From 03e0e8d9c2cfa58537ea77284df9b09e4993fce5 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Tue, 4 Nov 2025 13:57:55 +0100
Subject: [PATCH 01/70] =?UTF-8?q?=F0=9F=9A=A7=20wip?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json                       | 55 ++++++++++++++++++++++
 package.json                            |  8 ++--
 src/app/layout.tsx                      | 61 +++++++++++++------------
 src/components/LayoutSidebar.tsx        | 15 ++++--
 src/components/ProductUpdates.tsx       | 20 ++++++++
 src/components/react-query-provider.tsx | 29 ++++++++++++
 6 files changed, 152 insertions(+), 36 deletions(-)
 create mode 100644 src/components/ProductUpdates.tsx
 create mode 100644 src/components/react-query-provider.tsx

diff --git a/package-lock.json b/package-lock.json
index 448f9c18..c924f98f 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -41,6 +41,8 @@
                 "@simplewebauthn/browser": "^13.2.2",
                 "@simplewebauthn/server": "^13.2.2",
                 "@tailwindcss/forms": "^0.5.10",
+                "@tanstack/react-query": "^5.90.6",
+                "@tanstack/react-query-devtools": "^5.90.2",
                 "@tanstack/react-table": "8.21.3",
                 "arctic": "^3.7.0",
                 "axios": "^1.13.1",
@@ -8492,6 +8494,59 @@
                 "tailwindcss": "4.1.16"
             }
         },
+        "node_modules/@tanstack/query-core": {
+            "version": "5.90.6",
+            "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.90.6.tgz",
+            "integrity": "sha512-AnZSLF26R8uX+tqb/ivdrwbVdGemdEDm1Q19qM6pry6eOZ6bEYiY7mWhzXT1YDIPTNEVcZ5kYP9nWjoxDLiIVw==",
+            "license": "MIT",
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            }
+        },
+        "node_modules/@tanstack/query-devtools": {
+            "version": "5.90.1",
+            "resolved": "https://registry.npmjs.org/@tanstack/query-devtools/-/query-devtools-5.90.1.tgz",
+            "integrity": "sha512-GtINOPjPUH0OegJExZ70UahT9ykmAhmtNVcmtdnOZbxLwT7R5OmRztR5Ahe3/Cu7LArEmR6/588tAycuaWb1xQ==",
+            "license": "MIT",
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            }
+        },
+        "node_modules/@tanstack/react-query": {
+            "version": "5.90.6",
+            "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.90.6.tgz",
+            "integrity": "sha512-gB1sljYjcobZKxjPbKSa31FUTyr+ROaBdoH+wSSs9Dk+yDCmMs+TkTV3PybRRVLC7ax7q0erJ9LvRWnMktnRAw==",
+            "license": "MIT",
+            "dependencies": {
+                "@tanstack/query-core": "5.90.6"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            },
+            "peerDependencies": {
+                "react": "^18 || ^19"
+            }
+        },
+        "node_modules/@tanstack/react-query-devtools": {
+            "version": "5.90.2",
+            "resolved": "https://registry.npmjs.org/@tanstack/react-query-devtools/-/react-query-devtools-5.90.2.tgz",
+            "integrity": "sha512-vAXJzZuBXtCQtrY3F/yUNJCV4obT/A/n81kb3+YqLbro5Z2+phdAbceO+deU3ywPw8B42oyJlp4FhO0SoivDFQ==",
+            "license": "MIT",
+            "dependencies": {
+                "@tanstack/query-devtools": "5.90.1"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            },
+            "peerDependencies": {
+                "@tanstack/react-query": "^5.90.2",
+                "react": "^18 || ^19"
+            }
+        },
         "node_modules/@tanstack/react-table": {
             "version": "8.21.3",
             "resolved": "https://registry.npmjs.org/@tanstack/react-table/-/react-table-8.21.3.tgz",
diff --git a/package.json b/package.json
index be31b60f..a33df056 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
     "dependencies": {
         "@asteasolutions/zod-to-openapi": "^7.3.4",
         "@aws-sdk/client-s3": "3.922.0",
+        "@faker-js/faker": "^10.1.0",
         "@hookform/resolvers": "5.2.2",
         "@monaco-editor/react": "^4.7.0",
         "@node-rs/argon2": "^2.0.2",
@@ -63,6 +64,8 @@
         "@simplewebauthn/browser": "^13.2.2",
         "@simplewebauthn/server": "^13.2.2",
         "@tailwindcss/forms": "^0.5.10",
+        "@tanstack/react-query": "^5.90.6",
+        "@tanstack/react-query-devtools": "^5.90.2",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",
         "axios": "^1.13.1",
@@ -129,8 +132,7 @@
         "yaml": "^2.8.1",
         "yargs": "18.0.0",
         "zod": "3.25.76",
-        "zod-validation-error": "3.5.2",
-        "@faker-js/faker": "^10.1.0"
+        "zod-validation-error": "3.5.2"
     },
     "devDependencies": {
         "@dotenvx/dotenvx": "1.51.0",
@@ -146,9 +148,9 @@
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
-        "@types/nprogress": "^0.2.3",
         "@types/node": "24.9.2",
         "@types/nodemailer": "7.0.3",
+        "@types/nprogress": "^0.2.3",
         "@types/pg": "8.15.6",
         "@types/react": "19.2.2",
         "@types/react-dom": "19.2.2",
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index cc586dfb..c8907a49 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -20,6 +20,7 @@ import { Toaster } from "@app/components/ui/toaster";
 import { build } from "@server/build";
 import { TopLoader } from "@app/components/Toploader";
 import Script from "next/script";
+import { ReactQueryProvider } from "@app/components/react-query-provider";
 
 export const metadata: Metadata = {
     title: `Dashboard - ${process.env.BRANDING_APP_NAME || "Pangolin"}`,
@@ -94,38 +95,40 @@ export default async function RootLayout({
                         strategy="afterInteractive"
                     />
                 )}
-                <NextIntlClientProvider>
-                    <ThemeProvider
-                        attribute="class"
-                        defaultTheme="system"
-                        enableSystem
-                        disableTransitionOnChange
-                    >
-                        <ThemeDataProvider colors={loadBrandingColors()}>
-                            <EnvProvider env={pullEnv()}>
-                                <LicenseStatusProvider
-                                    licenseStatus={licenseStatus}
-                                >
-                                    <SupportStatusProvider
-                                        supporterStatus={supporterData}
+                <ReactQueryProvider>
+                    <NextIntlClientProvider>
+                        <ThemeProvider
+                            attribute="class"
+                            defaultTheme="system"
+                            enableSystem
+                            disableTransitionOnChange
+                        >
+                            <ThemeDataProvider colors={loadBrandingColors()}>
+                                <EnvProvider env={pullEnv()}>
+                                    <LicenseStatusProvider
+                                        licenseStatus={licenseStatus}
                                     >
-                                        {/* Main content */}
-                                        <div className="h-full flex flex-col">
-                                            <div className="flex-1 overflow-auto">
-                                                <SplashImage>
+                                        <SupportStatusProvider
+                                            supporterStatus={supporterData}
+                                        >
+                                            {/* Main content */}
+                                            <div className="h-full flex flex-col">
+                                                <div className="flex-1 overflow-auto">
+                                                    <SplashImage>
+                                                        <LicenseViolation />
+                                                        {children}
+                                                    </SplashImage>
                                                     <LicenseViolation />
-                                                    {children}
-                                                </SplashImage>
-                                                <LicenseViolation />
+                                                </div>
                                             </div>
-                                        </div>
-                                    </SupportStatusProvider>
-                                </LicenseStatusProvider>
-                                <Toaster />
-                            </EnvProvider>
-                        </ThemeDataProvider>
-                    </ThemeProvider>
-                </NextIntlClientProvider>
+                                        </SupportStatusProvider>
+                                    </LicenseStatusProvider>
+                                    <Toaster />
+                                </EnvProvider>
+                            </ThemeDataProvider>
+                        </ThemeProvider>
+                    </NextIntlClientProvider>
+                </ReactQueryProvider>
             </body>
         </html>
     );
diff --git a/src/components/LayoutSidebar.tsx b/src/components/LayoutSidebar.tsx
index a054e829..29ba342b 100644
--- a/src/components/LayoutSidebar.tsx
+++ b/src/components/LayoutSidebar.tsx
@@ -32,6 +32,7 @@ import {
 import { build } from "@server/build";
 import SidebarLicenseButton from "./SidebarLicenseButton";
 import { SidebarSupportButton } from "./SidebarSupportButton";
+import ProductUpdates from "./ProductUpdates";
 
 interface LayoutSidebarProps {
     orgId?: string;
@@ -101,7 +102,7 @@ export function LayoutSidebar({
                             <Link
                                 href="/admin"
                                 className={cn(
-                                    "flex items-center rounded transition-colors text-muted-foreground hover:text-foreground text-sm w-full hover:bg-secondary/50 dark:hover:bg-secondary/20 rounded-md",
+                                    "flex items-center transition-colors text-muted-foreground hover:text-foreground text-sm w-full hover:bg-secondary/50 dark:hover:bg-secondary/20 rounded-md",
                                     isSidebarCollapsed
                                         ? "px-2 py-2 justify-center"
                                         : "px-3 py-1.5"
@@ -114,7 +115,7 @@ export function LayoutSidebar({
                             >
                                 <span
                                     className={cn(
-                                        "flex-shrink-0",
+                                        "shrink-0",
                                         !isSidebarCollapsed && "mr-2"
                                     )}
                                 >
@@ -133,7 +134,11 @@ export function LayoutSidebar({
                 </div>
             </div>
 
