diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index 8af8625d..c2129493 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -107,7 +107,7 @@ jobs:
             - name: Build and push Docker images (Docker Hub)
               run: |
                   TAG=${{ env.TAG }}
-                  make build-release tag=$TAG
+                  make -j4 build-release tag=$TAG
                   echo "Built & pushed to: ${{ env.DOCKERHUB_IMAGE }}:${TAG}"
               shell: bash
 
diff --git a/Makefile b/Makefile
index 6c538a47..1519aec7 100644
--- a/Makefile
+++ b/Makefile
@@ -1,8 +1,13 @@
-.PHONY: build build-pg build-release build-arm build-x86 test clean
+.PHONY: build dev-build-sqlite dev-build-pg build-release build-arm build-x86 test clean
 
 major_tag := $(shell echo $(tag) | cut -d. -f1)
 minor_tag := $(shell echo $(tag) | cut -d. -f1,2)
-build-release:
+
+.PHONY: build-release build-sqlite build-postgresql build-ee-sqlite build-ee-postgresql
+
+build-release: build-sqlite build-postgresql build-ee-sqlite build-ee-postgresql
+
+build-sqlite:
 	@if [ -z "$(tag)" ]; then \
 		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
 		exit 1; \
@@ -16,6 +21,12 @@ build-release:
 		--tag fosrl/pangolin:$(minor_tag) \
 		--tag fosrl/pangolin:$(tag) \
 		--push .
+
+build-postgresql:
+	@if [ -z "$(tag)" ]; then \
+		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
+		exit 1; \
+	fi
 	docker buildx build \
 		--build-arg BUILD=oss \
 		--build-arg DATABASE=pg \
@@ -25,6 +36,12 @@ build-release:
 		--tag fosrl/pangolin:postgresql-$(minor_tag) \
 		--tag fosrl/pangolin:postgresql-$(tag) \
 		--push .
+
+build-ee-sqlite:
+	@if [ -z "$(tag)" ]; then \
+		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
+		exit 1; \
+	fi
 	docker buildx build \
 		--build-arg BUILD=enterprise \
 		--build-arg DATABASE=sqlite \
@@ -34,6 +51,12 @@ build-release:
 		--tag fosrl/pangolin:ee-$(minor_tag) \
 		--tag fosrl/pangolin:ee-$(tag) \
 		--push .
+
+build-ee-postgresql:
+	@if [ -z "$(tag)" ]; then \
+		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
+		exit 1; \
+	fi
 	docker buildx build \
 		--build-arg BUILD=enterprise \
 		--build-arg DATABASE=pg \
@@ -80,10 +103,10 @@ build-arm:
 build-x86:
 	docker buildx build --platform linux/amd64 -t fosrl/pangolin:latest .
 
-build-sqlite:
+dev-build-sqlite:
 	docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest .
 
-build-pg:
+dev-build-pg:
 	docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest .
 
 test:
diff --git a/install/containers.go b/install/containers.go
index 9993e117..464186c2 100644
--- a/install/containers.go
+++ b/install/containers.go
@@ -73,7 +73,7 @@ func installDocker() error {
 	case strings.Contains(osRelease, "ID=ubuntu"):
 		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
 			apt-get update &&
-			apt-get install -y apt-transport-https ca-certificates curl &&
+			apt-get install -y apt-transport-https ca-certificates curl gpg &&
 			curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
 			echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
 			apt-get update &&
@@ -82,7 +82,7 @@ func installDocker() error {
 	case strings.Contains(osRelease, "ID=debian"):
 		installCmd = exec.Command("bash", "-c", fmt.Sprintf(`
 			apt-get update &&
-			apt-get install -y apt-transport-https ca-certificates curl &&
+			apt-get install -y apt-transport-https ca-certificates curl gpg &&
 			curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg &&
 			echo "deb [arch=%s signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" > /etc/apt/sources.list.d/docker.list &&
 			apt-get update &&
diff --git a/messages/en-US.json b/messages/en-US.json
index 432d853b..3601d6bd 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2275,5 +2275,8 @@
     "remoteExitNodeRegenerateAndDisconnectWarning": "This will regenerate the credentials and immediately disconnect the remote exit node. The remote exit node will need to be restarted with the new credentials.",
     "remoteExitNodeRegenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials for this remote exit node?",
     "remoteExitNodeRegenerateCredentialsWarning": "This will regenerate the credentials. The remote exit node will stay connected until you manually restart it and use the new credentials.",
-    "agent": "Agent"
+    "agent": "Agent",
+    "personalUseOnly":  "Personal Use Only",
+    "loginPageLicenseWatermark":  "This instance is licensed for personal use only.",
+    "instanceIsUnlicensed":  "This instance is unlicensed."
 }
diff --git a/package-lock.json b/package-lock.json
index c6e60cef..b3a18c31 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -90,7 +90,7 @@
                 "qrcode.react": "4.2.0",
                 "react": "19.2.3",
                 "react-day-picker": "9.12.0",
-                "react-dom": "19.2.1",
+                "react-dom": "19.2.3",
                 "react-easy-sort": "1.8.0",
                 "react-hook-form": "7.68.0",
                 "react-icons": "5.5.0",
@@ -19768,16 +19768,16 @@
             }
         },
         "node_modules/react-dom": {
-            "version": "19.2.1",
-            "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.1.tgz",
-            "integrity": "sha512-ibrK8llX2a4eOskq1mXKu/TGZj9qzomO+sNfO98M6d9zIPOEhlBkMkBUBLd1vgS0gQsLDBzA+8jJBVXDnfHmJg==",
+            "version": "19.2.3",
+            "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.3.tgz",
+            "integrity": "sha512-yELu4WmLPw5Mr/lmeEpox5rw3RETacE++JgHqQzd2dg+YbJuat3jH4ingc+WPZhxaoFzdv9y33G+F7Nl5O0GBg==",
             "license": "MIT",
             "peer": true,
             "dependencies": {
                 "scheduler": "^0.27.0"
             },
             "peerDependencies": {
-                "react": "^19.2.1"
+                "react": "^19.2.3"
             }
         },
         "node_modules/react-easy-sort": {
diff --git a/package.json b/package.json
index 5609b688..2aebc439 100644
--- a/package.json
+++ b/package.json
@@ -114,7 +114,7 @@
         "qrcode.react": "4.2.0",
         "react": "19.2.3",
         "react-day-picker": "9.12.0",
-        "react-dom": "19.2.1",
+        "react-dom": "19.2.3",
         "react-easy-sort": "1.8.0",
         "react-hook-form": "7.68.0",
         "react-icons": "5.5.0",
diff --git a/server/lib/consts.ts b/server/lib/consts.ts
index d93cf224..d1f66a9e 100644
--- a/server/lib/consts.ts
+++ b/server/lib/consts.ts
@@ -2,7 +2,7 @@ import path from "path";
 import { fileURLToPath } from "url";
 
