH/oI1dlpv9tdKJ6cONYPwwcCC46f2NjpaRWY+EKCzULfgQYV6YKXjHBchff2IZBSlZmJNw==",
             "license": "MIT",
             "dependencies": {
-                "@next/env": "15.4.6",
+                "@next/env": "15.5.3",
                 "@swc/helpers": "0.5.15",
                 "caniuse-lite": "^1.0.30001579",
                 "postcss": "8.4.31",
@@ -12007,14 +12007,14 @@
                 "node": "^18.18.0 || ^19.8.0 || >= 20.0.0"
             },
             "optionalDependencies": {
-                "@next/swc-darwin-arm64": "15.4.6",
-                "@next/swc-darwin-x64": "15.4.6",
-                "@next/swc-linux-arm64-gnu": "15.4.6",
-                "@next/swc-linux-arm64-musl": "15.4.6",
-                "@next/swc-linux-x64-gnu": "15.4.6",
-                "@next/swc-linux-x64-musl": "15.4.6",
-                "@next/swc-win32-arm64-msvc": "15.4.6",
-                "@next/swc-win32-x64-msvc": "15.4.6",
+                "@next/swc-darwin-arm64": "15.5.3",
+                "@next/swc-darwin-x64": "15.5.3",
+                "@next/swc-linux-arm64-gnu": "15.5.3",
+                "@next/swc-linux-arm64-musl": "15.5.3",
+                "@next/swc-linux-x64-gnu": "15.5.3",
+                "@next/swc-linux-x64-musl": "15.5.3",
+                "@next/swc-win32-arm64-msvc": "15.5.3",
+                "@next/swc-win32-x64-msvc": "15.5.3",
                 "sharp": "^0.34.3"
             },
             "peerDependencies": {
diff --git a/package.json b/package.json
index 2489fc4b..ae9b449b 100644
--- a/package.json
+++ b/package.json
@@ -83,7 +83,7 @@
         "jsonwebtoken": "^9.0.2",
         "lucide-react": "0.539.0",
         "moment": "2.30.1",
-        "next": "15.4.6",
+        "next": "15.5.3",
         "next-intl": "^4.3.8",
         "next-themes": "0.4.6",
         "node-cache": "5.1.2",

From adca1348b6d0504a34b3f2413edd4966d19972b8 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sat, 13 Sep 2025 15:06:34 +0000
Subject: [PATCH 101/166] 	modified:  
 src/app/[orgId]/settings/access/layout.tsx

---
 src/app/[orgId]/settings/access/layout.tsx | 1 -
 1 file changed, 1 deletion(-)

diff --git a/src/app/[orgId]/settings/access/layout.tsx b/src/app/[orgId]/settings/access/layout.tsx
index 834a888e..51be3b5e 100644
--- a/src/app/[orgId]/settings/access/layout.tsx
+++ b/src/app/[orgId]/settings/access/layout.tsx
@@ -1,7 +1,6 @@
 interface AccessLayoutProps {
     children: React.ReactNode;
     params: Promise<{
-        resourceId?: number | string;
         orgId: string;
     }>;
 }

From d7d1af59b54e59d5ea29133a583665c2b4eb7bf8 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sun, 14 Sep 2025 09:44:04 +0000
Subject: [PATCH 102/166] 	modified:   package-lock.json 	modified:  
 package.json

---
 package-lock.json | 17 +++++++++++++----
 package.json      |  2 +-
 2 files changed, 14 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c2167668..8334e61f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -10,7 +10,7 @@
             "license": "SEE LICENSE IN LICENSE AND README.md",
             "dependencies": {
                 "@asteasolutions/zod-to-openapi": "^7.3.4",
-                "@hookform/resolvers": "3.9.1",
+                "@hookform/resolvers": "4.1.3",
                 "@node-rs/argon2": "^2.0.2",
                 "@oslojs/crypto": "1.0.1",
                 "@oslojs/encoding": "1.1.0",
@@ -2232,10 +2232,13 @@
             "license": "MIT"
         },
         "node_modules/@hookform/resolvers": {
-            "version": "3.9.1",
-            "resolved": "https://registry.npmjs.org/@hookform/resolvers/-/resolvers-3.9.1.tgz",
-            "integrity": "sha512-ud2HqmGBM0P0IABqoskKWI6PEf6ZDDBZkFqe2Vnl+mTHCEHzr3ISjjZyCwTjC/qpL25JC9aIDkloQejvMeq0ug==",
+            "version": "4.1.3",
+            "resolved": "https://registry.npmjs.org/@hookform/resolvers/-/resolvers-4.1.3.tgz",
+            "integrity": "sha512-Jsv6UOWYTrEFJ/01ZrnwVXs7KDvP8XIo115i++5PWvNkNvkrsTfGiLS6w+eJ57CYtUtDQalUWovCZDHFJ8u1VQ==",
             "license": "MIT",
+            "dependencies": {
+                "@standard-schema/utils": "^0.3.0"
+            },
             "peerDependencies": {
                 "react-hook-form": "^7.0.0"
             }
@@ -5767,6 +5770,12 @@
             "dev": true,
             "license": "MIT"
         },
+        "node_modules/@standard-schema/utils": {
+            "version": "0.3.0",
+            "resolved": "https://registry.npmjs.org/@standard-schema/utils/-/utils-0.3.0.tgz",
+            "integrity": "sha512-e7Mew686owMaPJVNNLs55PUvgz371nKgwsc4vxE49zsODpJEnxgxRo2y/OKrqueavXgZNMDVj3DdHFlaSAeU8g==",
+            "license": "MIT"
+        },
         "node_modules/@swc/helpers": {
             "version": "0.5.15",
             "resolved": "https://registry.npmjs.org/@swc/helpers/-/helpers-0.5.15.tgz",
diff --git a/package.json b/package.json
index ae9b449b..620ea219 100644
--- a/package.json
+++ b/package.json
@@ -27,7 +27,7 @@
     },
     "dependencies": {
         "@asteasolutions/zod-to-openapi": "^7.3.4",
-        "@hookform/resolvers": "3.9.1",
+        "@hookform/resolvers": "4.1.3",
         "@node-rs/argon2": "^2.0.2",
         "@oslojs/crypto": "1.0.1",
         "@oslojs/encoding": "1.1.0",

From aa43d1936f60eab4f3af6865eb6673de6ec1c6f6 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sun, 14 Sep 2025 18:33:34 +0000
Subject: [PATCH 103/166] 	modified:   package-lock.json 	modified:  
 package.json

---
 package-lock.json | 105 ++++++++++------------------------------------
 package.json      |  10 ++---
 2 files changed, 28 insertions(+), 87 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 8334e61f..707262fd 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -35,12 +35,12 @@
                 "@react-email/components": "0.5.3",
                 "@react-email/render": "^1.2.0",
                 "@react-email/tailwind": "1.2.2",
-                "@simplewebauthn/browser": "^13.1.0",
-                "@simplewebauthn/server": "^9.0.3",
+                "@simplewebauthn/browser": "^13.1.2",
+                "@simplewebauthn/server": "^13.1.2",
                 "@tailwindcss/forms": "^0.5.10",
                 "@tanstack/react-table": "8.21.3",
                 "arctic": "^3.7.0",
-                "axios": "1.12.1",
+                "axios": "^1.12.2",
                 "better-sqlite3": "11.7.0",
                 "canvas-confetti": "1.9.3",
                 "class-variance-authority": "^0.7.1",
@@ -64,7 +64,7 @@
                 "jmespath": "^0.16.0",
                 "js-yaml": "4.1.0",
                 "jsonwebtoken": "^9.0.2",
-                "lucide-react": "0.539.0",
+                "lucide-react": "^0.544.0",
                 "moment": "2.30.1",
                 "next": "15.5.3",
                 "next-intl": "^4.3.8",
@@ -108,7 +108,7 @@
                 "@types/jmespath": "^0.15.2",
                 "@types/js-yaml": "4.0.9",
                 "@types/jsonwebtoken": "^9.0.10",
-                "@types/node": "^24",
+                "@types/node": "24.4.0",
                 "@types/nodemailer": "7.0.1",
                 "@types/pg": "8.15.5",
                 "@types/react": "19.1.13",
@@ -5101,9 +5101,9 @@
             "license": "MIT"
         },
         "node_modules/@simplewebauthn/server": {
-            "version": "9.0.3",
-            "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-9.0.3.tgz",
-            "integrity": "sha512-FMZieoBosrVLFxCnxPFD9Enhd1U7D8nidVDT4MsHc6l4fdVcjoeHjDueeXCloO1k5O/fZg1fsSXXPKbY2XTzDA==",
+            "version": "13.1.2",
+            "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-13.1.2.tgz",
+            "integrity": "sha512-VwoDfvLXSCaRiD+xCIuyslU0HLxVggeE5BL06+GbsP2l1fGf5op8e0c3ZtKoi+vSg1q4ikjtAghC23ze2Q3H9g==",
             "license": "MIT",
             "dependencies": {
                 "@hexagon/base64": "^1.1.27",
@@ -5112,20 +5112,12 @@
                 "@peculiar/asn1-ecc": "^2.3.8",
                 "@peculiar/asn1-rsa": "^2.3.8",
                 "@peculiar/asn1-schema": "^2.3.8",
-                "@peculiar/asn1-x509": "^2.3.8",
-                "@simplewebauthn/types": "^9.0.1",
-                "cross-fetch": "^4.0.0"
+                "@peculiar/asn1-x509": "^2.3.8"
             },
             "engines": {
-                "node": ">=16.0.0"
+                "node": ">=20.0.0"
             }
         },
-        "node_modules/@simplewebauthn/types": {
-            "version": "9.0.1",
-            "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-9.0.1.tgz",
-            "integrity": "sha512-tGSRP1QvsAvsJmnOlRQyw/mvK9gnPtjEc5fg2+m8n+QUa+D7rvrKkOYyfpy42GTs90X3RDOnqJgfHt+qO67/+w==",
-            "license": "MIT"
-        },
         "node_modules/@smithy/abort-controller": {
             "version": "4.1.1",
             "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.1.1.tgz",
@@ -6334,13 +6326,13 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.3.3",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.3.3.tgz",
-            "integrity": "sha512-GKBNHjoNw3Kra1Qg5UXttsY5kiWMEfoHq2TmXb+b1rcm6N7B3wTrFYIf/oSZ1xNQ+hVVijgLkiDZh7jRRsh+Gw==",
+            "version": "24.4.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.4.0.tgz",
+            "integrity": "sha512-gUuVEAK4/u6F9wRLznPUU4WGUacSEBDPoC2TrBkw3GAnOLHBL45QdfHOXp1kJ4ypBGLxTOB+t7NJLpKoC3gznQ==",
             "devOptional": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.10.0"
+                "undici-types": "~7.11.0"
             }
         },
         "node_modules/@types/nodemailer": {
@@ -7386,9 +7378,9 @@
             }
         },
         "node_modules/axios": {
-            "version": "1.12.1",
-            "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.1.tgz",
-            "integrity": "sha512-Kn4kbSXpkFHCGE6rBFNwIv0GQs4AvDT80jlveJDKFxjbTYMUeB4QtsdPCv6H8Cm19Je7IU6VFtRl2zWZI0rudQ==",
+            "version": "1.12.2",
+            "resolved": "https://registry.npmjs.org/axios/-/axios-1.12.2.tgz",
+            "integrity": "sha512-vMJzPewAlRyOgxV2dU0Cuz2O8zzzx9VYtbJOaBgXFeLc4IV/Eg50n4LowmehOOR61S8ZMpc2K5Sa7g6A4jfkUw==",
             "license": "MIT",
             "dependencies": {
                 "follow-redirects": "^1.15.6",
@@ -8071,35 +8063,6 @@
                 "node": ">= 0.10"
             }
         },
-        "node_modules/cross-fetch": {
-            "version": "4.1.0",
-            "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.1.0.tgz",
-            "integrity": "sha512-uKm5PU+MHTootlWEY+mZ4vvXoCn4fLQxT9dSc1sXVMSFkINTJVN8cAQROpwcKm8bJ/c7rgZVIBWzH5T78sNZZw==",
-            "license": "MIT",
-            "dependencies": {
-                "node-fetch": "^2.7.0"
-            }
-        },
-        "node_modules/cross-fetch/node_modules/node-fetch": {
-            "version": "2.7.0",
-            "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
-            "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
-            "license": "MIT",
-            "dependencies": {
-                "whatwg-url": "^5.0.0"
-            },
-            "engines": {
-                "node": "4.x || >=6.0.0"
-            },
-            "peerDependencies": {
-                "encoding": "^0.1.0"
-            },
-            "peerDependenciesMeta": {
-                "encoding": {
-                    "optional": true
-                }
-            }
-        },
         "node_modules/cross-spawn": {
             "version": "7.0.6",
             "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -11648,9 +11611,9 @@
             }
         },
         "node_modules/lucide-react": {
-            "version": "0.539.0",
-            "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-0.539.0.tgz",
-            "integrity": "sha512-VVISr+VF2krO91FeuCrm1rSOLACQUYVy7NQkzrOty52Y8TlTPcXcMdQFj9bYzBgXbWCiywlwSZ3Z8u6a+6bMlg==",
+            "version": "0.544.0",
+            "resolved": "https://registry.npmjs.org/lucide-react/-/lucide-react-0.544.0.tgz",
+            "integrity": "sha512-t5tS44bqd825zAW45UQxpG2CvcC4urOwn2TrwSH8u+MjeE+1NnWl6QqeQ/6NdjMqdOygyiT9p3Ev0p1NJykxjw==",
             "license": "ISC",
             "peerDependencies": {
                 "react": "^16.5.1 || ^17.0.0 || ^18.0.0 || ^19.0.0"
@@ -17495,12 +17458,6 @@
                 "node": ">=0.6"
             }
         },
-        "node_modules/tr46": {
-            "version": "0.0.3",
-            "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
-            "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==",
-            "license": "MIT"
-        },
         "node_modules/triple-beam": {
             "version": "1.4.1",
             "resolved": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz",
@@ -17842,9 +17799,9 @@
             }
         },
         "node_modules/undici-types": {
-            "version": "7.10.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.10.0.tgz",
-            "integrity": "sha512-t5Fy/nfn+14LuOc2KNYg75vZqClpAiqscVvMygNnlsHBFpSXdJaYtXMcdNLpl/Qvc3P2cB3s6lOV51nqsFq4ag==",
+            "version": "7.11.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.11.0.tgz",
+            "integrity": "sha512-kt1ZriHTi7MU+Z/r9DOdAI3ONdaR3M3csEaRc6ewa4f4dTvX4cQCbJ4NkEn0ohE4hHtq85+PhPSTY+pO/1PwgA==",
             "devOptional": true,
             "license": "MIT"
         },
@@ -18016,22 +17973,6 @@
                 "node": ">= 8"
             }
         },
-        "node_modules/webidl-conversions": {
-            "version": "3.0.1",
-            "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
-            "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==",
-            "license": "BSD-2-Clause"
-        },
-        "node_modules/whatwg-url": {
-            "version": "5.0.0",
-            "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
-            "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
-            "license": "MIT",
-            "dependencies": {
-                "tr46": "~0.0.3",
-                "webidl-conversions": "^3.0.0"
-            }
-        },
         "node_modules/which": {
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/which/-/which-4.0.0.tgz",
diff --git a/package.json b/package.json
index 620ea219..e87d7390 100644
--- a/package.json
+++ b/package.json
@@ -52,12 +52,12 @@
         "@react-email/components": "0.5.3",
         "@react-email/render": "^1.2.0",
         "@react-email/tailwind": "1.2.2",
-        "@simplewebauthn/browser": "^13.1.0",
-        "@simplewebauthn/server": "^9.0.3",
+        "@simplewebauthn/browser": "^13.1.2",
+        "@simplewebauthn/server": "^13.1.2",
         "@tailwindcss/forms": "^0.5.10",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",
-        "axios": "1.12.1",
+        "axios": "^1.12.2",
         "better-sqlite3": "11.7.0",
         "canvas-confetti": "1.9.3",
         "class-variance-authority": "^0.7.1",
@@ -81,7 +81,7 @@
         "jmespath": "^0.16.0",
         "js-yaml": "4.1.0",
         "jsonwebtoken": "^9.0.2",
-        "lucide-react": "0.539.0",
+        "lucide-react": "^0.544.0",
         "moment": "2.30.1",
         "next": "15.5.3",
         "next-intl": "^4.3.8",
@@ -125,7 +125,7 @@
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
-        "@types/node": "^24",
+        "@types/node": "24.4.0",
         "@types/nodemailer": "7.0.1",
         "@types/pg": "8.15.5",
         "@types/react": "19.1.13",

From 59840799951dd80182d4830413ef7ebc7fcde720 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sun, 14 Sep 2025 18:50:28 +0000
Subject: [PATCH 104/166] 	modified:   package-lock.json 	modified:  
 package.json

---
 package-lock.json | 72 +++++++++++++++++++++++++++++++++++++++++++----
 package.json      |  2 +-
 2 files changed, 67 insertions(+), 7 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 707262fd..bf1f4597 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -36,7 +36,7 @@
                 "@react-email/render": "^1.2.0",
                 "@react-email/tailwind": "1.2.2",
                 "@simplewebauthn/browser": "^13.1.2",
-                "@simplewebauthn/server": "^13.1.2",
+                "@simplewebauthn/server": "^9.0.3",
                 "@tailwindcss/forms": "^0.5.10",
                 "@tanstack/react-table": "8.21.3",
                 "arctic": "^3.7.0",
@@ -5101,9 +5101,9 @@
             "license": "MIT"
         },
         "node_modules/@simplewebauthn/server": {
-            "version": "13.1.2",
-            "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-13.1.2.tgz",
-            "integrity": "sha512-VwoDfvLXSCaRiD+xCIuyslU0HLxVggeE5BL06+GbsP2l1fGf5op8e0c3ZtKoi+vSg1q4ikjtAghC23ze2Q3H9g==",
+            "version": "9.0.3",
+            "resolved": "https://registry.npmjs.org/@simplewebauthn/server/-/server-9.0.3.tgz",
+            "integrity": "sha512-FMZieoBosrVLFxCnxPFD9Enhd1U7D8nidVDT4MsHc6l4fdVcjoeHjDueeXCloO1k5O/fZg1fsSXXPKbY2XTzDA==",
             "license": "MIT",
             "dependencies": {
                 "@hexagon/base64": "^1.1.27",
@@ -5112,12 +5112,21 @@
                 "@peculiar/asn1-ecc": "^2.3.8",
                 "@peculiar/asn1-rsa": "^2.3.8",
                 "@peculiar/asn1-schema": "^2.3.8",
-                "@peculiar/asn1-x509": "^2.3.8"
+                "@peculiar/asn1-x509": "^2.3.8",
+                "@simplewebauthn/types": "^9.0.1",
+                "cross-fetch": "^4.0.0"
             },
             "engines": {
-                "node": ">=20.0.0"
+                "node": ">=16.0.0"
             }
         },
+        "node_modules/@simplewebauthn/types": {
+            "version": "9.0.1",
+            "resolved": "https://registry.npmjs.org/@simplewebauthn/types/-/types-9.0.1.tgz",
+            "integrity": "sha512-tGSRP1QvsAvsJmnOlRQyw/mvK9gnPtjEc5fg2+m8n+QUa+D7rvrKkOYyfpy42GTs90X3RDOnqJgfHt+qO67/+w==",
+            "deprecated": "Package no longer supported. Contact Support at https://www.npmjs.com/support for more info.",
+            "license": "MIT"
+        },
         "node_modules/@smithy/abort-controller": {
             "version": "4.1.1",
             "resolved": "https://registry.npmjs.org/@smithy/abort-controller/-/abort-controller-4.1.1.tgz",
@@ -8063,6 +8072,35 @@
                 "node": ">= 0.10"
             }
         },
+        "node_modules/cross-fetch": {
+            "version": "4.1.0",
+            "resolved": "https://registry.npmjs.org/cross-fetch/-/cross-fetch-4.1.0.tgz",
+            "integrity": "sha512-uKm5PU+MHTootlWEY+mZ4vvXoCn4fLQxT9dSc1sXVMSFkINTJVN8cAQROpwcKm8bJ/c7rgZVIBWzH5T78sNZZw==",
+            "license": "MIT",
+            "dependencies": {
+                "node-fetch": "^2.7.0"
+            }
+        },
+        "node_modules/cross-fetch/node_modules/node-fetch": {
+            "version": "2.7.0",
+            "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-2.7.0.tgz",
+            "integrity": "sha512-c4FRfUm/dbcWZ7U+1Wq0AwCyFL+3nt2bEw05wfxSz+DWpWsitgmSgYmy2dQdWyKC1694ELPqMs/YzUSNozLt8A==",
+            "license": "MIT",
+            "dependencies": {
+                "whatwg-url": "^5.0.0"
+            },
+            "engines": {
+                "node": "4.x || >=6.0.0"
+            },
+            "peerDependencies": {
+                "encoding": "^0.1.0"
+            },
+            "peerDependenciesMeta": {
+                "encoding": {
+                    "optional": true
+                }
+            }
+        },
         "node_modules/cross-spawn": {
             "version": "7.0.6",
             "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.6.tgz",
@@ -17458,6 +17496,12 @@
                 "node": ">=0.6"
             }
         },
+        "node_modules/tr46": {
+            "version": "0.0.3",
+            "resolved": "https://registry.npmjs.org/tr46/-/tr46-0.0.3.tgz",
+            "integrity": "sha512-N3WMsuqV66lT30CrXNbEjx4GEwlow3v6rr4mCcv6prnfwhS01rkgyFdjPNBYd9br7LpXV1+Emh01fHnq2Gdgrw==",
+            "license": "MIT"
+        },
         "node_modules/triple-beam": {
             "version": "1.4.1",
             "resolved": "https://registry.npmjs.org/triple-beam/-/triple-beam-1.4.1.tgz",
@@ -17973,6 +18017,22 @@
                 "node": ">= 8"
             }
         },
+        "node_modules/webidl-conversions": {
+            "version": "3.0.1",
+            "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-3.0.1.tgz",
+            "integrity": "sha512-2JAn3z8AR6rjK8Sm8orRC0h/bcl/DqL7tRPdGZ4I1CjdF+EaMLmYxBHyXuKL849eucPFhvBoxMsflfOb8kxaeQ==",
+            "license": "BSD-2-Clause"
+        },
+        "node_modules/whatwg-url": {
+            "version": "5.0.0",
+            "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-5.0.0.tgz",
+            "integrity": "sha512-saE57nupxk6v3HY35+jzBwYa0rKSy0XR8JSxZPwgLr7ys0IBzhGviA1/TUGJLmSVqs8pb9AnvICXEuOHLprYTw==",
+            "license": "MIT",
+            "dependencies": {
+                "tr46": "~0.0.3",
+                "webidl-conversions": "^3.0.0"
+            }
+        },
         "node_modules/which": {
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/which/-/which-4.0.0.tgz",
diff --git a/package.json b/package.json
index e87d7390..46122ed6 100644
--- a/package.json
+++ b/package.json
@@ -53,7 +53,7 @@
         "@react-email/render": "^1.2.0",
         "@react-email/tailwind": "1.2.2",
         "@simplewebauthn/browser": "^13.1.2",
-        "@simplewebauthn/server": "^13.1.2",
+        "@simplewebauthn/server": "^9.0.3",
         "@tailwindcss/forms": "^0.5.10",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",

From dec208cdeaa174059376e274096573f85f3548c2 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:12 -0700
Subject: [PATCH 105/166] New translations en-us.json (French)

---
 messages/fr-FR.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 1ccadb89..8b0529c6 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "L'entrée \"{sub}\" a été supprimée car elle n'est pas valide.",
     "domainPickerInvalidSubdomainCannotMakeValid": "La «{sub}» n'a pas pu être validée pour {domain}.",
     "domainPickerSubdomainSanitized": "Sous-domaine nettoyé",
-    "domainPickerSubdomainCorrected": "\"{sub}\" a été corrigé à \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" a été corrigé à \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From d46fa115a8a3fddfe32fb03ff8f801b71379a955 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:14 -0700
Subject: [PATCH 106/166] New translations en-us.json (Spanish)

---
 messages/es-ES.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/es-ES.json b/messages/es-ES.json
index 08cb32ab..156ae5f3 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "La entrada \"{sub}\" fue eliminada porque no es válida.",
     "domainPickerInvalidSubdomainCannotMakeValid": "No se ha podido hacer válido \"{sub}\" para {domain}.",
     "domainPickerSubdomainSanitized": "Subdominio saneado",
-    "domainPickerSubdomainCorrected": "\"{sub}\" fue corregido a \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" fue corregido a \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 4496610714c26388014b04a09e1751feaecb566f Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:15 -0700
Subject: [PATCH 107/166] New translations en-us.json (Bulgarian)

---
 messages/bg-BG.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index f8688445..e22d4e48 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
     "domainPickerSubdomainSanitized": "Subdomain sanitized",
-    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 451aa5ecfd07fe65e4d4232be4bee49976991cdc Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:16 -0700
Subject: [PATCH 108/166] New translations en-us.json (Czech)

---
 messages/cs-CZ.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index 0b99e527..92606f5e 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "The input \"{sub}\" was removed because it's not valid.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" could not be made valid for {domain}.",
     "domainPickerSubdomainSanitized": "Subdomain sanitized",
-    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From aac4a93550490ce30cb1be356acd5405ce5e1421 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:17 -0700
Subject: [PATCH 109/166] New translations en-us.json (German)

---
 messages/de-DE.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index 06f221cf..a3460e57 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "Die Eingabe \"{sub}\" wurde entfernt, weil sie nicht gültig ist.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" konnte nicht für {domain} gültig gemacht werden.",
     "domainPickerSubdomainSanitized": "Subdomain bereinigt",
-    "domainPickerSubdomainCorrected": "\"{sub}\" wurde korrigiert zu \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" wurde korrigiert zu \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From ef0bfc8844a866f7ba0393acf646261cbbb18407 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:19 -0700
Subject: [PATCH 110/166] New translations en-us.json (Italian)

---
 messages/it-IT.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/it-IT.json b/messages/it-IT.json
index 21c480ad..a3ae83b1 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "L'input \"{sub}\" è stato rimosso perché non è valido.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" non può essere reso valido per {domain}.",
     "domainPickerSubdomainSanitized": "Sottodominio igienizzato",
-    "domainPickerSubdomainCorrected": "\"{sub}\" è stato corretto in \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" è stato corretto in \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 2a04f58f0d4d695adbb584562a748359bc4884f6 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:20 -0700
Subject: [PATCH 111/166] New translations en-us.json (Korean)

---
 messages/ko-KR.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index b95bf34f..eaf31661 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "입력 \"{sub}\"이(가) 유효하지 않으므로 제거되었습니다.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\"을(를) {domain}에 대해 유효하게 만들 수 없습니다.",
     "domainPickerSubdomainSanitized": "하위 도메인 정리됨",
-    "domainPickerSubdomainCorrected": "\"{sub}\"이(가) \"{sanitized}\"로 수정되었습니다"
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\"이(가) \"{sanitized}\"로 수정되었습니다",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 30b6d4204780844ab07b8143c2271abb97e9009c Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:21 -0700
Subject: [PATCH 112/166] New translations en-us.json (Dutch)

---
 messages/nl-NL.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index c6c83995..2a74c53c 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "De invoer \"{sub}\" is verwijderd omdat het niet geldig is.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kon niet geldig worden gemaakt voor {domain}.",
     "domainPickerSubdomainSanitized": "Subdomein gesaniseerd",
-    "domainPickerSubdomainCorrected": "\"{sub}\" was gecorrigeerd op \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" was gecorrigeerd op \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From fa115b455d34df32df864b6643f9fbb6ae1cbca6 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:22 -0700
Subject: [PATCH 113/166] New translations en-us.json (Polish)

---
 messages/pl-PL.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index 547cc39b..ca62d325 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "Wejście \"{sub}\" zostało usunięte, ponieważ jest nieprawidłowe.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" nie może być poprawne dla {domain}.",
     "domainPickerSubdomainSanitized": "Poddomena oczyszczona",
-    "domainPickerSubdomainCorrected": "\"{sub}\" został skorygowany do \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" został skorygowany do \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 911faf98432d034cb2afc625cefdf6345718e83b Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:23 -0700
Subject: [PATCH 114/166] New translations en-us.json (Portuguese)

---
 messages/pt-PT.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 86584761..4c15bb04 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "A entrada \"{sub}\" foi removida porque ela não é válida.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" não pôde ser válido para {domain}.",
     "domainPickerSubdomainSanitized": "Subdomínio banalizado",
-    "domainPickerSubdomainCorrected": "\"{sub}\" foi corrigido para \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" foi corrigido para \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From f33a0d4fc89b6b6172b071e9e99bbf6832b79296 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:25 -0700
Subject: [PATCH 115/166] New translations en-us.json (Russian)

---
 messages/ru-RU.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index 37dad23f..1a7cddfe 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "Ввод \"{sub}\" был удален, потому что он недействителен.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" не может быть действительным для {domain}.",
     "domainPickerSubdomainSanitized": "Субдомен очищен",
-    "domainPickerSubdomainCorrected": "\"{sub}\" был исправлен на \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" был исправлен на \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From c74cc48b833624a5960eb49283fa2f3e0d059c08 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:26 -0700
Subject: [PATCH 116/166] New translations en-us.json (Turkish)

---
 messages/tr-TR.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index dd3b66a4..aed7ada0 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "Girdi \"{sub}\" geçersiz olduğu için kaldırıldı.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" {domain} için geçerli yapılamadı.",
     "domainPickerSubdomainSanitized": "Alt alan adı temizlendi",
-    "domainPickerSubdomainCorrected": "\"{sub}\" \"{sanitized}\" olarak düzeltildi"
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" \"{sanitized}\" olarak düzeltildi",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From ea01e019c78b933ca08170963afc18801ae8aab3 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:27 -0700
Subject: [PATCH 117/166] New translations en-us.json (Chinese Simplified)

---
 messages/zh-CN.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index e40297fb..1aacfbe9 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "输入 \"{sub}\" 已被移除，因为其无效。",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" 无法为 {domain} 变为有效。",
     "domainPickerSubdomainSanitized": "子域已净化",
-    "domainPickerSubdomainCorrected": "\"{sub}\" 已被更正为 \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" 已被更正为 \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 2e037d2c0fd0cc8648270f8dbb9fd0dd946761cb Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Thu, 11 Sep 2025 21:55:28 -0700
Subject: [PATCH 118/166] New translations en-us.json (Norwegian Bokmal)