-            <div className="p-4 space-y-4 shrink-0">
+            <div className="p-4 flex flex-col gap-4 shrink-0">
+                <div className="mb-3">
+                    <ProductUpdates />
+                </div>
+
                 {build === "enterprise" && (
                     <div className="mb-3">
                         <SidebarLicenseButton
@@ -148,7 +153,9 @@ export function LayoutSidebar({
                 )}
                 {build === "saas" && (
                     <div className="mb-3">
-                        <SidebarSupportButton isCollapsed={isSidebarCollapsed} />
+                        <SidebarSupportButton
+                            isCollapsed={isSidebarCollapsed}
+                        />
                     </div>
                 )}
                 {!isSidebarCollapsed && (
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
new file mode 100644
index 00000000..2c1806c5
--- /dev/null
+++ b/src/components/ProductUpdates.tsx
@@ -0,0 +1,20 @@
+"use client";
+
+import { useQuery } from "@tanstack/react-query";
+
+interface ProductUpdatesSectionProps {}
+
+const data = {};
+
+export default function ProductUpdates({}: ProductUpdatesSectionProps) {
+    const versions = useQuery({
+        queryKey: []
+    });
+    return (
+        <>
+            <small className="text-xs text-muted-foreground flex items-center gap-2">
+                3 more updates
+            </small>
+        </>
+    );
+}
diff --git a/src/components/react-query-provider.tsx b/src/components/react-query-provider.tsx
new file mode 100644
index 00000000..0f65ba62
--- /dev/null
+++ b/src/components/react-query-provider.tsx
@@ -0,0 +1,29 @@
+"use client";
+import * as React from "react";
+import { QueryClientProvider } from "@tanstack/react-query";
+import { ReactQueryDevtools } from "@tanstack/react-query-devtools";
+import { QueryClient } from "@tanstack/react-query";
+
+export type ReactQueryProviderProps = {
+    children: React.ReactNode;
+};
+
+export function ReactQueryProvider({ children }: ReactQueryProviderProps) {
+    const [queryClient] = React.useState(
+        () =>
+            new QueryClient({
+                defaultOptions: {
+                    queries: {
+                        retry: 2, // retry twice by default
+                        staleTime: 5 * 60 * 1_000 // 5 minutes
+                    }
+                }
+            })
+    );
+    return (
+        <QueryClientProvider client={queryClient}>
+            {children}
+            <ReactQueryDevtools position="bottom" />
+        </QueryClientProvider>
+    );
+}

From a26a441d563c33ac1883b05de7414bfe3c48e88a Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 06:54:56 +0100
Subject: [PATCH 02/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20validate=20env=20and?=
 =?UTF-8?q?=20add=20remote=20fossorial=20API=20as=20an=20env=20variable?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 next.config.mjs => next.config.ts             |  11 +-
 server/lib/config.ts                          |   4 +-
 .../generatedLicense/generateNewLicense.ts    |   6 +-
 .../generatedLicense/listGeneratedLicenses.ts |   9 +-
 .../supporterKey/validateSupporterKey.ts      |   4 +-
 src/lib/pullEnv.ts                            | 218 +++++++++++-------
 src/lib/types/env.ts                          |  21 +-
 7 files changed, 176 insertions(+), 97 deletions(-)
 rename next.config.mjs => next.config.ts (50%)

diff --git a/next.config.mjs b/next.config.ts
similarity index 50%
rename from next.config.mjs
rename to next.config.ts
index d771dbca..e70c4932 100644
--- a/next.config.mjs
+++ b/next.config.ts
@@ -1,14 +1,17 @@
+import { NextConfig } from "next";
 import createNextIntlPlugin from "next-intl/plugin";
 
+import { pullEnv } from "./src/lib/pullEnv";
+// validate env variables on build and such
+pullEnv();
+
 const withNextIntl = createNextIntlPlugin();
 
-/** @type {import("next").NextConfig} */
-const nextConfig = {
+const nextConfig: NextConfig = {
     eslint: {
         ignoreDuringBuilds: true
     },
-    output: "standalone",
-   
+    output: "standalone"
 };
 
 export default withNextIntl(nextConfig);
diff --git a/server/lib/config.ts b/server/lib/config.ts
index 6cd3413e..f71cfd51 100644
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -6,6 +6,7 @@ import { eq } from "drizzle-orm";
 import { configSchema, readConfigFile } from "./readConfigFile";
 import { fromError } from "zod-validation-error";
 import { build } from "@server/build";
+import { pullEnv } from "@app/lib/pullEnv";
 
 export class Config {
     private rawConfig!: z.infer<typeof configSchema>;
@@ -149,6 +150,7 @@ export class Config {
 
     public async checkSupporterKey() {
         const [key] = await db.select().from(supporterKey).limit(1);
+        const env = pullEnv();
 
         if (!key) {
             return;
@@ -158,7 +160,7 @@ export class Config {
 
         try {
             const response = await fetch(
-                "https://api.fossorial.io/api/v1/license/validate",
+                `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license/validate`,
                 {
                     method: "POST",
                     headers: {
diff --git a/server/private/routers/generatedLicense/generateNewLicense.ts b/server/private/routers/generatedLicense/generateNewLicense.ts
index 56d65a50..dfbaaa89 100644
--- a/server/private/routers/generatedLicense/generateNewLicense.ts
+++ b/server/private/routers/generatedLicense/generateNewLicense.ts
@@ -18,11 +18,13 @@ import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
 import privateConfig from "#private/lib/config";
 import { GenerateNewLicenseResponse } from "@server/routers/generatedLicense/types";
+import { pullEnv } from "@app/lib/pullEnv";
 
 async function createNewLicense(orgId: string, licenseData: any): Promise<any> {
     try {
+        const env = pullEnv();
         const response = await fetch(
-            `https://api.fossorial.io/api/v1/license-internal/enterprise/${orgId}/create`,
+            `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license-internal/enterprise/${orgId}/create`,
             {
                 method: "PUT",
                 headers: {
@@ -37,7 +39,7 @@ async function createNewLicense(orgId: string, licenseData: any): Promise<any> {
 
         const data = await response.json();
 
-        logger.debug("Fossorial API response:", {data});
+        logger.debug("Fossorial API response:", { data });
         return data;
     } catch (error) {
         console.error("Error creating new license:", error);
diff --git a/server/private/routers/generatedLicense/listGeneratedLicenses.ts b/server/private/routers/generatedLicense/listGeneratedLicenses.ts
index f8da1b5a..839c8a2c 100644
--- a/server/private/routers/generatedLicense/listGeneratedLicenses.ts
+++ b/server/private/routers/generatedLicense/listGeneratedLicenses.ts
@@ -17,12 +17,17 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
 import privateConfig from "#private/lib/config";
-import { GeneratedLicenseKey, ListGeneratedLicenseKeysResponse } from "@server/routers/generatedLicense/types";
+import {
+    GeneratedLicenseKey,
+    ListGeneratedLicenseKeysResponse
+} from "@server/routers/generatedLicense/types";
+import { pullEnv } from "@app/lib/pullEnv";
 
 async function fetchLicenseKeys(orgId: string): Promise<any> {
     try {
+        const env = pullEnv();
         const response = await fetch(
-            `https://api.fossorial.io/api/v1/license-internal/enterprise/${orgId}/list`,
+            `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license-internal/enterprise/${orgId}/list`,
             {
                 method: "GET",
                 headers: {
diff --git a/server/routers/supporterKey/validateSupporterKey.ts b/server/routers/supporterKey/validateSupporterKey.ts
index 9d949fb5..82315017 100644
--- a/server/routers/supporterKey/validateSupporterKey.ts
+++ b/server/routers/supporterKey/validateSupporterKey.ts
@@ -10,6 +10,7 @@ import { supporterKey } from "@server/db";
 import { db } from "@server/db";
 import { eq } from "drizzle-orm";
 import config from "@server/lib/config";
+import { pullEnv } from "@app/lib/pullEnv";
 
 const validateSupporterKeySchema = z
     .object({
@@ -31,6 +32,7 @@ export async function validateSupporterKey(
     next: NextFunction
 ): Promise<any> {
     try {
+        const env = pullEnv();
         const parsedBody = validateSupporterKeySchema.safeParse(req.body);
         if (!parsedBody.success) {
             return next(
@@ -44,7 +46,7 @@ export async function validateSupporterKey(
         const { githubUsername, key } = parsedBody.data;
 
         const response = await fetch(
-            "https://api.fossorial.io/api/v1/license/validate",
+            `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license/validate`,
             {
                 method: "POST",
                 headers: {
diff --git a/src/lib/pullEnv.ts b/src/lib/pullEnv.ts
index c55f06fe..7e5a0dc4 100644
--- a/src/lib/pullEnv.ts
+++ b/src/lib/pullEnv.ts
@@ -1,105 +1,169 @@
+import z from "zod";
 import { Env } from "./types/env";
 