 // This is a placeholder value replaced by the build process
-export const APP_VERSION = "1.13.0";
+export const APP_VERSION = "1.13.1";
 
 export const __FILENAME = fileURLToPath(import.meta.url);
 export const __DIRNAME = path.dirname(__FILENAME);
diff --git a/server/lib/ip.ts b/server/lib/ip.ts
index 02683edc..9c412801 100644
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -432,7 +432,12 @@ export function generateRemoteSubnets(
 ): string[] {
     const remoteSubnets = allSiteResources
         .filter((sr) => {
-            if (sr.mode === "cidr") return true;
+            if (sr.mode === "cidr") {
+                // check if its a valid CIDR using zod
+                const cidrSchema = z.union([z.cidrv4(), z.cidrv6()]);
+                const parseResult = cidrSchema.safeParse(sr.destination);
+                return parseResult.success;
+            }
             if (sr.mode === "host") {
                 // check if its a valid IP using zod
                 const ipSchema = z.union([z.ipv4(), z.ipv6()]);
@@ -456,13 +461,12 @@ export function generateRemoteSubnets(
 export type Alias = { alias: string | null; aliasAddress: string | null };
 
 export function generateAliasConfig(allSiteResources: SiteResource[]): Alias[] {
-    let aliasConfigs = allSiteResources
+    return allSiteResources
         .filter((sr) => sr.alias && sr.aliasAddress && sr.mode == "host")
         .map((sr) => ({
             alias: sr.alias,
             aliasAddress: sr.aliasAddress
         }));
-    return aliasConfigs;
 }
 
 export type SubnetProxyTarget = {
diff --git a/server/lib/rebuildClientAssociations.ts b/server/lib/rebuildClientAssociations.ts
index e0867dc5..625e5793 100644
--- a/server/lib/rebuildClientAssociations.ts
+++ b/server/lib/rebuildClientAssociations.ts
@@ -955,28 +955,8 @@ export async function rebuildClientAssociationsFromClient(
 
     /////////// Send messages ///////////
 
-    // Get the olm for this client
-    const [olm] = await trx
-        .select({ olmId: olms.olmId })
-        .from(olms)
-        .where(eq(olms.clientId, client.clientId))
-        .limit(1);
-
-    if (!olm) {
-        logger.warn(
-            `Olm not found for client ${client.clientId}, skipping peer updates`
-        );
-        return;
-    }
-
     // Handle messages for sites being added
-    await handleMessagesForClientSites(
-        client,
-        olm.olmId,
-        sitesToAdd,
-        sitesToRemove,
-        trx
-    );
+    await handleMessagesForClientSites(client, sitesToAdd, sitesToRemove, trx);
 