---
 messages/nb-NO.json | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index 3990c5e2..e391cda9 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -1517,5 +1517,7 @@
     "domainPickerInvalidSubdomainRemoved": "Inndata \"{sub}\" ble fjernet fordi det ikke er gyldig.",
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kunne ikke gjøres gyldig for {domain}.",
     "domainPickerSubdomainSanitized": "Underdomenet som ble sanivert",
-    "domainPickerSubdomainCorrected": "\"{sub}\" var korrigert til \"{sanitized}\""
-}
+    "domainPickerSubdomainCorrected": "\"{sub}\" var korrigert til \"{sanitized}\"",
+    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+}
\ No newline at end of file

From 8d91fdb987d02eca0713d12611cc8726a9a8396a Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 14 Sep 2025 22:06:05 -0700
Subject: [PATCH 119/166] Adjust headers to work as name value

---
 blueprint.yaml                          | 6 ++++--
 server/lib/blueprints/proxyResources.ts | 6 ++----
 server/lib/blueprints/types.ts          | 7 ++++++-
 3 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/blueprint.yaml b/blueprint.yaml
index 53602c26..03c51521 100644
--- a/blueprint.yaml
+++ b/blueprint.yaml
@@ -32,8 +32,10 @@ proxy-resources:
       # whitelist-users:
       #   - owen@fossorial.io
     headers:
-      - X-Example-Header: example-value
-      - X-Another-Header: another-value
+      - name: X-Example-Header
+        value: example-value
+      - name: X-Another-Header
+        value: another-value
     rules:
       - action: allow
         match: ip
diff --git a/server/lib/blueprints/proxyResources.ts b/server/lib/blueprints/proxyResources.ts
index b8541518..6244fefa 100644
--- a/server/lib/blueprints/proxyResources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -138,10 +138,8 @@ export async function updateProxyResources(
                 ? true
                 : resourceData.ssl;
         let headers = "";
-        for (const headerObj of resourceData.headers || []) {
-            for (const [key, value] of Object.entries(headerObj)) {
-                headers += `${key}: ${value},`;
-            }
+        for (const header of resourceData.headers || []) {
+            headers += `${header.name}: ${header.value},`;
         }
         // if there are headers, remove the trailing comma
         if (headers.endsWith(",")) {
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index fe360e92..f11ffe1f 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -40,6 +40,11 @@ export const RuleSchema = z.object({
     value: z.string()
 });
 
+export const HeaderSchema = z.object({
+    name: z.string().min(1),
+    value: z.string().min(1)
+});
+
 // Schema for individual resource
 export const ResourceSchema = z
     .object({
@@ -53,7 +58,7 @@ export const ResourceSchema = z
         auth: AuthSchema.optional(),
         "host-header": z.string().optional(),
         "tls-server-name": z.string().optional(),
-        headers: z.array(z.record(z.string(), z.string())).optional().default([]),
+        headers: z.array(HeaderSchema).optional().default([]),
         rules: z.array(RuleSchema).optional().default([]),
     })
     .refine(

From cb80c6eca48258e1f206d13f8af5f58cc4535b64 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 15 Sep 2025 11:13:31 -0700
Subject: [PATCH 120/166] Add default to siteResources niceId

---
 server/setup/scriptsSqlite/1.10.0.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/setup/scriptsSqlite/1.10.0.ts b/server/setup/scriptsSqlite/1.10.0.ts
index 41833ac6..1ca7d322 100644
--- a/server/setup/scriptsSqlite/1.10.0.ts
+++ b/server/setup/scriptsSqlite/1.10.0.ts
@@ -32,11 +32,11 @@ export default async function migration() {
                 ALTER TABLE 'exitNodes' ADD 'region' text;
                 ALTER TABLE 'idpOidcConfig' ADD 'variant' text DEFAULT 'oidc' NOT NULL;
                 ALTER TABLE 'resources' ADD 'niceId' text DEFAULT '' NOT NULL;
+                ALTER TABLE 'siteResources' ADD 'niceId' text DEFAULT '' NOT NULL;
                 ALTER TABLE 'userOrgs' ADD 'autoProvisioned' integer DEFAULT false;
                 ALTER TABLE 'targets' ADD 'pathMatchType' text;
                 ALTER TABLE 'targets' ADD 'path' text;
                 ALTER TABLE 'resources' ADD 'headers' text;
-                ALTER TABLE 'siteResources' ADD 'niceId' text NOT NULL;
             `); // this diverges from the schema a bit because the schema does not have a default on niceId but was required for the migration and I dont think it will effect much down the line...
 
             const usedNiceIds: string[] = [];

From 47b1d52f67cdfcf869992ca515de77336fc86682 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc=20Sch=C3=A4fer?= <git@marcschaeferger.de>
Date: Mon, 15 Sep 2025 20:27:03 +0200
Subject: [PATCH 121/166] feat(sites): adding official kubernetes helm install
 command for newt

---
 .../[orgId]/settings/clients/create/page.tsx  |  8 ++++++
 .../[orgId]/settings/sites/create/page.tsx    | 25 ++++++++++++++++++-
 2 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/app/[orgId]/settings/clients/create/page.tsx b/src/app/[orgId]/settings/clients/create/page.tsx
index 0736ee64..9a1d5917 100644
--- a/src/app/[orgId]/settings/clients/create/page.tsx
+++ b/src/app/[orgId]/settings/clients/create/page.tsx
@@ -42,6 +42,10 @@ import {
     FaFreebsd,
     FaWindows
 } from "react-icons/fa";
+import { 
+    SiNixos,
+    SiKubernetes
+} from "react-icons/si";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
@@ -248,10 +252,14 @@ export default function Page() {
                 return <FaApple className="h-4 w-4 mr-2" />;
             case "docker":
                 return <FaDocker className="h-4 w-4 mr-2" />;
+            case "kubernetes":
+                return <SiKubernetes className="h-4 w-4 mr-2" />;
             case "podman":
                 return <FaCubes className="h-4 w-4 mr-2" />;
             case "freebsd":
                 return <FaFreebsd className="h-4 w-4 mr-2" />;
+            case "nixos":
+                return <SiNixos className="h-4 w-4 mr-2" />;
             default:
                 return <Terminal className="h-4 w-4 mr-2" />;
         }
diff --git a/src/app/[orgId]/settings/sites/create/page.tsx b/src/app/[orgId]/settings/sites/create/page.tsx
index b9e172a3..35756ab7 100644
--- a/src/app/[orgId]/settings/sites/create/page.tsx
+++ b/src/app/[orgId]/settings/sites/create/page.tsx
@@ -42,7 +42,10 @@ import {
     FaFreebsd,
     FaWindows
 } from "react-icons/fa";
-import { SiNixos } from "react-icons/si";
+import { 
+    SiNixos,
+    SiKubernetes
+} from "react-icons/si";
 import { Checkbox, CheckboxWithLabel } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { generateKeypair } from "../[niceId]/wireguardConfig";
@@ -76,6 +79,7 @@ type Commands = {
     freebsd: Record<string, string[]>;
     windows: Record<string, string[]>;
     docker: Record<string, string[]>;
+    kubernetes: Record<string, string[]>;
     podman: Record<string, string[]>;
     nixos: Record<string, string[]>;
 };
@@ -83,6 +87,7 @@ type Commands = {
 const platforms = [
     "linux",
     "docker",
+    "kubernetes",
     "podman",
     "mac",
     "windows",
@@ -277,6 +282,18 @@ PersistentKeepalive = 5`;
                     `docker run -dit fosrl/newt --id ${id} --secret ${secret} --endpoint ${endpoint}${acceptClientsFlag}`
                 ]
             },
+            kubernetes: {
+                "Helm Chart": [
+                    `helm repo add fossorial https://charts.fossorial.io`,
+                    `helm repo update fossorial`,
+                    `helm install newt fossorial/newt \\
+    --create-namespace \\
+    --set newtInstances[0].name="main-tunnel" \\
+    --set-string newtInstances[0].auth.keys.endpointKey="${endpoint}" \\
+    --set-string newtInstances[0].auth.keys.idKey="${id}" \\
+    --set-string newtInstances[0].auth.keys.secretKey="${secret}"`
+                ]
+            },
             podman: {
                 "Podman Quadlet": [
                     `[Unit]
@@ -324,6 +341,8 @@ WantedBy=default.target`
                 return ["x64"];
             case "docker":
                 return ["Docker Compose", "Docker Run"];
+            case "kubernetes":
+                return ["Helm Chart"];
             case "podman":
                 return ["Podman Quadlet", "Podman Run"];
             case "freebsd":
@@ -345,6 +364,8 @@ WantedBy=default.target`
                 return "macOS";
             case "docker":
                 return "Docker";
+            case "kubernetes":
+                return "Kubernetes";
             case "podman":
                 return "Podman";
             case "freebsd":
@@ -391,6 +412,8 @@ WantedBy=default.target`
                 return <FaApple className="h-4 w-4 mr-2" />;
             case "docker":
                 return <FaDocker className="h-4 w-4 mr-2" />;
+            case "kubernetes":
+                return <SiKubernetes className="h-4 w-4 mr-2" />;
             case "podman":
                 return <FaCubes className="h-4 w-4 mr-2" />;
             case "freebsd":

From f7293a393335973ace165d38546fc8bd1a8a841d Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 15 Sep 2025 14:17:41 -0700
Subject: [PATCH 122/166] Adjust default to prefix

---
 src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx | 4 ++--
 src/app/[orgId]/settings/resources/create/page.tsx         | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index b9c45b8b..88a76dd3 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -589,7 +589,7 @@ export default function ReverseProxyTargets(props: {
                 return (
                     <div className="flex gap-2 min-w-[200px] items-center">
                         <Select
-                            defaultValue={row.original.pathMatchType || "exact"}
+                            defaultValue={row.original.pathMatchType || "prefix"}
                             onValueChange={(value) =>
                                 updateTarget(row.original.targetId, {
                                     ...row.original,
@@ -601,8 +601,8 @@ export default function ReverseProxyTargets(props: {
                                 <SelectValue />
                             </SelectTrigger>
                             <SelectContent>
-                                <SelectItem value="exact">Exact</SelectItem>
                                 <SelectItem value="prefix">Prefix</SelectItem>
+                                <SelectItem value="exact">Exact</SelectItem>
                                 <SelectItem value="regex">Regex</SelectItem>
                             </SelectContent>
                         </Select>
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 83d94cd4..e2511c8d 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -557,7 +557,7 @@ export default function Page() {
                 return (
                     <div className="flex gap-2 min-w-[200px] items-center">
                         <Select
-                            defaultValue={row.original.pathMatchType || "exact"}
+                            defaultValue={row.original.pathMatchType || "prefix"}
                             onValueChange={(value) =>
                                 updateTarget(row.original.targetId, {
                                     ...row.original,
@@ -569,8 +569,8 @@ export default function Page() {
                                 <SelectValue />
                             </SelectTrigger>
                             <SelectContent>
-                                <SelectItem value="exact">Exact</SelectItem>
                                 <SelectItem value="prefix">Prefix</SelectItem>
+                                <SelectItem value="exact">Exact</SelectItem>
                                 <SelectItem value="regex">Regex</SelectItem>
                             </SelectContent>
                         </Select>

From 476cd915ab8ca0afda41a1e9388aa6d37f5d69e4 Mon Sep 17 00:00:00 2001
From: Pallavi <pallavilpmt1995@gmail.com>
Date: Thu, 4 Sep 2025 01:10:55 +0530
Subject: [PATCH 123/166] Enter key handling & hostname field reset in resource
 create

---
 .../settings/resources/create/page.tsx        | 58 ++++++++++++++-----
 .../[orgId]/settings/sites/create/page.tsx    |  5 ++
 2 files changed, 49 insertions(+), 14 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index e2511c8d..6089ee4c 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -755,19 +755,29 @@ export default function Page() {
                     defaultValue={row.original.ip}
                     className="min-w-[150px]"
                     onBlur={(e) => {
-                        const parsed = parseHostTarget(e.target.value);
+                        const input = e.target.value.trim();
+                        const hasProtocol = /^(https?|h2c):\/\//.test(input);
+                        const hasPort = /:\d+(?:\/|$)/.test(input);
 
-                        if (parsed) {
-                            updateTarget(row.original.targetId, {
-                                ...row.original,
-                                method: parsed.protocol,
-                                ip: parsed.host,
-                                port: parsed.port ? Number(parsed.port) : undefined,
-                            });
+                        if (hasProtocol || hasPort) {
+                            const parsed = parseHostTarget(input);
+                            if (parsed) {
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    method: hasProtocol ? parsed.protocol : row.original.method,
+                                    ip: parsed.host,
+                                    port: hasPort ? parsed.port : row.original.port
+                                });
+                            } else {
+                                updateTarget(row.original.targetId, {
+                                    ...row.original,
+                                    ip: input
+                                });
+                            }
                         } else {
                             updateTarget(row.original.targetId, {
                                 ...row.original,
-                                ip: e.target.value,
+                                ip: input
                             });
                         }
                     }}
@@ -869,6 +879,11 @@ export default function Page() {
                                     <SettingsSectionForm>
                                         <Form {...baseForm}>
                                             <form
+                                                onKeyDown={(e) => {
+                                                    if (e.key === "Enter") {
+                                                        e.preventDefault(); // block default enter refresh
+                                                    }
+                                                }}
                                                 className="space-y-4"
                                                 id="base-resource-form"
                                             >
@@ -981,6 +996,11 @@ export default function Page() {
                                         <SettingsSectionForm>
                                             <Form {...tcpUdpForm}>
                                                 <form
+                                                    onKeyDown={(e) => {
+                                                        if (e.key === "Enter") {
+                                                            e.preventDefault(); // block default enter refresh
+                                                        }
+                                                    }}
                                                     className="space-y-4"
                                                     id="tcp-udp-settings-form"
                                                 >
@@ -1329,11 +1349,21 @@ export default function Page() {
                                                                         id="ip"
                                                                         {...field}
                                                                         onBlur={(e) => {
-                                                                            const parsed = parseHostTarget(e.target.value);
-                                                                            if (parsed) {
-                                                                                addTargetForm.setValue("method", parsed.protocol);
-                                                                                addTargetForm.setValue("ip", parsed.host);
-                                                                                addTargetForm.setValue("port", parsed.port);
+                                                                            const input = e.target.value.trim();
+                                                                            const hasProtocol = /^(https?|h2c):\/\//.test(input);
+                                                                            const hasPort = /:\d+(?:\/|$)/.test(input);
+
+                                                                            if (hasProtocol || hasPort) {
+                                                                                const parsed = parseHostTarget(input);
+                                                                                if (parsed) {
+                                                                                    if (hasProtocol || !addTargetForm.getValues("method")) {
+                                                                                        addTargetForm.setValue("method", parsed.protocol);
+                                                                                    }
+                                                                                    addTargetForm.setValue("ip", parsed.host);
+                                                                                    if (hasPort || !addTargetForm.getValues("port")) {
+                                                                                        addTargetForm.setValue("port", parsed.port);
+                                                                                    }
+                                                                                }
                                                                             } else {
                                                                                 field.onBlur();
                                                                             }
diff --git a/src/app/[orgId]/settings/sites/create/page.tsx b/src/app/[orgId]/settings/sites/create/page.tsx
index 35756ab7..2e5d4e45 100644
--- a/src/app/[orgId]/settings/sites/create/page.tsx
+++ b/src/app/[orgId]/settings/sites/create/page.tsx
@@ -643,6 +643,11 @@ WantedBy=default.target`
                                 <SettingsSectionForm>
                                     <Form {...form}>
                                         <form
+                                            onKeyDown={(e) => {
+                                                if (e.key === "Enter") {
+                                                    e.preventDefault(); // block default enter refresh
+                                                }
+                                            }}
                                             className="space-y-4"
                                             id="create-site-form"
                                         >

From 4a35189c1875e8075141296ac50c53db227eeeb9 Mon Sep 17 00:00:00 2001
From: Pallavi <pallavilpmt1995@gmail.com>
Date: Thu, 4 Sep 2025 02:23:22 +0530
Subject: [PATCH 124/166] fix enter key reload issue

---
 src/app/[orgId]/settings/api-keys/create/page.tsx | 5 +++++
 src/app/[orgId]/settings/clients/create/page.tsx  | 5 +++++
 src/app/admin/api-keys/create/page.tsx            | 5 +++++
 3 files changed, 15 insertions(+)

diff --git a/src/app/[orgId]/settings/api-keys/create/page.tsx b/src/app/[orgId]/settings/api-keys/create/page.tsx
index 82a7915c..57822a26 100644
--- a/src/app/[orgId]/settings/api-keys/create/page.tsx
+++ b/src/app/[orgId]/settings/api-keys/create/page.tsx
@@ -210,6 +210,11 @@ export default function Page() {
                                         <SettingsSectionForm>
                                             <Form {...form}>
                                                 <form
+                                                    onKeyDown={(e) => {
+                                                        if (e.key === "Enter") {
+                                                            e.preventDefault(); // block default enter refresh
+                                                        }
+                                                    }}
                                                     className="space-y-4"
                                                     id="create-site-form"
                                                 >
diff --git a/src/app/[orgId]/settings/clients/create/page.tsx b/src/app/[orgId]/settings/clients/create/page.tsx
index 9a1d5917..ac2a1c66 100644
--- a/src/app/[orgId]/settings/clients/create/page.tsx
+++ b/src/app/[orgId]/settings/clients/create/page.tsx
@@ -448,6 +448,11 @@ export default function Page() {
                                 <SettingsSectionForm>
                                     <Form {...form}>
                                         <form
+                                            onKeyDown={(e) => {
+                                                if (e.key === "Enter") {
+                                                    e.preventDefault(); // block default enter refresh
+                                                }
+                                            }}
                                             className="space-y-4"
                                             id="create-client-form"
                                         >
diff --git a/src/app/admin/api-keys/create/page.tsx b/src/app/admin/api-keys/create/page.tsx
index 2f95c7fd..b5a61306 100644
--- a/src/app/admin/api-keys/create/page.tsx
+++ b/src/app/admin/api-keys/create/page.tsx
@@ -200,6 +200,11 @@ export default function Page() {
                                         <SettingsSectionForm>
                                             <Form {...form}>
                                                 <form
+                                                    onKeyDown={(e) => {
+                                                        if (e.key === "Enter") {
+                                                            e.preventDefault(); // block default enter refresh
+                                                        }
+                                                    }}
                                                     className="space-y-4"
                                                     id="create-site-form"
                                                 >

From 98cb271d268579acece30d8b4cd230300858c7f9 Mon Sep 17 00:00:00 2001
From: Pallavi <pallavilpmt1995@gmail.com>
Date: Fri, 5 Sep 2025 20:39:50 +0530
Subject: [PATCH 125/166] minor fix to domain sanitize when create resources

---
 .../[orgId]/settings/resources/create/page.tsx    | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 6089ee4c..404c91f0 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -91,6 +91,8 @@ import { DockerManager, DockerState } from "@app/lib/docker";
 import { parseHostTarget } from "@app/lib/parseHostTarget";
 import { toASCII, toUnicode } from 'punycode';
 import { DomainRow } from "../../../../../components/DomainsTable";
+import { finalizeSubdomainSanitize } from "@app/lib/subdomain-utils";
+
 
 const baseResourceFormSchema = z.object({
     name: z.string().min(1).max(255),
@@ -366,10 +368,17 @@ export default function Page() {
                 http: baseData.http
             };
 
+            let sanitizedSubdomain: string | undefined;
+
             if (isHttp) {
                 const httpData = httpForm.getValues();
+
+                sanitizedSubdomain = httpData.subdomain
+                    ? finalizeSubdomainSanitize(httpData.subdomain)
+                    : undefined;
+
                 Object.assign(payload, {
-                    subdomain: httpData.subdomain ? toASCII(httpData.subdomain) : undefined,
+                    subdomain: sanitizedSubdomain ? toASCII(sanitizedSubdomain) : undefined,
                     domainId: httpData.domainId,
                     protocol: "tcp"
                 });
@@ -401,6 +410,10 @@ export default function Page() {
                 const id = res.data.data.resourceId;
                 setResourceId(id);
 
+                toast({
+                    description: `Subdomain: ${sanitizedSubdomain}`,
+                });
+
                 // Create targets if any exist
                 if (targets.length > 0) {
                     try {

From 32f7d9f527ea9e09fc5237cf58e778eeee35bd97 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 15 Sep 2025 14:32:36 -0700
Subject: [PATCH 126/166] Remove toast

---
 src/app/[orgId]/settings/resources/create/page.tsx | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 404c91f0..60837c8e 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -410,10 +410,6 @@ export default function Page() {
                 const id = res.data.data.resourceId;
                 setResourceId(id);
 
-                toast({
-                    description: `Subdomain: ${sanitizedSubdomain}`,
-                });
-
                 // Create targets if any exist
                 if (targets.length > 0) {
                     try {

From 1f0de303cf4b9a608cc66b80461000ddd0b5ebe6 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:23 -0700
Subject: [PATCH 127/166] New translations en-us.json (French)

---
 messages/fr-FR.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 8b0529c6..13228c7c 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Format d'adresse IP invalide",
     "ipAddressErrorInvalidOctet": "Octet d'adresse IP invalide",
     "path": "Chemin",
+    "matchPath": "Chemin de correspondance",
     "ipAddressRange": "Plage IP",
     "rulesErrorFetch": "Échec de la récupération des règles",
     "rulesErrorFetchDescription": "Une erreur s'est produite lors de la récupération des règles",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Supprimer un site",
     "actionGetSite": "Obtenir un site",
     "actionListSites": "Lister les sites",
+    "actionApplyBlueprint": "Appliquer le Plan",
     "setupToken": "Jeton de configuration",
     "setupTokenDescription": "Entrez le jeton de configuration depuis la console du serveur.",
     "setupTokenRequired": "Le jeton de configuration est requis.",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Licence",
     "sidebarClients": "Clients (Bêta)",
     "sidebarDomains": "Domaines",
-    "enableDockerSocket": "Activer Docker Socket",
-    "enableDockerSocketDescription": "Activer la découverte Docker Socket pour remplir les informations du conteneur. Le chemin du socket doit être fourni à Newt.",
+    "enableDockerSocket": "Activer le Plan Docker",
+    "enableDockerSocketDescription": "Activer le ramassage d'étiquettes de socket Docker pour les étiquettes de plan. Le chemin de socket doit être fourni à Newt.",
     "enableDockerSocketLink": "En savoir plus",
     "viewDockerContainers": "Voir les conteneurs Docker",
     "containersIn": "Conteneurs en {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocole",
     "editInternalResourceDialogSitePort": "Port du site",
     "editInternalResourceDialogTargetConfiguration": "Configuration de la cible",
-    "editInternalResourceDialogDestinationIP": "IP de destination",
-    "editInternalResourceDialogDestinationPort": "Port de destination",
     "editInternalResourceDialogCancel": "Abandonner",
     "editInternalResourceDialogSaveResource": "Enregistrer la ressource",
     "editInternalResourceDialogSuccess": "Succès",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Port du site",
     "createInternalResourceDialogSitePortDescription": "Utilisez ce port pour accéder à la ressource sur le site lors de la connexion avec un client.",
     "createInternalResourceDialogTargetConfiguration": "Configuration de la cible",
-    "createInternalResourceDialogDestinationIP": "IP de destination",
-    "createInternalResourceDialogDestinationIPDescription": "L'adresse IP de la ressource sur le réseau du site.",
-    "createInternalResourceDialogDestinationPort": "Port de destination",
+    "createInternalResourceDialogDestinationIPDescription": "L'adresse IP ou le nom d'hôte de la ressource sur le réseau du site.",
     "createInternalResourceDialogDestinationPortDescription": "Le port sur l'IP de destination où la ressource est accessible.",
     "createInternalResourceDialogCancel": "Abandonner",
     "createInternalResourceDialogCreateResource": "Créer une ressource",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Sera stocké comme :",
     "idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "En-têtes personnalisés",
+    "customHeadersDescription": "Nouvelles lignes séparées des en-têtes : Nom de l'en-tête : valeur.",
+    "headersValidationError": "Les entêtes doivent être au format : Header-Name: valeur.",
     "domainPickerProvidedDomain": "Domaine fourni",
     "domainPickerFreeProvidedDomain": "Domaine fourni gratuitement",
     "domainPickerVerified": "Vérifié",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "La «{sub}» n'a pas pu être validée pour {domain}.",
     "domainPickerSubdomainSanitized": "Sous-domaine nettoyé",
     "domainPickerSubdomainCorrected": "\"{sub}\" a été corrigé à \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Modifier le fichier : config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Modifier le fichier : docker-compose.yml"
 }
\ No newline at end of file

From fbd1534ed337c0fa66455b11184cce90cec5035b Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:25 -0700
Subject: [PATCH 128/166] New translations en-us.json (Spanish)

---
 messages/es-ES.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/es-ES.json b/messages/es-ES.json
index 156ae5f3..2dbd6483 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Formato de dirección IP inválido",
     "ipAddressErrorInvalidOctet": "Octet de dirección IP no válido",
     "path": "Ruta",
+    "matchPath": "Coincidir ruta",
     "ipAddressRange": "Rango IP",
     "rulesErrorFetch": "Error al obtener las reglas",
     "rulesErrorFetchDescription": "Se ha producido un error al recuperar las reglas",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Eliminar sitio",
     "actionGetSite": "Obtener sitio",
     "actionListSites": "Listar sitios",
+    "actionApplyBlueprint": "Aplicar plano",
     "setupToken": "Configuración de token",
     "setupTokenDescription": "Ingrese el token de configuración desde la consola del servidor.",
     "setupTokenRequired": "Se requiere el token de configuración",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Licencia",
     "sidebarClients": "Clientes (Beta)",
     "sidebarDomains": "Dominios",
-    "enableDockerSocket": "Habilitar conector Docker",
-    "enableDockerSocketDescription": "Habilitar el descubrimiento de Docker Socket para completar la información del contenedor. La ruta del socket debe proporcionarse a Newt.",
+    "enableDockerSocket": "Habilitar Plano Docker",
+    "enableDockerSocketDescription": "Activar el raspado de etiquetas de Socket Docker para etiquetas de planos. La ruta del Socket debe proporcionarse a Newt.",
     "enableDockerSocketLink": "Saber más",
     "viewDockerContainers": "Ver contenedores Docker",
     "containersIn": "Contenedores en {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocolo",
     "editInternalResourceDialogSitePort": "Puerto del sitio",
     "editInternalResourceDialogTargetConfiguration": "Configuración de objetivos",
-    "editInternalResourceDialogDestinationIP": "IP de destino",
-    "editInternalResourceDialogDestinationPort": "Puerto de destino",
     "editInternalResourceDialogCancel": "Cancelar",
     "editInternalResourceDialogSaveResource": "Guardar recurso",
     "editInternalResourceDialogSuccess": "Éxito",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Puerto del sitio",
     "createInternalResourceDialogSitePortDescription": "Use este puerto para acceder al recurso en el sitio cuando se conecta con un cliente.",
     "createInternalResourceDialogTargetConfiguration": "Configuración de objetivos",
-    "createInternalResourceDialogDestinationIP": "IP de destino",
-    "createInternalResourceDialogDestinationIPDescription": "La dirección IP del recurso en la red del sitio.",
-    "createInternalResourceDialogDestinationPort": "Puerto de destino",
+    "createInternalResourceDialogDestinationIPDescription": "La dirección IP o nombre de host del recurso en la red del sitio.",
     "createInternalResourceDialogDestinationPortDescription": "El puerto en la IP de destino donde el recurso es accesible.",
     "createInternalResourceDialogCancel": "Cancelar",
     "createInternalResourceDialogCreateResource": "Crear recurso",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Se almacenará como:",
     "idpGoogleDescription": "Proveedor OAuth2/OIDC de Google",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Cabeceras personalizadas",
+    "customHeadersDescription": "Nueva línea de cabeceras separada: Nombre de cabecera: valor.",
+    "headersValidationError": "Los encabezados deben estar en el formato: Nombre de cabecera: valor.",
     "domainPickerProvidedDomain": "Dominio proporcionado",
     "domainPickerFreeProvidedDomain": "Dominio proporcionado gratis",
     "domainPickerVerified": "Verificado",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "No se ha podido hacer válido \"{sub}\" para {domain}.",
     "domainPickerSubdomainSanitized": "Subdominio saneado",
     "domainPickerSubdomainCorrected": "\"{sub}\" fue corregido a \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Editar archivo: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Editar archivo: docker-compose.yml"
 }
\ No newline at end of file

From e55bc279922baa6c7538d67016f3fdd1f602c1bb Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:26 -0700
Subject: [PATCH 129/166] New translations en-us.json (Bulgarian)

---
 messages/bg-BG.json | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index e22d4e48..70aa50ea 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Invalid IP address format",
     "ipAddressErrorInvalidOctet": "Invalid IP address octet",
     "path": "Path",
+    "matchPath": "Match Path",
     "ipAddressRange": "IP Range",
     "rulesErrorFetch": "Failed to fetch rules",
     "rulesErrorFetchDescription": "An error occurred while fetching rules",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Delete Site",
     "actionGetSite": "Get Site",
     "actionListSites": "List Sites",
+    "actionApplyBlueprint": "Apply Blueprint",
     "setupToken": "Setup Token",
     "setupTokenDescription": "Enter the setup token from the server console.",
     "setupTokenRequired": "Setup token is required",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "License",
     "sidebarClients": "Clients (Beta)",
     "sidebarDomains": "Domains",
-    "enableDockerSocket": "Enable Docker Socket",
-    "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.",
+    "enableDockerSocket": "Enable Docker Blueprint",
+    "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to Newt.",
     "enableDockerSocketLink": "Learn More",
     "viewDockerContainers": "View Docker Containers",
     "containersIn": "Containers in {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocol",
     "editInternalResourceDialogSitePort": "Site Port",
     "editInternalResourceDialogTargetConfiguration": "Target Configuration",
-    "editInternalResourceDialogDestinationIP": "Destination IP",
-    "editInternalResourceDialogDestinationPort": "Destination Port",
     "editInternalResourceDialogCancel": "Cancel",
     "editInternalResourceDialogSaveResource": "Save Resource",
     "editInternalResourceDialogSuccess": "Success",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Site Port",
     "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.",
     "createInternalResourceDialogTargetConfiguration": "Target Configuration",
-    "createInternalResourceDialogDestinationIP": "Destination IP",
-    "createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.",
-    "createInternalResourceDialogDestinationPort": "Destination Port",
+    "createInternalResourceDialogDestinationIPDescription": "The IP or hostname address of the resource on the site's network.",
     "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.",
     "createInternalResourceDialogCancel": "Cancel",
     "createInternalResourceDialogCreateResource": "Create Resource",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Will be stored as:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Custom Headers",
+    "customHeadersDescription": "Headers new line separated: Header-Name: value.",
+    "headersValidationError": "Headers must be in the format: Header-Name: value.",
     "domainPickerProvidedDomain": "Provided Domain",
     "domainPickerFreeProvidedDomain": "Free Provided Domain",
     "domainPickerVerified": "Verified",