+const envSchema = z.object({
+    // Server configuration
+    NEXT_PORT: z.string(),
+    SERVER_EXTERNAL_PORT: z.string(),
+    SESSION_COOKIE_NAME: z.string(),
+    RESOURCE_ACCESS_TOKEN_PARAM: z.string(),
+    RESOURCE_SESSION_REQUEST_PARAM: z.string(),
+    RESOURCE_ACCESS_TOKEN_HEADERS_ID: z.string(),
+    RESOURCE_ACCESS_TOKEN_HEADERS_TOKEN: z.string(),
+    REO_CLIENT_ID: z.string().optional(),
+    MAXMIND_DB_PATH: z.string().optional(),
+
+    // App configuration
+    ENVIRONMENT: z.string(),
+    SANDBOX_MODE: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    APP_VERSION: z.string(),
+    DASHBOARD_URL: z.string(),
+    NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL: z
+        .string()
+        .url()
+        .default("https://api.fossorial.io")
+        .transform((url) => url.replace(/(.*)\/?$/, "$1")),
+
+    // Email configuration
+    EMAIL_ENABLED: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+
+    // Feature flags
+    DISABLE_USER_CREATE_ORG: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    DISABLE_SIGNUP_WITHOUT_INVITE: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    FLAGS_EMAIL_VERIFICATION_REQUIRED: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    FLAGS_ALLOW_RAW_RESOURCES: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    FLAGS_DISABLE_LOCAL_SITES: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    FLAGS_DISABLE_BASIC_WIREGUARD_SITES: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    FLAGS_ENABLE_CLIENTS: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    HIDE_SUPPORTER_KEY: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+    USE_PANGOLIN_DNS: z
+        .string()
+        .default("false")
+        .transform((val) => val === "true"),
+
+    // Branding configuration (all optional)
+    BRANDING_APP_NAME: z.string().optional(),
+    BACKGROUND_IMAGE_PATH: z.string().optional(),
+    BRANDING_LOGO_LIGHT_PATH: z.string().optional(),
+    BRANDING_LOGO_DARK_PATH: z.string().optional(),
+    BRANDING_LOGO_AUTH_WIDTH: z.coerce.number().optional(),
+    BRANDING_LOGO_AUTH_HEIGHT: z.coerce.number().optional(),
+    BRANDING_LOGO_NAVBAR_WIDTH: z.coerce.number().optional(),
+    BRANDING_LOGO_NAVBAR_HEIGHT: z.coerce.number().optional(),
+    LOGIN_PAGE_TITLE_TEXT: z.string().optional(),
+    LOGIN_PAGE_SUBTITLE_TEXT: z.string().optional(),
+    SIGNUP_PAGE_TITLE_TEXT: z.string().optional(),
+    SIGNUP_PAGE_SUBTITLE_TEXT: z.string().optional(),
+    RESOURCE_AUTH_PAGE_SHOW_LOGO: z
+        .string()
+        .transform((val) => val === "true")
+        .optional(),
+    RESOURCE_AUTH_PAGE_HIDE_POWERED_BY: z
+        .string()
+        .transform((val) => val === "true")
+        .optional(),
+    RESOURCE_AUTH_PAGE_TITLE_TEXT: z.string().optional(),
+    RESOURCE_AUTH_PAGE_SUBTITLE_TEXT: z.string().optional(),
+    BRANDING_FOOTER: z.string().optional()
+});
+
 export function pullEnv(): Env {
+    const env = envSchema.parse(process.env);
+
     return {
         server: {
-            nextPort: process.env.NEXT_PORT as string,
-            externalPort: process.env.SERVER_EXTERNAL_PORT as string,
-            sessionCookieName: process.env.SESSION_COOKIE_NAME as string,
-            resourceAccessTokenParam: process.env
-                .RESOURCE_ACCESS_TOKEN_PARAM as string,
-            resourceSessionRequestParam: process.env
-                .RESOURCE_SESSION_REQUEST_PARAM as string,
-            resourceAccessTokenHeadersId: process.env
-                .RESOURCE_ACCESS_TOKEN_HEADERS_ID as string,
-            resourceAccessTokenHeadersToken: process.env
-                .RESOURCE_ACCESS_TOKEN_HEADERS_TOKEN as string,
-            reoClientId: process.env.REO_CLIENT_ID as string,
-            maxmind_db_path: process.env.MAXMIND_DB_PATH as string
+            nextPort: env.NEXT_PORT,
+            externalPort: env.SERVER_EXTERNAL_PORT,
+            sessionCookieName: env.SESSION_COOKIE_NAME,
+            resourceAccessTokenParam: env.RESOURCE_ACCESS_TOKEN_PARAM,
+            resourceSessionRequestParam: env.RESOURCE_SESSION_REQUEST_PARAM,
+            resourceAccessTokenHeadersId: env.RESOURCE_ACCESS_TOKEN_HEADERS_ID,
+            resourceAccessTokenHeadersToken:
+                env.RESOURCE_ACCESS_TOKEN_HEADERS_TOKEN,
+            reoClientId: env.REO_CLIENT_ID,
+            maxmind_db_path: env.MAXMIND_DB_PATH
         },
         app: {
-            environment: process.env.ENVIRONMENT as string,
-            sandbox_mode: process.env.SANDBOX_MODE === "true" ? true : false,
-            version: process.env.APP_VERSION as string,
-            dashboardUrl: process.env.DASHBOARD_URL as string
+            environment: env.ENVIRONMENT,
+            sandbox_mode: env.SANDBOX_MODE,
+            version: env.APP_VERSION,
+            dashboardUrl: env.DASHBOARD_URL,
+            fossorialRemoteAPIBaseUrl: env.NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL
         },
         email: {
-            emailEnabled: process.env.EMAIL_ENABLED === "true" ? true : false
+            emailEnabled: env.EMAIL_ENABLED
         },
         flags: {
-            disableUserCreateOrg:
-                process.env.DISABLE_USER_CREATE_ORG === "true" ? true : false,
-            disableSignupWithoutInvite:
-                process.env.DISABLE_SIGNUP_WITHOUT_INVITE === "true"
-                    ? true
-                    : false,
-            emailVerificationRequired:
-                process.env.FLAGS_EMAIL_VERIFICATION_REQUIRED === "true"
-                    ? true
-                    : false,
-            allowRawResources:
-                process.env.FLAGS_ALLOW_RAW_RESOURCES === "true" ? true : false,
-            disableLocalSites:
-                process.env.FLAGS_DISABLE_LOCAL_SITES === "true" ? true : false,
-            disableBasicWireguardSites:
-                process.env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES === "true"
-                    ? true
-                    : false,
-            enableClients:
-                process.env.FLAGS_ENABLE_CLIENTS === "true" ? true : false,
-            hideSupporterKey:
-                process.env.HIDE_SUPPORTER_KEY === "true" ? true : false,
-            usePangolinDns:
-                process.env.USE_PANGOLIN_DNS === "true"
-                    ? true
-                    : false
+            disableUserCreateOrg: env.DISABLE_USER_CREATE_ORG,
+            disableSignupWithoutInvite: env.DISABLE_SIGNUP_WITHOUT_INVITE,
+            emailVerificationRequired: env.FLAGS_EMAIL_VERIFICATION_REQUIRED,
+            allowRawResources: env.FLAGS_ALLOW_RAW_RESOURCES,
+            disableLocalSites: env.FLAGS_DISABLE_LOCAL_SITES,
+            disableBasicWireguardSites: env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES,
+            enableClients: env.FLAGS_ENABLE_CLIENTS,
+            hideSupporterKey: env.HIDE_SUPPORTER_KEY,
+            usePangolinDns: env.USE_PANGOLIN_DNS
         },
-
         branding: {
-            appName: process.env.BRANDING_APP_NAME as string,
-            background_image_path: process.env.BACKGROUND_IMAGE_PATH as string,
+            appName: env.BRANDING_APP_NAME,
+            background_image_path: env.BACKGROUND_IMAGE_PATH,
             logo: {
-                lightPath: process.env.BRANDING_LOGO_LIGHT_PATH as string,
-                darkPath: process.env.BRANDING_LOGO_DARK_PATH as string,
+                lightPath: env.BRANDING_LOGO_LIGHT_PATH,
+                darkPath: env.BRANDING_LOGO_DARK_PATH,
                 authPage: {
-                    width: parseInt(
-                        process.env.BRANDING_LOGO_AUTH_WIDTH as string
-                    ),
-                    height: parseInt(
-                        process.env.BRANDING_LOGO_AUTH_HEIGHT as string
-                    )
+                    width: env.BRANDING_LOGO_AUTH_WIDTH,
+                    height: env.BRANDING_LOGO_AUTH_HEIGHT
                 },
                 navbar: {
-                    width: parseInt(
-                        process.env.BRANDING_LOGO_NAVBAR_WIDTH as string
-                    ),
-                    height: parseInt(
-                        process.env.BRANDING_LOGO_NAVBAR_HEIGHT as string
-                    )
+                    width: env.BRANDING_LOGO_NAVBAR_WIDTH,
+                    height: env.BRANDING_LOGO_NAVBAR_HEIGHT
                 }
             },
             loginPage: {
-                titleText: process.env.LOGIN_PAGE_TITLE_TEXT as string,
-                subtitleText: process.env.LOGIN_PAGE_SUBTITLE_TEXT as string
+                titleText: env.LOGIN_PAGE_TITLE_TEXT,
+                subtitleText: env.LOGIN_PAGE_SUBTITLE_TEXT
             },
             signupPage: {
-                titleText: process.env.SIGNUP_PAGE_TITLE_TEXT as string,
-                subtitleText: process.env.SIGNUP_PAGE_SUBTITLE_TEXT as string
+                titleText: env.SIGNUP_PAGE_TITLE_TEXT,
+                subtitleText: env.SIGNUP_PAGE_SUBTITLE_TEXT
             },
             resourceAuthPage: {
-                showLogo:
-                    process.env.RESOURCE_AUTH_PAGE_SHOW_LOGO === "true"
-                        ? true
-                        : false,
-                hidePoweredBy:
-                    process.env.RESOURCE_AUTH_PAGE_HIDE_POWERED_BY === "true"
-                        ? true
-                        : false,
-                titleText: process.env.RESOURCE_AUTH_PAGE_TITLE_TEXT as string,
-                subtitleText: process.env
-                    .RESOURCE_AUTH_PAGE_SUBTITLE_TEXT as string
+                showLogo: env.RESOURCE_AUTH_PAGE_SHOW_LOGO,
+                hidePoweredBy: env.RESOURCE_AUTH_PAGE_HIDE_POWERED_BY,
+                titleText: env.RESOURCE_AUTH_PAGE_TITLE_TEXT,
+                subtitleText: env.RESOURCE_AUTH_PAGE_SUBTITLE_TEXT
             },
-            footer: process.env.BRANDING_FOOTER as string
+            footer: env.BRANDING_FOOTER
         }
     };
 }
diff --git a/src/lib/types/env.ts b/src/lib/types/env.ts
index 9ded37a0..64bc8d73 100644
--- a/src/lib/types/env.ts
+++ b/src/lib/types/env.ts
@@ -4,6 +4,7 @@ export type Env = {
         sandbox_mode: boolean;
         version: string;
         dashboardUrl: string;
+        fossorialRemoteAPIBaseUrl: string;
     };
     server: {
         externalPort: string;
@@ -29,11 +30,11 @@ export type Env = {
         enableClients: boolean;
         hideSupporterKey: boolean;
         usePangolinDns: boolean;
-    },
+    };
     branding: {
         appName?: string;
         background_image_path?: string;
-        logo?: {
+        logo: {
             lightPath?: string;
             darkPath?: string;
             authPage?: {
@@ -43,22 +44,22 @@ export type Env = {
             navbar?: {
                 width?: number;
                 height?: number;
-            }
-        },
-        loginPage?: {
+            };
+        };
+        loginPage: {
             titleText?: string;
             subtitleText?: string;
-        },
-        signupPage?: {
+        };
+        signupPage: {
             titleText?: string;
             subtitleText?: string;
-        },
-        resourceAuthPage?: {
+        };
+        resourceAuthPage: {
             showLogo?: boolean;
             hidePoweredBy?: boolean;
             titleText?: string;
             subtitleText?: string;
-        },
+        };
         footer?: string;
     };
 };