     // Handle subnet proxy target updates for resources
     await handleMessagesForClientResources(
@@ -996,11 +976,26 @@ async function handleMessagesForClientSites(
         userId: string | null;
         orgId: string;
     },
-    olmId: string,
     sitesToAdd: number[],
     sitesToRemove: number[],
     trx: Transaction | typeof db = db
 ): Promise<void> {
+    // Get the olm for this client
+    const [olm] = await trx
+        .select({ olmId: olms.olmId })
+        .from(olms)
+        .where(eq(olms.clientId, client.clientId))
+        .limit(1);
+
+    if (!olm) {
+        logger.warn(
+            `Olm not found for client ${client.clientId}, skipping peer updates`
+        );
+        return;
+    }
+
+    const olmId = olm.olmId;
+
     if (!client.subnet || !client.pubKey) {
         logger.warn(
             `Client ${client.clientId} missing subnet or pubKey, skipping peer updates`
@@ -1021,9 +1016,9 @@ async function handleMessagesForClientSites(
         .leftJoin(newts, eq(sites.siteId, newts.siteId))
         .where(inArray(sites.siteId, allSiteIds));
 
-    let newtJobs: Promise<any>[] = [];
-    let olmJobs: Promise<any>[] = [];
-    let exitNodeJobs: Promise<any>[] = [];
+    const newtJobs: Promise<any>[] = [];
+    const olmJobs: Promise<any>[] = [];
+    const exitNodeJobs: Promise<any>[] = [];
 
     for (const siteData of sitesData) {
         const site = siteData.sites;
@@ -1130,18 +1125,8 @@ async function handleMessagesForClientResources(
     resourcesToRemove: number[],
     trx: Transaction | typeof db = db
 ): Promise<void> {
-    // Group resources by site
-    const resourcesBySite = new Map<number, SiteResource[]>();
-
-    for (const resource of allNewResources) {
-        if (!resourcesBySite.has(resource.siteId)) {
-            resourcesBySite.set(resource.siteId, []);
-        }
-        resourcesBySite.get(resource.siteId)!.push(resource);
-    }
-
-    let proxyJobs: Promise<any>[] = [];
-    let olmJobs: Promise<any>[] = [];
+    const proxyJobs: Promise<any>[] = [];
+    const olmJobs: Promise<any>[] = [];
 
     // Handle additions
     if (resourcesToAdd.length > 0) {
diff --git a/server/private/lib/traefik/getTraefikConfig.ts b/server/private/lib/traefik/getTraefikConfig.ts
index 8060ccad..82568216 100644
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -823,7 +823,7 @@ export async function getTraefikConfig(
                         (cert) => cert.queriedDomain === lp.fullDomain
                     );
                     if (!matchingCert) {
-                        logger.warn(
+                        logger.debug(
                             `No matching certificate found for login page domain: ${lp.fullDomain}`
                         );
                         continue;
diff --git a/server/routers/badger/logRequestAudit.ts b/server/routers/badger/logRequestAudit.ts
index 1cf97f98..1343bdaa 100644
--- a/server/routers/badger/logRequestAudit.ts
+++ b/server/routers/badger/logRequestAudit.ts
@@ -148,7 +148,7 @@ export async function cleanUpOldLogs(orgId: string, retentionDays: number) {
     }
 }
 
-export function logRequestAudit(
+export async function logRequestAudit(
     data: {
         action: boolean;
         reason: number;
@@ -174,14 +174,13 @@ export function logRequestAudit(
     }
 ) {
     try {
-        // Quick synchronous check - if org has 0 retention, skip immediately
+        // Check retention before buffering any logs
         if (data.orgId) {
-            const cached = cache.get<number>(`org_${data.orgId}_retentionDays`);
-            if (cached === 0) {
+            const retentionDays = await getRetentionDays(data.orgId);
+            if (retentionDays === 0) {
                 // do not log
                 return;
             }
-            // If not cached or > 0, we'll log it (async retention check happens in background)
         }
 
         let actorType: string | undefined;
@@ -261,16 +260,6 @@ export function logRequestAudit(
         } else {
             scheduleFlush();
         }
-
-        // Async retention check in background (don't await)
-        if (
-            data.orgId &&
-            cache.get<number>(`org_${data.orgId}_retentionDays`) === undefined
-        ) {
-            getRetentionDays(data.orgId).catch((err) =>
-                logger.error("Error checking retention days:", err)
-            );
-        }
     } catch (error) {
         logger.error(error);
     }
diff --git a/server/routers/gerbil/getConfig.ts b/server/routers/gerbil/getConfig.ts
index ba3ab7ad..488ef75b 100644
--- a/server/routers/gerbil/getConfig.ts
+++ b/server/routers/gerbil/getConfig.ts
@@ -51,7 +51,10 @@ export async function getConfig(
             );
         }
 
-        const exitNode = await createExitNode(publicKey, reachableAt);
+        // clean up the public key - keep only valid base64 characters (A-Z, a-z, 0-9, +, /, =)
+        const cleanedPublicKey = publicKey.replace(/[^A-Za-z0-9+/=]/g, '');
+
+        const exitNode = await createExitNode(cleanedPublicKey, reachableAt);
 
         if (!exitNode) {
             return next(
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
index a38f3b86..e5250bea 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
@@ -304,7 +304,7 @@ export default function ExitNodesTable({
                         setSelectedNode(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("remoteExitNodeQuestionRemove")}</p>
 