From 5ba9bcd7ba400a931aeb4413200c8f30b7bcc72d Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:27 -0700
Subject: [PATCH 130/166] New translations en-us.json (Czech)

---
 messages/cs-CZ.json | 15 ++++++++-------
 1 file changed, 8 insertions(+), 7 deletions(-)

diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index 92606f5e..3c2b11a1 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Invalid IP address format",
     "ipAddressErrorInvalidOctet": "Invalid IP address octet",
     "path": "Path",
+    "matchPath": "Match Path",
     "ipAddressRange": "IP Range",
     "rulesErrorFetch": "Failed to fetch rules",
     "rulesErrorFetchDescription": "An error occurred while fetching rules",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Delete Site",
     "actionGetSite": "Get Site",
     "actionListSites": "List Sites",
+    "actionApplyBlueprint": "Apply Blueprint",
     "setupToken": "Setup Token",
     "setupTokenDescription": "Enter the setup token from the server console.",
     "setupTokenRequired": "Setup token is required",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "License",
     "sidebarClients": "Clients (Beta)",
     "sidebarDomains": "Domains",
-    "enableDockerSocket": "Enable Docker Socket",
-    "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.",
+    "enableDockerSocket": "Enable Docker Blueprint",
+    "enableDockerSocketDescription": "Enable Docker Socket label scraping for blueprint labels. Socket path must be provided to Newt.",
     "enableDockerSocketLink": "Learn More",
     "viewDockerContainers": "View Docker Containers",
     "containersIn": "Containers in {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocol",
     "editInternalResourceDialogSitePort": "Site Port",
     "editInternalResourceDialogTargetConfiguration": "Target Configuration",
-    "editInternalResourceDialogDestinationIP": "Destination IP",
-    "editInternalResourceDialogDestinationPort": "Destination Port",
     "editInternalResourceDialogCancel": "Cancel",
     "editInternalResourceDialogSaveResource": "Save Resource",
     "editInternalResourceDialogSuccess": "Success",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Site Port",
     "createInternalResourceDialogSitePortDescription": "Use this port to access the resource on the site when connected with a client.",
     "createInternalResourceDialogTargetConfiguration": "Target Configuration",
-    "createInternalResourceDialogDestinationIP": "Destination IP",
-    "createInternalResourceDialogDestinationIPDescription": "The IP address of the resource on the site's network.",
-    "createInternalResourceDialogDestinationPort": "Destination Port",
+    "createInternalResourceDialogDestinationIPDescription": "The IP or hostname address of the resource on the site's network.",
     "createInternalResourceDialogDestinationPortDescription": "The port on the destination IP where the resource is accessible.",
     "createInternalResourceDialogCancel": "Cancel",
     "createInternalResourceDialogCreateResource": "Create Resource",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Will be stored as:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Custom Headers",
+    "customHeadersDescription": "Headers new line separated: Header-Name: value.",
+    "headersValidationError": "Headers must be in the format: Header-Name: value.",
     "domainPickerProvidedDomain": "Provided Domain",
     "domainPickerFreeProvidedDomain": "Free Provided Domain",
     "domainPickerVerified": "Verified",

From 8aa92176cbe03a8b37252095f95f56f88cbbe855 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:28 -0700
Subject: [PATCH 131/166] New translations en-us.json (German)

---
 messages/de-DE.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index a3460e57..1b71c3ff 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Ungültiges IP-Adressformat",
     "ipAddressErrorInvalidOctet": "Ungültiges IP-Adress-Oktett",
     "path": "Pfad",
+    "matchPath": "Spielpfad",
     "ipAddressRange": "IP-Bereich",
     "rulesErrorFetch": "Fehler beim Abrufen der Regeln",
     "rulesErrorFetchDescription": "Beim Abrufen der Regeln ist ein Fehler aufgetreten",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Standort löschen",
     "actionGetSite": "Standort abrufen",
     "actionListSites": "Standorte auflisten",
+    "actionApplyBlueprint": "Blaupause anwenden",
     "setupToken": "Setup-Token",
     "setupTokenDescription": "Geben Sie das Setup-Token von der Serverkonsole ein.",
     "setupTokenRequired": "Setup-Token ist erforderlich",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Lizenz",
     "sidebarClients": "Clients (Beta)",
     "sidebarDomains": "Domains",
-    "enableDockerSocket": "Docker Socket aktivieren",
-    "enableDockerSocketDescription": "Docker Socket-Erkennung aktivieren, um Container-Informationen zu befüllen. Socket-Pfad muss Newt bereitgestellt werden.",
+    "enableDockerSocket": "Docker Blaupause aktivieren",
+    "enableDockerSocketDescription": "Aktiviere Docker-Socket-Label-Scraping für Blaupausenbeschriftungen. Der Socket-Pfad muss neu angegeben werden.",
     "enableDockerSocketLink": "Mehr erfahren",
     "viewDockerContainers": "Docker Container anzeigen",
     "containersIn": "Container in {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protokoll",
     "editInternalResourceDialogSitePort": "Site-Port",
     "editInternalResourceDialogTargetConfiguration": "Zielkonfiguration",
-    "editInternalResourceDialogDestinationIP": "Ziel-IP",
-    "editInternalResourceDialogDestinationPort": "Ziel-Port",
     "editInternalResourceDialogCancel": "Abbrechen",
     "editInternalResourceDialogSaveResource": "Ressource speichern",
     "editInternalResourceDialogSuccess": "Erfolg",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Site-Port",
     "createInternalResourceDialogSitePortDescription": "Verwenden Sie diesen Port, um bei Verbindung mit einem Client auf die Ressource an der Site zuzugreifen.",
     "createInternalResourceDialogTargetConfiguration": "Zielkonfiguration",
-    "createInternalResourceDialogDestinationIP": "Ziel-IP",
-    "createInternalResourceDialogDestinationIPDescription": "Die IP-Adresse der Ressource im Netzwerkstandort der Site.",
-    "createInternalResourceDialogDestinationPort": "Ziel-Port",
+    "createInternalResourceDialogDestinationIPDescription": "Die IP-Adresse oder Hostname Adresse der Ressource im Netzwerk der Website.",
     "createInternalResourceDialogDestinationPortDescription": "Der Port auf der Ziel-IP, unter dem die Ressource zugänglich ist.",
     "createInternalResourceDialogCancel": "Abbrechen",
     "createInternalResourceDialogCreateResource": "Ressource erstellen",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Wird gespeichert als:",
     "idpGoogleDescription": "Google OAuth2/OIDC Provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Eigene Kopfzeilen",
+    "customHeadersDescription": "Header neue Zeile getrennt: Kopfname: Wert.",
+    "headersValidationError": "Header müssen im Format Header-Name: Wert sein.",
     "domainPickerProvidedDomain": "Angegebene Domain",
     "domainPickerFreeProvidedDomain": "Kostenlose Domain",
     "domainPickerVerified": "Verifiziert",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" konnte nicht für {domain} gültig gemacht werden.",
     "domainPickerSubdomainSanitized": "Subdomain bereinigt",
     "domainPickerSubdomainCorrected": "\"{sub}\" wurde korrigiert zu \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Datei bearbeiten: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Datei bearbeiten: docker-compose.yml"
 }
\ No newline at end of file

From a60038b79b03c96ba48e15ea99dc2845b79568e5 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:30 -0700
Subject: [PATCH 132/166] New translations en-us.json (Italian)

---
 messages/it-IT.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/it-IT.json b/messages/it-IT.json
index a3ae83b1..d3593559 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Formato indirizzo IP non valido",
     "ipAddressErrorInvalidOctet": "Ottetto indirizzo IP non valido",
     "path": "Percorso",
+    "matchPath": "Corrispondenza Tracciato",
     "ipAddressRange": "Intervallo IP",
     "rulesErrorFetch": "Impossibile recuperare le regole",
     "rulesErrorFetchDescription": "Si è verificato un errore durante il recupero delle regole",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Elimina Sito",
     "actionGetSite": "Ottieni Sito",
     "actionListSites": "Elenca Siti",
+    "actionApplyBlueprint": "Applica Progetto",
     "setupToken": "Configura Token",
     "setupTokenDescription": "Inserisci il token di configurazione dalla console del server.",
     "setupTokenRequired": "Il token di configurazione è richiesto",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Licenza",
     "sidebarClients": "Clienti (Beta)",
     "sidebarDomains": "Domini",
-    "enableDockerSocket": "Abilita Docker Socket",
-    "enableDockerSocketDescription": "Abilita il rilevamento Docker Socket per popolare le informazioni del contenitore. Il percorso del socket deve essere fornito a Newt.",
+    "enableDockerSocket": "Abilita Progetto Docker",
+    "enableDockerSocketDescription": "Abilita la raschiatura dell'etichetta Docker Socket per le etichette dei progetti. Il percorso del socket deve essere fornito a Newt.",
     "enableDockerSocketLink": "Scopri di più",
     "viewDockerContainers": "Visualizza Contenitori Docker",
     "containersIn": "Contenitori in {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocollo",
     "editInternalResourceDialogSitePort": "Porta del Sito",
     "editInternalResourceDialogTargetConfiguration": "Configurazione Target",
-    "editInternalResourceDialogDestinationIP": "IP di Destinazione",
-    "editInternalResourceDialogDestinationPort": "Porta di Destinazione",
     "editInternalResourceDialogCancel": "Annulla",
     "editInternalResourceDialogSaveResource": "Salva Risorsa",
     "editInternalResourceDialogSuccess": "Successo",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Porta del Sito",
     "createInternalResourceDialogSitePortDescription": "Usa questa porta per accedere alla risorsa nel sito quando sei connesso con un client.",
     "createInternalResourceDialogTargetConfiguration": "Configurazione Target",
-    "createInternalResourceDialogDestinationIP": "IP di Destinazione",
-    "createInternalResourceDialogDestinationIPDescription": "L'indirizzo IP della risorsa sulla rete del sito.",
-    "createInternalResourceDialogDestinationPort": "Porta di Destinazione",
+    "createInternalResourceDialogDestinationIPDescription": "L'indirizzo IP o hostname della risorsa nella rete del sito.",
     "createInternalResourceDialogDestinationPortDescription": "La porta sull'IP di destinazione dove la risorsa è accessibile.",
     "createInternalResourceDialogCancel": "Annulla",
     "createInternalResourceDialogCreateResource": "Crea Risorsa",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Verrà conservato come:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Intestazioni Personalizzate",
+    "customHeadersDescription": "Intestazioni nuova riga separate: Intestazione-Nome: valore.",
+    "headersValidationError": "Le intestazioni devono essere nel formato: Intestazione-Nome: valore.",
     "domainPickerProvidedDomain": "Dominio Fornito",
     "domainPickerFreeProvidedDomain": "Dominio Fornito Gratuito",
     "domainPickerVerified": "Verificato",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" non può essere reso valido per {domain}.",
     "domainPickerSubdomainSanitized": "Sottodominio igienizzato",
     "domainPickerSubdomainCorrected": "\"{sub}\" è stato corretto in \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Modifica file: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Modifica file: docker-compose.yml"
 }
\ No newline at end of file

From 52bdfd250609d4b2e78f4780753169bc121e1369 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:31 -0700
Subject: [PATCH 133/166] New translations en-us.json (Korean)

---
 messages/ko-KR.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index eaf31661..586cc68f 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "잘못된 IP 주소 형식",
     "ipAddressErrorInvalidOctet": "유효하지 않은 IP 주소 옥텟",
     "path": "경로",
+    "matchPath": "경로 맞춤",
     "ipAddressRange": "IP 범위",
     "rulesErrorFetch": "규칙을 가져오는 데 실패했습니다.",
     "rulesErrorFetchDescription": "규칙을 가져오는 중 오류가 발생했습니다",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "사이트 삭제",
     "actionGetSite": "사이트 가져오기",
     "actionListSites": "사이트 목록",
+    "actionApplyBlueprint": "청사진 적용",
     "setupToken": "설정 토큰",
     "setupTokenDescription": "서버 콘솔에서 설정 토큰 입력.",
     "setupTokenRequired": "설정 토큰이 필요합니다",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "라이선스",
     "sidebarClients": "클라이언트 (Beta)",
     "sidebarDomains": "도메인",
-    "enableDockerSocket": "Docker 소켓 활성화",
-    "enableDockerSocketDescription": "컨테이너 정보를 채우기 위해 Docker 소켓 검색을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
+    "enableDockerSocket": "Docker 청사진 활성화",
+    "enableDockerSocketDescription": "블루프린트 레이블을 위한 Docker 소켓 레이블 수집을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
     "enableDockerSocketLink": "자세히 알아보기",
     "viewDockerContainers": "도커 컨테이너 보기",
     "containersIn": "{siteName}의 컨테이너",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "프로토콜",
     "editInternalResourceDialogSitePort": "사이트 포트",
     "editInternalResourceDialogTargetConfiguration": "대상 구성",
-    "editInternalResourceDialogDestinationIP": "대상 IP",
-    "editInternalResourceDialogDestinationPort": "대상 IP의 포트",
     "editInternalResourceDialogCancel": "취소",
     "editInternalResourceDialogSaveResource": "리소스 저장",
     "editInternalResourceDialogSuccess": "성공",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "사이트 포트",
     "createInternalResourceDialogSitePortDescription": "사이트에 연결되었을 때 리소스에 접근하기 위해 이 포트를 사용합니다.",
     "createInternalResourceDialogTargetConfiguration": "대상 설정",
-    "createInternalResourceDialogDestinationIP": "대상 IP",
-    "createInternalResourceDialogDestinationIPDescription": "사이트 네트워크의 자원 IP 주소입니다.",
-    "createInternalResourceDialogDestinationPort": "대상 포트",
+    "createInternalResourceDialogDestinationIPDescription": "사이트 네트워크의 자원 IP 또는 호스트 네임 주소입니다.",
     "createInternalResourceDialogDestinationPortDescription": "대상 IP에서 리소스에 접근할 수 있는 포트입니다.",
     "createInternalResourceDialogCancel": "취소",
     "createInternalResourceDialogCreateResource": "리소스 생성",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "다음으로 저장됩니다:",
     "idpGoogleDescription": "Google OAuth2/OIDC 공급자",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC 공급자",
+    "customHeaders": "사용자 정의 헤더",
+    "customHeadersDescription": "헤더는 새 줄로 구분합니다: 헤더명: 값",
+    "headersValidationError": "헤더는 형식이어야 합니다: 헤더명: 값.",
     "domainPickerProvidedDomain": "제공된 도메인",
     "domainPickerFreeProvidedDomain": "무료 제공된 도메인",
     "domainPickerVerified": "검증됨",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\"을(를) {domain}에 대해 유효하게 만들 수 없습니다.",
     "domainPickerSubdomainSanitized": "하위 도메인 정리됨",
     "domainPickerSubdomainCorrected": "\"{sub}\"이(가) \"{sanitized}\"로 수정되었습니다",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "파일 편집: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "파일 편집: docker-compose.yml"
 }
\ No newline at end of file

From 311df4cb0f568bad441fd2c6d635dc6586f7bc71 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:33 -0700
Subject: [PATCH 134/166] New translations en-us.json (Dutch)

---
 messages/nl-NL.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 2a74c53c..641b3a64 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Ongeldig IP-adresformaat",
     "ipAddressErrorInvalidOctet": "Ongeldige IP adres octet",
     "path": "Pad",
+    "matchPath": "Overeenkomend pad",
     "ipAddressRange": "IP Bereik",
     "rulesErrorFetch": "Regels ophalen mislukt",
     "rulesErrorFetchDescription": "Er is een fout opgetreden bij het ophalen van de regels",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Site verwijderen",
     "actionGetSite": "Site ophalen",
     "actionListSites": "Sites weergeven",
+    "actionApplyBlueprint": "Blauwdruk toepassen",
     "setupToken": "Setup Token",
     "setupTokenDescription": "Voer het setup-token in vanaf de serverconsole.",
     "setupTokenRequired": "Setup-token is vereist",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Licentie",
     "sidebarClients": "Clients (Bèta)",
     "sidebarDomains": "Domeinen",
-    "enableDockerSocket": "Docker Socket inschakelen",
-    "enableDockerSocketDescription": "Docker Socket-ontdekking inschakelen voor het invullen van containerinformatie. Socket-pad moet aan Newt worden verstrekt.",
+    "enableDockerSocket": "Schakel Docker Blauwdruk in",
+    "enableDockerSocketDescription": "Schakel Docker Socket label in voor blauwdruk labels. Pad naar Nieuw.",
     "enableDockerSocketLink": "Meer informatie",
     "viewDockerContainers": "Bekijk Docker containers",
     "containersIn": "Containers in {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocol",
     "editInternalResourceDialogSitePort": "Site Poort",
     "editInternalResourceDialogTargetConfiguration": "Doelconfiguratie",
-    "editInternalResourceDialogDestinationIP": "Bestemming IP",
-    "editInternalResourceDialogDestinationPort": "Bestemmingspoort",
     "editInternalResourceDialogCancel": "Annuleren",
     "editInternalResourceDialogSaveResource": "Sla bron op",
     "editInternalResourceDialogSuccess": "Succes",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Site Poort",
     "createInternalResourceDialogSitePortDescription": "Gebruik deze poort om toegang te krijgen tot de bron op de site wanneer verbonden met een client.",
     "createInternalResourceDialogTargetConfiguration": "Doelconfiguratie",
-    "createInternalResourceDialogDestinationIP": "Bestemming IP",
-    "createInternalResourceDialogDestinationIPDescription": "Het IP-adres van de bron op het netwerk van de site.",
-    "createInternalResourceDialogDestinationPort": "Bestemmingspoort",
+    "createInternalResourceDialogDestinationIPDescription": "Het IP of hostnaam adres van de bron op het netwerk van de site.",
     "createInternalResourceDialogDestinationPortDescription": "De poort op het bestemmings-IP waar de bron toegankelijk is.",
     "createInternalResourceDialogCancel": "Annuleren",
     "createInternalResourceDialogCreateResource": "Bron aanmaken",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Zal worden opgeslagen als:",
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Aangepaste headers",
+    "customHeadersDescription": "Headers nieuwe lijn gescheiden: Header-Naam: waarde.",
+    "headersValidationError": "Headers moeten in het formaat zijn: Header-Naam: waarde.",
     "domainPickerProvidedDomain": "Opgegeven domein",
     "domainPickerFreeProvidedDomain": "Gratis verstrekt domein",
     "domainPickerVerified": "Geverifieerd",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kon niet geldig worden gemaakt voor {domain}.",
     "domainPickerSubdomainSanitized": "Subdomein gesaniseerd",
     "domainPickerSubdomainCorrected": "\"{sub}\" was gecorrigeerd op \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Bestand bewerken: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Bestand bewerken: docker-compose.yml"
 }
\ No newline at end of file

From 94a7aae289bc72126350be7cf2752ca862ba70a8 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:34 -0700
Subject: [PATCH 135/166] New translations en-us.json (Polish)

---
 messages/pl-PL.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index ca62d325..904d093f 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Nieprawidłowy format adresu IP",
     "ipAddressErrorInvalidOctet": "Nieprawidłowy oktet adresu IP",
     "path": "Ścieżka",
+    "matchPath": "Ścieżka dopasowania",
     "ipAddressRange": "Zakres IP",
     "rulesErrorFetch": "Nie udało się pobrać reguł",
     "rulesErrorFetchDescription": "Wystąpił błąd podczas pobierania reguł",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Usuń witrynę",
     "actionGetSite": "Pobierz witrynę",
     "actionListSites": "Lista witryn",
+    "actionApplyBlueprint": "Zastosuj schemat",
     "setupToken": "Skonfiguruj token",
     "setupTokenDescription": "Wprowadź token konfiguracji z konsoli serwera.",
     "setupTokenRequired": "Wymagany jest token konfiguracji",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Licencja",
     "sidebarClients": "Klienci (Beta)",
     "sidebarDomains": "Domeny",
-    "enableDockerSocket": "Włącz gniazdo dokera",
-    "enableDockerSocketDescription": "Włącz wykrywanie Docker Socket w celu wypełnienia informacji o kontenerach. Ścieżka gniazda musi być dostarczona do Newt.",
+    "enableDockerSocket": "Włącz schemat dokera",
+    "enableDockerSocketDescription": "Włącz etykietowanie kieszeni dokującej dla etykiet schematów. Ścieżka do gniazda musi być dostarczona do Newt.",
     "enableDockerSocketLink": "Dowiedz się więcej",
     "viewDockerContainers": "Zobacz kontenery dokujące",
     "containersIn": "Pojemniki w {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protokół",
     "editInternalResourceDialogSitePort": "Port witryny",
     "editInternalResourceDialogTargetConfiguration": "Konfiguracja celu",
-    "editInternalResourceDialogDestinationIP": "IP docelowe",
-    "editInternalResourceDialogDestinationPort": "Port docelowy",
     "editInternalResourceDialogCancel": "Anuluj",
     "editInternalResourceDialogSaveResource": "Zapisz zasób",
     "editInternalResourceDialogSuccess": "Sukces",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Port witryny",
     "createInternalResourceDialogSitePortDescription": "Użyj tego portu, aby uzyskać dostęp do zasobu na stronie, gdy połączony z klientem.",
     "createInternalResourceDialogTargetConfiguration": "Konfiguracja celu",
-    "createInternalResourceDialogDestinationIP": "IP docelowe",
-    "createInternalResourceDialogDestinationIPDescription": "Adres IP zasobu w sieci strony.",
-    "createInternalResourceDialogDestinationPort": "Port docelowy",
+    "createInternalResourceDialogDestinationIPDescription": "Adres IP lub nazwa hosta zasobu w sieci witryny.",
     "createInternalResourceDialogDestinationPortDescription": "Port na docelowym IP, gdzie zasób jest dostępny.",
     "createInternalResourceDialogCancel": "Anuluj",
     "createInternalResourceDialogCreateResource": "Utwórz zasób",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Będą przechowywane jako:",
     "idpGoogleDescription": "Dostawca Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Niestandardowe nagłówki",
+    "customHeadersDescription": "Nagłówki oddzielone: Nazwa nagłówka: wartość.",
+    "headersValidationError": "Nagłówki muszą być w formacie: Nazwa nagłówka: wartość.",
     "domainPickerProvidedDomain": "Dostarczona domena",
     "domainPickerFreeProvidedDomain": "Darmowa oferowana domena",
     "domainPickerVerified": "Zweryfikowano",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" nie może być poprawne dla {domain}.",
     "domainPickerSubdomainSanitized": "Poddomena oczyszczona",
     "domainPickerSubdomainCorrected": "\"{sub}\" został skorygowany do \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Edytuj plik: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Edytuj plik: docker-compose.yml"
 }
\ No newline at end of file

From d916dd802e8d6c2ecc66581521f2bd9d35ace6e4 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:35 -0700
Subject: [PATCH 136/166] New translations en-us.json (Portuguese)

---
 messages/pt-PT.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 4c15bb04..9f7df737 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Formato de endereço IP inválido",
     "ipAddressErrorInvalidOctet": "Octeto de endereço IP inválido",
     "path": "Caminho",
+    "matchPath": "Correspondência de caminho",
     "ipAddressRange": "Faixa de IP",
     "rulesErrorFetch": "Falha ao buscar regras",
     "rulesErrorFetchDescription": "Ocorreu um erro ao buscar regras",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Eliminar Site",
     "actionGetSite": "Obter Site",
     "actionListSites": "Listar Sites",
+    "actionApplyBlueprint": "Aplicar Diagrama",
     "setupToken": "Configuração do Token",
     "setupTokenDescription": "Digite o token de configuração do console do servidor.",
     "setupTokenRequired": "Token de configuração é necessário",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Tipo:",
     "sidebarClients": "Clientes (Beta)",
     "sidebarDomains": "Domínios",
-    "enableDockerSocket": "Habilitar Docker Socket",
-    "enableDockerSocketDescription": "Ativar a descoberta do Docker Socket para preencher informações do contêiner. O caminho do socket deve ser fornecido ao Newt.",
+    "enableDockerSocket": "Habilitar o Diagrama Docker",
+    "enableDockerSocketDescription": "Ativar a scraping de rótulo Docker para rótulos de diagramas. Caminho de Socket deve ser fornecido para Newt.",
     "enableDockerSocketLink": "Saiba mais",
     "viewDockerContainers": "Ver contêineres Docker",
     "containersIn": "Contêineres em {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protocolo",
     "editInternalResourceDialogSitePort": "Porta do Site",
     "editInternalResourceDialogTargetConfiguration": "Configuração do Alvo",
-    "editInternalResourceDialogDestinationIP": "IP de Destino",
-    "editInternalResourceDialogDestinationPort": "Porta de Destino",
     "editInternalResourceDialogCancel": "Cancelar",
     "editInternalResourceDialogSaveResource": "Salvar Recurso",
     "editInternalResourceDialogSuccess": "Sucesso",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Porta do Site",
     "createInternalResourceDialogSitePortDescription": "Use esta porta para acessar o recurso no site quando conectado com um cliente.",
     "createInternalResourceDialogTargetConfiguration": "Configuração do Alvo",
-    "createInternalResourceDialogDestinationIP": "IP de Destino",
-    "createInternalResourceDialogDestinationIPDescription": "O endereço IP do recurso na rede do site.",
-    "createInternalResourceDialogDestinationPort": "Porta de Destino",
+    "createInternalResourceDialogDestinationIPDescription": "O IP ou endereço do hostname do recurso na rede do site.",
     "createInternalResourceDialogDestinationPortDescription": "A porta no IP de destino onde o recurso está acessível.",
     "createInternalResourceDialogCancel": "Cancelar",
     "createInternalResourceDialogCreateResource": "Criar Recurso",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Será armazenado como:",
     "idpGoogleDescription": "Provedor Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Cabeçalhos Personalizados",
+    "customHeadersDescription": "Separados por cabeçalhos da nova linha: Nome do Cabeçalho: valor.",
+    "headersValidationError": "Cabeçalhos devem estar no formato: Nome do Cabeçalho: valor.",
     "domainPickerProvidedDomain": "Domínio fornecido",
     "domainPickerFreeProvidedDomain": "Domínio fornecido grátis",
     "domainPickerVerified": "Verificada",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" não pôde ser válido para {domain}.",
     "domainPickerSubdomainSanitized": "Subdomínio banalizado",
     "domainPickerSubdomainCorrected": "\"{sub}\" foi corrigido para \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Editar arquivo: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Editar arquivo: docker-compose.yml"
 }
\ No newline at end of file

From 87c0bd7717b10401d885b0ece6e5a4756a7dbffa Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:36 -0700
Subject: [PATCH 137/166] New translations en-us.json (Russian)

---
 messages/ru-RU.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index 1a7cddfe..c3b6b6a7 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Неверный формат IP адреса",
     "ipAddressErrorInvalidOctet": "Неверный октет IP адреса",
     "path": "Путь",
+    "matchPath": "Путь матча",
     "ipAddressRange": "Диапазон IP",
     "rulesErrorFetch": "Не удалось получить правила",
     "rulesErrorFetchDescription": "Произошла ошибка при получении правил",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Удалить сайт",
     "actionGetSite": "Получить сайт",
     "actionListSites": "Список сайтов",
+    "actionApplyBlueprint": "Применить чертёж",
     "setupToken": "Код настройки",
     "setupTokenDescription": "Введите токен настройки из консоли сервера.",
     "setupTokenRequired": "Токен настройки обязателен",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Лицензия",
     "sidebarClients": "Клиенты (бета)",
     "sidebarDomains": "Домены",
-    "enableDockerSocket": "Включить Docker Socket",
-    "enableDockerSocketDescription": "Включить обнаружение Docker Socket для заполнения информации о контейнерах. Путь к сокету должен быть предоставлен Newt.",
+    "enableDockerSocket": "Включить чертёж Docker",
+    "enableDockerSocketDescription": "Включить scraping ярлыка Docker Socket для ярлыков чертежей. Путь к сокету должен быть предоставлен в Newt.",
     "enableDockerSocketLink": "Узнать больше",
     "viewDockerContainers": "Просмотр контейнеров Docker",
     "containersIn": "Контейнеры в {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Протокол",
     "editInternalResourceDialogSitePort": "Порт сайта",
     "editInternalResourceDialogTargetConfiguration": "Настройка цели",
-    "editInternalResourceDialogDestinationIP": "Целевая IP",
-    "editInternalResourceDialogDestinationPort": "Целевой порт",
     "editInternalResourceDialogCancel": "Отмена",
     "editInternalResourceDialogSaveResource": "Сохранить ресурс",
     "editInternalResourceDialogSuccess": "Успешно",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Порт сайта",
     "createInternalResourceDialogSitePortDescription": "Используйте этот порт для доступа к ресурсу на сайте при подключении с клиентом.",
     "createInternalResourceDialogTargetConfiguration": "Настройка цели",
-    "createInternalResourceDialogDestinationIP": "Целевая IP",
-    "createInternalResourceDialogDestinationIPDescription": "IP-адрес ресурса в сети сайта.",
-    "createInternalResourceDialogDestinationPort": "Целевой порт",
+    "createInternalResourceDialogDestinationIPDescription": "IP или адрес хоста ресурса в сети сайта.",
     "createInternalResourceDialogDestinationPortDescription": "Порт на IP-адресе назначения, где доступен ресурс.",
     "createInternalResourceDialogCancel": "Отмена",
     "createInternalResourceDialogCreateResource": "Создать ресурс",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Будет храниться как:",
     "idpGoogleDescription": "Google OAuth2/OIDC провайдер",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Пользовательские заголовки",
+    "customHeadersDescription": "Заголовки новой строки, разделённые: название заголовка: значение.",
+    "headersValidationError": "Заголовки должны быть в формате: Название заголовка: значение.",
     "domainPickerProvidedDomain": "Домен предоставлен",
     "domainPickerFreeProvidedDomain": "Бесплатный домен",
     "domainPickerVerified": "Подтверждено",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" не может быть действительным для {domain}.",
     "domainPickerSubdomainSanitized": "Субдомен очищен",
     "domainPickerSubdomainCorrected": "\"{sub}\" был исправлен на \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Редактировать файл: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Редактировать файл: docker-compose.yml"
 }
\ No newline at end of file