From 2f1abfbef81bbbb381da821af629c57d03f85949 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 06:55:08 +0100
Subject: [PATCH 03/70] =?UTF-8?q?=F0=9F=9A=A7=20New=20version=20popup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 messages/en-US.json               |  3 +
 src/components/LayoutSidebar.tsx  | 10 ++--
 src/components/ProductUpdates.tsx | 91 ++++++++++++++++++++++++----
 src/hooks/useLocalStorage.ts      | 99 +++++++++++++++++++++++++++++++
 src/lib/api/index.ts              | 10 +++-
 src/lib/durationToMs.ts           | 13 ++++
 src/lib/queries.ts                | 38 ++++++++++++
 7 files changed, 247 insertions(+), 17 deletions(-)
 create mode 100644 src/hooks/useLocalStorage.ts
 create mode 100644 src/lib/durationToMs.ts
 create mode 100644 src/lib/queries.ts

diff --git a/messages/en-US.json b/messages/en-US.json
index 97272c6f..1b5c5e87 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1279,6 +1279,9 @@
     "settingsErrorUpdateDescription": "An error occurred while updating settings",
     "sidebarCollapse": "Collapse",
     "sidebarExpand": "Expand",
+    "pangolinUpdateAvailable": "New version available",
+    "pangolinUpdateAvailableInfo": "Version {version} is ready to install",
+    "pangolinUpdateAvailableReleaseNotes": "View release notes",
     "newtUpdateAvailable": "Update Available",
     "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
     "domainPickerEnterDomain": "Domain",
diff --git a/src/components/LayoutSidebar.tsx b/src/components/LayoutSidebar.tsx
index 29ba342b..32bae1e8 100644
--- a/src/components/LayoutSidebar.tsx
+++ b/src/components/LayoutSidebar.tsx
@@ -32,7 +32,11 @@ import {
 import { build } from "@server/build";
 import SidebarLicenseButton from "./SidebarLicenseButton";
 import { SidebarSupportButton } from "./SidebarSupportButton";
-import ProductUpdates from "./ProductUpdates";
+import dynamic from "next/dynamic";
+
+const ProductUpdates = dynamic(() => import("./ProductUpdates"), {
+    ssr: false
+});
 
 interface LayoutSidebarProps {
     orgId?: string;
@@ -135,9 +139,7 @@ export function LayoutSidebar({
             </div>
 
             <div className="p-4 flex flex-col gap-4 shrink-0">
-                <div className="mb-3">
-                    <ProductUpdates />
-                </div>
+                <ProductUpdates />
 
                 {build === "enterprise" && (
                     <div className="mb-3">
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 2c1806c5..81f1fdb4 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -1,20 +1,87 @@
 "use client";
 
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useLocalStorage } from "@app/hooks/useLocalStorage";
+import { cn } from "@app/lib/cn";
+import { versionsQueries } from "@app/lib/queries";
 import { useQuery } from "@tanstack/react-query";
+import { ArrowRight, BellIcon, XIcon } from "lucide-react";
+import { useTranslations } from "next-intl";
+import { useState } from "react";
 