                             <p>{t("remoteExitNodeMessageRemove")}</p>
diff --git a/src/app/[orgId]/settings/general/page.tsx b/src/app/[orgId]/settings/general/page.tsx
index e391922f..97dd4a03 100644
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -289,7 +289,7 @@ export default function GeneralPage() {
                     setIsDeleteModalOpen(val);
                 }}
                 dialog={
-                    <div>
+                    <div className="space-y-2">
                         <p>{t("orgQuestionRemove")}</p>
                         <p>{t("orgMessageRemove")}</p>
                     </div>
@@ -303,7 +303,7 @@ export default function GeneralPage() {
                 open={isSecurityPolicyConfirmOpen}
                 setOpen={setIsSecurityPolicyConfirmOpen}
                 dialog={
-                    <div>
+                    <div className="space-y-2">
                         <p>{t("securityPolicyChangeDescription")}</p>
                     </div>
                 }
diff --git a/src/app/[orgId]/settings/resources/proxy/[niceId]/rules/page.tsx b/src/app/[orgId]/settings/resources/proxy/[niceId]/rules/page.tsx
index 39badea4..78a1b896 100644
--- a/src/app/[orgId]/settings/resources/proxy/[niceId]/rules/page.tsx
+++ b/src/app/[orgId]/settings/resources/proxy/[niceId]/rules/page.tsx
@@ -449,15 +449,16 @@ export default function ResourceRules(props: {
                     type="number"
                     onClick={(e) => e.currentTarget.focus()}
                     onBlur={(e) => {
-                        const parsed = z
+                        const parsed = z.coerce
+                            .number()
                             .int()
                             .optional()
                             .safeParse(e.target.value);
 
-                        if (!parsed.data) {
+                        if (!parsed.success) {
                             toast({
                                 variant: "destructive",
-                                title: t("rulesErrorInvalidIpAddress"), // correct priority or IP?
+                                title: t("rulesErrorInvalidPriority"), // correct priority or IP?
                                 description: t(
                                     "rulesErrorInvalidPriorityDescription"
                                 )
diff --git a/src/app/admin/license/page.tsx b/src/app/admin/license/page.tsx
index ac6d3e67..4e0586bd 100644
--- a/src/app/admin/license/page.tsx
+++ b/src/app/admin/license/page.tsx
@@ -315,7 +315,7 @@ export default function LicensePage() {
                         setSelectedLicenseKey(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("licenseQuestionRemove")}</p>
                             <p>
                                 <b>{t("licenseMessageRemove")}</b>
@@ -360,7 +360,8 @@ export default function LicensePage() {
                                 <div className="space-y-2 text-green-500">
                                     <div className="text-2xl flex items-center gap-2">
                                         <Check />
-                                        {t("licensed")}
+                                        {t("licensed") +
+                                            `${licenseStatus?.tier === "personal" ? ` (${t("personalUseOnly")})` : ""}`}
                                     </div>
                                 </div>
                             ) : (
diff --git a/src/app/admin/users/AdminUsersTable.tsx b/src/app/admin/users/AdminUsersTable.tsx
index efcf9484..1c7d1b7f 100644
--- a/src/app/admin/users/AdminUsersTable.tsx
+++ b/src/app/admin/users/AdminUsersTable.tsx
@@ -243,7 +243,7 @@ export default function UsersTable({ users }: Props) {
                         setSelected(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("userQuestionRemove")}</p>
 
                             <p>{t("userMessageRemove")}</p>
diff --git a/src/app/auth/layout.tsx b/src/app/auth/layout.tsx
index 70439824..6a72006b 100644
--- a/src/app/auth/layout.tsx
+++ b/src/app/auth/layout.tsx
@@ -23,6 +23,7 @@ export default async function AuthLayout({ children }: AuthLayoutProps) {
     const t = await getTranslations();
     let hideFooter = false;
 