From 0568e748212493aa1dabed4f2a942d755603c20a Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:38 -0700
Subject: [PATCH 138/166] New translations en-us.json (Turkish)

---
 messages/tr-TR.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index aed7ada0..8c63e98a 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Geçersiz IP adresi formatı",
     "ipAddressErrorInvalidOctet": "Geçersiz IP adresi okteti",
     "path": "Yol",
+    "matchPath": "Yol Eşleştir",
     "ipAddressRange": "IP Aralığı",
     "rulesErrorFetch": "Kurallar alınamadı",
     "rulesErrorFetchDescription": "Kurallar alınırken bir hata oluştu",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Siteyi Sil",
     "actionGetSite": "Siteyi Al",
     "actionListSites": "Siteleri Listele",
+    "actionApplyBlueprint": "Planı Uygula",
     "setupToken": "Kurulum Simgesi",
     "setupTokenDescription": "Sunucu konsolundan kurulum simgesini girin.",
     "setupTokenRequired": "Kurulum simgesi gerekli",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Lisans",
     "sidebarClients": "Müşteriler (Beta)",
     "sidebarDomains": "Alan Adları",
-    "enableDockerSocket": "Docker Soketi Etkinleştir",
-    "enableDockerSocketDescription": "Konteyner bilgilerini doldurmak için Docker Socket keşfini etkinleştirin. Socket yolu Newt'e sağlanmalıdır.",
+    "enableDockerSocket": "Docker Soketini Etkinleştir",
+    "enableDockerSocketDescription": "Plan etiketleri için Docker Socket etiket toplamasını etkinleştirin. Newt'e soket yolu sağlanmalıdır.",
     "enableDockerSocketLink": "Daha fazla bilgi",
     "viewDockerContainers": "Docker Konteynerlerini Görüntüle",
     "containersIn": "{siteName} içindeki konteynerler",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protokol",
     "editInternalResourceDialogSitePort": "Site Bağlantı Noktası",
     "editInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma",
-    "editInternalResourceDialogDestinationIP": "Hedef IP",
-    "editInternalResourceDialogDestinationPort": "Hedef Bağlantı Noktası",
     "editInternalResourceDialogCancel": "İptal",
     "editInternalResourceDialogSaveResource": "Kaynağı Kaydet",
     "editInternalResourceDialogSuccess": "Başarı",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Site Bağlantı Noktası",
     "createInternalResourceDialogSitePortDescription": "İstemci ile bağlanıldığında site üzerindeki kaynağa erişmek için bu bağlantı noktasını kullanın.",
     "createInternalResourceDialogTargetConfiguration": "Hedef Yapılandırma",
-    "createInternalResourceDialogDestinationIP": "Hedef IP",
-    "createInternalResourceDialogDestinationIPDescription": "Site ağındaki kaynağın IP adresi.",
-    "createInternalResourceDialogDestinationPort": "Hedef Bağlantı Noktası",
+    "createInternalResourceDialogDestinationIPDescription": "Kaynağın site ağındaki IP veya ana bilgisayar adresi.",
     "createInternalResourceDialogDestinationPortDescription": "Kaynağa erişilebilecek hedef IP üzerindeki bağlantı noktası.",
     "createInternalResourceDialogCancel": "İptal",
     "createInternalResourceDialogCreateResource": "Kaynak Oluştur",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Şu şekilde depolanacak:",
     "idpGoogleDescription": "Google OAuth2/OIDC sağlayıcısı",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC sağlayıcısı",
+    "customHeaders": "Özel Başlıklar",
+    "customHeadersDescription": "Başlıklar yeni satıra geçirilmiş: Başlık-Adı: değer.",
+    "headersValidationError": "Başlıklar şu formatta olmalıdır: Başlık-Adı: değer.",
     "domainPickerProvidedDomain": "Sağlanan Alan Adı",
     "domainPickerFreeProvidedDomain": "Ücretsiz Sağlanan Alan Adı",
     "domainPickerVerified": "Doğrulandı",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" {domain} için geçerli yapılamadı.",
     "domainPickerSubdomainSanitized": "Alt alan adı temizlendi",
     "domainPickerSubdomainCorrected": "\"{sub}\" \"{sanitized}\" olarak düzeltildi",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Dosyayı düzenle: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Dosyayı düzenle: docker-compose.yml"
 }
\ No newline at end of file

From 7223761c4335069ffcfd97c19dc0db2b0f7f9a37 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:39 -0700
Subject: [PATCH 139/166] New translations en-us.json (Chinese Simplified)

---
 messages/zh-CN.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index 1aacfbe9..d60cdef3 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "无效的 IP 地址格式",
     "ipAddressErrorInvalidOctet": "无效的 IP 地址",
     "path": "路径",
+    "matchPath": "匹配路径",
     "ipAddressRange": "IP 范围",
     "rulesErrorFetch": "获取规则失败",
     "rulesErrorFetchDescription": "获取规则时出错",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "删除站点",
     "actionGetSite": "获取站点",
     "actionListSites": "站点列表",
+    "actionApplyBlueprint": "应用蓝图",
     "setupToken": "设置令牌",
     "setupTokenDescription": "从服务器控制台输入设置令牌。",
     "setupTokenRequired": "需要设置令牌",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "证书",
     "sidebarClients": "客户端（测试版）",
     "sidebarDomains": "域",
-    "enableDockerSocket": "启用停靠套接字",
-    "enableDockerSocketDescription": "启用 Docker Socket 发现以填充容器信息。必须向 Newt 提供 Socket 路径。",
+    "enableDockerSocket": "启用 Docker 蓝图",
+    "enableDockerSocketDescription": "启用 Docker Socket 标签擦除蓝图标签。套接字路径必须提供给新的。",
     "enableDockerSocketLink": "了解更多",
     "viewDockerContainers": "查看停靠容器",
     "containersIn": "{siteName} 中的容器",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "协议",
     "editInternalResourceDialogSitePort": "站点端口",
     "editInternalResourceDialogTargetConfiguration": "目标配置",
-    "editInternalResourceDialogDestinationIP": "目标IP",
-    "editInternalResourceDialogDestinationPort": "目标端口",
     "editInternalResourceDialogCancel": "取消",
     "editInternalResourceDialogSaveResource": "保存资源",
     "editInternalResourceDialogSuccess": "成功",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "站点端口",
     "createInternalResourceDialogSitePortDescription": "使用此端口在连接到客户端时访问站点上的资源。",
     "createInternalResourceDialogTargetConfiguration": "目标配置",
-    "createInternalResourceDialogDestinationIP": "目标IP",
-    "createInternalResourceDialogDestinationIPDescription": "站点网络上资源的IP地址。",
-    "createInternalResourceDialogDestinationPort": "目标端口",
+    "createInternalResourceDialogDestinationIPDescription": "站点网络上资源的IP或主机名地址。",
     "createInternalResourceDialogDestinationPortDescription": "资源在目标IP上可访问的端口。",
     "createInternalResourceDialogCancel": "取消",
     "createInternalResourceDialogCreateResource": "创建资源",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "储存为：",
     "idpGoogleDescription": "Google OAuth2/OIDC 提供商",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "自定义标题",
+    "customHeadersDescription": "头部新行分隔：头部名称：值。",
+    "headersValidationError": "头部必须是格式：头部名称：值。",
     "domainPickerProvidedDomain": "提供的域",
     "domainPickerFreeProvidedDomain": "免费提供的域",
     "domainPickerVerified": "已验证",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" 无法为 {domain} 变为有效。",
     "domainPickerSubdomainSanitized": "子域已净化",
     "domainPickerSubdomainCorrected": "\"{sub}\" 已被更正为 \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "编辑文件：config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "编辑文件：docker-compose.yml"
 }
\ No newline at end of file

From 5d87e7371a878b7fc2de0a884cd0a27a4f443eef Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Mon, 15 Sep 2025 14:34:40 -0700
Subject: [PATCH 140/166] New translations en-us.json (Norwegian Bokmal)

---
 messages/nb-NO.json | 19 ++++++++++---------
 1 file changed, 10 insertions(+), 9 deletions(-)

diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index e391cda9..88756e5a 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -513,6 +513,7 @@
     "ipAddressErrorInvalidFormat": "Ugyldig IP-adresseformat",
     "ipAddressErrorInvalidOctet": "Ugyldig IP-adresse-oktet",
     "path": "Sti",
+    "matchPath": "Match sti",
     "ipAddressRange": "IP-område",
     "rulesErrorFetch": "Klarte ikke å hente regler",
     "rulesErrorFetchDescription": "Det oppsto en feil under henting av regler",
@@ -997,6 +998,7 @@
     "actionDeleteSite": "Slett område",
     "actionGetSite": "Hent område",
     "actionListSites": "List opp områder",
+    "actionApplyBlueprint": "Bruk blåkopi",
     "setupToken": "Oppsetttoken",
     "setupTokenDescription": "Skriv inn oppsetttoken fra serverkonsollen.",
     "setupTokenRequired": "Oppsetttoken er nødvendig",
@@ -1139,8 +1141,8 @@
     "sidebarLicense": "Lisens",
     "sidebarClients": "Klienter (Beta)",
     "sidebarDomains": "Domener",
-    "enableDockerSocket": "Aktiver Docker Socket",
-    "enableDockerSocketDescription": "Aktiver Docker Socket-oppdagelse for å fylle ut containerinformasjon. Socket-stien må oppgis til Newt.",
+    "enableDockerSocket": "Aktiver Docker blåkopi",
+    "enableDockerSocketDescription": "Aktiver skraping av Docker Socket for blueprint Etiketter. Socket bane må brukes for nye.",
     "enableDockerSocketLink": "Lær mer",
     "viewDockerContainers": "Vis Docker-containere",
     "containersIn": "Containere i {siteName}",
@@ -1398,8 +1400,6 @@
     "editInternalResourceDialogProtocol": "Protokoll",
     "editInternalResourceDialogSitePort": "Områdeport",
     "editInternalResourceDialogTargetConfiguration": "Målkonfigurasjon",
-    "editInternalResourceDialogDestinationIP": "Destinasjons-IP",
-    "editInternalResourceDialogDestinationPort": "Destinasjonsport",
     "editInternalResourceDialogCancel": "Avbryt",
     "editInternalResourceDialogSaveResource": "Lagre ressurs",
     "editInternalResourceDialogSuccess": "Suksess",
@@ -1430,9 +1430,7 @@
     "createInternalResourceDialogSitePort": "Områdeport",
     "createInternalResourceDialogSitePortDescription": "Bruk denne porten for å få tilgang til ressursen på området når du er tilkoblet med en klient.",
     "createInternalResourceDialogTargetConfiguration": "Målkonfigurasjon",
-    "createInternalResourceDialogDestinationIP": "Destinasjons-IP",
-    "createInternalResourceDialogDestinationIPDescription": "IP-adressen til ressursen på områdets nettverk.",
-    "createInternalResourceDialogDestinationPort": "Destinasjonsport",
+    "createInternalResourceDialogDestinationIPDescription": "IP eller vertsnavn til ressursen på nettstedets nettverk.",
     "createInternalResourceDialogDestinationPortDescription": "Porten på destinasjons-IP-en der ressursen kan nås.",
     "createInternalResourceDialogCancel": "Avbryt",
     "createInternalResourceDialogCreateResource": "Opprett ressurs",
@@ -1505,6 +1503,9 @@
     "willbestoredas": "Vil bli lagret som:",
     "idpGoogleDescription": "Google OAuth2/OIDC leverandør",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
+    "customHeaders": "Egendefinerte topptekster",
+    "customHeadersDescription": "Overskrifter separert som linje: Header-Name: verdi.",
+    "headersValidationError": "Topptekst må være i formatet: header-navn: verdi.",
     "domainPickerProvidedDomain": "Gitt domene",
     "domainPickerFreeProvidedDomain": "Gratis oppgitt domene",
     "domainPickerVerified": "Bekreftet",
@@ -1518,6 +1519,6 @@
     "domainPickerInvalidSubdomainCannotMakeValid": "\"{sub}\" kunne ikke gjøres gyldig for {domain}.",
     "domainPickerSubdomainSanitized": "Underdomenet som ble sanivert",
     "domainPickerSubdomainCorrected": "\"{sub}\" var korrigert til \"{sanitized}\"",
-    "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
-    "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
+    "resourceAddEntrypointsEditFile": "Rediger fil: config/traefik/traefik_config.yml",
+    "resourceExposePortsEditFile": "Rediger fil: docker-compose.yml"
 }
\ No newline at end of file

From edf1cea738ce603829f6698d36951b877a920a7d Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 15 Sep 2025 15:21:33 -0700
Subject: [PATCH 141/166] Make sure to allow targets only

---
 server/lib/blueprints/types.ts | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index f11ffe1f..9b3a7a20 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -58,8 +58,8 @@ export const ResourceSchema = z
         auth: AuthSchema.optional(),
         "host-header": z.string().optional(),
         "tls-server-name": z.string().optional(),
-        headers: z.array(HeaderSchema).optional().default([]),
-        rules: z.array(RuleSchema).optional().default([]),
+        headers: z.array(HeaderSchema).optional(),
+        rules: z.array(RuleSchema).optional()
     })
     .refine(
         (resource) => {

From 4b824f653f0455a7f1c9371fc466c4c420183200 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 15 Sep 2025 21:50:21 -0700
Subject: [PATCH 142/166] Filter out duplicates

---
 server/routers/traefik/getTraefikConfig.ts | 301 +++++++++++----------
 1 file changed, 154 insertions(+), 147 deletions(-)

diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index ac24ba7f..9e82f127 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -105,117 +105,115 @@ export async function getTraefikConfig(
         };
     };
 
-        // Get resources with their targets and sites in a single optimized query
-        // Start from sites on this exit node, then join to targets and resources
-        const resourcesWithTargetsAndSites = await db
-            .select({
-                // Resource fields
-                resourceId: resources.resourceId,
-                fullDomain: resources.fullDomain,
-                ssl: resources.ssl,
-                http: resources.http,
-                proxyPort: resources.proxyPort,
-                protocol: resources.protocol,
-                subdomain: resources.subdomain,
-                domainId: resources.domainId,
-                enabled: resources.enabled,
-                stickySession: resources.stickySession,
-                tlsServerName: resources.tlsServerName,
-                setHostHeader: resources.setHostHeader,
-                enableProxy: resources.enableProxy,
-                headers: resources.headers,
-                // Target fields
-                targetId: targets.targetId,
-                targetEnabled: targets.enabled,
-                ip: targets.ip,
-                method: targets.method,
-                port: targets.port,
-                internalPort: targets.internalPort,
-                path: targets.path,
-                pathMatchType: targets.pathMatchType,
+    // Get resources with their targets and sites in a single optimized query
+    // Start from sites on this exit node, then join to targets and resources
+    const resourcesWithTargetsAndSites = await db
+        .select({
+            // Resource fields
+            resourceId: resources.resourceId,
+            fullDomain: resources.fullDomain,
+            ssl: resources.ssl,
+            http: resources.http,
+            proxyPort: resources.proxyPort,
+            protocol: resources.protocol,
+            subdomain: resources.subdomain,
+            domainId: resources.domainId,
+            enabled: resources.enabled,
+            stickySession: resources.stickySession,
+            tlsServerName: resources.tlsServerName,
+            setHostHeader: resources.setHostHeader,
+            enableProxy: resources.enableProxy,
+            headers: resources.headers,
+            // Target fields
+            targetId: targets.targetId,
+            targetEnabled: targets.enabled,
+            ip: targets.ip,
+            method: targets.method,
+            port: targets.port,
+            internalPort: targets.internalPort,
+            path: targets.path,
+            pathMatchType: targets.pathMatchType,
 
-                // Site fields
-                siteId: sites.siteId,
-                siteType: sites.type,
-                siteOnline: sites.online,
-                subnet: sites.subnet,
-                exitNodeId: sites.exitNodeId
-            })
-            .from(sites)
-            .innerJoin(targets, eq(targets.siteId, sites.siteId))
-            .innerJoin(resources, eq(resources.resourceId, targets.resourceId))
-            .where(
-                and(
-                    eq(targets.enabled, true),
-                    eq(resources.enabled, true),
-                    or(
-                        eq(sites.exitNodeId, exitNodeId),
-                        isNull(sites.exitNodeId)
-                    ),
-                    inArray(sites.type, siteTypes),
-                    config.getRawConfig().traefik.allow_raw_resources
-                        ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
-                        : eq(resources.http, true)
-                )
-            );
+            // Site fields
+            siteId: sites.siteId,
+            siteType: sites.type,
+            siteOnline: sites.online,
+            subnet: sites.subnet,
+            exitNodeId: sites.exitNodeId
+        })
+        .from(sites)
+        .innerJoin(targets, eq(targets.siteId, sites.siteId))
+        .innerJoin(resources, eq(resources.resourceId, targets.resourceId))
+        .where(
+            and(
+                eq(targets.enabled, true),
+                eq(resources.enabled, true),
+                or(eq(sites.exitNodeId, exitNodeId), isNull(sites.exitNodeId)),
+                inArray(sites.type, siteTypes),
+                config.getRawConfig().traefik.allow_raw_resources
+                    ? isNotNull(resources.http) // ignore the http check if allow_raw_resources is true
+                    : eq(resources.http, true)
+            )
+        );
 
-        // Group by resource and include targets with their unique site data
-        const resourcesMap = new Map();
+    // Group by resource and include targets with their unique site data
+    const resourcesMap = new Map();
 
-        resourcesWithTargetsAndSites.forEach((row) => {
-            const resourceId = row.resourceId;
-            const targetPath = sanitizePath(row.path) || ""; // Handle null/undefined paths
-            const pathMatchType = row.pathMatchType || "";
+    resourcesWithTargetsAndSites.forEach((row) => {
+        const resourceId = row.resourceId;
+        const targetPath = sanitizePath(row.path) || ""; // Handle null/undefined paths
+        const pathMatchType = row.pathMatchType || "";
 
-            // Create a unique key combining resourceId and path+pathMatchType
-            const pathKey = [targetPath, pathMatchType].filter(Boolean).join("-");
-            const mapKey = [resourceId, pathKey].filter(Boolean).join("-");
+        // Create a unique key combining resourceId and path+pathMatchType
+        const pathKey = [targetPath, pathMatchType].filter(Boolean).join("-");
+        const mapKey = [resourceId, pathKey].filter(Boolean).join("-");
 
-            if (!resourcesMap.has(mapKey)) {
-                resourcesMap.set(mapKey, {
-                    resourceId: row.resourceId,
-                    fullDomain: row.fullDomain,
-                    ssl: row.ssl,
-                    http: row.http,
-                    proxyPort: row.proxyPort,
-                    protocol: row.protocol,
-                    subdomain: row.subdomain,
-                    domainId: row.domainId,
-                    enabled: row.enabled,
-                    stickySession: row.stickySession,
-                    tlsServerName: row.tlsServerName,
-                    setHostHeader: row.setHostHeader,
-                    enableProxy: row.enableProxy,
-                    targets: [],
-                    headers: row.headers,
-                    path: row.path, // the targets will all have the same path
-                    pathMatchType: row.pathMatchType // the targets will all have the same pathMatchType
-                });
-            }
-
-            // Add target with its associated site data
-            resourcesMap.get(mapKey).targets.push({
+        if (!resourcesMap.has(mapKey)) {
+            resourcesMap.set(mapKey, {
                 resourceId: row.resourceId,
-                targetId: row.targetId,
-                ip: row.ip,
-                method: row.method,
-                port: row.port,
-                internalPort: row.internalPort,
-                enabled: row.targetEnabled,
-                site: {
-                    siteId: row.siteId,
-                    type: row.siteType,
-                    subnet: row.subnet,
-                    exitNodeId: row.exitNodeId,
-                    online: row.siteOnline
-                }
+                fullDomain: row.fullDomain,
+                ssl: row.ssl,
+                http: row.http,
+                proxyPort: row.proxyPort,
+                protocol: row.protocol,
+                subdomain: row.subdomain,
+                domainId: row.domainId,
+                enabled: row.enabled,
+                stickySession: row.stickySession,
+                tlsServerName: row.tlsServerName,
+                setHostHeader: row.setHostHeader,
+                enableProxy: row.enableProxy,
+                targets: [],
+                headers: row.headers,
+                path: row.path, // the targets will all have the same path
+                pathMatchType: row.pathMatchType // the targets will all have the same pathMatchType
             });
-        });
+        }
+
+        // Add target with its associated site data
+        resourcesMap.get(mapKey).targets.push({
+            resourceId: row.resourceId,
+            targetId: row.targetId,
+            ip: row.ip,
+            method: row.method,
+            port: row.port,
+            internalPort: row.internalPort,
+            enabled: row.targetEnabled,
+            site: {
+                siteId: row.siteId,
+                type: row.siteType,
+                subnet: row.subnet,
+                exitNodeId: row.exitNodeId,
+                online: row.siteOnline
+            }
+        });
+    });
 
-    
     // convert the map to an object for printing
 
-    logger.debug(`Resources: ${JSON.stringify(Object.fromEntries(resourcesMap), null, 2)}`);
+    logger.debug(
+        `Resources: ${JSON.stringify(Object.fromEntries(resourcesMap), null, 2)}`
+    );
 
     // make sure we have at least one resource
     if (resourcesMap.size === 0) {
@@ -399,55 +397,64 @@ export async function getTraefikConfig(
                             targets as TargetWithSite[]
                         ).some((target: TargetWithSite) => target.site.online);
 
-                        return (targets as TargetWithSite[])
-                            .filter((target: TargetWithSite) => {
-                                if (!target.enabled) {
-                                    return false;
-                                }
-
-                                // If any sites are online, exclude offline sites
-                                if (anySitesOnline && !target.site.online) {
-                                    return false;
-                                }
-
-                                if (
-                                    target.site.type === "local" ||
-                                    target.site.type === "wireguard"
-                                ) {
-                                    if (
-                                        !target.ip ||
-                                        !target.port ||
-                                        !target.method
-                                    ) {
+                        return (
+                            (targets as TargetWithSite[])
+                                .filter((target: TargetWithSite) => {
+                                    if (!target.enabled) {
                                         return false;
                                     }
-                                } else if (target.site.type === "newt") {
-                                    if (
-                                        !target.internalPort ||
-                                        !target.method ||
-                                        !target.site.subnet
-                                    ) {
+
+                                    // If any sites are online, exclude offline sites
+                                    if (anySitesOnline && !target.site.online) {
                                         return false;
                                     }
-                                }
-                                return true;
-                            })
-                            .map((target: TargetWithSite) => {
-                                if (
-                                    target.site.type === "local" ||
-                                    target.site.type === "wireguard"
-                                ) {
-                                    return {
-                                        url: `${target.method}://${target.ip}:${target.port}`
-                                    };
-                                } else if (target.site.type === "newt") {
-                                    const ip =
-                                        target.site.subnet!.split("/")[0];
-                                    return {
-                                        url: `${target.method}://${ip}:${target.internalPort}`
-                                    };
-                                }
-                            });
+
+                                    if (
+                                        target.site.type === "local" ||
+                                        target.site.type === "wireguard"
+                                    ) {
+                                        if (
+                                            !target.ip ||
+                                            !target.port ||
+                                            !target.method
+                                        ) {
+                                            return false;
+                                        }
+                                    } else if (target.site.type === "newt") {
+                                        if (
+                                            !target.internalPort ||
+                                            !target.method ||
+                                            !target.site.subnet
+                                        ) {
+                                            return false;
+                                        }
+                                    }
+                                    return true;
+                                })
+                                .map((target: TargetWithSite) => {
+                                    if (
+                                        target.site.type === "local" ||
+                                        target.site.type === "wireguard"
+                                    ) {
+                                        return {
+                                            url: `${target.method}://${target.ip}:${target.port}`
+                                        };
+                                    } else if (target.site.type === "newt") {
+                                        const ip =
+                                            target.site.subnet!.split("/")[0];
+                                        return {
+                                            url: `${target.method}://${ip}:${target.internalPort}`
+                                        };
+                                    }
+                                })
+                                // filter out duplicates
+                                .filter(
+                                    (v, i, a) =>
+                                        a.findIndex(
+                                            (t) => t && v && t.url === v.url
+                                        ) === i
+                                )
+                        );
                     })(),
                     ...(resource.stickySession
                         ? {
@@ -582,4 +589,4 @@ function sanitizePath(path: string | null | undefined): string | undefined {
         path = path.substring(0, 50);
     }
     return path.replace(/[^a-zA-Z0-9]/g, "");
-}
\ No newline at end of file
+}

From bf95b0a659b1942075fd27cbec61dbb2311f8c0f Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Mon, 15 Sep 2025 21:52:23 -0700
Subject: [PATCH 143/166] migrate autoProvisioned on user based on idp
 autoProvision

---
 server/setup/scriptsPg/1.10.0.ts     | 19 +++++++++++++++++++
 server/setup/scriptsSqlite/1.10.0.ts | 26 +++++++++++++++++++++++---
 2 files changed, 42 insertions(+), 3 deletions(-)

diff --git a/server/setup/scriptsPg/1.10.0.ts b/server/setup/scriptsPg/1.10.0.ts
index d566cccb..3be2f697 100644
--- a/server/setup/scriptsPg/1.10.0.ts
+++ b/server/setup/scriptsPg/1.10.0.ts
@@ -94,6 +94,25 @@ export default async function migration() {
             `);
         }
 
+        // Handle auto-provisioned users for identity providers
+        const autoProvisionIdps = await db.execute(sql`
+            SELECT "idpId" FROM "idp" WHERE "autoProvision" = true
+        `);
+
+        for (const idp of autoProvisionIdps.rows) {
+            // Get all users with this identity provider
+            const usersWithIdp = await db.execute(sql`
+                SELECT "id" FROM "user" WHERE "idpId" = ${idp.idpId}
+            `);
+
+            // Update userOrgs to set autoProvisioned to true for these users
+            for (const user of usersWithIdp.rows) {
+                await db.execute(sql`
+                    UPDATE "userOrgs" SET "autoProvisioned" = true WHERE "userId" = ${user.id}
+                `);
+            }
+        }
+
         await db.execute(sql`COMMIT`);
         console.log(`Migrated database`);
     } catch (e) {
diff --git a/server/setup/scriptsSqlite/1.10.0.ts b/server/setup/scriptsSqlite/1.10.0.ts
index 1ca7d322..3065a664 100644
--- a/server/setup/scriptsSqlite/1.10.0.ts
+++ b/server/setup/scriptsSqlite/1.10.0.ts
@@ -11,9 +11,6 @@ export default async function migration() {
     const location = path.join(APP_PATH, "db", "db.sqlite");
     const db = new Database(location);
 
-    const resourceSiteMap = new Map<number, number>();
-    const firstSiteId: number = 1;
-
     try {
         const resources = db
             .prepare(
@@ -82,6 +79,29 @@ export default async function migration() {
                     `UPDATE siteResources SET niceId = ? WHERE siteResourceId = ?`
                 ).run(niceId, resourceId.siteResourceId);
             }
+
+            // Handle auto-provisioned users for identity providers
+            const autoProvisionIdps = db
+                .prepare(
+                    "SELECT idpId FROM idp WHERE autoProvision = 1"
+                )
+                .all() as Array<{ idpId: number }>;
+
+            for (const idp of autoProvisionIdps) {
+                // Get all users with this identity provider
+                const usersWithIdp = db
+                    .prepare(
+                        "SELECT id FROM user WHERE idpId = ?"
+                    )
+                    .all(idp.idpId) as Array<{ id: string }>;
+
+                // Update userOrgs to set autoProvisioned to true for these users
+                for (const user of usersWithIdp) {
+                    db.prepare(
+                        "UPDATE userOrgs SET autoProvisioned = 1 WHERE userId = ?"
+                    ).run(user.id);
+                }
+            }
         })();
 
         console.log(`Migrated database`);

From 8992e99c0767dfe1782ff1d8f1c3e1eceed2ca02 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Mon, 15 Sep 2025 22:06:36 -0700
Subject: [PATCH 144/166] Make sure to default the match

---
 .../settings/resources/[niceId]/proxy/page.tsx        | 11 ++++++++++-
 src/app/[orgId]/settings/resources/create/page.tsx    | 11 ++++++++++-
 2 files changed, 20 insertions(+), 2 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 88a76dd3..0c1a86e3 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -579,7 +579,16 @@ export default function ReverseProxyTargets(props: {
                     return (
                         <Button
                             variant="outline"
-                            onClick={() => setShowPathInput(true)}
+                            onClick={() => {
+                                setShowPathInput(true);
+                                // Set default pathMatchType when first showing path input
+                                if (!row.original.pathMatchType) {
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        pathMatchType: "prefix"
+                                    });
+                                }
+                            }}
                         >
                            + {t("matchPath")} 
                         </Button>
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 60837c8e..e6c4e178 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -556,7 +556,16 @@ export default function Page() {
                     return (
                         <Button
                             variant="outline"
-                            onClick={() => setShowPathInput(true)}
+                            onClick={() => {
+                                setShowPathInput(true);
+                                // Set default pathMatchType when first showing path input
+                                if (!row.original.pathMatchType) {
+                                    updateTarget(row.original.targetId, {
+                                        ...row.original,
+                                        pathMatchType: "prefix"
+                                    });
+                                }
+                            }}
                         >
                             + {t("matchPath")}
                         </Button>

From 7a17518054a3bf71926b1cb042c3407672046f40 Mon Sep 17 00:00:00 2001
From: Pallavi <pallavilpmt1995@gmail.com>
Date: Tue, 16 Sep 2025 23:46:21 +0530
Subject: [PATCH 145/166] resource links from id to niceId