-interface ProductUpdatesSectionProps {}
+interface ProductUpdatesProps {}
 
-const data = {};
-
-export default function ProductUpdates({}: ProductUpdatesSectionProps) {
-    const versions = useQuery({
-        queryKey: []
-    });
+export default function ProductUpdates({}: ProductUpdatesProps) {
     return (
-        <>
-            <small className="text-xs text-muted-foreground flex items-center gap-2">
-                3 more updates
-            </small>
-        </>
+        <div className="flex flex-col gap-1">
+            {/* <small className="text-xs text-muted-foreground flex items-center gap-1">
+                <BellIcon className="flex-none size-3" />
+                <span>3 more updates</span>
+            </small> */}
+            <NewVersionAvailable />
+        </div>
+    );
+}
+
+function NewVersionAvailable() {
+    const { env } = useEnvContext();
+    const t = useTranslations();
+    const { data: version } = useQuery(versionsQueries.latestVersion());
+
+    const [ignoredVersionUpdate, setIgnoredVersionUpdate] = useLocalStorage<
+        string | null
+    >("ignored-version", null);
+
+    const showNewVersionPopup =
+        version?.data &&
+        ignoredVersionUpdate !== version.data.pangolin.latestVersion;
+
+    return (
+        <div
+            className={cn(
+                "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
+                "transition duration-500",
+                "opacity-0 h-0 pointer-events-none",
+                showNewVersionPopup && "opacity-100 h-full pointer-events-auto"
+            )}
+        >
+            {version?.data && (
+                <>
+                    <div className="rounded-md bg-muted-foreground/20 p-2">
+                        <BellIcon className="flex-none size-4" />
+                    </div>
+                    <div className="flex flex-col gap-2">
+                        <p className="font-medium">
+                            {t("pangolinUpdateAvailable")}
+                        </p>
+                        <small className="text-muted-foreground">
+                            {t("pangolinUpdateAvailableInfo", {
+                                version: version.data.pangolin.latestVersion
+                            })}
+                        </small>
+                        <a
+                            href={version?.data?.pangolin.releaseNotes}
+                            target="_blank"
+                            className="inline-flex items-center gap-0.5 text-xs font-medium"
+                        >
+                            <span>
+                                {t("pangolinUpdateAvailableReleaseNotes")}
+                            </span>
+                            <ArrowRight className="flex-none size-3" />
+                        </a>
+                    </div>
+                    <button
+                        className="p-1 cursor-pointer"
+                        onClick={() =>
+                            setIgnoredVersionUpdate(
+                                version?.data?.pangolin.latestVersion ?? null
+                            )
+                        }
+                    >
+                        <XIcon className="size-4 flex-none" />
+                    </button>
+                </>
+            )}
+        </div>
     );
 }
diff --git a/src/hooks/useLocalStorage.ts b/src/hooks/useLocalStorage.ts
new file mode 100644
index 00000000..e7fdc353
--- /dev/null
+++ b/src/hooks/useLocalStorage.ts
@@ -0,0 +1,99 @@
+import {
+    useState,
+    useEffect,
+    useCallback,
+    Dispatch,
+    SetStateAction
+} from "react";
+
+type SetValue<T> = Dispatch<SetStateAction<T>>;
+
+export function useLocalStorage<T>(
+    key: string,
+    initialValue: T
+): [T, SetValue<T>] {
+    // Get initial value from localStorage or use the provided initial value
+    const readValue = useCallback((): T => {
+        // Prevent build error "window is undefined" during SSR
+        if (typeof window === "undefined") {
+            return initialValue;
+        }
+
+        try {
+            const item = window.localStorage.getItem(key);
+            return item ? (JSON.parse(item) as T) : initialValue;
+        } catch (error) {
+            console.warn(`Error reading localStorage key "${key}":`, error);
+            return initialValue;
+        }
+    }, [initialValue, key]);
+
+    // State to store our value
+    const [storedValue, setStoredValue] = useState<T>(readValue);
+
+    // Return a wrapped version of useState's setter function that
+    // persists the new value to localStorage
+    const setValue: SetValue<T> = useCallback(
+        (value) => {
+            // Prevent build error "window is undefined" during SSR
+            if (typeof window === "undefined") {
+                console.warn(
+                    `Tried setting localStorage key "${key}" even though environment is not a client`
+                );
+            }
+
+            try {
+                // Allow value to be a function so we have the same API as useState
+                const newValue =
+                    value instanceof Function ? value(storedValue) : value;
+
+                // Save to local storage
+                window.localStorage.setItem(key, JSON.stringify(newValue));
+
+                // Save state
+                setStoredValue(newValue);
+
+                // Dispatch a custom event so every useLocalStorage hook is notified
+                window.dispatchEvent(new Event("local-storage"));
+            } catch (error) {
+                console.warn(`Error setting localStorage key "${key}":`, error);
+            }
+        },
+        [key, storedValue]
+    );
+
+    // Listen for changes to this key from other tabs/windows
+    useEffect(() => {
+        const handleStorageChange = (e: StorageEvent) => {
+            if (e.key === key && e.newValue !== null) {
+                try {
+                    setStoredValue(JSON.parse(e.newValue));
+                } catch (error) {
+                    console.warn(
+                        `Error parsing localStorage value for key "${key}":`,
+                        error
+                    );
+                }
+            }
+        };
+
+        // Listen for storage events (changes from other tabs)
+        window.addEventListener("storage", handleStorageChange);
+
+        // Listen for custom event (changes from same tab)
+        const handleLocalStorageChange = () => {
+            setStoredValue(readValue());
+        };
+        window.addEventListener("local-storage", handleLocalStorageChange);
+
+        return () => {
+            window.removeEventListener("storage", handleStorageChange);
+            window.removeEventListener(
+                "local-storage",
+                handleLocalStorageChange
+            );
+        };
+    }, [key, readValue]);
+
+    return [storedValue, setValue];
+}
diff --git a/src/lib/api/index.ts b/src/lib/api/index.ts
index 5cef9f0e..a75d3abe 100644
--- a/src/lib/api/index.ts
+++ b/src/lib/api/index.ts
@@ -51,6 +51,15 @@ export const internal = axios.create({
     }
 });
 
+export const remote = axios.create({
+    baseURL: `${process.env.NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL}/api/v1`,
+    timeout: 10000,
+    headers: {
+        "Content-Type": "application/json",
+        "X-CSRF-Token": "x-csrf-protection"
+    }
+});
+
 export const priv = axios.create({
     baseURL: `http://localhost:${process.env.SERVER_INTERNAL_PORT}/api/v1`,
     timeout: 10000,
@@ -60,4 +69,3 @@ export const priv = axios.create({
 });
 
 export * from "./formatAxiosError";
-
diff --git a/src/lib/durationToMs.ts b/src/lib/durationToMs.ts
new file mode 100644
index 00000000..172bae15
--- /dev/null
+++ b/src/lib/durationToMs.ts
@@ -0,0 +1,13 @@
+export function durationToMs(
+    value: number,
+    unit: "seconds" | "minutes" | "hours" | "days" | "weeks"
+): number {
+    const multipliers = {
+        seconds: 1000,
+        minutes: 60 * 1000,
+        hours: 60 * 60 * 1000,
+        days: 24 * 60 * 60 * 1000,
+        weeks: 7 * 24 * 60 * 60 * 1000
+    };
+    return value * multipliers[unit];
+}
diff --git a/src/lib/queries.ts b/src/lib/queries.ts
new file mode 100644
index 00000000..37ec0e76
--- /dev/null
+++ b/src/lib/queries.ts
@@ -0,0 +1,38 @@
+import {
+    type InfiniteData,
+    type QueryClient,
+    keepPreviousData,
+    queryOptions,
+    type skipToken
+} from "@tanstack/react-query";
+import { durationToMs } from "./durationToMs";
+import { build } from "@server/build";
+import { remote } from "./api";
+import type ResponseT from "@server/types/Response";
+
+export const versionsQueries = {
+    latestVersion: () =>
+        queryOptions({
+            queryKey: ["LATEST_VERSION"] as const,
+            queryFn: async ({ signal }) => {
+                const data = await remote.get<
+                    ResponseT<{
+                        pangolin: {
+                            latestVersion: string;
+                            releaseNotes: string;
+                        };
+                    }>
+                >("/latest-version");
+                return data.data;
+            },
+            placeholderData: keepPreviousData,
+            refetchInterval: (query) => {
+                if (query.state.data) {
+                    return durationToMs(30, "minutes");
+                }
+                return false;
+            },
+            enabled: build === "oss" || build === "enterprise" // disabled in cloud version
+            // because we don't need to listen for new versions there
+        })
+};

From 162c6d567c300bbce9295bd75e0327eaf47c37a4 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 07:26:41 +0100
Subject: [PATCH 04/70] =?UTF-8?q?=E2=8F=AA=20revert=20`package.json`=20cha?=
 =?UTF-8?q?nges?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json | 55 -----------------------------------------------
 package.json      |  8 +++----
 2 files changed, 3 insertions(+), 60 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index c924f98f..448f9c18 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -41,8 +41,6 @@
                 "@simplewebauthn/browser": "^13.2.2",
                 "@simplewebauthn/server": "^13.2.2",
                 "@tailwindcss/forms": "^0.5.10",
-                "@tanstack/react-query": "^5.90.6",
-                "@tanstack/react-query-devtools": "^5.90.2",
                 "@tanstack/react-table": "8.21.3",
                 "arctic": "^3.7.0",
                 "axios": "^1.13.1",
@@ -8494,59 +8492,6 @@
                 "tailwindcss": "4.1.16"
             }
         },
-        "node_modules/@tanstack/query-core": {
-            "version": "5.90.6",
-            "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.90.6.tgz",
-            "integrity": "sha512-AnZSLF26R8uX+tqb/ivdrwbVdGemdEDm1Q19qM6pry6eOZ6bEYiY7mWhzXT1YDIPTNEVcZ5kYP9nWjoxDLiIVw==",
-            "license": "MIT",
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/sponsors/tannerlinsley"
-            }
-        },
-        "node_modules/@tanstack/query-devtools": {
-            "version": "5.90.1",
-            "resolved": "https://registry.npmjs.org/@tanstack/query-devtools/-/query-devtools-5.90.1.tgz",
-            "integrity": "sha512-GtINOPjPUH0OegJExZ70UahT9ykmAhmtNVcmtdnOZbxLwT7R5OmRztR5Ahe3/Cu7LArEmR6/588tAycuaWb1xQ==",
-            "license": "MIT",
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/sponsors/tannerlinsley"
-            }
-        },
-        "node_modules/@tanstack/react-query": {
-            "version": "5.90.6",
-            "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.90.6.tgz",
-            "integrity": "sha512-gB1sljYjcobZKxjPbKSa31FUTyr+ROaBdoH+wSSs9Dk+yDCmMs+TkTV3PybRRVLC7ax7q0erJ9LvRWnMktnRAw==",
-            "license": "MIT",
-            "dependencies": {
-                "@tanstack/query-core": "5.90.6"
-            },
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/sponsors/tannerlinsley"
-            },
-            "peerDependencies": {
-                "react": "^18 || ^19"
-            }
-        },
-        "node_modules/@tanstack/react-query-devtools": {
-            "version": "5.90.2",
-            "resolved": "https://registry.npmjs.org/@tanstack/react-query-devtools/-/react-query-devtools-5.90.2.tgz",
-            "integrity": "sha512-vAXJzZuBXtCQtrY3F/yUNJCV4obT/A/n81kb3+YqLbro5Z2+phdAbceO+deU3ywPw8B42oyJlp4FhO0SoivDFQ==",
-            "license": "MIT",
-            "dependencies": {
-                "@tanstack/query-devtools": "5.90.1"
-            },
-            "funding": {
-                "type": "github",
-                "url": "https://github.com/sponsors/tannerlinsley"
-            },
-            "peerDependencies": {
-                "@tanstack/react-query": "^5.90.2",
-                "react": "^18 || ^19"
-            }
-        },
         "node_modules/@tanstack/react-table": {
             "version": "8.21.3",
             "resolved": "https://registry.npmjs.org/@tanstack/react-table/-/react-table-8.21.3.tgz",
diff --git a/package.json b/package.json
index a33df056..be31b60f 100644
--- a/package.json
+++ b/package.json
@@ -34,7 +34,6 @@
     "dependencies": {
         "@asteasolutions/zod-to-openapi": "^7.3.4",
         "@aws-sdk/client-s3": "3.922.0",
-        "@faker-js/faker": "^10.1.0",
         "@hookform/resolvers": "5.2.2",
         "@monaco-editor/react": "^4.7.0",
         "@node-rs/argon2": "^2.0.2",
@@ -64,8 +63,6 @@
         "@simplewebauthn/browser": "^13.2.2",
         "@simplewebauthn/server": "^13.2.2",
         "@tailwindcss/forms": "^0.5.10",
-        "@tanstack/react-query": "^5.90.6",
-        "@tanstack/react-query-devtools": "^5.90.2",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",
         "axios": "^1.13.1",
@@ -132,7 +129,8 @@
         "yaml": "^2.8.1",
         "yargs": "18.0.0",
         "zod": "3.25.76",
-        "zod-validation-error": "3.5.2"
+        "zod-validation-error": "3.5.2",
+        "@faker-js/faker": "^10.1.0"
     },
     "devDependencies": {
         "@dotenvx/dotenvx": "1.51.0",
@@ -148,9 +146,9 @@
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
+        "@types/nprogress": "^0.2.3",
         "@types/node": "24.9.2",
         "@types/nodemailer": "7.0.3",
-        "@types/nprogress": "^0.2.3",
         "@types/pg": "8.15.6",
         "@types/react": "19.2.2",
         "@types/react-dom": "19.2.2",