+    let licenseStatus: GetLicenseStatusResponse | null = null;
     if (build == "enterprise") {
         const licenseStatusRes = await cache(
             async () =>
@@ -30,10 +31,12 @@ export default async function AuthLayout({ children }: AuthLayoutProps) {
                     "/license/status"
                 )
         )();
+        licenseStatus = licenseStatusRes.data.data;
         if (
             env.branding.hideAuthLayoutFooter &&
             licenseStatusRes.data.data.isHostLicensed &&
-            licenseStatusRes.data.data.isLicenseValid
+            licenseStatusRes.data.data.isLicenseValid &&
+            licenseStatusRes.data.data.tier !== "personal"
         ) {
             hideFooter = true;
         }
@@ -83,6 +86,23 @@ export default async function AuthLayout({ children }: AuthLayoutProps) {
                                   ? t("enterpriseEdition")
                                   : t("pangolinCloud")}
                         </span>
+                        {build === "enterprise" &&
+                        licenseStatus?.isHostLicensed &&
+                        licenseStatus?.isLicenseValid &&
+                        licenseStatus?.tier === "personal" ? (
+                            <>
+                                <Separator orientation="vertical" />
+                                <span>{t("personalUseOnly")}</span>
+                            </>
+                        ) : null}
+                        {build === "enterprise" &&
+                        (!licenseStatus?.isHostLicensed ||
+                            !licenseStatus?.isLicenseValid) ? (
+                            <>
+                                <Separator orientation="vertical" />
+                                <span>{t("unlicensed")}</span>
+                            </>
+                        ) : null}
                         {build === "saas" && (
                             <>
                                 <Separator orientation="vertical" />
diff --git a/src/components/AdminIdpTable.tsx b/src/components/AdminIdpTable.tsx
index 76a0fdd7..75a7c545 100644
--- a/src/components/AdminIdpTable.tsx
+++ b/src/components/AdminIdpTable.tsx
@@ -196,7 +196,7 @@ export default function IdpTable({ idps }: Props) {
                         setSelectedIdp(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>
                                 {t("idpQuestionRemove", {
                                     name: selectedIdp.name
diff --git a/src/components/AdminUsersTable.tsx b/src/components/AdminUsersTable.tsx
index 9c741cee..327d4752 100644
--- a/src/components/AdminUsersTable.tsx
+++ b/src/components/AdminUsersTable.tsx
@@ -313,7 +313,7 @@ export default function UsersTable({ users }: Props) {
                         setSelected(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>
                                 {t("userQuestionRemove", {
                                     selectedUser:
diff --git a/src/components/ApiKeysTable.tsx b/src/components/ApiKeysTable.tsx
index c3202277..8987fa2c 100644
--- a/src/components/ApiKeysTable.tsx
+++ b/src/components/ApiKeysTable.tsx
@@ -182,7 +182,7 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
                         setSelected(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("apiKeysQuestionRemove")}</p>
 
                             <p>{t("apiKeysMessageRemove")}</p>
diff --git a/src/components/ClientResourcesTable.tsx b/src/components/ClientResourcesTable.tsx
index a5e257c7..3f65c762 100644
--- a/src/components/ClientResourcesTable.tsx
+++ b/src/components/ClientResourcesTable.tsx
@@ -284,7 +284,7 @@ export default function ClientResourcesTable({
                         setSelectedInternalResource(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("resourceQuestionRemove")}</p>
                             <p>{t("resourceMessageRemove")}</p>
                         </div>
diff --git a/src/components/DataTablePagination.tsx b/src/components/DataTablePagination.tsx
index be12ca47..4abcf1c5 100644
--- a/src/components/DataTablePagination.tsx
+++ b/src/components/DataTablePagination.tsx
@@ -24,6 +24,8 @@ interface DataTablePaginationProps<TData> {
     isServerPagination?: boolean;
     isLoading?: boolean;
     disabled?: boolean;
+    pageSize?: number;
+    pageIndex?: number;
 }
 
 export function DataTablePagination<TData>({
@@ -33,10 +35,26 @@ export function DataTablePagination<TData>({
     totalCount,
     isServerPagination = false,
     isLoading = false,
-    disabled = false
+    disabled = false,
+    pageSize: controlledPageSize,
+    pageIndex: controlledPageIndex
 }: DataTablePaginationProps<TData>) {
     const t = useTranslations();
 
+    // Use controlled values if provided, otherwise fall back to table state
+    const pageSize = controlledPageSize ?? table.getState().pagination.pageSize;
+    const pageIndex =
+        controlledPageIndex ?? table.getState().pagination.pageIndex;
+
+    // Calculate page boundaries based on controlled state
+    // For server-side pagination, use totalCount if available for accurate page count
+    const pageCount =
+        isServerPagination && totalCount !== undefined
+            ? Math.ceil(totalCount / pageSize)
+            : table.getPageCount();
+    const canNextPage = pageIndex < pageCount - 1;
+    const canPreviousPage = pageIndex > 0;
+
     const handlePageSizeChange = (value: string) => {
         const newPageSize = Number(value);
         table.setPageSize(newPageSize);
@@ -51,7 +69,7 @@ export function DataTablePagination<TData>({
         action: "first" | "previous" | "next" | "last"
     ) => {
         if (isServerPagination && onPageChange) {
-            const currentPage = table.getState().pagination.pageIndex;
+            const currentPage = pageIndex;
             const pageCount = table.getPageCount();
 