---
 src/components/ResourcesTable.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
index 3352c4fa..cb7983c7 100644
--- a/src/components/ResourcesTable.tsx
+++ b/src/components/ResourcesTable.tsx
@@ -462,7 +462,7 @@ export default function ResourcesTable({
                             <DropdownMenuContent align="end">
                                 <Link
                                     className="block w-full"
-                                    href={`/${resourceRow.orgId}/settings/resources/${resourceRow.id}`}
+                                    href={`/${resourceRow.orgId}/settings/resources/${resourceRow.nice}`}
                                 >
                                     <DropdownMenuItem>
                                         {t("viewSettings")}

From 5f43268b88c8780cffdda34212d2d004792a11a1 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Tue, 16 Sep 2025 17:17:12 -0700
Subject: [PATCH 146/166] print failed crowdsec install error

---
 install/main.go | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/install/main.go b/install/main.go
index 33606250..d67ac9f1 100644
--- a/install/main.go
+++ b/install/main.go
@@ -127,7 +127,7 @@ func main() {
 		if readBool(reader, "Would you like to install and start the containers?", true) {
 
 			config.InstallationContainerType = podmanOrDocker(reader)
-			
+
 			if !isDockerInstalled() && runtime.GOOS == "linux" && config.InstallationContainerType == Docker {
 				if readBool(reader, "Docker is not installed. Would you like to install it?", true) {
 					installDocker()
@@ -206,12 +206,16 @@ func main() {
 				}
 
 				config.DoCrowdsecInstall = true
-				installCrowdsec(config)
+                err := installCrowdsec(config)
+                if (err != nil) {
+                    fmt.Printf("Error installing CrowdSec: %v\n", err)
+                    return
+                }
 			}
 		}
 	}
 
-	if !config.HybridMode {
+	if !config.HybridMode && checkIsPangolinInstalledWithHybrid() {
 		// Setup Token Section
 		fmt.Println("\n=== Setup Token ===")
 
@@ -323,11 +327,11 @@ func collectUserInput(reader *bufio.Reader) Config {
 
 	if config.HybridMode {
 		alreadyHaveCreds := readBool(reader, "Do you already have credentials from the dashboard? If not, we will create them later", false)
-		
+
 		if alreadyHaveCreds {
 			config.HybridId = readString(reader, "Enter your ID", "")
 			config.HybridSecret = readString(reader, "Enter your secret", "")
-		} 
+		}
 
 		// Try to get public IP as default
 		publicIP := getPublicIP()
@@ -351,7 +355,7 @@ func collectUserInput(reader *bufio.Reader) Config {
 		// Email configuration
 		fmt.Println("\n=== Email Configuration ===")
 		config.EnableEmail = readBool(reader, "Enable email functionality (SMTP)", false)
-		
+
 		if config.EnableEmail {
 			config.EmailSMTPHost = readString(reader, "Enter SMTP host", "")
 			config.EmailSMTPPort = readInt(reader, "Enter SMTP port (default 587)", 587)
@@ -359,7 +363,7 @@ func collectUserInput(reader *bufio.Reader) Config {
 			config.EmailSMTPPass = readString(reader, "Enter SMTP password", "") // Should this be readPassword?
 			config.EmailNoReply = readString(reader, "Enter no-reply email address", "")
 		}
-		
+
 		// Validate required fields
 		if config.BaseDomain == "" {
 			fmt.Println("Error: Domain name is required")
@@ -594,25 +598,25 @@ func getPublicIP() string {
 	client := &http.Client{
 		Timeout: 10 * time.Second,
 	}
-	
+
 	resp, err := client.Get("https://ifconfig.io/ip")
 	if err != nil {
 		return ""
 	}
 	defer resp.Body.Close()
-	
+
 	body, err := io.ReadAll(resp.Body)
 	if err != nil {
 		return ""
 	}
-	
+
 	ip := strings.TrimSpace(string(body))
-	
+
 	// Validate that it's a valid IP address
 	if net.ParseIP(ip) != nil {
 		return ip
 	}
-	
+
 	return ""
 }
 

From b1255ddb1e196e9488dfdc0b311d21d8e02afb9e Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Tue, 16 Sep 2025 17:29:45 -0700
Subject: [PATCH 147/166] fix cant create oidc user closes #1472

---
 .../[orgId]/settings/access/users/create/page.tsx    | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

diff --git a/src/app/[orgId]/settings/access/users/create/page.tsx b/src/app/[orgId]/settings/access/users/create/page.tsx
index bd50a883..47bff1e1 100644
--- a/src/app/[orgId]/settings/access/users/create/page.tsx
+++ b/src/app/[orgId]/settings/access/users/create/page.tsx
@@ -106,8 +106,7 @@ export default function Page() {
             .optional()
             .or(z.literal("")),
         name: z.string().optional(),
-        roleId: z.string().min(1, { message: t("accessRoleSelectPlease") }),
-        idpId: z.string().min(1, { message: t("idpSelectPlease") })
+        roleId: z.string().min(1, { message: t("accessRoleSelectPlease") })
     });
 
     const formatIdpType = (type: string) => {
@@ -125,7 +124,7 @@ export default function Page() {
 
     const getIdpIcon = (variant: string | null) => {
         if (!variant) return null;
-        
+
         switch (variant.toLowerCase()) {
             case "google":
                 return (
@@ -186,8 +185,7 @@ export default function Page() {
             username: "",
             email: "",
             name: "",
-            roleId: "",
-            idpId: ""
+            roleId: ""
         }
     });
 
@@ -338,7 +336,7 @@ export default function Page() {
     ) {
         const selectedUserOption = userOptions.find(opt => opt.id === selectedOption);
         if (!selectedUserOption?.idpId) return;
-        
+
         setLoading(true);
 
         const res = await api
@@ -378,7 +376,7 @@ export default function Page() {
     ) {
         const selectedUserOption = userOptions.find(opt => opt.id === selectedOption);
         if (!selectedUserOption?.idpId) return;
-        
+
         setLoading(true);
 
         const res = await api

From bcf4523689216a73fb9e87009150ae2da957556e Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Wed, 17 Sep 2025 15:52:40 -0400
Subject: [PATCH 148/166] ask for container type in crowdsec installer

---
 install/main.go | 13 +++++++++----
 1 file changed, 9 insertions(+), 4 deletions(-)

diff --git a/install/main.go b/install/main.go
index d67ac9f1..42bd621d 100644
--- a/install/main.go
+++ b/install/main.go
@@ -21,9 +21,9 @@ import (
 
 // DO NOT EDIT THIS FUNCTION; IT MATCHED BY REGEX IN CICD
 func loadVersions(config *Config) {
-	config.PangolinVersion = "replaceme"
-	config.GerbilVersion = "replaceme"
-	config.BadgerVersion = "replaceme"
+	config.PangolinVersion = "1.9.4"
+	config.GerbilVersion = "1.2.1"
+	config.BadgerVersion = "1.2.0"
 }
 
 //go:embed config/*
@@ -75,7 +75,7 @@ func main() {
 			if err := checkPortsAvailable(p); err != nil {
 				fmt.Fprintln(os.Stderr, err)
 
-				fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly")
+				fmt.Printf("Please close any services on ports 80/443 in order to run the installation smoothly. If you already have the Pangolin stack running, shut them down before proceeding.\n")
 				os.Exit(1)
 			}
 		}
@@ -205,12 +205,17 @@ func main() {
 					}
 				}
 
+                config.InstallationContainerType = podmanOrDocker(reader)
+
 				config.DoCrowdsecInstall = true
                 err := installCrowdsec(config)
                 if (err != nil) {
                     fmt.Printf("Error installing CrowdSec: %v\n", err)
                     return
                 }
+
+                fmt.Println("CrowdSec installed successfully!")
+                return
 			}
 		}
 	}

From aba894eedf484f6bf7ede7dab61fbd90ac613b57 Mon Sep 17 00:00:00 2001
From: Oliver Antwerpen <antwerpen@uni-matrix.com>
Date: Tue, 16 Sep 2025 12:35:45 +0200
Subject: [PATCH 149/166] Update de-DE.json

Corrected different translations to real german
---
 messages/de-DE.json | 34 +++++++++++++++++-----------------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index 1b71c3ff..8ffb4a99 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -1148,28 +1148,28 @@
     "containersIn": "Container in {siteName}",
     "selectContainerDescription": "Wählen Sie einen Container, der als Hostname für dieses Ziel verwendet werden soll. Klicken Sie auf einen Port, um einen Port zu verwenden.",
     "containerName": "Name",
-    "containerImage": "Bild",
-    "containerState": "Bundesland",
+    "containerImage": "Image",
+    "containerState": "Status",
     "containerNetworks": "Netzwerke",
     "containerHostnameIp": "Hostname/IP",
-    "containerLabels": "Etiketten",
-    "containerLabelsCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
-    "containerLabelsTitle": "Container-Labels",
+    "containerLabels": "Labels",
+    "containerLabelsCount": "{count, plural, one {# Label} other {# Label}}",
+    "containerLabelsTitle": "Container-Label",
     "containerLabelEmpty": "<leer>",
-    "containerPorts": "Häfen",
+    "containerPorts": "Ports",
     "containerPortsMore": "+{count} mehr",
     "containerActions": "Aktionen",
     "select": "Auswählen",
     "noContainersMatchingFilters": "Es wurden keine Container gefunden, die den aktuellen Filtern entsprechen.",
     "showContainersWithoutPorts": "Container ohne Ports anzeigen",
-    "showStoppedContainers": "Stoppte Container anzeigen",
+    "showStoppedContainers": "Gestoppte Container anzeigen",
     "noContainersFound": "Keine Container gefunden. Stellen Sie sicher, dass Docker Container laufen.",
     "searchContainersPlaceholder": "Durchsuche {count} Container...",
     "searchResultsCount": "{count, plural, one {# Ergebnis} other {# Ergebnisse}}",
     "filters": "Filter",
     "filterOptions": "Filteroptionen",
-    "filterPorts": "Häfen",
-    "filterStopped": "Stoppt",
+    "filterPorts": "Ports",
+    "filterStopped": "Gestoppt",
     "clearAllFilters": "Alle Filter löschen",
     "columns": "Spalten",
     "toggleColumns": "Spalten umschalten",
@@ -1310,12 +1310,12 @@
     "createDomainType": "Typ:",
     "createDomainName": "Name:",
     "createDomainValue": "Wert:",
-    "createDomainCnameRecords": "CNAME-Einträge",
-    "createDomainARecords": "A-Aufzeichnungen",
-    "createDomainRecordNumber": "Eintrag {number}",
-    "createDomainTxtRecords": "TXT-Einträge",
-    "createDomainSaveTheseRecords": "Diese Einträge speichern",
-    "createDomainSaveTheseRecordsDescription": "Achten Sie darauf, diese DNS-Einträge zu speichern, da Sie sie nicht erneut sehen werden.",
+    "createDomainCnameRecords": "CNAME-Records",
+    "createDomainARecords": "A-Records",
+    "createDomainRecordNumber": "Record {number}",
+    "createDomainTxtRecords": "TXT-Records",
+    "createDomainSaveTheseRecords": "Diese Records speichern",
+    "createDomainSaveTheseRecordsDescription": "Achten Sie darauf, diese DNS-Records zu speichern, da Sie sie nicht erneut sehen werden.",
     "createDomainDnsPropagation": "DNS-Verbreitung",
     "createDomainDnsPropagationDescription": "Es kann einige Zeit dauern, bis DNS-Änderungen im Internet verbreitet werden. Dies kann je nach Ihrem DNS-Provider und den TTL-Einstellungen von einigen Minuten bis zu 48 Stunden dauern.",
     "resourcePortRequired": "Portnummer ist für nicht-HTTP-Ressourcen erforderlich",
@@ -1465,7 +1465,7 @@
     "autoLoginErrorGeneratingUrl": "Fehler beim Generieren der Authentifizierungs-URL.",
     "managedSelfHosted": {
         "title": "Verwaltetes Selbsthosted",
-        "description": "Zuverlässiger und wartungsarmer Pangolin Server mit zusätzlichen Glocken und Pfeifen",
+        "description": "Zuverlässiger und wartungsarmer Pangolin Server mit zusätzlichem Schnickschnack",
         "introTitle": "Verwalteter selbstgehosteter Pangolin",
         "introDescription": "ist eine Deployment-Option, die für Personen konzipiert wurde, die Einfachheit und zusätzliche Zuverlässigkeit wünschen, während sie ihre Daten privat und selbstgehostet halten.",
         "introDetail": "Mit dieser Option haben Sie immer noch Ihren eigenen Pangolin-Knoten – Ihre Tunnel, SSL-Terminierung und Traffic bleiben auf Ihrem Server. Der Unterschied besteht darin, dass Verwaltung und Überwachung über unser Cloud-Dashboard abgewickelt werden, das eine Reihe von Vorteilen freischaltet:",
@@ -1521,4 +1521,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" wurde korrigiert zu \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Datei bearbeiten: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Datei bearbeiten: docker-compose.yml"
-}
\ No newline at end of file
+}

From a450521714e0c8774b148131868dc00d1b92c86a Mon Sep 17 00:00:00 2001
From: Tim <82370418+Tim5965@users.noreply.github.com>
Date: Tue, 16 Sep 2025 22:31:32 +0200
Subject: [PATCH 150/166] Update nl-NL.json

It currently contains several errors. I believe I've fixed the major ones now, but there are probably still things I've overlooked.

Incidentally, there's no option to edit the main headings for General, Access Control, and Organization. This also applies to Manage Clients (beta) page.
---
 messages/nl-NL.json | 46 ++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 641b3a64..87915b96 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -38,12 +38,12 @@
     "name": "naam",
     "online": "Online",
     "offline": "Offline",
-    "site": "Website",
-    "dataIn": "Gegevens in",
-    "dataOut": "Data Uit",
+    "site": "Referentie",
+    "dataIn": "Dataverbruik inkomend",
+    "dataOut": "Dataverbruik uitgaand",
     "connectionType": "Type verbinding",
     "tunnelType": "Tunnel type",
-    "local": "lokaal",
+    "local": "Lokaal",
     "edit": "Bewerken",
     "siteConfirmDelete": "Verwijderen van site bevestigen",
     "siteDelete": "Site verwijderen",
@@ -55,7 +55,7 @@
     "siteCreate": "Site maken",
     "siteCreateDescription2": "Volg de onderstaande stappen om een nieuwe site aan te maken en te verbinden",
     "siteCreateDescription": "Maak een nieuwe site aan om verbinding te maken met uw bronnen",
-    "close": "Afsluiten",
+    "close": "Sluiten",
     "siteErrorCreate": "Fout bij maken site",
     "siteErrorCreateKeyPair": "Key pair of site standaard niet gevonden",
     "siteErrorCreateDefaults": "Standaardinstellingen niet gevonden",
@@ -90,7 +90,7 @@
     "siteGeneralDescription": "Algemene instellingen voor deze site configureren",
     "siteSettingDescription": "Configureer de instellingen op uw site",
     "siteSetting": "{siteName} instellingen",
-    "siteNewtTunnel": "Nieuwstunnel (Aanbevolen)",
+    "siteNewtTunnel": "Newttunnel (Aanbevolen)",
     "siteNewtTunnelDescription": "Gemakkelijkste manier om een ingangspunt in uw netwerk te maken. Geen extra opzet.",
     "siteWg": "Basis WireGuard",
     "siteWgDescription": "Gebruik een WireGuard client om een tunnel te bouwen. Handmatige NAT installatie vereist.",
@@ -104,7 +104,7 @@
     "siteCredentialsSave": "Uw referenties opslaan",
     "siteCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
     "siteInfo": "Site informatie",
-    "status": "status",
+    "status": "Status",
     "shareTitle": "Beheer deellinks",
     "shareDescription": "Maak deelbare links aan om tijdelijke of permanente toegang tot uw bronnen te verlenen",
     "shareSearch": "Zoek share links...",
@@ -146,19 +146,19 @@
     "never": "Nooit",
     "shareErrorSelectResource": "Selecteer een bron",
     "resourceTitle": "Bronnen beheren",
-    "resourceDescription": "Veilige proxy's voor uw privé applicaties maken",
+    "resourceDescription": "Veilige proxy's voor uw privé applicaties aanmaken",
     "resourcesSearch": "Zoek bronnen...",
     "resourceAdd": "Bron toevoegen",
     "resourceErrorDelte": "Fout bij verwijderen document",
     "authentication": "Authenticatie",
-    "protected": "Beschermd",
-    "notProtected": "Niet beschermd",
+    "protected": "Beveiligd",
+    "notProtected": "Niet beveiligd",
     "resourceMessageRemove": "Eenmaal verwijderd, zal het bestand niet langer toegankelijk zijn. Alle doelen die gekoppeld zijn aan het hulpbron, zullen ook verwijderd worden.",
     "resourceMessageConfirm": "Om te bevestigen, typ de naam van de bron hieronder.",
     "resourceQuestionRemove": "Weet u zeker dat u de resource {selectedResource} uit de organisatie wilt verwijderen?",
     "resourceHTTP": "HTTPS bron",
     "resourceHTTPDescription": "Proxy verzoeken aan uw app via HTTPS via een subdomein of basisdomein.",
-    "resourceRaw": "Ruwe TCP/UDP bron",
+    "resourceRaw": "TCP/UDP bron",
     "resourceRawDescription": "Proxy verzoeken naar je app via TCP/UDP met behulp van een poortnummer.",
     "resourceCreate": "Bron maken",
     "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
@@ -183,7 +183,7 @@
     "protocolSelect": "Selecteer een protocol",
     "resourcePortNumber": "Nummer van poort",
     "resourcePortNumberDescription": "Het externe poortnummer naar proxyverzoeken.",
-    "cancel": "annuleren",
+    "cancel": "Annuleren",
     "resourceConfig": "Configuratie tekstbouwstenen",
     "resourceConfigDescription": "Kopieer en plak deze configuratie-snippets om je TCP/UDP-bron in te stellen",
     "resourceAddEntrypoints": "Traefik: Entrypoints toevoegen",
@@ -212,7 +212,7 @@
     "saveGeneralSettings": "Algemene instellingen opslaan",
     "saveSettings": "Instellingen opslaan",
     "orgDangerZone": "Gevaarlijke zone",
-    "orgDangerZoneDescription": "Als u deze instantie verwijdert, is er geen weg terug. Wees het alstublieft zeker.",
+    "orgDangerZoneDescription": "Deze instantie verwijderen is onomkeerbaar. Bevestig alstublieft dat u wilt doorgaan.",
     "orgDelete": "Verwijder organisatie",
     "orgDeleteConfirm": "Bevestig Verwijderen Organisatie",
     "orgMessageRemove": "Deze actie is onomkeerbaar en zal alle bijbehorende gegevens verwijderen.",
@@ -501,7 +501,7 @@
     "targetStickySessionsDescription": "Behoud verbindingen op hetzelfde backend doel voor hun hele sessie.",
     "methodSelect": "Selecteer methode",
     "targetSubmit": "Doelwit toevoegen",
-    "targetNoOne": "Geen doelwitten. Voeg een doel toe via het formulier.",
+    "targetNoOne": "Geen doel toegevoegd. Voeg deze toe via dit formulier.",
     "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
     "targetsSubmit": "Doelstellingen opslaan",
     "proxyAdditional": "Extra Proxy-instellingen",
@@ -598,7 +598,7 @@
     "newtId": "Newt-ID",
     "newtSecretKey": "Nieuwe geheime sleutel",
     "architecture": "Architectuur",
-    "sites": "Werkruimtes",
+    "sites": "Verbindingen",
     "siteWgAnyClients": "Gebruik een willekeurige WireGuard client om verbinding te maken. Je moet je interne bronnen aanspreken met behulp van de peer IP.",
     "siteWgCompatibleAllClients": "Compatibel met alle WireGuard clients",
     "siteWgManualConfigurationRequired": "Handmatige configuratie vereist",
@@ -729,7 +729,7 @@
     "idpMessageConfirm": "Om dit te bevestigen, typt u de naam van onderstaande identiteitsprovider.",
     "idpConfirmDelete": "Bevestig verwijderen Identity Provider",
     "idpDelete": "Identity Provider verwijderen",
-    "idp": "Identiteit aanbieders",
+    "idp": "Identiteitsaanbieders",
     "idpSearch": "Identiteitsaanbieders zoeken...",
     "idpAdd": "Identity Provider toevoegen",
     "idpClientIdRequired": "Client-ID is vereist.",
@@ -801,7 +801,7 @@
     "defaultMappingsOrgDescription": "Deze expressie moet de org-ID teruggeven of waar om de gebruiker toegang te geven tot de organisatie.",
     "defaultMappingsSubmit": "Standaard toewijzingen opslaan",
     "orgPoliciesEdit": "Organisatie beleid bewerken",
-    "org": "Rekening",
+    "org": "Organisatie",
     "orgSelect": "Selecteer organisatie",
     "orgSearch": "Zoek in org",
     "orgNotFound": "Geen org gevonden.",
@@ -976,10 +976,10 @@
     "supportKeyEnterDescription": "Ontmoet je eigen huisdier Pangolin!",
     "githubUsername": "GitHub-gebruikersnaam",
     "supportKeyInput": "Supporter Sleutel",
-    "supportKeyBuy": "Koop Supportersleutel",
+    "supportKeyBuy": "Koop supportersleutel",
     "logoutError": "Fout bij uitloggen",
     "signingAs": "Ingelogd als",
-    "serverAdmin": "Server Beheerder",
+    "serverAdmin": "Server beheer",
     "managedSelfhosted": "Beheerde Self-Hosted",
     "otpEnable": "Twee-factor inschakelen",
     "otpDisable": "Tweestapsverificatie uitschakelen",
@@ -1128,7 +1128,7 @@
     "sidebarOverview": "Overzicht.",
     "sidebarHome": "Startpagina",
     "sidebarSites": "Werkruimtes",
-    "sidebarResources": "Hulpmiddelen",
+    "sidebarResources": "Bronnen",
     "sidebarAccessControl": "Toegangs controle",
     "sidebarUsers": "Gebruikers",
     "sidebarInvitations": "Uitnodigingen",
@@ -1147,7 +1147,7 @@
     "viewDockerContainers": "Bekijk Docker containers",
     "containersIn": "Containers in {siteName}",
     "selectContainerDescription": "Selecteer een container om als hostnaam voor dit doel te gebruiken. Klik op een poort om een poort te gebruiken.",
-    "containerName": "naam",
+    "containerName": "Naam",
     "containerImage": "Afbeelding",
     "containerState": "Provincie",
     "containerNetworks": "Netwerken",
@@ -1349,7 +1349,7 @@
     "olmId": "Olm ID",
     "olmSecretKey": "Olm Geheime Sleutel",
     "clientCredentialsSave": "Uw referenties opslaan",
-    "clientCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
+    "clientCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer deze naar een beveiligde plek.",
     "generalSettingsDescription": "Configureer de algemene instellingen voor deze client",
     "clientUpdated": "Klant bijgewerkt ",
     "clientUpdatedDescription": "De client is bijgewerkt.",
@@ -1521,4 +1521,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" was gecorrigeerd op \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Bestand bewerken: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Bestand bewerken: docker-compose.yml"
-}
\ No newline at end of file
+}

From 38db3f418087790f6708b118c4aa1179e645b02f Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Sep 2025 01:23:22 +0000
Subject: [PATCH 151/166] Bump next-intl from 4.3.8 to 4.3.9 in the
 prod-patch-updates group

Bumps the prod-patch-updates group with 1 update: [next-intl](https://github.com/amannn/next-intl).


Updates `next-intl` from 4.3.8 to 4.3.9
- [Release notes](https://github.com/amannn/next-intl/releases)
- [Changelog](https://github.com/amannn/next-intl/blob/main/CHANGELOG.md)
- [Commits](https://github.com/amannn/next-intl/compare/v4.3.8...v4.3.9)

---
updated-dependencies:
- dependency-name: next-intl
  dependency-version: 4.3.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod-patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 16 ++++++++--------
 package.json      |  2 +-
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index bf1f4597..e9253af4 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -67,7 +67,7 @@
                 "lucide-react": "^0.544.0",
                 "moment": "2.30.1",
                 "next": "15.5.3",
-                "next-intl": "^4.3.8",
+                "next-intl": "^4.3.9",
                 "next-themes": "0.4.6",
                 "node-cache": "5.1.2",
                 "node-fetch": "3.3.2",
@@ -12051,9 +12051,9 @@
             }
         },
         "node_modules/next-intl": {
-            "version": "4.3.8",
-            "resolved": "https://registry.npmjs.org/next-intl/-/next-intl-4.3.8.tgz",
-            "integrity": "sha512-epUuRSL1KRQtDdFVRb5j7ZaaF7Sx/aivVA7VY0fc5g1pmpT90ylK6AaBdNsOnc5n+AERVn+zO5HoBsXO0lhTZA==",
+            "version": "4.3.9",
+            "resolved": "https://registry.npmjs.org/next-intl/-/next-intl-4.3.9.tgz",
+            "integrity": "sha512-4oSROHlgy8a5Qr2vH69wxo9F6K0uc6nZM2GNzqSe6ET79DEzOmBeSijCRzD5txcI4i+XTGytu4cxFsDXLKEDpQ==",
             "funding": [
                 {
                     "type": "individual",
@@ -12064,7 +12064,7 @@
             "dependencies": {
                 "@formatjs/intl-localematcher": "^0.5.4",
                 "negotiator": "^1.0.0",
-                "use-intl": "^4.3.8"
+                "use-intl": "^4.3.9"
             },
             "peerDependencies": {
                 "next": "^12.0.0 || ^13.0.0 || ^14.0.0 || ^15.0.0",
@@ -17923,9 +17923,9 @@
             }
         },
         "node_modules/use-intl": {
-            "version": "4.3.8",
-            "resolved": "https://registry.npmjs.org/use-intl/-/use-intl-4.3.8.tgz",
-            "integrity": "sha512-L4mcWCriZCw+qySIk5Octy9ioRNTuFu4y2kTw3NIKfKRk0xAvfobX7/5VHk+eCDJFJeBEqJov/qRe83LDfbqyg==",
+            "version": "4.3.9",
+            "resolved": "https://registry.npmjs.org/use-intl/-/use-intl-4.3.9.tgz",
+            "integrity": "sha512-bZu+h13HIgOvsoGleQtUe4E6gM49CRm+AH36KnJVB/qb1+Beo7jr7HNrR8YWH8oaOkQfGNm6vh0HTepxng8UTg==",
             "license": "MIT",
             "dependencies": {
                 "@formatjs/fast-memoize": "^2.2.0",
diff --git a/package.json b/package.json
index 46122ed6..34e99a73 100644
--- a/package.json
+++ b/package.json
@@ -84,7 +84,7 @@
         "lucide-react": "^0.544.0",
         "moment": "2.30.1",
         "next": "15.5.3",
-        "next-intl": "^4.3.8",
+        "next-intl": "^4.3.9",
         "next-themes": "0.4.6",
         "node-cache": "5.1.2",
         "node-fetch": "3.3.2",

From 4e55368d83058c8f4582908d7ad4f4d606d6da6c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Sep 2025 01:19:59 +0000
Subject: [PATCH 152/166] Bump @dotenvx/dotenvx in the dev-patch-updates group

Bumps the dev-patch-updates group with 1 update: [@dotenvx/dotenvx](https://github.com/dotenvx/dotenvx).


Updates `@dotenvx/dotenvx` from 1.49.0 to 1.49.1
- [Release notes](https://github.com/dotenvx/dotenvx/releases)
- [Changelog](https://github.com/dotenvx/dotenvx/blob/main/CHANGELOG.md)
- [Commits](https://github.com/dotenvx/dotenvx/compare/v1.49.0...v1.49.1)

---
updated-dependencies:
- dependency-name: "@dotenvx/dotenvx"
  dependency-version: 1.49.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 8 ++++----
 package.json      | 2 +-
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index e9253af4..c40a86fe 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -96,7 +96,7 @@
                 "zod-validation-error": "3.5.2"
             },
             "devDependencies": {
-                "@dotenvx/dotenvx": "1.49.0",
+                "@dotenvx/dotenvx": "1.49.1",
                 "@esbuild-plugins/tsconfig-paths": "0.1.2",
                 "@tailwindcss/postcss": "^4.1.13",
                 "@types/better-sqlite3": "7.6.12",
@@ -1026,9 +1026,9 @@
             }
         },
         "node_modules/@dotenvx/dotenvx": {
-            "version": "1.49.0",
-            "resolved": "https://registry.npmjs.org/@dotenvx/dotenvx/-/dotenvx-1.49.0.tgz",
-            "integrity": "sha512-M1cyP6YstFQCjih54SAxCqHLMMi8QqV8tenpgGE48RTXWD7vfMYJiw/6xcCDpS2h28AcLpTsFCZA863Ge9yxzA==",
+            "version": "1.49.1",
+            "resolved": "https://registry.npmjs.org/@dotenvx/dotenvx/-/dotenvx-1.49.1.tgz",
+            "integrity": "sha512-LQ8cem3RU/mI2iz5Sy+ypnhfhVge3bc9tsLJg5rdf7j7u1RRTfmmSdLwSjeYI7sL9ToN7rgFkOGSBJqaBT+gSQ==",
             "dev": true,
             "license": "BSD-3-Clause",
             "dependencies": {
diff --git a/package.json b/package.json
index 34e99a73..a77554df 100644
--- a/package.json
+++ b/package.json
@@ -113,7 +113,7 @@
         "zod-validation-error": "3.5.2"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.49.0",
+        "@dotenvx/dotenvx": "1.49.1",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
         "@tailwindcss/postcss": "^4.1.13",
         "@types/better-sqlite3": "7.6.12",

From c206bd120d926e1d4784f14e8b8f5359c486ec9b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 16 Sep 2025 01:21:01 +0000
Subject: [PATCH 153/166] Bump the dev-minor-updates group with 2 updates

Bumps the dev-minor-updates group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint).