From 44f419d4f743ef678d97466d726628218264309b Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 07:30:01 +0100
Subject: [PATCH 05/70] =?UTF-8?q?=F0=9F=92=84=20animate=20popup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 81f1fdb4..75590c84 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -7,13 +7,12 @@ import { versionsQueries } from "@app/lib/queries";
 import { useQuery } from "@tanstack/react-query";
 import { ArrowRight, BellIcon, XIcon } from "lucide-react";
 import { useTranslations } from "next-intl";
-import { useState } from "react";
 
 interface ProductUpdatesProps {}
 
 export default function ProductUpdates({}: ProductUpdatesProps) {
     return (
-        <div className="flex flex-col gap-1">
+        <div className="flex flex-col gap-1 relative z-1 overflow-clip">
             {/* <small className="text-xs text-muted-foreground flex items-center gap-1">
                 <BellIcon className="flex-none size-3" />
                 <span>3 more updates</span>
@@ -34,15 +33,16 @@ function NewVersionAvailable() {
 
     const showNewVersionPopup =
         version?.data &&
-        ignoredVersionUpdate !== version.data.pangolin.latestVersion;
+        ignoredVersionUpdate !== version.data.pangolin.latestVersion &&
+        env.app.version !== version.data.pangolin.latestVersion;
+
+    if (!showNewVersionPopup) return null;
 
     return (
         <div
             className={cn(
                 "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
-                "transition duration-500",
-                "opacity-0 h-0 pointer-events-none",
-                showNewVersionPopup && "opacity-100 h-full pointer-events-auto"
+                "animate-in slide-in-from-bottom duration-300"
             )}
         >
             {version?.data && (
@@ -60,7 +60,7 @@ function NewVersionAvailable() {
                             })}
                         </small>
                         <a
-                            href={version?.data?.pangolin.releaseNotes}
+                            href={version.data.pangolin.releaseNotes}
                             target="_blank"
                             className="inline-flex items-center gap-0.5 text-xs font-medium"
                         >
@@ -74,7 +74,7 @@ function NewVersionAvailable() {
                         className="p-1 cursor-pointer"
                         onClick={() =>
                             setIgnoredVersionUpdate(
-                                version?.data?.pangolin.latestVersion ?? null
+                                version.data?.pangolin.latestVersion ?? null
                             )
                         }
                     >

From 18566c09dc37f6ebea3b8877e15516126dc83188 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 07:32:28 +0100
Subject: [PATCH 06/70] =?UTF-8?q?=E2=9E=95=20add=20tanstack=20query?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json | 57 +++++++++++++++++++++++++++++++++++++++++++++++
 package.json      |  8 ++++---
 2 files changed, 62 insertions(+), 3 deletions(-)

diff --git a/package-lock.json b/package-lock.json
index 448f9c18..54e1dfae 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -41,6 +41,7 @@
                 "@simplewebauthn/browser": "^13.2.2",
                 "@simplewebauthn/server": "^13.2.2",
                 "@tailwindcss/forms": "^0.5.10",
+                "@tanstack/react-query": "^5.90.6",
                 "@tanstack/react-table": "8.21.3",
                 "arctic": "^3.7.0",
                 "axios": "^1.13.1",
@@ -114,6 +115,7 @@
                 "@esbuild-plugins/tsconfig-paths": "0.1.2",
                 "@react-email/preview-server": "4.3.2",
                 "@tailwindcss/postcss": "^4.1.16",
+                "@tanstack/react-query-devtools": "^5.90.2",
                 "@types/better-sqlite3": "7.6.12",
                 "@types/cookie-parser": "1.4.10",
                 "@types/cors": "2.8.19",
@@ -8492,6 +8494,61 @@
                 "tailwindcss": "4.1.16"
             }
         },
+        "node_modules/@tanstack/query-core": {
+            "version": "5.90.6",
+            "resolved": "https://registry.npmjs.org/@tanstack/query-core/-/query-core-5.90.6.tgz",
+            "integrity": "sha512-AnZSLF26R8uX+tqb/ivdrwbVdGemdEDm1Q19qM6pry6eOZ6bEYiY7mWhzXT1YDIPTNEVcZ5kYP9nWjoxDLiIVw==",
+            "license": "MIT",
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            }
+        },
+        "node_modules/@tanstack/query-devtools": {
+            "version": "5.90.1",
+            "resolved": "https://registry.npmjs.org/@tanstack/query-devtools/-/query-devtools-5.90.1.tgz",
+            "integrity": "sha512-GtINOPjPUH0OegJExZ70UahT9ykmAhmtNVcmtdnOZbxLwT7R5OmRztR5Ahe3/Cu7LArEmR6/588tAycuaWb1xQ==",
+            "dev": true,
+            "license": "MIT",
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            }
+        },
+        "node_modules/@tanstack/react-query": {
+            "version": "5.90.6",
+            "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.90.6.tgz",
+            "integrity": "sha512-gB1sljYjcobZKxjPbKSa31FUTyr+ROaBdoH+wSSs9Dk+yDCmMs+TkTV3PybRRVLC7ax7q0erJ9LvRWnMktnRAw==",
+            "license": "MIT",
+            "dependencies": {
+                "@tanstack/query-core": "5.90.6"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            },
+            "peerDependencies": {
+                "react": "^18 || ^19"
+            }
+        },
+        "node_modules/@tanstack/react-query-devtools": {
+            "version": "5.90.2",
+            "resolved": "https://registry.npmjs.org/@tanstack/react-query-devtools/-/react-query-devtools-5.90.2.tgz",
+            "integrity": "sha512-vAXJzZuBXtCQtrY3F/yUNJCV4obT/A/n81kb3+YqLbro5Z2+phdAbceO+deU3ywPw8B42oyJlp4FhO0SoivDFQ==",
+            "dev": true,
+            "license": "MIT",
+            "dependencies": {
+                "@tanstack/query-devtools": "5.90.1"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            },
+            "peerDependencies": {
+                "@tanstack/react-query": "^5.90.2",
+                "react": "^18 || ^19"
+            }
+        },
         "node_modules/@tanstack/react-table": {
             "version": "8.21.3",
             "resolved": "https://registry.npmjs.org/@tanstack/react-table/-/react-table-8.21.3.tgz",
diff --git a/package.json b/package.json
index be31b60f..cac47634 100644
--- a/package.json
+++ b/package.json
@@ -34,6 +34,7 @@
     "dependencies": {
         "@asteasolutions/zod-to-openapi": "^7.3.4",
         "@aws-sdk/client-s3": "3.922.0",
+        "@faker-js/faker": "^10.1.0",
         "@hookform/resolvers": "5.2.2",
         "@monaco-editor/react": "^4.7.0",
         "@node-rs/argon2": "^2.0.2",
@@ -63,6 +64,7 @@
         "@simplewebauthn/browser": "^13.2.2",
         "@simplewebauthn/server": "^13.2.2",
         "@tailwindcss/forms": "^0.5.10",
+        "@tanstack/react-query": "^5.90.6",
         "@tanstack/react-table": "8.21.3",
         "arctic": "^3.7.0",
         "axios": "^1.13.1",
@@ -129,14 +131,14 @@
         "yaml": "^2.8.1",
         "yargs": "18.0.0",
         "zod": "3.25.76",
-        "zod-validation-error": "3.5.2",
-        "@faker-js/faker": "^10.1.0"
+        "zod-validation-error": "3.5.2"
     },
     "devDependencies": {
         "@dotenvx/dotenvx": "1.51.0",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
         "@react-email/preview-server": "4.3.2",
         "@tailwindcss/postcss": "^4.1.16",
+        "@tanstack/react-query-devtools": "^5.90.2",
         "@types/better-sqlite3": "7.6.12",
         "@types/cookie-parser": "1.4.10",
         "@types/cors": "2.8.19",
@@ -146,9 +148,9 @@
         "@types/jmespath": "^0.15.2",
         "@types/js-yaml": "4.0.9",
         "@types/jsonwebtoken": "^9.0.10",
-        "@types/nprogress": "^0.2.3",
         "@types/node": "24.9.2",
         "@types/nodemailer": "7.0.3",
+        "@types/nprogress": "^0.2.3",
         "@types/pg": "8.15.6",
         "@types/react": "19.2.2",
         "@types/react-dom": "19.2.2",