             let newPage: number;
@@ -77,18 +95,24 @@ export function DataTablePagination<TData>({
             }
         } else {
             // Use table's built-in navigation for client-side pagination
+            // But add bounds checking to prevent going beyond page boundaries
+            const pageCount = table.getPageCount();
             switch (action) {
                 case "first":
                     table.setPageIndex(0);
                     break;
                 case "previous":
-                    table.previousPage();
+                    if (pageIndex > 0) {
+                        table.previousPage();
+                    }
                     break;
                 case "next":
-                    table.nextPage();
+                    if (pageIndex < pageCount - 1) {
+                        table.nextPage();
+                    }
                     break;
                 case "last":
-                    table.setPageIndex(table.getPageCount() - 1);
+                    table.setPageIndex(Math.max(0, pageCount - 1));
                     break;
             }
         }
@@ -98,14 +122,12 @@ export function DataTablePagination<TData>({
         <div className="flex items-center justify-between text-muted-foreground">
             <div className="flex items-center space-x-2">
                 <Select
-                    value={`${table.getState().pagination.pageSize}`}
+                    value={`${pageSize}`}
                     onValueChange={handlePageSizeChange}
                     disabled={disabled}
                 >
                     <SelectTrigger className="h-8 w-[73px]" disabled={disabled}>
-                        <SelectValue
-                            placeholder={table.getState().pagination.pageSize}
-                        />
+                        <SelectValue placeholder={pageSize} />
                     </SelectTrigger>
                     <SelectContent side="bottom">
                         {[10, 20, 30, 40, 50, 100].map((pageSize) => (
@@ -121,16 +143,11 @@ export function DataTablePagination<TData>({
                 <div className="flex items-center justify-center text-sm font-medium">
                     {isServerPagination && totalCount !== undefined
                         ? t("paginator", {
-                              current:
-                                  table.getState().pagination.pageIndex + 1,
-                              last: Math.ceil(
-                                  totalCount /
-                                      table.getState().pagination.pageSize
-                              )
+                              current: pageIndex + 1,
+                              last: Math.ceil(totalCount / pageSize)
                           })
                         : t("paginator", {
-                              current:
-                                  table.getState().pagination.pageIndex + 1,
+                              current: pageIndex + 1,
                               last: table.getPageCount()
                           })}
                 </div>
@@ -139,9 +156,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="hidden h-8 w-8 p-0 lg:flex"
                         onClick={() => handlePageNavigation("first")}
-                        disabled={
-                            !table.getCanPreviousPage() || isLoading || disabled
-                        }
+                        disabled={!canPreviousPage || isLoading || disabled}
                     >
                         <span className="sr-only">{t("paginatorToFirst")}</span>
                         <DoubleArrowLeftIcon className="h-4 w-4" />
@@ -150,9 +165,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="h-8 w-8 p-0"
                         onClick={() => handlePageNavigation("previous")}
-                        disabled={
-                            !table.getCanPreviousPage() || isLoading || disabled
-                        }
+                        disabled={!canPreviousPage || isLoading || disabled}
                     >
                         <span className="sr-only">
                             {t("paginatorToPrevious")}
@@ -163,9 +176,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="h-8 w-8 p-0"
                         onClick={() => handlePageNavigation("next")}
-                        disabled={
-                            !table.getCanNextPage() || isLoading || disabled
-                        }
+                        disabled={!canNextPage || isLoading || disabled}
                     >
                         <span className="sr-only">{t("paginatorToNext")}</span>
                         <ChevronRightIcon className="h-4 w-4" />
@@ -174,9 +185,7 @@ export function DataTablePagination<TData>({
                         variant="outline"
                         className="hidden h-8 w-8 p-0 lg:flex"
                         onClick={() => handlePageNavigation("last")}
-                        disabled={
-                            !table.getCanNextPage() || isLoading || disabled
-                        }
+                        disabled={!canNextPage || isLoading || disabled}
                     >
                         <span className="sr-only">{t("paginatorToLast")}</span>
                         <DoubleArrowRightIcon className="h-4 w-4" />
diff --git a/src/components/DomainsTable.tsx b/src/components/DomainsTable.tsx
index 331425c3..ff23df67 100644
--- a/src/components/DomainsTable.tsx
+++ b/src/components/DomainsTable.tsx
@@ -304,7 +304,7 @@ export default function DomainsTable({ domains, orgId }: Props) {
                         setSelectedDomain(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("domainQuestionRemove")}</p>
                             <p>{t("domainMessageRemove")}</p>
                         </div>
diff --git a/src/components/InvitationsTable.tsx b/src/components/InvitationsTable.tsx
index 1b218ea3..0d2d3e9b 100644
--- a/src/components/InvitationsTable.tsx
+++ b/src/components/InvitationsTable.tsx
@@ -182,7 +182,7 @@ export default function InvitationsTable({
                     setSelectedInvitation(null);
                 }}
                 dialog={
-                    <div>
+                    <div className="space-y-2">
                         <p>{t("inviteQuestionRemove")}</p>
                         <p>{t("inviteMessageRemove")}</p>
                     </div>
diff --git a/src/components/LayoutSidebar.tsx b/src/components/LayoutSidebar.tsx
index 8006b6e8..45d0292b 100644
--- a/src/components/LayoutSidebar.tsx
+++ b/src/components/LayoutSidebar.tsx
@@ -25,6 +25,7 @@ import { useEffect, useState } from "react";
 import { FaGithub } from "react-icons/fa";
 import SidebarLicenseButton from "./SidebarLicenseButton";
 import { SidebarSupportButton } from "./SidebarSupportButton";
+import { is } from "drizzle-orm";
 
 const ProductUpdates = dynamic(() => import("./ProductUpdates"), {
     ssr: false
@@ -52,7 +53,7 @@ export function LayoutSidebar({
     const pathname = usePathname();
     const isAdminPage = pathname?.startsWith("/admin");
     const { user } = useUserContext();
-    const { isUnlocked } = useLicenseStatusContext();
+    const { isUnlocked, licenseStatus } = useLicenseStatusContext();
     const { env } = useEnvContext();
     const t = useTranslations();
 