Updates `@types/node` from 24.4.0 to 24.5.0
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `typescript-eslint` from 8.43.0 to 8.44.0
- [Release notes](https://github.com/typescript-eslint/typescript-eslint/releases)
- [Changelog](https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md)
- [Commits](https://github.com/typescript-eslint/typescript-eslint/commits/v8.44.0/packages/typescript-eslint)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.5.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
- dependency-name: typescript-eslint
  dependency-version: 8.44.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: dev-minor-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 140 +++++++++++++++++++++++-----------------------
 package.json      |   4 +-
 2 files changed, 72 insertions(+), 72 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c40a86fe..c60c11fb 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -108,7 +108,7 @@
                 "@types/jmespath": "^0.15.2",
                 "@types/js-yaml": "4.0.9",
                 "@types/jsonwebtoken": "^9.0.10",
-                "@types/node": "24.4.0",
+                "@types/node": "24.5.0",
                 "@types/nodemailer": "7.0.1",
                 "@types/pg": "8.15.5",
                 "@types/react": "19.1.13",
@@ -126,7 +126,7 @@
                 "tsc-alias": "1.8.16",
                 "tsx": "4.20.5",
                 "typescript": "^5",
-                "typescript-eslint": "^8.43.0"
+                "typescript-eslint": "^8.44.0"
             }
         },
         "node_modules/@alloc/quick-lru": {
@@ -6335,13 +6335,13 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.4.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.4.0.tgz",
-            "integrity": "sha512-gUuVEAK4/u6F9wRLznPUU4WGUacSEBDPoC2TrBkw3GAnOLHBL45QdfHOXp1kJ4ypBGLxTOB+t7NJLpKoC3gznQ==",
+            "version": "24.5.0",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.0.tgz",
+            "integrity": "sha512-y1dMvuvJspJiPSDZUQ+WMBvF7dpnEqN4x9DDC9ie5Fs/HUZJA3wFp7EhHoVaKX/iI0cRoECV8X2jL8zi0xrHCg==",
             "devOptional": true,
             "license": "MIT",
             "dependencies": {
-                "undici-types": "~7.11.0"
+                "undici-types": "~7.12.0"
             }
         },
         "node_modules/@types/nodemailer": {
@@ -6483,16 +6483,16 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.43.0.tgz",
-            "integrity": "sha512-8tg+gt7ENL7KewsKMKDHXR1vm8tt9eMxjJBYINf6swonlWgkYn5NwyIgXpbbDxTNU5DgpDFfj95prcTq2clIQQ==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.44.0.tgz",
+            "integrity": "sha512-EGDAOGX+uwwekcS0iyxVDmRV9HX6FLSM5kzrAToLTsr9OWCIKG/y3lQheCq18yZ5Xh78rRKJiEpP0ZaCs4ryOQ==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.43.0",
-                "@typescript-eslint/type-utils": "8.43.0",
-                "@typescript-eslint/utils": "8.43.0",
-                "@typescript-eslint/visitor-keys": "8.43.0",
+                "@typescript-eslint/scope-manager": "8.44.0",
+                "@typescript-eslint/type-utils": "8.44.0",
+                "@typescript-eslint/utils": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -6506,7 +6506,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.43.0",
+                "@typescript-eslint/parser": "^8.44.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <6.0.0"
             }
@@ -6521,15 +6521,15 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.43.0.tgz",
-            "integrity": "sha512-B7RIQiTsCBBmY+yW4+ILd6mF5h1FUwJsVvpqkrgpszYifetQ2Ke+Z4u6aZh0CblkUGIdR59iYVyXqqZGkZ3aBw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.44.0.tgz",
+            "integrity": "sha512-VGMpFQGUQWYT9LfnPcX8ouFojyrZ/2w3K5BucvxL/spdNehccKhB4jUyB1yBCXpr2XFm0jkECxgrpXBW2ipoAw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.43.0",
-                "@typescript-eslint/types": "8.43.0",
-                "@typescript-eslint/typescript-estree": "8.43.0",
-                "@typescript-eslint/visitor-keys": "8.43.0",
+                "@typescript-eslint/scope-manager": "8.44.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -6545,13 +6545,13 @@
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.43.0.tgz",
-            "integrity": "sha512-htB/+D/BIGoNTQYffZw4uM4NzzuolCoaA/BusuSIcC8YjmBYQioew5VUZAYdAETPjeed0hqCaW7EHg+Robq8uw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.44.0.tgz",
+            "integrity": "sha512-ZeaGNraRsq10GuEohKTo4295Z/SuGcSq2LzfGlqiuEvfArzo/VRrT0ZaJsVPuKZ55lVbNk8U6FcL+ZMH8CoyVA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.43.0",
-                "@typescript-eslint/types": "^8.43.0",
+                "@typescript-eslint/tsconfig-utils": "^8.44.0",
+                "@typescript-eslint/types": "^8.44.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -6566,13 +6566,13 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.43.0.tgz",
-            "integrity": "sha512-daSWlQ87ZhsjrbMLvpuuMAt3y4ba57AuvadcR7f3nl8eS3BjRc8L9VLxFLk92RL5xdXOg6IQ+qKjjqNEimGuAg==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.44.0.tgz",
+            "integrity": "sha512-87Jv3E+al8wpD+rIdVJm/ItDBe/Im09zXIjFoipOjr5gHUhJmTzfFLuTJ/nPTMc2Srsroy4IBXwcTCHyRR7KzA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.43.0",
-                "@typescript-eslint/visitor-keys": "8.43.0"
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -6583,9 +6583,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.43.0.tgz",
-            "integrity": "sha512-ALC2prjZcj2YqqL5X/bwWQmHA2em6/94GcbB/KKu5SX3EBDOsqztmmX1kMkvAJHzxk7TazKzJfFiEIagNV3qEA==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.44.0.tgz",
+            "integrity": "sha512-x5Y0+AuEPqAInc6yd0n5DAcvtoQ/vyaGwuX5HE9n6qAefk1GaedqrLQF8kQGylLUb9pnZyLf+iEiL9fr8APDtQ==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -6599,14 +6599,14 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.43.0.tgz",
-            "integrity": "sha512-qaH1uLBpBuBBuRf8c1mLJ6swOfzCXryhKND04Igr4pckzSEW9JX5Aw9AgW00kwfjWJF0kk0ps9ExKTfvXfw4Qg==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.44.0.tgz",
+            "integrity": "sha512-9cwsoSxJ8Sak67Be/hD2RNt/fsqmWnNE1iHohG8lxqLSNY8xNfyY7wloo5zpW3Nu9hxVgURevqfcH6vvKCt6yg==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.43.0",
-                "@typescript-eslint/typescript-estree": "8.43.0",
-                "@typescript-eslint/utils": "8.43.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0",
+                "@typescript-eslint/utils": "8.44.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -6623,9 +6623,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.43.0.tgz",
-            "integrity": "sha512-vQ2FZaxJpydjSZJKiSW/LJsabFFvV7KgLC5DiLhkBcykhQj8iK9BOaDmQt74nnKdLvceM5xmhaTF+pLekrxEkw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.44.0.tgz",
+            "integrity": "sha512-ZSl2efn44VsYM0MfDQe68RKzBz75NPgLQXuGypmym6QVOWL5kegTZuZ02xRAT9T+onqvM6T8CdQk0OwYMB6ZvA==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -6636,15 +6636,15 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.43.0.tgz",
-            "integrity": "sha512-7Vv6zlAhPb+cvEpP06WXXy/ZByph9iL6BQRBDj4kmBsW98AqEeQHlj/13X+sZOrKSo9/rNKH4Ul4f6EICREFdw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.44.0.tgz",
+            "integrity": "sha512-lqNj6SgnGcQZwL4/SBJ3xdPEfcBuhCG8zdcwCPgYcmiPLgokiNDKlbPzCwEwu7m279J/lBYWtDYL+87OEfn8Jw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.43.0",
-                "@typescript-eslint/tsconfig-utils": "8.43.0",
-                "@typescript-eslint/types": "8.43.0",
-                "@typescript-eslint/visitor-keys": "8.43.0",
+                "@typescript-eslint/project-service": "8.44.0",
+                "@typescript-eslint/tsconfig-utils": "8.44.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/visitor-keys": "8.44.0",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -6716,15 +6716,15 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.43.0.tgz",
-            "integrity": "sha512-S1/tEmkUeeswxd0GGcnwuVQPFWo8NzZTOMxCvw8BX7OMxnNae+i8Tm7REQen/SwUIPoPqfKn7EaZ+YLpiB3k9g==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.44.0.tgz",
+            "integrity": "sha512-nktOlVcg3ALo0mYlV+L7sWUD58KG4CMj1rb2HUVOO4aL3K/6wcD+NERqd0rrA5Vg06b42YhF6cFxeixsp9Riqg==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.43.0",
-                "@typescript-eslint/types": "8.43.0",
-                "@typescript-eslint/typescript-estree": "8.43.0"
+                "@typescript-eslint/scope-manager": "8.44.0",
+                "@typescript-eslint/types": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -6739,12 +6739,12 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.43.0.tgz",
-            "integrity": "sha512-T+S1KqRD4sg/bHfLwrpF/K3gQLBM1n7Rp7OjjikjTEssI2YJzQpi5WXoynOaQ93ERIuq3O8RBTOUYDKszUCEHw==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.44.0.tgz",
+            "integrity": "sha512-zaz9u8EJ4GBmnehlrpoKvj/E3dNbuQ7q0ucyZImm3cLqJ8INTc970B1qEqDX/Rzq65r3TvVTN7kHWPBoyW7DWw==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.43.0",
+                "@typescript-eslint/types": "8.44.0",
                 "eslint-visitor-keys": "^4.2.1"
             },
             "engines": {
@@ -17801,16 +17801,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.43.0",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.43.0.tgz",
-            "integrity": "sha512-FyRGJKUGvcFekRRcBKFBlAhnp4Ng8rhe8tuvvkR9OiU0gfd4vyvTRQHEckO6VDlH57jbeUQem2IpqPq9kLJH+w==",
+            "version": "8.44.0",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.44.0.tgz",
+            "integrity": "sha512-ib7mCkYuIzYonCq9XWF5XNw+fkj2zg629PSa9KNIQ47RXFF763S5BIX4wqz1+FLPogTZoiw8KmCiRPRa8bL3qw==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.43.0",
-                "@typescript-eslint/parser": "8.43.0",
-                "@typescript-eslint/typescript-estree": "8.43.0",
-                "@typescript-eslint/utils": "8.43.0"
+                "@typescript-eslint/eslint-plugin": "8.44.0",
+                "@typescript-eslint/parser": "8.44.0",
+                "@typescript-eslint/typescript-estree": "8.44.0",
+                "@typescript-eslint/utils": "8.44.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -17843,9 +17843,9 @@
             }
         },
         "node_modules/undici-types": {
-            "version": "7.11.0",
-            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.11.0.tgz",
-            "integrity": "sha512-kt1ZriHTi7MU+Z/r9DOdAI3ONdaR3M3csEaRc6ewa4f4dTvX4cQCbJ4NkEn0ohE4hHtq85+PhPSTY+pO/1PwgA==",
+            "version": "7.12.0",
+            "resolved": "https://registry.npmjs.org/undici-types/-/undici-types-7.12.0.tgz",
+            "integrity": "sha512-goOacqME2GYyOZZfb5Lgtu+1IDmAlAEu5xnD3+xTzS10hT0vzpf0SPjkXwAw9Jm+4n/mQGDP3LO8CPbYROeBfQ==",
             "devOptional": true,
             "license": "MIT"
         },
diff --git a/package.json b/package.json
index a77554df..41ec3d6f 100644
--- a/package.json
+++ b/package.json
@@ -125,7 +125,7 @@
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
-        "@types/node": "24.4.0",
+        "@types/node": "24.5.0",
         "@types/nodemailer": "7.0.1",
         "@types/pg": "8.15.5",
         "@types/react": "19.1.13",
@@ -143,7 +143,7 @@
         "tsc-alias": "1.8.16",
         "tsx": "4.20.5",
         "typescript": "^5",
-        "typescript-eslint": "^8.43.0"
+        "typescript-eslint": "^8.44.0"
     },
     "overrides": {
         "emblor": {

From 3e7712d7fdbe30560a3f82377a404c4f9e3ddfcf Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Wed, 17 Sep 2025 16:27:22 -0400
Subject: [PATCH 154/166] fix type and fix redirect to resource niceId on
 create

---
 messages/bg-BG.json                                 |  3 +--
 messages/cs-CZ.json                                 |  3 +--
 messages/de-DE.json                                 |  1 -
 messages/en-US.json                                 |  5 ++---
 messages/es-ES.json                                 |  3 +--
 messages/fr-FR.json                                 |  3 +--
 messages/it-IT.json                                 |  3 +--
 messages/ko-KR.json                                 |  3 +--
 messages/nb-NO.json                                 |  3 +--
 messages/nl-NL.json                                 |  1 -
 messages/pl-PL.json                                 |  3 +--
 messages/pt-PT.json                                 |  3 +--
 messages/ru-RU.json                                 |  3 +--
 messages/tr-TR.json                                 |  3 +--
 messages/zh-CN.json                                 |  3 +--
 .../settings/resources/[niceId]/proxy/page.tsx      | 13 ++++---------
 src/app/[orgId]/settings/resources/create/page.tsx  |  9 +++++----
 17 files changed, 23 insertions(+), 42 deletions(-)

diff --git a/messages/bg-BG.json b/messages/bg-BG.json
index 70aa50ea..f617a768 100644
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Custom Headers",
-    "customHeadersDescription": "Headers new line separated: Header-Name: value.",
     "headersValidationError": "Headers must be in the format: Header-Name: value.",
     "domainPickerProvidedDomain": "Provided Domain",
     "domainPickerFreeProvidedDomain": "Free Provided Domain",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
index 3c2b11a1..7b391431 100644
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Custom Headers",
-    "customHeadersDescription": "Headers new line separated: Header-Name: value.",
     "headersValidationError": "Headers must be in the format: Header-Name: value.",
     "domainPickerProvidedDomain": "Provided Domain",
     "domainPickerFreeProvidedDomain": "Free Provided Domain",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/de-DE.json b/messages/de-DE.json
index 8ffb4a99..2fd588da 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC Provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Eigene Kopfzeilen",
-    "customHeadersDescription": "Header neue Zeile getrennt: Kopfname: Wert.",
     "headersValidationError": "Header müssen im Format Header-Name: Wert sein.",
     "domainPickerProvidedDomain": "Angegebene Domain",
     "domainPickerFreeProvidedDomain": "Kostenlose Domain",
diff --git a/messages/en-US.json b/messages/en-US.json
index 6f75f1ff..a483eed2 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1504,8 +1504,7 @@
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Custom Headers",
-    "customHeadersDescription": "Headers new line separated: Header-Name: value",
-    "headersValidationError": "Headers must be in the format: Header-Name: value",
+    "headersValidationError": "Headers must be in the format: Header-Name: value.",
     "domainPickerProvidedDomain": "Provided Domain",
     "domainPickerFreeProvidedDomain": "Free Provided Domain",
     "domainPickerVerified": "Verified",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" was corrected to \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Edit file: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Edit file: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/es-ES.json b/messages/es-ES.json
index 2dbd6483..0a835b33 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Proveedor OAuth2/OIDC de Google",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Cabeceras personalizadas",
-    "customHeadersDescription": "Nueva línea de cabeceras separada: Nombre de cabecera: valor.",
     "headersValidationError": "Los encabezados deben estar en el formato: Nombre de cabecera: valor.",
     "domainPickerProvidedDomain": "Dominio proporcionado",
     "domainPickerFreeProvidedDomain": "Dominio proporcionado gratis",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" fue corregido a \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Editar archivo: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Editar archivo: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 13228c7c..792d1ced 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "En-têtes personnalisés",
-    "customHeadersDescription": "Nouvelles lignes séparées des en-têtes : Nom de l'en-tête : valeur.",
     "headersValidationError": "Les entêtes doivent être au format : Header-Name: valeur.",
     "domainPickerProvidedDomain": "Domaine fourni",
     "domainPickerFreeProvidedDomain": "Domaine fourni gratuitement",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" a été corrigé à \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Modifier le fichier : config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Modifier le fichier : docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/it-IT.json b/messages/it-IT.json
index d3593559..f0a862cd 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Intestazioni Personalizzate",
-    "customHeadersDescription": "Intestazioni nuova riga separate: Intestazione-Nome: valore.",
     "headersValidationError": "Le intestazioni devono essere nel formato: Intestazione-Nome: valore.",
     "domainPickerProvidedDomain": "Dominio Fornito",
     "domainPickerFreeProvidedDomain": "Dominio Fornito Gratuito",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" è stato corretto in \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Modifica file: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Modifica file: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index 586cc68f..64a449d0 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC 공급자",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC 공급자",
     "customHeaders": "사용자 정의 헤더",
-    "customHeadersDescription": "헤더는 새 줄로 구분합니다: 헤더명: 값",
     "headersValidationError": "헤더는 형식이어야 합니다: 헤더명: 값.",
     "domainPickerProvidedDomain": "제공된 도메인",
     "domainPickerFreeProvidedDomain": "무료 제공된 도메인",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\"이(가) \"{sanitized}\"로 수정되었습니다",
     "resourceAddEntrypointsEditFile": "파일 편집: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "파일 편집: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/nb-NO.json b/messages/nb-NO.json
index 88756e5a..ef5c0d2a 100644
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC leverandør",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Egendefinerte topptekster",
-    "customHeadersDescription": "Overskrifter separert som linje: Header-Name: verdi.",
     "headersValidationError": "Topptekst må være i formatet: header-navn: verdi.",
     "domainPickerProvidedDomain": "Gitt domene",
     "domainPickerFreeProvidedDomain": "Gratis oppgitt domene",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" var korrigert til \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Rediger fil: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Rediger fil: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 87915b96..b7a59e07 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC provider",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Aangepaste headers",
-    "customHeadersDescription": "Headers nieuwe lijn gescheiden: Header-Naam: waarde.",
     "headersValidationError": "Headers moeten in het formaat zijn: Header-Naam: waarde.",
     "domainPickerProvidedDomain": "Opgegeven domein",
     "domainPickerFreeProvidedDomain": "Gratis verstrekt domein",
diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index 904d093f..4fe382e1 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Dostawca Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Niestandardowe nagłówki",
-    "customHeadersDescription": "Nagłówki oddzielone: Nazwa nagłówka: wartość.",
     "headersValidationError": "Nagłówki muszą być w formacie: Nazwa nagłówka: wartość.",
     "domainPickerProvidedDomain": "Dostarczona domena",
     "domainPickerFreeProvidedDomain": "Darmowa oferowana domena",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" został skorygowany do \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Edytuj plik: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Edytuj plik: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 9f7df737..9fd73d49 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Provedor Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Cabeçalhos Personalizados",
-    "customHeadersDescription": "Separados por cabeçalhos da nova linha: Nome do Cabeçalho: valor.",
     "headersValidationError": "Cabeçalhos devem estar no formato: Nome do Cabeçalho: valor.",
     "domainPickerProvidedDomain": "Domínio fornecido",
     "domainPickerFreeProvidedDomain": "Domínio fornecido grátis",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" foi corrigido para \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Editar arquivo: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Editar arquivo: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/ru-RU.json b/messages/ru-RU.json
index c3b6b6a7..9c38cc11 100644
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC провайдер",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "Пользовательские заголовки",
-    "customHeadersDescription": "Заголовки новой строки, разделённые: название заголовка: значение.",
     "headersValidationError": "Заголовки должны быть в формате: Название заголовка: значение.",
     "domainPickerProvidedDomain": "Домен предоставлен",
     "domainPickerFreeProvidedDomain": "Бесплатный домен",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" был исправлен на \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "Редактировать файл: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Редактировать файл: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index 8c63e98a..ef812850 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC sağlayıcısı",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC sağlayıcısı",
     "customHeaders": "Özel Başlıklar",
-    "customHeadersDescription": "Başlıklar yeni satıra geçirilmiş: Başlık-Adı: değer.",
     "headersValidationError": "Başlıklar şu formatta olmalıdır: Başlık-Adı: değer.",
     "domainPickerProvidedDomain": "Sağlanan Alan Adı",
     "domainPickerFreeProvidedDomain": "Ücretsiz Sağlanan Alan Adı",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" \"{sanitized}\" olarak düzeltildi",
     "resourceAddEntrypointsEditFile": "Dosyayı düzenle: config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "Dosyayı düzenle: docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index d60cdef3..c78d7460 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Google OAuth2/OIDC 提供商",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "自定义标题",
-    "customHeadersDescription": "头部新行分隔：头部名称：值。",
     "headersValidationError": "头部必须是格式：头部名称：值。",
     "domainPickerProvidedDomain": "提供的域",
     "domainPickerFreeProvidedDomain": "免费提供的域",
@@ -1521,4 +1520,4 @@
     "domainPickerSubdomainCorrected": "\"{sub}\" 已被更正为 \"{sanitized}\"",
     "resourceAddEntrypointsEditFile": "编辑文件：config/traefik/traefik_config.yml",
     "resourceExposePortsEditFile": "编辑文件：docker-compose.yml"
-}
\ No newline at end of file
+}
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 0c1a86e3..ba71a765 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -574,7 +574,7 @@ export default function ReverseProxyTargets(props: {
                 const [showPathInput, setShowPathInput] = useState(
                     !!(row.original.path || row.original.pathMatchType)
                 );
-                
+
                 if (!showPathInput) {
                     return (
                         <Button
@@ -590,7 +590,7 @@ export default function ReverseProxyTargets(props: {
                                 }
                             }}
                         >
-                           + {t("matchPath")} 
+                           + {t("matchPath")}
                         </Button>
                     );
                 }
@@ -617,8 +617,8 @@ export default function ReverseProxyTargets(props: {
                         </Select>
                         <Input
                             placeholder={
-                                row.original.pathMatchType === "regex" 
-                                    ? "^/api/.*" 
+                                row.original.pathMatchType === "regex"
+                                    ? "^/api/.*"
                                     : "/path"
                             }
                             defaultValue={row.original.path || ""}
@@ -1489,11 +1489,6 @@ export default function ReverseProxyTargets(props: {
                                                         rows={4}
                                                     />
                                                 </FormControl>
-                                                <FormDescription>
-                                                    {t(
-                                                        "customHeadersDescription"
-                                                    )}
-                                                </FormDescription>
                                                 <FormMessage />
                                             </FormItem>
                                         )}
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index e6c4e178..71628ce7 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -408,6 +408,7 @@ export default function Page() {
 
             if (res && res.status === 201) {
                 const id = res.data.data.resourceId;
+                const niceId = res.data.data.niceId;
                 setResourceId(id);
 
                 // Create targets if any exist
@@ -440,7 +441,7 @@ export default function Page() {
                 }
 
                 if (isHttp) {
-                    router.push(`/${orgId}/settings/resources/${id}`);
+                    router.push(`/${orgId}/settings/resources/${niceId}`);
                 } else {
                     const tcpUdpData = tcpUdpForm.getValues();
                     // Only show config snippets if enableProxy is explicitly true
@@ -551,7 +552,7 @@ export default function Page() {
                 const [showPathInput, setShowPathInput] = useState(
                     !!(row.original.path || row.original.pathMatchType)
                 );
-                
+
                 if (!showPathInput) {
                     return (
                         <Button
@@ -594,8 +595,8 @@ export default function Page() {
                         </Select>
                         <Input
                             placeholder={
-                                row.original.pathMatchType === "regex" 
-                                    ? "^/api/.*" 
+                                row.original.pathMatchType === "regex"
+                                    ? "^/api/.*"
                                     : "/path"
                             }
                             defaultValue={row.original.path || ""}

From bf4de08896d17aadc35af438a43ecd5d2f678c90 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Wed, 17 Sep 2025 16:19:07 -0400
Subject: [PATCH 155/166] Quiet debug logs

---
 server/routers/traefik/getTraefikConfig.ts | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index 9e82f127..a1a2a7a3 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -209,12 +209,6 @@ export async function getTraefikConfig(
         });
     });
 
-    // convert the map to an object for printing
-
-    logger.debug(
-        `Resources: ${JSON.stringify(Object.fromEntries(resourcesMap), null, 2)}`
-    );
-
     // make sure we have at least one resource
     if (resourcesMap.size === 0) {
         return {};

From 0ea0b241c1c2270fae2a64f014c1de07dd2a3272 Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Wed, 17 Sep 2025 16:44:42 -0400
Subject: [PATCH 156/166] New translations en-us.json (German)

---
 messages/de-DE.json | 32 ++++++++++++++++----------------
 1 file changed, 16 insertions(+), 16 deletions(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index 2fd588da..6cf15993 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -1148,28 +1148,28 @@
     "containersIn": "Container in {siteName}",
     "selectContainerDescription": "Wählen Sie einen Container, der als Hostname für dieses Ziel verwendet werden soll. Klicken Sie auf einen Port, um einen Port zu verwenden.",
     "containerName": "Name",
-    "containerImage": "Image",
-    "containerState": "Status",
+    "containerImage": "Bild",
+    "containerState": "Bundesland",
     "containerNetworks": "Netzwerke",
     "containerHostnameIp": "Hostname/IP",
-    "containerLabels": "Labels",
-    "containerLabelsCount": "{count, plural, one {# Label} other {# Label}}",
-    "containerLabelsTitle": "Container-Label",
+    "containerLabels": "Etiketten",
+    "containerLabelsCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
+    "containerLabelsTitle": "Container-Labels",
     "containerLabelEmpty": "<leer>",
-    "containerPorts": "Ports",
+    "containerPorts": "Häfen",
     "containerPortsMore": "+{count} mehr",
     "containerActions": "Aktionen",
     "select": "Auswählen",
     "noContainersMatchingFilters": "Es wurden keine Container gefunden, die den aktuellen Filtern entsprechen.",
     "showContainersWithoutPorts": "Container ohne Ports anzeigen",
-    "showStoppedContainers": "Gestoppte Container anzeigen",
+    "showStoppedContainers": "Stoppte Container anzeigen",
     "noContainersFound": "Keine Container gefunden. Stellen Sie sicher, dass Docker Container laufen.",
     "searchContainersPlaceholder": "Durchsuche {count} Container...",
     "searchResultsCount": "{count, plural, one {# Ergebnis} other {# Ergebnisse}}",
     "filters": "Filter",
     "filterOptions": "Filteroptionen",
-    "filterPorts": "Ports",
-    "filterStopped": "Gestoppt",
+    "filterPorts": "Häfen",
+    "filterStopped": "Stoppt",
     "clearAllFilters": "Alle Filter löschen",
     "columns": "Spalten",
     "toggleColumns": "Spalten umschalten",
@@ -1310,12 +1310,12 @@
     "createDomainType": "Typ:",
     "createDomainName": "Name:",
     "createDomainValue": "Wert:",
-    "createDomainCnameRecords": "CNAME-Records",
-    "createDomainARecords": "A-Records",
-    "createDomainRecordNumber": "Record {number}",
-    "createDomainTxtRecords": "TXT-Records",
-    "createDomainSaveTheseRecords": "Diese Records speichern",
-    "createDomainSaveTheseRecordsDescription": "Achten Sie darauf, diese DNS-Records zu speichern, da Sie sie nicht erneut sehen werden.",
+    "createDomainCnameRecords": "CNAME-Einträge",
+    "createDomainARecords": "A-Aufzeichnungen",
+    "createDomainRecordNumber": "Eintrag {number}",
+    "createDomainTxtRecords": "TXT-Einträge",
+    "createDomainSaveTheseRecords": "Diese Einträge speichern",
+    "createDomainSaveTheseRecordsDescription": "Achten Sie darauf, diese DNS-Einträge zu speichern, da Sie sie nicht erneut sehen werden.",
     "createDomainDnsPropagation": "DNS-Verbreitung",
     "createDomainDnsPropagationDescription": "Es kann einige Zeit dauern, bis DNS-Änderungen im Internet verbreitet werden. Dies kann je nach Ihrem DNS-Provider und den TTL-Einstellungen von einigen Minuten bis zu 48 Stunden dauern.",
     "resourcePortRequired": "Portnummer ist für nicht-HTTP-Ressourcen erforderlich",
@@ -1465,7 +1465,7 @@
     "autoLoginErrorGeneratingUrl": "Fehler beim Generieren der Authentifizierungs-URL.",
     "managedSelfHosted": {
         "title": "Verwaltetes Selbsthosted",
-        "description": "Zuverlässiger und wartungsarmer Pangolin Server mit zusätzlichem Schnickschnack",
+        "description": "Zuverlässiger und wartungsarmer Pangolin Server mit zusätzlichen Glocken und Pfeifen",
         "introTitle": "Verwalteter selbstgehosteter Pangolin",
         "introDescription": "ist eine Deployment-Option, die für Personen konzipiert wurde, die Einfachheit und zusätzliche Zuverlässigkeit wünschen, während sie ihre Daten privat und selbstgehostet halten.",
         "introDetail": "Mit dieser Option haben Sie immer noch Ihren eigenen Pangolin-Knoten – Ihre Tunnel, SSL-Terminierung und Traffic bleiben auf Ihrem Server. Der Unterschied besteht darin, dass Verwaltung und Überwachung über unser Cloud-Dashboard abgewickelt werden, das eine Reihe von Vorteilen freischaltet:",

From c9fd05067319f128f394cc71b3652ad69a2726df Mon Sep 17 00:00:00 2001
From: Owen Schwartz <owen@txv.io>
Date: Wed, 17 Sep 2025 16:44:45 -0400
Subject: [PATCH 157/166] New translations en-us.json (Dutch)