From a247ef7564085f7c7e5468b92a98b7a7f8ca8e50 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 07:33:25 +0100
Subject: [PATCH 07/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20import=20`type`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 next.config.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/next.config.ts b/next.config.ts
index e70c4932..3f4d320b 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -1,4 +1,4 @@
-import { NextConfig } from "next";
+import type { NextConfig } from "next";
 import createNextIntlPlugin from "next-intl/plugin";
 
 import { pullEnv } from "./src/lib/pullEnv";

From b9ce3165749143b501ee13f44a5c6b002425e9d0 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 08:38:23 +0100
Subject: [PATCH 08/70] =?UTF-8?q?=F0=9F=9A=A7=20wip?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 messages/en-US.json               |  2 +
 src/components/ProductUpdates.tsx | 58 +++++++++++++++------
 src/lib/queries.ts                | 84 +++++++++++++++++++------------
 3 files changed, 98 insertions(+), 46 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 1b5c5e87..3466edf4 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1279,6 +1279,8 @@
     "settingsErrorUpdateDescription": "An error occurred while updating settings",
     "sidebarCollapse": "Collapse",
     "sidebarExpand": "Expand",
+    "productUpdateMoreInfo": "{noOfUpdates} more updates",
+    "productUpdateInfo": "{noOfUpdates} updates",
     "pangolinUpdateAvailable": "New version available",
     "pangolinUpdateAvailableInfo": "Version {version} is ready to install",
     "pangolinUpdateAvailableReleaseNotes": "View release notes",
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 75590c84..0b9e35de 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -3,29 +3,59 @@
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useLocalStorage } from "@app/hooks/useLocalStorage";
 import { cn } from "@app/lib/cn";
-import { versionsQueries } from "@app/lib/queries";
-import { useQuery } from "@tanstack/react-query";
+import { productUpdatesQueries } from "@app/lib/queries";
+import { useQueries } from "@tanstack/react-query";
 import { ArrowRight, BellIcon, XIcon } from "lucide-react";
 import { useTranslations } from "next-intl";
 
-interface ProductUpdatesProps {}
+export default function ProductUpdates() {
+    const data = useQueries({
+        queries: [
+            productUpdatesQueries.list,
+            productUpdatesQueries.latestVersion
+        ],
+        combine(result) {
+            return {
+                updates: result[0].data?.data ?? [],
+                latestVersion: result[1].data
+            };
+        }
+    });
+
+    const t = useTranslations();
 
-export default function ProductUpdates({}: ProductUpdatesProps) {
     return (
-        <div className="flex flex-col gap-1 relative z-1 overflow-clip">
-            {/* <small className="text-xs text-muted-foreground flex items-center gap-1">
-                <BellIcon className="flex-none size-3" />
-                <span>3 more updates</span>
-            </small> */}
-            <NewVersionAvailable />
+        <div className="flex flex-col gap-1 overflow-clip">
+            {data.updates.length > 0 && (
+                <small className="text-xs text-muted-foreground flex items-center gap-1">
+                    <BellIcon className="flex-none size-3" />
+                    <span>
+                        {t("productUpdateMoreInfo", {
+                            noOfUpdates: data.updates.length
+                        })}
+                    </span>
+                </small>
+            )}
+            <NewVersionAvailable version={data.latestVersion} />
         </div>
     );
 }
 
-function NewVersionAvailable() {
+type NewVersionAvailableProps = {
+    version:
+        | Awaited<
+              ReturnType<
+                  NonNullable<
+                      typeof productUpdatesQueries.latestVersion.queryFn
+                  >
+              >
+          >
+        | undefined;
+};
+
+function NewVersionAvailable({ version }: NewVersionAvailableProps) {
     const { env } = useEnvContext();
     const t = useTranslations();
-    const { data: version } = useQuery(versionsQueries.latestVersion());
 
     const [ignoredVersionUpdate, setIgnoredVersionUpdate] = useLocalStorage<
         string | null
@@ -33,8 +63,8 @@ function NewVersionAvailable() {
 
     const showNewVersionPopup =
         version?.data &&
-        ignoredVersionUpdate !== version.data.pangolin.latestVersion &&
-        env.app.version !== version.data.pangolin.latestVersion;
+        ignoredVersionUpdate !== version.data?.pangolin.latestVersion &&
+        env.app.version !== version.data?.pangolin.latestVersion;
 
     if (!showNewVersionPopup) return null;
 
diff --git a/src/lib/queries.ts b/src/lib/queries.ts
index 37ec0e76..9f1ca81c 100644
--- a/src/lib/queries.ts
+++ b/src/lib/queries.ts
@@ -1,38 +1,58 @@
-import {
-    type InfiniteData,
-    type QueryClient,
-    keepPreviousData,
-    queryOptions,
-    type skipToken
-} from "@tanstack/react-query";
+import { keepPreviousData, queryOptions } from "@tanstack/react-query";
 import { durationToMs } from "./durationToMs";
 import { build } from "@server/build";
 import { remote } from "./api";
 import type ResponseT from "@server/types/Response";
 
-export const versionsQueries = {
-    latestVersion: () =>
-        queryOptions({
-            queryKey: ["LATEST_VERSION"] as const,
-            queryFn: async ({ signal }) => {
-                const data = await remote.get<
-                    ResponseT<{
-                        pangolin: {
-                            latestVersion: string;
-                            releaseNotes: string;
-                        };
-                    }>
-                >("/latest-version");
-                return data.data;
-            },
-            placeholderData: keepPreviousData,
-            refetchInterval: (query) => {
-                if (query.state.data) {
-                    return durationToMs(30, "minutes");
-                }
-                return false;
-            },
-            enabled: build === "oss" || build === "enterprise" // disabled in cloud version
-            // because we don't need to listen for new versions there
-        })
+type ProductUpdate = {
+    link: string | null;
+    edition: "enterprise" | "community" | "cloud" | null;
+    id: number;
+    priority: "CRITICAL" | "IMPORTANT" | "NORMAL" | null;
+    title: string;
+    contents: string;
+    publishedAt: Date;
+    showUntil: Date;
+};
+
+export const productUpdatesQueries = {
+    list: queryOptions({
+        queryKey: ["PRODUCT_UPDATES"] as const,
+        queryFn: async ({ signal }) => {
+            const data = await remote.get<ResponseT<ProductUpdate[]>>(
+                "/product-updates",
+                { signal }
+            );
+            return data.data;
+        },
+        refetchInterval: (query) => {
+            if (query.state.data) {
+                return durationToMs(5, "minutes");
+            }
+            return false;
+        }
+    }),
+    latestVersion: queryOptions({
+        queryKey: ["LATEST_VERSION"] as const,
+        queryFn: async ({ signal }) => {
+            const data = await remote.get<
+                ResponseT<{
+                    pangolin: {
+                        latestVersion: string;
+                        releaseNotes: string;
+                    };
+                }>
+            >("/versions", { signal });
+            return data.data;
+        },
+        placeholderData: keepPreviousData,
+        refetchInterval: (query) => {
+            if (query.state.data) {
+                return durationToMs(30, "minutes");
+            }
+            return false;
+        },
+        enabled: build === "oss" || build === "enterprise" // disabled in cloud version
+        // because we don't need to listen for new versions there
+    })
 };

From 6d349693a79feff99b6a01be5a46c72ba546b81c Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 08:45:56 +0100
Subject: [PATCH 09/70] =?UTF-8?q?=F0=9F=9A=A7=20wip?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 0b9e35de..5d56892b 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -55,6 +55,9 @@ type NewVersionAvailableProps = {
 
 function NewVersionAvailable({ version }: NewVersionAvailableProps) {
     const { env } = useEnvContext();
+    console.log({
+        env
+    });
     const t = useTranslations();
 
     const [ignoredVersionUpdate, setIgnoredVersionUpdate] = useLocalStorage<

From 030f90db2ec2ac8360d874350c6900fa00a269b3 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 21:41:29 +0100
Subject: [PATCH 10/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20validate=20`env`=20v?=
 =?UTF-8?q?ariables=20only=20in=20DEV?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 next.config.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/next.config.ts b/next.config.ts
index 3f4d320b..e530fb7f 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -2,8 +2,11 @@ import type { NextConfig } from "next";
 import createNextIntlPlugin from "next-intl/plugin";
 
 import { pullEnv } from "./src/lib/pullEnv";
-// validate env variables on build and such
-pullEnv();
+
+// validate env variables on local dev
+if (process.env.NODE_ENV === "development") {
+    pullEnv();
+}
 
 const withNextIntl = createNextIntlPlugin();
 