@@ -226,6 +227,18 @@ export function LayoutSidebar({
                                         <FaGithub size={12} />
                                     </Link>
                                 </div>
+                                {build === "enterprise" &&
+                                isUnlocked() &&
+                                licenseStatus?.tier === "personal" ? (
+                                    <div className="text-xs text-muted-foreground text-center">
+                                        {t("personalUseOnly")}
+                                    </div>
+                                ) : null}
+                                {build === "enterprise" && !isUnlocked() ? (
+                                    <div className="text-xs text-muted-foreground text-center">
+                                        {t("unlicensed")}
+                                    </div>
+                                ) : null}
                                 {env?.app?.version && (
                                     <div className="text-xs text-muted-foreground text-center">
                                         <Link
diff --git a/src/components/LogDataTable.tsx b/src/components/LogDataTable.tsx
index e21b5cc0..d48a3871 100644
--- a/src/components/LogDataTable.tsx
+++ b/src/components/LogDataTable.tsx
@@ -542,6 +542,8 @@ export function LogDataTable<TData, TValue>({
                             isServerPagination={isServerPagination}
                             isLoading={isLoading}
                             disabled={disabled}
+                            pageSize={pageSize}
+                            pageIndex={currentPage}
                         />
                     </div>
                 </CardContent>
diff --git a/src/components/MachineClientsTable.tsx b/src/components/MachineClientsTable.tsx
index 7ac10eb7..67ed2e08 100644
--- a/src/components/MachineClientsTable.tsx
+++ b/src/components/MachineClientsTable.tsx
@@ -354,7 +354,7 @@ export default function MachineClientsTable({
                         setSelectedClient(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("deleteClientQuestion")}</p>
                             <p>{t("clientMessageRemove")}</p>
                         </div>
diff --git a/src/components/OrgApiKeysTable.tsx b/src/components/OrgApiKeysTable.tsx
index 2f50e571..72509bc4 100644
--- a/src/components/OrgApiKeysTable.tsx
+++ b/src/components/OrgApiKeysTable.tsx
@@ -189,7 +189,7 @@ export default function OrgApiKeysTable({
                         setSelected(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("apiKeysQuestionRemove")}</p>
 
                             <p>{t("apiKeysMessageRemove")}</p>
diff --git a/src/components/ProxyResourcesTable.tsx b/src/components/ProxyResourcesTable.tsx
index 6f39c099..bd4bb4e1 100644
--- a/src/components/ProxyResourcesTable.tsx
+++ b/src/components/ProxyResourcesTable.tsx
@@ -535,7 +535,7 @@ export default function ProxyResourcesTable({
                         setSelectedResource(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("resourceQuestionRemove")}</p>
                             <p>{t("resourceMessageRemove")}</p>
                         </div>
diff --git a/src/components/ResourceAuthPortal.tsx b/src/components/ResourceAuthPortal.tsx
index 15cbba1f..90d6cf78 100644
--- a/src/components/ResourceAuthPortal.tsx
+++ b/src/components/ResourceAuthPortal.tsx
@@ -93,7 +93,7 @@ type ResourceAuthPortalProps = {
 export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
     const router = useRouter();
     const t = useTranslations();
-    const { isUnlocked } = useLicenseStatusContext();
+    const { isUnlocked, licenseStatus } = useLicenseStatusContext();
 