---
 messages/nl-NL.json | 44 ++++++++++++++++++++++----------------------
 1 file changed, 22 insertions(+), 22 deletions(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index b7a59e07..512a218d 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -38,12 +38,12 @@
     "name": "naam",
     "online": "Online",
     "offline": "Offline",
-    "site": "Referentie",
-    "dataIn": "Dataverbruik inkomend",
-    "dataOut": "Dataverbruik uitgaand",
+    "site": "Website",
+    "dataIn": "Gegevens in",
+    "dataOut": "Data Uit",
     "connectionType": "Type verbinding",
     "tunnelType": "Tunnel type",
-    "local": "Lokaal",
+    "local": "lokaal",
     "edit": "Bewerken",
     "siteConfirmDelete": "Verwijderen van site bevestigen",
     "siteDelete": "Site verwijderen",
@@ -55,7 +55,7 @@
     "siteCreate": "Site maken",
     "siteCreateDescription2": "Volg de onderstaande stappen om een nieuwe site aan te maken en te verbinden",
     "siteCreateDescription": "Maak een nieuwe site aan om verbinding te maken met uw bronnen",
-    "close": "Sluiten",
+    "close": "Afsluiten",
     "siteErrorCreate": "Fout bij maken site",
     "siteErrorCreateKeyPair": "Key pair of site standaard niet gevonden",
     "siteErrorCreateDefaults": "Standaardinstellingen niet gevonden",
@@ -90,7 +90,7 @@
     "siteGeneralDescription": "Algemene instellingen voor deze site configureren",
     "siteSettingDescription": "Configureer de instellingen op uw site",
     "siteSetting": "{siteName} instellingen",
-    "siteNewtTunnel": "Newttunnel (Aanbevolen)",
+    "siteNewtTunnel": "Nieuwstunnel (Aanbevolen)",
     "siteNewtTunnelDescription": "Gemakkelijkste manier om een ingangspunt in uw netwerk te maken. Geen extra opzet.",
     "siteWg": "Basis WireGuard",
     "siteWgDescription": "Gebruik een WireGuard client om een tunnel te bouwen. Handmatige NAT installatie vereist.",
@@ -104,7 +104,7 @@
     "siteCredentialsSave": "Uw referenties opslaan",
     "siteCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
     "siteInfo": "Site informatie",
-    "status": "Status",
+    "status": "status",
     "shareTitle": "Beheer deellinks",
     "shareDescription": "Maak deelbare links aan om tijdelijke of permanente toegang tot uw bronnen te verlenen",
     "shareSearch": "Zoek share links...",
@@ -146,19 +146,19 @@
     "never": "Nooit",
     "shareErrorSelectResource": "Selecteer een bron",
     "resourceTitle": "Bronnen beheren",
-    "resourceDescription": "Veilige proxy's voor uw privé applicaties aanmaken",
+    "resourceDescription": "Veilige proxy's voor uw privé applicaties maken",
     "resourcesSearch": "Zoek bronnen...",
     "resourceAdd": "Bron toevoegen",
     "resourceErrorDelte": "Fout bij verwijderen document",
     "authentication": "Authenticatie",
-    "protected": "Beveiligd",
-    "notProtected": "Niet beveiligd",
+    "protected": "Beschermd",
+    "notProtected": "Niet beschermd",
     "resourceMessageRemove": "Eenmaal verwijderd, zal het bestand niet langer toegankelijk zijn. Alle doelen die gekoppeld zijn aan het hulpbron, zullen ook verwijderd worden.",
     "resourceMessageConfirm": "Om te bevestigen, typ de naam van de bron hieronder.",
     "resourceQuestionRemove": "Weet u zeker dat u de resource {selectedResource} uit de organisatie wilt verwijderen?",
     "resourceHTTP": "HTTPS bron",
     "resourceHTTPDescription": "Proxy verzoeken aan uw app via HTTPS via een subdomein of basisdomein.",
-    "resourceRaw": "TCP/UDP bron",
+    "resourceRaw": "Ruwe TCP/UDP bron",
     "resourceRawDescription": "Proxy verzoeken naar je app via TCP/UDP met behulp van een poortnummer.",
     "resourceCreate": "Bron maken",
     "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
@@ -183,7 +183,7 @@
     "protocolSelect": "Selecteer een protocol",
     "resourcePortNumber": "Nummer van poort",
     "resourcePortNumberDescription": "Het externe poortnummer naar proxyverzoeken.",
-    "cancel": "Annuleren",
+    "cancel": "annuleren",
     "resourceConfig": "Configuratie tekstbouwstenen",
     "resourceConfigDescription": "Kopieer en plak deze configuratie-snippets om je TCP/UDP-bron in te stellen",
     "resourceAddEntrypoints": "Traefik: Entrypoints toevoegen",
@@ -212,7 +212,7 @@
     "saveGeneralSettings": "Algemene instellingen opslaan",
     "saveSettings": "Instellingen opslaan",
     "orgDangerZone": "Gevaarlijke zone",
-    "orgDangerZoneDescription": "Deze instantie verwijderen is onomkeerbaar. Bevestig alstublieft dat u wilt doorgaan.",
+    "orgDangerZoneDescription": "Als u deze instantie verwijdert, is er geen weg terug. Wees het alstublieft zeker.",
     "orgDelete": "Verwijder organisatie",
     "orgDeleteConfirm": "Bevestig Verwijderen Organisatie",
     "orgMessageRemove": "Deze actie is onomkeerbaar en zal alle bijbehorende gegevens verwijderen.",
@@ -501,7 +501,7 @@
     "targetStickySessionsDescription": "Behoud verbindingen op hetzelfde backend doel voor hun hele sessie.",
     "methodSelect": "Selecteer methode",
     "targetSubmit": "Doelwit toevoegen",
-    "targetNoOne": "Geen doel toegevoegd. Voeg deze toe via dit formulier.",
+    "targetNoOne": "Geen doelwitten. Voeg een doel toe via het formulier.",
     "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
     "targetsSubmit": "Doelstellingen opslaan",
     "proxyAdditional": "Extra Proxy-instellingen",
@@ -598,7 +598,7 @@
     "newtId": "Newt-ID",
     "newtSecretKey": "Nieuwe geheime sleutel",
     "architecture": "Architectuur",
-    "sites": "Verbindingen",
+    "sites": "Werkruimtes",
     "siteWgAnyClients": "Gebruik een willekeurige WireGuard client om verbinding te maken. Je moet je interne bronnen aanspreken met behulp van de peer IP.",
     "siteWgCompatibleAllClients": "Compatibel met alle WireGuard clients",
     "siteWgManualConfigurationRequired": "Handmatige configuratie vereist",
@@ -729,7 +729,7 @@
     "idpMessageConfirm": "Om dit te bevestigen, typt u de naam van onderstaande identiteitsprovider.",
     "idpConfirmDelete": "Bevestig verwijderen Identity Provider",
     "idpDelete": "Identity Provider verwijderen",
-    "idp": "Identiteitsaanbieders",
+    "idp": "Identiteit aanbieders",
     "idpSearch": "Identiteitsaanbieders zoeken...",
     "idpAdd": "Identity Provider toevoegen",
     "idpClientIdRequired": "Client-ID is vereist.",
@@ -801,7 +801,7 @@
     "defaultMappingsOrgDescription": "Deze expressie moet de org-ID teruggeven of waar om de gebruiker toegang te geven tot de organisatie.",
     "defaultMappingsSubmit": "Standaard toewijzingen opslaan",
     "orgPoliciesEdit": "Organisatie beleid bewerken",
-    "org": "Organisatie",
+    "org": "Rekening",
     "orgSelect": "Selecteer organisatie",
     "orgSearch": "Zoek in org",
     "orgNotFound": "Geen org gevonden.",
@@ -976,10 +976,10 @@
     "supportKeyEnterDescription": "Ontmoet je eigen huisdier Pangolin!",
     "githubUsername": "GitHub-gebruikersnaam",
     "supportKeyInput": "Supporter Sleutel",
-    "supportKeyBuy": "Koop supportersleutel",
+    "supportKeyBuy": "Koop Supportersleutel",
     "logoutError": "Fout bij uitloggen",
     "signingAs": "Ingelogd als",
-    "serverAdmin": "Server beheer",
+    "serverAdmin": "Server Beheerder",
     "managedSelfhosted": "Beheerde Self-Hosted",
     "otpEnable": "Twee-factor inschakelen",
     "otpDisable": "Tweestapsverificatie uitschakelen",
@@ -1128,7 +1128,7 @@
     "sidebarOverview": "Overzicht.",
     "sidebarHome": "Startpagina",
     "sidebarSites": "Werkruimtes",
-    "sidebarResources": "Bronnen",
+    "sidebarResources": "Hulpmiddelen",
     "sidebarAccessControl": "Toegangs controle",
     "sidebarUsers": "Gebruikers",
     "sidebarInvitations": "Uitnodigingen",
@@ -1147,7 +1147,7 @@
     "viewDockerContainers": "Bekijk Docker containers",
     "containersIn": "Containers in {siteName}",
     "selectContainerDescription": "Selecteer een container om als hostnaam voor dit doel te gebruiken. Klik op een poort om een poort te gebruiken.",
-    "containerName": "Naam",
+    "containerName": "naam",
     "containerImage": "Afbeelding",
     "containerState": "Provincie",
     "containerNetworks": "Netwerken",
@@ -1349,7 +1349,7 @@
     "olmId": "Olm ID",
     "olmSecretKey": "Olm Geheime Sleutel",
     "clientCredentialsSave": "Uw referenties opslaan",
-    "clientCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer deze naar een beveiligde plek.",
+    "clientCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
     "generalSettingsDescription": "Configureer de algemene instellingen voor deze client",
     "clientUpdated": "Klant bijgewerkt ",
     "clientUpdatedDescription": "De client is bijgewerkt.",

From 0ecfde982d0187c4d82fed4828235607c695996f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Barnab=C3=A9=20Havard?= <barnabe.havard@gmail.com>
Date: Wed, 17 Sep 2025 22:50:41 +0200
Subject: [PATCH 158/166] Update French translations in fr-FR.json

---
 messages/fr-FR.json | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 792d1ced..d4952d85 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -10,7 +10,7 @@
     "setupErrorIdentifier": "L'ID de l'organisation est déjà pris. Veuillez en choisir un autre.",
     "componentsErrorNoMemberCreate": "Vous n'êtes actuellement membre d'aucune organisation. Créez une organisation pour commencer.",
     "componentsErrorNoMember": "Vous n'êtes actuellement membre d'aucune organisation.",
-    "welcome": "Bienvenue à Pangolin",
+    "welcome": "Bienvenue sur Pangolin",
     "welcomeTo": "Bienvenue chez",
     "componentsCreateOrg": "Créer une organisation",
     "componentsMember": "Vous êtes membre de {count, plural, =0 {aucune organisation} one {une organisation} other {# organisations}}.",
@@ -34,13 +34,13 @@
     "confirmPassword": "Confirmer le mot de passe",
     "createAccount": "Créer un compte",
     "viewSettings": "Afficher les paramètres",
-    "delete": "Supprimez",
+    "delete": "Supprimer",
     "name": "Nom",
     "online": "En ligne",
     "offline": "Hors ligne",
     "site": "Site",
-    "dataIn": "Données dans",
-    "dataOut": "Données épuisées",
+    "dataIn": "Donées reçues",
+    "dataOut": "Données envoyées",
     "connectionType": "Type de connexion",
     "tunnelType": "Type de tunnel",
     "local": "Locale",
@@ -175,7 +175,7 @@
     "resourceHTTPSSettingsDescription": "Configurer comment votre ressource sera accédée via HTTPS",
     "domainType": "Type de domaine",
     "subdomain": "Sous-domaine",
-    "baseDomain": "Domaine de base",
+    "baseDomain": "Domaine racine",
     "subdomnainDescription": "Le sous-domaine où votre ressource sera accessible.",
     "resourceRawSettings": "Paramètres TCP/UDP",
     "resourceRawSettingsDescription": "Configurer comment votre ressource sera accédée via TCP/UDP",
@@ -309,7 +309,7 @@
     "numberOfSites": "Nombre de sites",
     "licenseKeySearch": "Rechercher des clés de licence...",
     "licenseKeyAdd": "Ajouter une clé de licence",
-    "type": "Type de texte",
+    "type": "Type",
     "licenseKeyRequired": "La clé de licence est requise",
     "licenseTermsAgree": "Vous devez accepter les conditions de licence",
     "licenseErrorKeyLoad": "Impossible de charger les clés de licence",
@@ -598,7 +598,7 @@
     "newtId": "ID Newt",
     "newtSecretKey": "Clé secrète Newt",
     "architecture": "Architecture",
-    "sites": "Espaces",
+    "sites": "Sites",
     "siteWgAnyClients": "Utilisez n'importe quel client WireGuard pour vous connecter. Vous devrez adresser vos ressources internes en utilisant l'IP du pair.",
     "siteWgCompatibleAllClients": "Compatible avec tous les clients WireGuard",
     "siteWgManualConfigurationRequired": "Configuration manuelle requise",
@@ -1128,7 +1128,7 @@
     "sidebarOverview": "Aperçu",
     "sidebarHome": "Domicile",
     "sidebarSites": "Espaces",
-    "sidebarResources": "Ressource",
+    "sidebarResources": "Ressources",
     "sidebarAccessControl": "Contrôle d'accès",
     "sidebarUsers": "Utilisateurs",
     "sidebarInvitations": "Invitations",
@@ -1504,6 +1504,7 @@
     "idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "En-têtes personnalisés",
+    "customHeadersDescription": "Nouvelles lignes séparées des en-têtes : Nom de l'en-tête : valeur.",
     "headersValidationError": "Les entêtes doivent être au format : Header-Name: valeur.",
     "domainPickerProvidedDomain": "Domaine fourni",
     "domainPickerFreeProvidedDomain": "Domaine fourni gratuitement",

From 63010c7889257d129912df50ed39f1584166acdc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Barnab=C3=A9=20Havard?= <barnabe.havard@gmail.com>
Date: Wed, 17 Sep 2025 22:53:12 +0200
Subject: [PATCH 159/166] Fix typo in French translation for 'dataIn'

---
 messages/fr-FR.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index d4952d85..765d2b5a 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -39,7 +39,7 @@
     "online": "En ligne",
     "offline": "Hors ligne",
     "site": "Site",
-    "dataIn": "Donées reçues",
+    "dataIn": "Données reçues",
     "dataOut": "Données envoyées",
     "connectionType": "Type de connexion",
     "tunnelType": "Type de tunnel",

From 91e0accc2ac302cd6b78e7adde1f1b5d8a8a06f7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Barnab=C3=A9=20Havard?= <barnabe.havard@gmail.com>
Date: Wed, 17 Sep 2025 23:06:13 +0200
Subject: [PATCH 160/166] Remove customHeadersDescription from fr-FR.json

Removed translation that doesn't appear anywhere
---
 messages/fr-FR.json | 1 -
 1 file changed, 1 deletion(-)

diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 765d2b5a..0918f943 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -1504,7 +1504,6 @@
     "idpGoogleDescription": "Fournisseur Google OAuth2/OIDC",
     "idpAzureDescription": "Microsoft Azure OAuth2/OIDC provider",
     "customHeaders": "En-têtes personnalisés",
-    "customHeadersDescription": "Nouvelles lignes séparées des en-têtes : Nom de l'en-tête : valeur.",
     "headersValidationError": "Les entêtes doivent être au format : Header-Name: valeur.",
     "domainPickerProvidedDomain": "Domaine fourni",
     "domainPickerFreeProvidedDomain": "Domaine fourni gratuitement",

From 35ae064ce9e86a6e81858b4da8819a918c1d162b Mon Sep 17 00:00:00 2001
From: cku-heise <cku@heise.de>
Date: Thu, 18 Sep 2025 10:52:01 +0200
Subject: [PATCH 161/166] Update de-DE.json

"Spielpfad" is literal, but wrong translation (not a word in German). "Unterverzeichnis" would be the best approximation of the UI label here.
---
 messages/de-DE.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/messages/de-DE.json b/messages/de-DE.json
index 6cf15993..099bcff9 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -513,7 +513,7 @@
     "ipAddressErrorInvalidFormat": "Ungültiges IP-Adressformat",
     "ipAddressErrorInvalidOctet": "Ungültiges IP-Adress-Oktett",
     "path": "Pfad",
-    "matchPath": "Spielpfad",
+    "matchPath": "Unterverzeichnis",
     "ipAddressRange": "IP-Bereich",
     "rulesErrorFetch": "Fehler beim Abrufen der Regeln",
     "rulesErrorFetchDescription": "Beim Abrufen der Regeln ist ein Fehler aufgetreten",

From 2c3f44891ee8764d3ee2713b3b9104e3addbbb4c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 18 Sep 2025 01:16:29 +0000
Subject: [PATCH 162/166] Bump the dev-patch-updates group with 2 updates

Bumps the dev-patch-updates group with 2 updates: [@types/node](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/node) and [esbuild](https://github.com/evanw/esbuild).


Updates `@types/node` from 24.5.0 to 24.5.2
- [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
- [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/node)

Updates `esbuild` from 0.25.9 to 0.25.10
- [Release notes](https://github.com/evanw/esbuild/releases)
- [Changelog](https://github.com/evanw/esbuild/blob/main/CHANGELOG.md)
- [Commits](https://github.com/evanw/esbuild/compare/v0.25.9...v0.25.10)

---
updated-dependencies:
- dependency-name: "@types/node"
  dependency-version: 24.5.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
- dependency-name: esbuild
  dependency-version: 0.25.10
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: dev-patch-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 package-lock.json | 224 +++++++++++++++++++++++-----------------------
 package.json      |   4 +-
 2 files changed, 114 insertions(+), 114 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c60c11fb..931e3178 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -108,7 +108,7 @@
                 "@types/jmespath": "^0.15.2",
                 "@types/js-yaml": "4.0.9",
                 "@types/jsonwebtoken": "^9.0.10",
-                "@types/node": "24.5.0",
+                "@types/node": "24.5.2",
                 "@types/nodemailer": "7.0.1",
                 "@types/pg": "8.15.5",
                 "@types/react": "19.1.13",
@@ -118,7 +118,7 @@
                 "@types/ws": "8.18.1",
                 "@types/yargs": "17.0.33",
                 "drizzle-kit": "0.31.4",
-                "esbuild": "0.25.9",
+                "esbuild": "0.25.10",
                 "esbuild-node-externals": "1.18.0",
                 "postcss": "^8",
                 "react-email": "4.2.11",
@@ -1555,9 +1555,9 @@
             }
         },
         "node_modules/@esbuild/aix-ppc64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.9.tgz",
-            "integrity": "sha512-OaGtL73Jck6pBKjNIe24BnFE6agGl+6KxDtTfHhy1HmhthfKouEcOhqpSL64K4/0WCtbKFLOdzD/44cJ4k9opA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/aix-ppc64/-/aix-ppc64-0.25.10.tgz",
+            "integrity": "sha512-0NFWnA+7l41irNuaSVlLfgNT12caWJVLzp5eAVhZ0z1qpxbockccEt3s+149rE64VUI3Ml2zt8Nv5JVc4QXTsw==",
             "cpu": [
                 "ppc64"
             ],
@@ -1572,9 +1572,9 @@
             }
         },
         "node_modules/@esbuild/android-arm": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.9.tgz",
-            "integrity": "sha512-5WNI1DaMtxQ7t7B6xa572XMXpHAaI/9Hnhk8lcxF4zVN4xstUgTlvuGDorBguKEnZO70qwEcLpfifMLoxiPqHQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm/-/android-arm-0.25.10.tgz",
+            "integrity": "sha512-dQAxF1dW1C3zpeCDc5KqIYuZ1tgAdRXNoZP7vkBIRtKZPYe2xVr/d3SkirklCHudW1B45tGiUlz2pUWDfbDD4w==",
             "cpu": [
                 "arm"
             ],
@@ -1589,9 +1589,9 @@
             }
         },
         "node_modules/@esbuild/android-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.9.tgz",
-            "integrity": "sha512-IDrddSmpSv51ftWslJMvl3Q2ZT98fUSL2/rlUXuVqRXHCs5EUF1/f+jbjF5+NG9UffUDMCiTyh8iec7u8RlTLg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-arm64/-/android-arm64-0.25.10.tgz",
+            "integrity": "sha512-LSQa7eDahypv/VO6WKohZGPSJDq5OVOo3UoFR1E4t4Gj1W7zEQMUhI+lo81H+DtB+kP+tDgBp+M4oNCwp6kffg==",
             "cpu": [
                 "arm64"
             ],
@@ -1606,9 +1606,9 @@
             }
         },
         "node_modules/@esbuild/android-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.9.tgz",
-            "integrity": "sha512-I853iMZ1hWZdNllhVZKm34f4wErd4lMyeV7BLzEExGEIZYsOzqDWDf+y082izYUE8gtJnYHdeDpN/6tUdwvfiw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/android-x64/-/android-x64-0.25.10.tgz",
+            "integrity": "sha512-MiC9CWdPrfhibcXwr39p9ha1x0lZJ9KaVfvzA0Wxwz9ETX4v5CHfF09bx935nHlhi+MxhA63dKRRQLiVgSUtEg==",
             "cpu": [
                 "x64"
             ],
@@ -1623,9 +1623,9 @@
             }
         },
         "node_modules/@esbuild/darwin-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.9.tgz",
-            "integrity": "sha512-XIpIDMAjOELi/9PB30vEbVMs3GV1v2zkkPnuyRRURbhqjyzIINwj+nbQATh4H9GxUgH1kFsEyQMxwiLFKUS6Rg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-arm64/-/darwin-arm64-0.25.10.tgz",
+            "integrity": "sha512-JC74bdXcQEpW9KkV326WpZZjLguSZ3DfS8wrrvPMHgQOIEIG/sPXEN/V8IssoJhbefLRcRqw6RQH2NnpdprtMA==",
             "cpu": [
                 "arm64"
             ],
@@ -1640,9 +1640,9 @@
             }
         },
         "node_modules/@esbuild/darwin-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.9.tgz",
-            "integrity": "sha512-jhHfBzjYTA1IQu8VyrjCX4ApJDnH+ez+IYVEoJHeqJm9VhG9Dh2BYaJritkYK3vMaXrf7Ogr/0MQ8/MeIefsPQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/darwin-x64/-/darwin-x64-0.25.10.tgz",
+            "integrity": "sha512-tguWg1olF6DGqzws97pKZ8G2L7Ig1vjDmGTwcTuYHbuU6TTjJe5FXbgs5C1BBzHbJ2bo1m3WkQDbWO2PvamRcg==",
             "cpu": [
                 "x64"
             ],
@@ -1657,9 +1657,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.9.tgz",
-            "integrity": "sha512-z93DmbnY6fX9+KdD4Ue/H6sYs+bhFQJNCPZsi4XWJoYblUqT06MQUdBCpcSfuiN72AbqeBFu5LVQTjfXDE2A6Q==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-arm64/-/freebsd-arm64-0.25.10.tgz",
+            "integrity": "sha512-3ZioSQSg1HT2N05YxeJWYR+Libe3bREVSdWhEEgExWaDtyFbbXWb49QgPvFH8u03vUPX10JhJPcz7s9t9+boWg==",
             "cpu": [
                 "arm64"
             ],
@@ -1674,9 +1674,9 @@
             }
         },
         "node_modules/@esbuild/freebsd-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.9.tgz",
-            "integrity": "sha512-mrKX6H/vOyo5v71YfXWJxLVxgy1kyt1MQaD8wZJgJfG4gq4DpQGpgTB74e5yBeQdyMTbgxp0YtNj7NuHN0PoZg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/freebsd-x64/-/freebsd-x64-0.25.10.tgz",
+            "integrity": "sha512-LLgJfHJk014Aa4anGDbh8bmI5Lk+QidDmGzuC2D+vP7mv/GeSN+H39zOf7pN5N8p059FcOfs2bVlrRr4SK9WxA==",
             "cpu": [
                 "x64"
             ],
@@ -1691,9 +1691,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.9.tgz",
-            "integrity": "sha512-HBU2Xv78SMgaydBmdor38lg8YDnFKSARg1Q6AT0/y2ezUAKiZvc211RDFHlEZRFNRVhcMamiToo7bDx3VEOYQw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm/-/linux-arm-0.25.10.tgz",
+            "integrity": "sha512-oR31GtBTFYCqEBALI9r6WxoU/ZofZl962pouZRTEYECvNF/dtXKku8YXcJkhgK/beU+zedXfIzHijSRapJY3vg==",
             "cpu": [
                 "arm"
             ],
@@ -1708,9 +1708,9 @@
             }
         },
         "node_modules/@esbuild/linux-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.9.tgz",
-            "integrity": "sha512-BlB7bIcLT3G26urh5Dmse7fiLmLXnRlopw4s8DalgZ8ef79Jj4aUcYbk90g8iCa2467HX8SAIidbL7gsqXHdRw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-arm64/-/linux-arm64-0.25.10.tgz",
+            "integrity": "sha512-5luJWN6YKBsawd5f9i4+c+geYiVEw20FVW5x0v1kEMWNq8UctFjDiMATBxLvmmHA4bf7F6hTRaJgtghFr9iziQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1725,9 +1725,9 @@
             }
         },
         "node_modules/@esbuild/linux-ia32": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.9.tgz",
-            "integrity": "sha512-e7S3MOJPZGp2QW6AK6+Ly81rC7oOSerQ+P8L0ta4FhVi+/j/v2yZzx5CqqDaWjtPFfYz21Vi1S0auHrap3Ma3A==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ia32/-/linux-ia32-0.25.10.tgz",
+            "integrity": "sha512-NrSCx2Kim3EnnWgS4Txn0QGt0Xipoumb6z6sUtl5bOEZIVKhzfyp/Lyw4C1DIYvzeW/5mWYPBFJU3a/8Yr75DQ==",
             "cpu": [
                 "ia32"
             ],
@@ -1742,9 +1742,9 @@
             }
         },
         "node_modules/@esbuild/linux-loong64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.9.tgz",
-            "integrity": "sha512-Sbe10Bnn0oUAB2AalYztvGcK+o6YFFA/9829PhOCUS9vkJElXGdphz0A3DbMdP8gmKkqPmPcMJmJOrI3VYB1JQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-loong64/-/linux-loong64-0.25.10.tgz",
+            "integrity": "sha512-xoSphrd4AZda8+rUDDfD9J6FUMjrkTz8itpTITM4/xgerAZZcFW7Dv+sun7333IfKxGG8gAq+3NbfEMJfiY+Eg==",
             "cpu": [
                 "loong64"
             ],
@@ -1759,9 +1759,9 @@
             }
         },
         "node_modules/@esbuild/linux-mips64el": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.9.tgz",
-            "integrity": "sha512-YcM5br0mVyZw2jcQeLIkhWtKPeVfAerES5PvOzaDxVtIyZ2NUBZKNLjC5z3/fUlDgT6w89VsxP2qzNipOaaDyA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-mips64el/-/linux-mips64el-0.25.10.tgz",
+            "integrity": "sha512-ab6eiuCwoMmYDyTnyptoKkVS3k8fy/1Uvq7Dj5czXI6DF2GqD2ToInBI0SHOp5/X1BdZ26RKc5+qjQNGRBelRA==",
             "cpu": [
                 "mips64el"
             ],
@@ -1776,9 +1776,9 @@
             }
         },
         "node_modules/@esbuild/linux-ppc64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.9.tgz",
-            "integrity": "sha512-++0HQvasdo20JytyDpFvQtNrEsAgNG2CY1CLMwGXfFTKGBGQT3bOeLSYE2l1fYdvML5KUuwn9Z8L1EWe2tzs1w==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-ppc64/-/linux-ppc64-0.25.10.tgz",
+            "integrity": "sha512-NLinzzOgZQsGpsTkEbdJTCanwA5/wozN9dSgEl12haXJBzMTpssebuXR42bthOF3z7zXFWH1AmvWunUCkBE4EA==",
             "cpu": [
                 "ppc64"
             ],
@@ -1793,9 +1793,9 @@
             }
         },
         "node_modules/@esbuild/linux-riscv64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.9.tgz",
-            "integrity": "sha512-uNIBa279Y3fkjV+2cUjx36xkx7eSjb8IvnL01eXUKXez/CBHNRw5ekCGMPM0BcmqBxBcdgUWuUXmVWwm4CH9kg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-riscv64/-/linux-riscv64-0.25.10.tgz",
+            "integrity": "sha512-FE557XdZDrtX8NMIeA8LBJX3dC2M8VGXwfrQWU7LB5SLOajfJIxmSdyL/gU1m64Zs9CBKvm4UAuBp5aJ8OgnrA==",
             "cpu": [
                 "riscv64"
             ],
@@ -1810,9 +1810,9 @@
             }
         },
         "node_modules/@esbuild/linux-s390x": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.9.tgz",
-            "integrity": "sha512-Mfiphvp3MjC/lctb+7D287Xw1DGzqJPb/J2aHHcHxflUo+8tmN/6d4k6I2yFR7BVo5/g7x2Monq4+Yew0EHRIA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-s390x/-/linux-s390x-0.25.10.tgz",
+            "integrity": "sha512-3BBSbgzuB9ajLoVZk0mGu+EHlBwkusRmeNYdqmznmMc9zGASFjSsxgkNsqmXugpPk00gJ0JNKh/97nxmjctdew==",
             "cpu": [
                 "s390x"
             ],
@@ -1827,9 +1827,9 @@
             }
         },
         "node_modules/@esbuild/linux-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.9.tgz",
-            "integrity": "sha512-iSwByxzRe48YVkmpbgoxVzn76BXjlYFXC7NvLYq+b+kDjyyk30J0JY47DIn8z1MO3K0oSl9fZoRmZPQI4Hklzg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/linux-x64/-/linux-x64-0.25.10.tgz",
+            "integrity": "sha512-QSX81KhFoZGwenVyPoberggdW1nrQZSvfVDAIUXr3WqLRZGZqWk/P4T8p2SP+de2Sr5HPcvjhcJzEiulKgnxtA==",
             "cpu": [
                 "x64"
             ],
@@ -1844,9 +1844,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.9.tgz",
-            "integrity": "sha512-9jNJl6FqaUG+COdQMjSCGW4QiMHH88xWbvZ+kRVblZsWrkXlABuGdFJ1E9L7HK+T0Yqd4akKNa/lO0+jDxQD4Q==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-arm64/-/netbsd-arm64-0.25.10.tgz",
+            "integrity": "sha512-AKQM3gfYfSW8XRk8DdMCzaLUFB15dTrZfnX8WXQoOUpUBQ+NaAFCP1kPS/ykbbGYz7rxn0WS48/81l9hFl3u4A==",
             "cpu": [
                 "arm64"
             ],
@@ -1861,9 +1861,9 @@
             }
         },
         "node_modules/@esbuild/netbsd-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.9.tgz",
-            "integrity": "sha512-RLLdkflmqRG8KanPGOU7Rpg829ZHu8nFy5Pqdi9U01VYtG9Y0zOG6Vr2z4/S+/3zIyOxiK6cCeYNWOFR9QP87g==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/netbsd-x64/-/netbsd-x64-0.25.10.tgz",
+            "integrity": "sha512-7RTytDPGU6fek/hWuN9qQpeGPBZFfB4zZgcz2VK2Z5VpdUxEI8JKYsg3JfO0n/Z1E/6l05n0unDCNc4HnhQGig==",
             "cpu": [
                 "x64"
             ],
@@ -1878,9 +1878,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.9.tgz",
-            "integrity": "sha512-YaFBlPGeDasft5IIM+CQAhJAqS3St3nJzDEgsgFixcfZeyGPCd6eJBWzke5piZuZ7CtL656eOSYKk4Ls2C0FRQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-arm64/-/openbsd-arm64-0.25.10.tgz",
+            "integrity": "sha512-5Se0VM9Wtq797YFn+dLimf2Zx6McttsH2olUBsDml+lm0GOCRVebRWUvDtkY4BWYv/3NgzS8b/UM3jQNh5hYyw==",
             "cpu": [
                 "arm64"
             ],
@@ -1895,9 +1895,9 @@
             }
         },
         "node_modules/@esbuild/openbsd-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.9.tgz",
-            "integrity": "sha512-1MkgTCuvMGWuqVtAvkpkXFmtL8XhWy+j4jaSO2wxfJtilVCi0ZE37b8uOdMItIHz4I6z1bWWtEX4CJwcKYLcuA==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/openbsd-x64/-/openbsd-x64-0.25.10.tgz",
+            "integrity": "sha512-XkA4frq1TLj4bEMB+2HnI0+4RnjbuGZfet2gs/LNs5Hc7D89ZQBHQ0gL2ND6Lzu1+QVkjp3x1gIcPKzRNP8bXw==",
             "cpu": [
                 "x64"
             ],
@@ -1912,9 +1912,9 @@
             }
         },
         "node_modules/@esbuild/openharmony-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.9.tgz",
-            "integrity": "sha512-4Xd0xNiMVXKh6Fa7HEJQbrpP3m3DDn43jKxMjxLLRjWnRsfxjORYJlXPO4JNcXtOyfajXorRKY9NkOpTHptErg==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/openharmony-arm64/-/openharmony-arm64-0.25.10.tgz",
+            "integrity": "sha512-AVTSBhTX8Y/Fz6OmIVBip9tJzZEUcY8WLh7I59+upa5/GPhh2/aM6bvOMQySspnCCHvFi79kMtdJS1w0DXAeag==",
             "cpu": [
                 "arm64"
             ],
@@ -1929,9 +1929,9 @@
             }
         },
         "node_modules/@esbuild/sunos-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.9.tgz",
-            "integrity": "sha512-WjH4s6hzo00nNezhp3wFIAfmGZ8U7KtrJNlFMRKxiI9mxEK1scOMAaa9i4crUtu+tBr+0IN6JCuAcSBJZfnphw==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/sunos-x64/-/sunos-x64-0.25.10.tgz",
+            "integrity": "sha512-fswk3XT0Uf2pGJmOpDB7yknqhVkJQkAQOcW/ccVOtfx05LkbWOaRAtn5SaqXypeKQra1QaEa841PgrSL9ubSPQ==",
             "cpu": [
                 "x64"
             ],
@@ -1946,9 +1946,9 @@
             }
         },
         "node_modules/@esbuild/win32-arm64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.9.tgz",
-            "integrity": "sha512-mGFrVJHmZiRqmP8xFOc6b84/7xa5y5YvR1x8djzXpJBSv/UsNK6aqec+6JDjConTgvvQefdGhFDAs2DLAds6gQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-arm64/-/win32-arm64-0.25.10.tgz",
+            "integrity": "sha512-ah+9b59KDTSfpaCg6VdJoOQvKjI33nTaQr4UluQwW7aEwZQsbMCfTmfEO4VyewOxx4RaDT/xCy9ra2GPWmO7Kw==",
             "cpu": [
                 "arm64"
             ],
@@ -1963,9 +1963,9 @@
             }
         },
         "node_modules/@esbuild/win32-ia32": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.9.tgz",
-            "integrity": "sha512-b33gLVU2k11nVx1OhX3C8QQP6UHQK4ZtN56oFWvVXvz2VkDoe6fbG8TOgHFxEvqeqohmRnIHe5A1+HADk4OQww==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-ia32/-/win32-ia32-0.25.10.tgz",
+            "integrity": "sha512-QHPDbKkrGO8/cz9LKVnJU22HOi4pxZnZhhA2HYHez5Pz4JeffhDjf85E57Oyco163GnzNCVkZK0b/n4Y0UHcSw==",
             "cpu": [
                 "ia32"
             ],
@@ -1980,9 +1980,9 @@
             }
         },
         "node_modules/@esbuild/win32-x64": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.9.tgz",
-            "integrity": "sha512-PPOl1mi6lpLNQxnGoyAfschAodRFYXJ+9fs6WHXz7CSWKbOqiMZsubC+BQsVKuul+3vKLuwTHsS2c2y9EoKwxQ==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/@esbuild/win32-x64/-/win32-x64-0.25.10.tgz",
+            "integrity": "sha512-9KpxSVFCu0iK1owoez6aC/s/EdUQLDN3adTxGCqxMVhrPDj6bt5dbrHDXUuq+Bs2vATFBBrQS5vdQ/Ed2P+nbw==",
             "cpu": [
                 "x64"
             ],
@@ -6335,9 +6335,9 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.5.0",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.0.tgz",
-            "integrity": "sha512-y1dMvuvJspJiPSDZUQ+WMBvF7dpnEqN4x9DDC9ie5Fs/HUZJA3wFp7EhHoVaKX/iI0cRoECV8X2jL8zi0xrHCg==",
+            "version": "24.5.2",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.5.2.tgz",
+            "integrity": "sha512-FYxk1I7wPv3K2XBaoyH2cTnocQEu8AOZ60hPbsyukMPLv5/5qr7V1i8PLHdl6Zf87I+xZXFvPCXYjiTFq+YSDQ==",
             "devOptional": true,
             "license": "MIT",
             "dependencies": {
@@ -8998,9 +8998,9 @@
             }
         },
         "node_modules/esbuild": {
-            "version": "0.25.9",
-            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.9.tgz",
-            "integrity": "sha512-CRbODhYyQx3qp7ZEwzxOk4JBqmD/seJrzPa/cGjY1VtIn5E09Oi9/dB4JwctnfZ8Q8iT7rioVv5k/FNT/uf54g==",
+            "version": "0.25.10",
+            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.25.10.tgz",
+            "integrity": "sha512-9RiGKvCwaqxO2owP61uQ4BgNborAQskMR6QusfWzQqv7AZOg5oGehdY2pRJMTKuwxd1IDBP4rSbI5lHzU7SMsQ==",
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
@@ -9011,32 +9011,32 @@
                 "node": ">=18"
             },
             "optionalDependencies": {
-                "@esbuild/aix-ppc64": "0.25.9",
-                "@esbuild/android-arm": "0.25.9",
-                "@esbuild/android-arm64": "0.25.9",
-                "@esbuild/android-x64": "0.25.9",
-                "@esbuild/darwin-arm64": "0.25.9",
-                "@esbuild/darwin-x64": "0.25.9",
-                "@esbuild/freebsd-arm64": "0.25.9",
-                "@esbuild/freebsd-x64": "0.25.9",
-                "@esbuild/linux-arm": "0.25.9",
-                "@esbuild/linux-arm64": "0.25.9",
-                "@esbuild/linux-ia32": "0.25.9",
-                "@esbuild/linux-loong64": "0.25.9",
-                "@esbuild/linux-mips64el": "0.25.9",
-                "@esbuild/linux-ppc64": "0.25.9",
-                "@esbuild/linux-riscv64": "0.25.9",
-                "@esbuild/linux-s390x": "0.25.9",
-                "@esbuild/linux-x64": "0.25.9",
-                "@esbuild/netbsd-arm64": "0.25.9",
-                "@esbuild/netbsd-x64": "0.25.9",
-                "@esbuild/openbsd-arm64": "0.25.9",
-                "@esbuild/openbsd-x64": "0.25.9",
-                "@esbuild/openharmony-arm64": "0.25.9",
-                "@esbuild/sunos-x64": "0.25.9",
-                "@esbuild/win32-arm64": "0.25.9",
-                "@esbuild/win32-ia32": "0.25.9",
-                "@esbuild/win32-x64": "0.25.9"
+                "@esbuild/aix-ppc64": "0.25.10",
+                "@esbuild/android-arm": "0.25.10",
+                "@esbuild/android-arm64": "0.25.10",
+                "@esbuild/android-x64": "0.25.10",
+                "@esbuild/darwin-arm64": "0.25.10",
+                "@esbuild/darwin-x64": "0.25.10",
+                "@esbuild/freebsd-arm64": "0.25.10",
+                "@esbuild/freebsd-x64": "0.25.10",
+                "@esbuild/linux-arm": "0.25.10",
+                "@esbuild/linux-arm64": "0.25.10",
+                "@esbuild/linux-ia32": "0.25.10",
+                "@esbuild/linux-loong64": "0.25.10",
+                "@esbuild/linux-mips64el": "0.25.10",
+                "@esbuild/linux-ppc64": "0.25.10",
+                "@esbuild/linux-riscv64": "0.25.10",
+                "@esbuild/linux-s390x": "0.25.10",
+                "@esbuild/linux-x64": "0.25.10",
+                "@esbuild/netbsd-arm64": "0.25.10",
+                "@esbuild/netbsd-x64": "0.25.10",
+                "@esbuild/openbsd-arm64": "0.25.10",
+                "@esbuild/openbsd-x64": "0.25.10",
+                "@esbuild/openharmony-arm64": "0.25.10",
+                "@esbuild/sunos-x64": "0.25.10",
+                "@esbuild/win32-arm64": "0.25.10",
+                "@esbuild/win32-ia32": "0.25.10",
+                "@esbuild/win32-x64": "0.25.10"
             }
         },
         "node_modules/esbuild-node-externals": {
diff --git a/package.json b/package.json
index 41ec3d6f..f2370e52 100644
--- a/package.json
+++ b/package.json
@@ -125,7 +125,7 @@
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
-        "@types/node": "24.5.0",
+        "@types/node": "24.5.2",
         "@types/nodemailer": "7.0.1",
         "@types/pg": "8.15.5",
         "@types/react": "19.1.13",
@@ -135,7 +135,7 @@
         "@types/ws": "8.18.1",
         "@types/yargs": "17.0.33",
         "drizzle-kit": "0.31.4",
-        "esbuild": "0.25.9",
+        "esbuild": "0.25.10",
         "esbuild-node-externals": "1.18.0",
         "postcss": "^8",
         "react-email": "4.2.11",

From ee5bfb96c71a1181f9fc2d079de15c9cd49a2499 Mon Sep 17 00:00:00 2001
From: Tim <82370418+Tim5965@users.noreply.github.com>
Date: Thu, 18 Sep 2025 21:04:48 +0200
Subject: [PATCH 163/166] Update nl-NL.json

I think the file was accidentally reverted to the version that contained errors. The errors that were in that version have been updated again.
---
 messages/nl-NL.json | 46 ++++++++++++++++++++++-----------------------
 1 file changed, 23 insertions(+), 23 deletions(-)

diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 512a218d..ba4ab637 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -38,12 +38,12 @@
     "name": "naam",
     "online": "Online",
     "offline": "Offline",
-    "site": "Website",
-    "dataIn": "Gegevens in",
-    "dataOut": "Data Uit",
+    "site": "Referentie",
+    "dataIn": "Dataverbruik inkomend",
+    "dataOut": "Dataverbruik uitgaand",
     "connectionType": "Type verbinding",
     "tunnelType": "Tunnel type",
-    "local": "lokaal",
+    "local": "Lokaal",
     "edit": "Bewerken",
     "siteConfirmDelete": "Verwijderen van site bevestigen",
     "siteDelete": "Site verwijderen",
@@ -55,7 +55,7 @@
     "siteCreate": "Site maken",
     "siteCreateDescription2": "Volg de onderstaande stappen om een nieuwe site aan te maken en te verbinden",
     "siteCreateDescription": "Maak een nieuwe site aan om verbinding te maken met uw bronnen",
-    "close": "Afsluiten",
+    "close": "Sluiten",
     "siteErrorCreate": "Fout bij maken site",
     "siteErrorCreateKeyPair": "Key pair of site standaard niet gevonden",
     "siteErrorCreateDefaults": "Standaardinstellingen niet gevonden",
@@ -90,7 +90,7 @@
     "siteGeneralDescription": "Algemene instellingen voor deze site configureren",
     "siteSettingDescription": "Configureer de instellingen op uw site",
     "siteSetting": "{siteName} instellingen",
-    "siteNewtTunnel": "Nieuwstunnel (Aanbevolen)",
+    "siteNewtTunnel": "Newttunnel (Aanbevolen)",
     "siteNewtTunnelDescription": "Gemakkelijkste manier om een ingangspunt in uw netwerk te maken. Geen extra opzet.",
     "siteWg": "Basis WireGuard",
     "siteWgDescription": "Gebruik een WireGuard client om een tunnel te bouwen. Handmatige NAT installatie vereist.",
@@ -104,7 +104,7 @@
     "siteCredentialsSave": "Uw referenties opslaan",
     "siteCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
     "siteInfo": "Site informatie",
-    "status": "status",
+    "status": "Status",
     "shareTitle": "Beheer deellinks",
     "shareDescription": "Maak deelbare links aan om tijdelijke of permanente toegang tot uw bronnen te verlenen",
     "shareSearch": "Zoek share links...",
@@ -146,19 +146,19 @@
     "never": "Nooit",
     "shareErrorSelectResource": "Selecteer een bron",
     "resourceTitle": "Bronnen beheren",
-    "resourceDescription": "Veilige proxy's voor uw privé applicaties maken",
+    "resourceDescription": "Veilige proxy's voor uw privé applicaties aanmaken",
     "resourcesSearch": "Zoek bronnen...",
     "resourceAdd": "Bron toevoegen",
     "resourceErrorDelte": "Fout bij verwijderen document",
     "authentication": "Authenticatie",
-    "protected": "Beschermd",
-    "notProtected": "Niet beschermd",
+    "protected": "Beveiligd",
+    "notProtected": "Niet beveiligd",
     "resourceMessageRemove": "Eenmaal verwijderd, zal het bestand niet langer toegankelijk zijn. Alle doelen die gekoppeld zijn aan het hulpbron, zullen ook verwijderd worden.",
     "resourceMessageConfirm": "Om te bevestigen, typ de naam van de bron hieronder.",
     "resourceQuestionRemove": "Weet u zeker dat u de resource {selectedResource} uit de organisatie wilt verwijderen?",
     "resourceHTTP": "HTTPS bron",
     "resourceHTTPDescription": "Proxy verzoeken aan uw app via HTTPS via een subdomein of basisdomein.",
-    "resourceRaw": "Ruwe TCP/UDP bron",
+    "resourceRaw": "TCP/UDP bron",
     "resourceRawDescription": "Proxy verzoeken naar je app via TCP/UDP met behulp van een poortnummer.",
     "resourceCreate": "Bron maken",
     "resourceCreateDescription": "Volg de onderstaande stappen om een nieuwe bron te maken",
@@ -183,7 +183,7 @@
     "protocolSelect": "Selecteer een protocol",
     "resourcePortNumber": "Nummer van poort",
     "resourcePortNumberDescription": "Het externe poortnummer naar proxyverzoeken.",
-    "cancel": "annuleren",
+    "cancel": "Annuleren",
     "resourceConfig": "Configuratie tekstbouwstenen",
     "resourceConfigDescription": "Kopieer en plak deze configuratie-snippets om je TCP/UDP-bron in te stellen",
     "resourceAddEntrypoints": "Traefik: Entrypoints toevoegen",
@@ -212,7 +212,7 @@
     "saveGeneralSettings": "Algemene instellingen opslaan",
     "saveSettings": "Instellingen opslaan",
     "orgDangerZone": "Gevaarlijke zone",
-    "orgDangerZoneDescription": "Als u deze instantie verwijdert, is er geen weg terug. Wees het alstublieft zeker.",
+    "orgDangerZoneDescription": "Deze instantie verwijderen is onomkeerbaar. Bevestig alstublieft dat u wilt doorgaan.",
     "orgDelete": "Verwijder organisatie",
     "orgDeleteConfirm": "Bevestig Verwijderen Organisatie",
     "orgMessageRemove": "Deze actie is onomkeerbaar en zal alle bijbehorende gegevens verwijderen.",
@@ -501,8 +501,8 @@
     "targetStickySessionsDescription": "Behoud verbindingen op hetzelfde backend doel voor hun hele sessie.",
     "methodSelect": "Selecteer methode",
     "targetSubmit": "Doelwit toevoegen",
-    "targetNoOne": "Geen doelwitten. Voeg een doel toe via het formulier.",
-    "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal de load balancering mogelijk maken.",
+    "targetNoOne": "Geen doel toegevoegd. Voeg deze toe via dit formulier.",
+    "targetNoOneDescription": "Het toevoegen van meer dan één doel hierboven zal load balancering mogelijk maken.",
     "targetsSubmit": "Doelstellingen opslaan",
     "proxyAdditional": "Extra Proxy-instellingen",
     "proxyAdditionalDescription": "Configureer hoe de proxy-instellingen van uw bron worden afgehandeld",
@@ -598,7 +598,7 @@
     "newtId": "Newt-ID",
     "newtSecretKey": "Nieuwe geheime sleutel",
     "architecture": "Architectuur",
-    "sites": "Werkruimtes",
+    "sites": "Verbindingen",
     "siteWgAnyClients": "Gebruik een willekeurige WireGuard client om verbinding te maken. Je moet je interne bronnen aanspreken met behulp van de peer IP.",
     "siteWgCompatibleAllClients": "Compatibel met alle WireGuard clients",
     "siteWgManualConfigurationRequired": "Handmatige configuratie vereist",
@@ -729,7 +729,7 @@
     "idpMessageConfirm": "Om dit te bevestigen, typt u de naam van onderstaande identiteitsprovider.",
     "idpConfirmDelete": "Bevestig verwijderen Identity Provider",
     "idpDelete": "Identity Provider verwijderen",
-    "idp": "Identiteit aanbieders",
+    "idp": "Identiteitsaanbieders",
     "idpSearch": "Identiteitsaanbieders zoeken...",
     "idpAdd": "Identity Provider toevoegen",
     "idpClientIdRequired": "Client-ID is vereist.",
@@ -801,7 +801,7 @@
     "defaultMappingsOrgDescription": "Deze expressie moet de org-ID teruggeven of waar om de gebruiker toegang te geven tot de organisatie.",
     "defaultMappingsSubmit": "Standaard toewijzingen opslaan",
     "orgPoliciesEdit": "Organisatie beleid bewerken",
-    "org": "Rekening",
+    "org": "Organisatie",
     "orgSelect": "Selecteer organisatie",
     "orgSearch": "Zoek in org",
     "orgNotFound": "Geen org gevonden.",
@@ -976,10 +976,10 @@
     "supportKeyEnterDescription": "Ontmoet je eigen huisdier Pangolin!",
     "githubUsername": "GitHub-gebruikersnaam",
     "supportKeyInput": "Supporter Sleutel",
-    "supportKeyBuy": "Koop Supportersleutel",
+    "supportKeyBuy": "Koop supportersleutel",
     "logoutError": "Fout bij uitloggen",
     "signingAs": "Ingelogd als",
-    "serverAdmin": "Server Beheerder",
+    "serverAdmin": "Server beheer",
     "managedSelfhosted": "Beheerde Self-Hosted",
     "otpEnable": "Twee-factor inschakelen",
     "otpDisable": "Tweestapsverificatie uitschakelen",
@@ -1128,7 +1128,7 @@
     "sidebarOverview": "Overzicht.",
     "sidebarHome": "Startpagina",
     "sidebarSites": "Werkruimtes",
-    "sidebarResources": "Hulpmiddelen",
+    "sidebarResources": "Bronnen",
     "sidebarAccessControl": "Toegangs controle",
     "sidebarUsers": "Gebruikers",
     "sidebarInvitations": "Uitnodigingen",
@@ -1147,7 +1147,7 @@
     "viewDockerContainers": "Bekijk Docker containers",
     "containersIn": "Containers in {siteName}",
     "selectContainerDescription": "Selecteer een container om als hostnaam voor dit doel te gebruiken. Klik op een poort om een poort te gebruiken.",
-    "containerName": "naam",
+    "containerName": "Naam",
     "containerImage": "Afbeelding",
     "containerState": "Provincie",
     "containerNetworks": "Netwerken",
@@ -1349,7 +1349,7 @@
     "olmId": "Olm ID",
     "olmSecretKey": "Olm Geheime Sleutel",
     "clientCredentialsSave": "Uw referenties opslaan",
-    "clientCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer het naar een beveiligde plek.",
+    "clientCredentialsSaveDescription": "Je kunt dit slechts één keer zien. Kopieer deze naar een veilige plek.",
     "generalSettingsDescription": "Configureer de algemene instellingen voor deze client",
     "clientUpdated": "Klant bijgewerkt ",
     "clientUpdatedDescription": "De client is bijgewerkt.",

From 1f827d8ecf2901a1fafd45a90a39a69dc0761e20 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Wed, 17 Sep 2025 22:54:29 -0400
Subject: [PATCH 164/166] migrate siteId on targets table to delete on cascade

---
 server/setup/migrationsSqlite.ts     |  2 +
 server/setup/scriptsSqlite/1.10.1.ts | 77 ++++++++++++++++++++++++++++
 2 files changed, 79 insertions(+)
 create mode 100644 server/setup/scriptsSqlite/1.10.1.ts

diff --git a/server/setup/migrationsSqlite.ts b/server/setup/migrationsSqlite.ts
index 79a7d0ab..b8fa64f0 100644
--- a/server/setup/migrationsSqlite.ts
+++ b/server/setup/migrationsSqlite.ts
@@ -27,6 +27,7 @@ import m22 from "./scriptsSqlite/1.7.0";
 import m23 from "./scriptsSqlite/1.8.0";
 import m24 from "./scriptsSqlite/1.9.0";
 import m25 from "./scriptsSqlite/1.10.0";
+import m26 from "./scriptsSqlite/1.10.1";
 
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -53,6 +54,7 @@ const migrations = [
     { version: "1.8.0", run: m23 },
     { version: "1.9.0", run: m24 },
     { version: "1.10.0", run: m25 },
+    { version: "1.10.1", run: m26 },
     // Add new migrations here as they are created
 ] as const;
 
diff --git a/server/setup/scriptsSqlite/1.10.1.ts b/server/setup/scriptsSqlite/1.10.1.ts
new file mode 100644
index 00000000..4572c8ee
--- /dev/null
+++ b/server/setup/scriptsSqlite/1.10.1.ts
@@ -0,0 +1,77 @@
+import { __DIRNAME, APP_PATH } from "@server/lib/consts";
+import Database from "better-sqlite3";
+import path from "path";
+
+const version = "1.10.1";
+
+export default async function migration() {
+    console.log(`Running setup script ${version}...`);
+
+    const location = path.join(APP_PATH, "db", "db.sqlite");
+    const db = new Database(location);
+
+    try {
+        db.pragma("foreign_keys = OFF");
+
+        db.transaction(() => {
+            db.exec(`PRAGMA foreign_keys = OFF;
+
+-- 1. Rename the old table
+ALTER TABLE targets RENAME TO targets_old;
+
+-- 2. Create the new table
+CREATE TABLE targets (
+    targetId INTEGER PRIMARY KEY AUTOINCREMENT,
+    resourceId INTEGER NOT NULL,
+    siteId INTEGER NOT NULL,
+    ip TEXT NOT NULL,
+    method TEXT,
+    port INTEGER NOT NULL,
+    internalPort INTEGER,
+    enabled INTEGER NOT NULL DEFAULT 1,
+    path TEXT,
+    pathMatchType TEXT,
+    FOREIGN KEY (resourceId) REFERENCES resources(resourceId) ON DELETE CASCADE,
+    FOREIGN KEY (siteId) REFERENCES sites(siteId) ON DELETE CASCADE
+);
+
+-- 3. Copy data *from the old table*
+INSERT INTO targets (
+    targetId,
+    resourceId,
+    siteId,
+    ip,
+    method,
+    port,
+    internalPort,
+    enabled,
+    path,
+    pathMatchType
+)
+SELECT
+    targetId,
+    resourceId,
+    siteId,
+    ip,
+    method,
+    port,
+    internalPort,
+    enabled,
+    path,
+    pathMatchType
+FROM targets_old;
+
+-- 4. Drop the old table
+DROP TABLE targets_old;
+
+PRAGMA foreign_keys = ON;`);
+        });
+
+        db.pragma("foreign_keys = ON");
+
+        console.log(`Migrated database`);
+    } catch (e) {
+        console.log("Failed to migrate db:", e);
+        throw e;
+    }
+}

From 17e3568b0d7dd4373949c8958e2e42930b62b916 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 18 Sep 2025 11:55:01 -0400
Subject: [PATCH 165/166] fix installer

---
 install/main.go      | 2 +-
 server/lib/consts.ts | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/install/main.go b/install/main.go
index 42bd621d..1f7213a1 100644
--- a/install/main.go
+++ b/install/main.go
@@ -220,7 +220,7 @@ func main() {
 		}
 	}
 
-	if !config.HybridMode && checkIsPangolinInstalledWithHybrid() {
+	if !config.HybridMode {
 		// Setup Token Section
 		fmt.Println("\n=== Setup Token ===")
 
diff --git a/server/lib/consts.ts b/server/lib/consts.ts
index 30efc07e..506c1c8d 100644
--- a/server/lib/consts.ts
+++ b/server/lib/consts.ts
@@ -2,7 +2,7 @@ import path from "path";
 import { fileURLToPath } from "url";
 
 // This is a placeholder value replaced by the build process
-export const APP_VERSION = "1.10.0";
+export const APP_VERSION = "1.10.1";
 
 export const __FILENAME = fileURLToPath(import.meta.url);
 export const __DIRNAME = path.dirname(__FILENAME);

From cbe1e4decb637d2e8f8193464afae535666cf0f5 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 18 Sep 2025 16:19:23 -0400
Subject: [PATCH 166/166] fix 1.10.1 migration script

---
 server/setup/scriptsSqlite/1.10.1.ts | 96 +++++++++++++---------------
 1 file changed, 44 insertions(+), 52 deletions(-)

diff --git a/server/setup/scriptsSqlite/1.10.1.ts b/server/setup/scriptsSqlite/1.10.1.ts
index 4572c8ee..3608e92e 100644
--- a/server/setup/scriptsSqlite/1.10.1.ts
+++ b/server/setup/scriptsSqlite/1.10.1.ts
@@ -1,52 +1,47 @@
-import { __DIRNAME, APP_PATH } from "@server/lib/consts";
+import { APP_PATH } from "@server/lib/consts";
 import Database from "better-sqlite3";
 import path from "path";
 
 const version = "1.10.1";
 
 export default async function migration() {
-    console.log(`Running setup script ${version}...`);
+	console.log(`Running setup script ${version}...`);
 
-    const location = path.join(APP_PATH, "db", "db.sqlite");
-    const db = new Database(location);
+	const location = path.join(APP_PATH, "db", "db.sqlite");
+	const db = new Database(location);
 
-    try {
-        db.pragma("foreign_keys = OFF");
+	try {
+		db.pragma("foreign_keys = OFF");
 
-        db.transaction(() => {
-            db.exec(`PRAGMA foreign_keys = OFF;
-
--- 1. Rename the old table
-ALTER TABLE targets RENAME TO targets_old;
-
--- 2. Create the new table
-CREATE TABLE targets (
-    targetId INTEGER PRIMARY KEY AUTOINCREMENT,
-    resourceId INTEGER NOT NULL,
-    siteId INTEGER NOT NULL,
-    ip TEXT NOT NULL,
-    method TEXT,
-    port INTEGER NOT NULL,
-    internalPort INTEGER,
-    enabled INTEGER NOT NULL DEFAULT 1,
-    path TEXT,
-    pathMatchType TEXT,
-    FOREIGN KEY (resourceId) REFERENCES resources(resourceId) ON DELETE CASCADE,
-    FOREIGN KEY (siteId) REFERENCES sites(siteId) ON DELETE CASCADE
+		db.transaction(() => {
+			db.exec(`ALTER TABLE "targets" RENAME TO "targets_old";
+--> statement-breakpoint
+CREATE TABLE "targets" (
+    "targetId" INTEGER PRIMARY KEY AUTOINCREMENT,
+    "resourceId" INTEGER NOT NULL,
+    "siteId" INTEGER NOT NULL,
+    "ip" TEXT NOT NULL,
+    "method" TEXT,
+    "port" INTEGER NOT NULL,
+    "internalPort" INTEGER,
+    "enabled" INTEGER NOT NULL DEFAULT 1,
+    "path" TEXT,
+    "pathMatchType" TEXT,
+    FOREIGN KEY ("resourceId") REFERENCES "resources"("resourceId") ON UPDATE no action ON DELETE cascade,
+    FOREIGN KEY ("siteId") REFERENCES "sites"("siteId") ON UPDATE no action ON DELETE cascade
 );
-
--- 3. Copy data *from the old table*
-INSERT INTO targets (
-    targetId,
-    resourceId,
-    siteId,
-    ip,
-    method,
-    port,
-    internalPort,
-    enabled,
-    path,
-    pathMatchType
+--> statement-breakpoint
+INSERT INTO "targets" (
+    "targetId",
+    "resourceId",
+    "siteId",
+    "ip",
+    "method",
+    "port",
+    "internalPort",
+    "enabled",
+    "path",
+    "pathMatchType"
 )
 SELECT
     targetId,
@@ -59,19 +54,16 @@ SELECT
     enabled,
     path,
     pathMatchType
-FROM targets_old;
+FROM "targets_old";
+--> statement-breakpoint
+DROP TABLE "targets_old";`);
+		})();
 
--- 4. Drop the old table
-DROP TABLE targets_old;
+		db.pragma("foreign_keys = ON");
 
-PRAGMA foreign_keys = ON;`);
-        });
-
-        db.pragma("foreign_keys = ON");
-
-        console.log(`Migrated database`);
-    } catch (e) {
-        console.log("Failed to migrate db:", e);
-        throw e;
-    }
+		console.log(`Migrated database`);
+	} catch (e) {
+		console.log("Failed to migrate db:", e);
+		throw e;
+	}
 }