     const getNumMethods = () => {
         let colLength = 0;
@@ -737,6 +737,22 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                             </span>
                         </div>
                     )}
+                    {build === "enterprise" && !isUnlocked() ? (
+                        <div className="text-center mt-2">
+                            <span className="text-sm font-medium text-muted-foreground">
+                                {t("instanceIsUnlicensed")}
+                            </span>
+                        </div>
+                    ) : null}
+                    {build === "enterprise" &&
+                    isUnlocked() &&
+                    licenseStatus?.tier === "personal" ? (
+                        <div className="text-center mt-2">
+                            <span className="text-sm font-medium text-muted-foreground">
+                                {t("loginPageLicenseWatermark")}
+                            </span>
+                        </div>
+                    ) : null}
                 </div>
             ) : (
                 <ResourceAccessDenied />
diff --git a/src/components/SitesTable.tsx b/src/components/SitesTable.tsx
index 3a8085c2..46aeb79f 100644
--- a/src/components/SitesTable.tsx
+++ b/src/components/SitesTable.tsx
@@ -412,7 +412,7 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                         setSelectedSite(null);
                     }}
                     dialog={
-                        <div className="">
+                        <div className="space-y-2">
                             <p>{t("siteQuestionRemove")}</p>
                             <p>{t("siteMessageRemove")}</p>
                         </div>
diff --git a/src/components/UserDevicesTable.tsx b/src/components/UserDevicesTable.tsx
index 88a0d4a8..71321bf8 100644
--- a/src/components/UserDevicesTable.tsx
+++ b/src/components/UserDevicesTable.tsx
@@ -401,7 +401,7 @@ export default function UserDevicesTable({ userClients }: ClientTableProps) {
                         setSelectedClient(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("deleteClientQuestion")}</p>
                             <p>{t("clientMessageRemove")}</p>
                         </div>
diff --git a/src/components/UsersTable.tsx b/src/components/UsersTable.tsx
index 55ee9505..0d0ff379 100644
--- a/src/components/UsersTable.tsx
+++ b/src/components/UsersTable.tsx
@@ -258,7 +258,7 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                     setSelectedUser(null);
                 }}
                 dialog={
-                    <div>
+                    <div className="space-y-2">
                         <p>{t("userQuestionOrgRemove")}</p>
                         <p>{t("userMessageOrgRemove")}</p>
                     </div>
diff --git a/src/components/ViewDevicesDialog.tsx b/src/components/ViewDevicesDialog.tsx
index 33e9d87f..70c55ded 100644
--- a/src/components/ViewDevicesDialog.tsx
+++ b/src/components/ViewDevicesDialog.tsx
@@ -224,7 +224,7 @@ export default function ViewDevicesDialog({
                         }
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>
                                 {t("deviceQuestionRemove") ||
                                     "Are you sure you want to delete this device?"}
diff --git a/src/components/private/OrgIdpTable.tsx b/src/components/private/OrgIdpTable.tsx
index 8730053e..f5fdfe40 100644
--- a/src/components/private/OrgIdpTable.tsx
+++ b/src/components/private/OrgIdpTable.tsx
@@ -177,7 +177,7 @@ export default function IdpTable({ idps, orgId }: Props) {
                         setSelectedIdp(null);
                     }}
                     dialog={
-                        <div>
+                        <div className="space-y-2">
                             <p>{t("idpQuestionRemove")}</p>
                             <p>{t("idpMessageRemove")}</p>
                         </div>
diff --git a/src/components/ui/data-table.tsx b/src/components/ui/data-table.tsx
index 86dc4961..41529692 100644
--- a/src/components/ui/data-table.tsx
+++ b/src/components/ui/data-table.tsx
@@ -10,7 +10,8 @@ import {
     getSortedRowModel,
     ColumnFiltersState,
     getFilteredRowModel,
-    VisibilityState
+    VisibilityState,
+    PaginationState
 } from "@tanstack/react-table";
 
 // Extended ColumnDef type that includes optional friendlyName for column visibility dropdown
@@ -227,6 +228,10 @@ export function DataTable<TData, TValue>({
     const [columnVisibility, setColumnVisibility] = useState<VisibilityState>(
         initialColumnVisibility
     );
+    const [pagination, setPagination] = useState<PaginationState>({
+        pageIndex: 0,
+        pageSize: pageSize
+    });
     const [activeTab, setActiveTab] = useState<string>(
         defaultTab || tabs?.[0]?.id || ""
     );
@@ -256,6 +261,7 @@ export function DataTable<TData, TValue>({
         getFilteredRowModel: getFilteredRowModel(),
         onGlobalFilterChange: setGlobalFilter,
         onColumnVisibilityChange: setColumnVisibility,
+        onPaginationChange: setPagination,
         initialState: {
             pagination: {
                 pageSize: pageSize,
@@ -267,21 +273,18 @@ export function DataTable<TData, TValue>({
             sorting,
             columnFilters,
             globalFilter,
-            columnVisibility
+            columnVisibility,
+            pagination
         }
     });
 
+    // Persist pageSize to localStorage when it changes
     useEffect(() => {
-        const currentPageSize = table.getState().pagination.pageSize;
-        if (currentPageSize !== pageSize) {
-            table.setPageSize(pageSize);
-
-            // Persist to localStorage if enabled
-            if (persistPageSize) {
-                setStoredPageSize(pageSize, tableId);
-            }
+        if (persistPageSize && pagination.pageSize !== pageSize) {
+            setStoredPageSize(pagination.pageSize, tableId);
+            setPageSize(pagination.pageSize);
         }
-    }, [pageSize, table, persistPageSize, tableId]);
+    }, [pagination.pageSize, persistPageSize, tableId, pageSize]);
 
     useEffect(() => {
         // Persist column visibility to localStorage when it changes
@@ -293,13 +296,17 @@ export function DataTable<TData, TValue>({
     const handleTabChange = (value: string) => {
         setActiveTab(value);
         // Reset to first page when changing tabs
-        table.setPageIndex(0);
+        setPagination((prev) => ({ ...prev, pageIndex: 0 }));
     };
 
     // Enhanced pagination component that updates our local state
     const handlePageSizeChange = (newPageSize: number) => {
+        setPagination((prev) => ({
+            ...prev,
+            pageSize: newPageSize,
+            pageIndex: 0
+        }));
         setPageSize(newPageSize);
-        table.setPageSize(newPageSize);
 
         // Persist immediately when changed
         if (persistPageSize) {
@@ -614,6 +621,8 @@ export function DataTable<TData, TValue>({
                         <DataTablePagination
                             table={table}
                             onPageSizeChange={handlePageSizeChange}
+                            pageSize={pagination.pageSize}
+                            pageIndex={pagination.pageIndex}
                         />
                     </div>
                 </CardContent>