From f371c7df81088e6011f3b713f26938228c219958 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 23:29:36 +0100
Subject: [PATCH 11/70] =?UTF-8?q?=E2=9E=95=20add=20headless/ui=20for=20bet?=
 =?UTF-8?q?ter=20enter/exit=20animations?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 package-lock.json | 166 ++++++++++++++++++++++++++++++++++++++++++++++
 package.json      |   1 +
 2 files changed, 167 insertions(+)

diff --git a/package-lock.json b/package-lock.json
index 54e1dfae..a22d552e 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -12,6 +12,7 @@
                 "@asteasolutions/zod-to-openapi": "^7.3.4",
                 "@aws-sdk/client-s3": "3.922.0",
                 "@faker-js/faker": "^10.1.0",
+                "@headlessui/react": "^2.2.9",
                 "@hookform/resolvers": "5.2.2",
                 "@monaco-editor/react": "^4.7.0",
                 "@node-rs/argon2": "^2.0.2",
@@ -3156,6 +3157,21 @@
                 "@floating-ui/utils": "^0.2.10"
             }
         },
+        "node_modules/@floating-ui/react": {
+            "version": "0.26.28",
+            "resolved": "https://registry.npmjs.org/@floating-ui/react/-/react-0.26.28.tgz",
+            "integrity": "sha512-yORQuuAtVpiRjpMhdc0wJj06b9JFjrYF4qp96j++v2NBpbi6SEGF7donUJ3TMieerQ6qVkAv1tgr7L4r5roTqw==",
+            "license": "MIT",
+            "dependencies": {
+                "@floating-ui/react-dom": "^2.1.2",
+                "@floating-ui/utils": "^0.2.8",
+                "tabbable": "^6.0.0"
+            },
+            "peerDependencies": {
+                "react": ">=16.8.0",
+                "react-dom": ">=16.8.0"
+            }
+        },
         "node_modules/@floating-ui/react-dom": {
             "version": "2.1.6",
             "resolved": "https://registry.npmjs.org/@floating-ui/react-dom/-/react-dom-2.1.6.tgz",
@@ -3235,6 +3251,26 @@
                 "tslib": "2"
             }
         },
+        "node_modules/@headlessui/react": {
+            "version": "2.2.9",
+            "resolved": "https://registry.npmjs.org/@headlessui/react/-/react-2.2.9.tgz",
+            "integrity": "sha512-Mb+Un58gwBn0/yWZfyrCh0TJyurtT+dETj7YHleylHk5od3dv2XqETPGWMyQ5/7sYN7oWdyM1u9MvC0OC8UmzQ==",
+            "license": "MIT",
+            "dependencies": {
+                "@floating-ui/react": "^0.26.16",
+                "@react-aria/focus": "^3.20.2",
+                "@react-aria/interactions": "^3.25.0",
+                "@tanstack/react-virtual": "^3.13.9",
+                "use-sync-external-store": "^1.5.0"
+            },
+            "engines": {
+                "node": ">=10"
+            },
+            "peerDependencies": {
+                "react": "^18 || ^19 || ^19.0.0-rc",
+                "react-dom": "^18 || ^19 || ^19.0.0-rc"
+            }
+        },
         "node_modules/@hexagon/base64": {
             "version": "1.1.28",
             "resolved": "https://registry.npmjs.org/@hexagon/base64/-/base64-1.1.28.tgz",
@@ -6030,6 +6066,73 @@
             "integrity": "sha512-HPwpGIzkl28mWyZqG52jiqDJ12waP11Pa1lGoiyUkIEuMLBP0oeK/C89esbXrxsky5we7dfd8U58nm0SgAWpVw==",
             "license": "MIT"
         },
+        "node_modules/@react-aria/focus": {
+            "version": "3.21.2",
+            "resolved": "https://registry.npmjs.org/@react-aria/focus/-/focus-3.21.2.tgz",
+            "integrity": "sha512-JWaCR7wJVggj+ldmM/cb/DXFg47CXR55lznJhZBh4XVqJjMKwaOOqpT5vNN7kpC1wUpXicGNuDnJDN1S/+6dhQ==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@react-aria/interactions": "^3.25.6",
+                "@react-aria/utils": "^3.31.0",
+                "@react-types/shared": "^3.32.1",
+                "@swc/helpers": "^0.5.0",
+                "clsx": "^2.0.0"
+            },
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1",
+                "react-dom": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
+            }
+        },
+        "node_modules/@react-aria/interactions": {
+            "version": "3.25.6",
+            "resolved": "https://registry.npmjs.org/@react-aria/interactions/-/interactions-3.25.6.tgz",
+            "integrity": "sha512-5UgwZmohpixwNMVkMvn9K1ceJe6TzlRlAfuYoQDUuOkk62/JVJNDLAPKIf5YMRc7d2B0rmfgaZLMtbREb0Zvkw==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@react-aria/ssr": "^3.9.10",
+                "@react-aria/utils": "^3.31.0",
+                "@react-stately/flags": "^3.1.2",
+                "@react-types/shared": "^3.32.1",
+                "@swc/helpers": "^0.5.0"
+            },
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1",
+                "react-dom": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
+            }
+        },
+        "node_modules/@react-aria/ssr": {
+            "version": "3.9.10",
+            "resolved": "https://registry.npmjs.org/@react-aria/ssr/-/ssr-3.9.10.tgz",
+            "integrity": "sha512-hvTm77Pf+pMBhuBm760Li0BVIO38jv1IBws1xFm1NoL26PU+fe+FMW5+VZWyANR6nYL65joaJKZqOdTQMkO9IQ==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@swc/helpers": "^0.5.0"
+            },
+            "engines": {
+                "node": ">= 12"
+            },
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
+            }
+        },
+        "node_modules/@react-aria/utils": {
+            "version": "3.31.0",
+            "resolved": "https://registry.npmjs.org/@react-aria/utils/-/utils-3.31.0.tgz",
+            "integrity": "sha512-ABOzCsZrWzf78ysswmguJbx3McQUja7yeGj6/vZo4JVsZNlxAN+E9rs381ExBRI0KzVo6iBTeX5De8eMZPJXig==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@react-aria/ssr": "^3.9.10",
+                "@react-stately/flags": "^3.1.2",
+                "@react-stately/utils": "^3.10.8",
+                "@react-types/shared": "^3.32.1",
+                "@swc/helpers": "^0.5.0",
+                "clsx": "^2.0.0"
+            },
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1",
+                "react-dom": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
+            }
+        },
         "node_modules/@react-email/body": {
             "version": "0.1.0",
             "resolved": "https://registry.npmjs.org/@react-email/body/-/body-0.1.0.tgz",
@@ -7318,6 +7421,36 @@
                 "react": "^18.0 || ^19.0 || ^19.0.0-rc"
             }
         },
+        "node_modules/@react-stately/flags": {
+            "version": "3.1.2",
+            "resolved": "https://registry.npmjs.org/@react-stately/flags/-/flags-3.1.2.tgz",
+            "integrity": "sha512-2HjFcZx1MyQXoPqcBGALwWWmgFVUk2TuKVIQxCbRq7fPyWXIl6VHcakCLurdtYC2Iks7zizvz0Idv48MQ38DWg==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@swc/helpers": "^0.5.0"
+            }
+        },
+        "node_modules/@react-stately/utils": {
+            "version": "3.10.8",
+            "resolved": "https://registry.npmjs.org/@react-stately/utils/-/utils-3.10.8.tgz",
+            "integrity": "sha512-SN3/h7SzRsusVQjQ4v10LaVsDc81jyyR0DD5HnsQitm/I5WDpaSr2nRHtyloPFU48jlql1XX/S04T2DLQM7Y3g==",
+            "license": "Apache-2.0",
+            "dependencies": {
+                "@swc/helpers": "^0.5.0"
+            },
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
+            }
+        },
+        "node_modules/@react-types/shared": {
+            "version": "3.32.1",
+            "resolved": "https://registry.npmjs.org/@react-types/shared/-/shared-3.32.1.tgz",
+            "integrity": "sha512-famxyD5emrGGpFuUlgOP6fVW2h/ZaF405G5KDi3zPHzyjAWys/8W6NAVJtNbkCkhedmvL0xOhvt8feGXyXaw5w==",
+            "license": "Apache-2.0",
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
+            }
+        },
         "node_modules/@rtsao/scc": {
             "version": "1.1.0",
             "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz",
@@ -8569,6 +8702,23 @@
                 "react-dom": ">=16.8"
             }
         },
+        "node_modules/@tanstack/react-virtual": {
+            "version": "3.13.12",
+            "resolved": "https://registry.npmjs.org/@tanstack/react-virtual/-/react-virtual-3.13.12.tgz",
+            "integrity": "sha512-Gd13QdxPSukP8ZrkbgS2RwoZseTTbQPLnQEn7HY/rqtM+8Zt95f7xKC7N0EsKs7aoz0WzZ+fditZux+F8EzYxA==",
+            "license": "MIT",
+            "dependencies": {
+                "@tanstack/virtual-core": "3.13.12"
+            },
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            },
+            "peerDependencies": {
+                "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
+                "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+            }
+        },
         "node_modules/@tanstack/table-core": {
             "version": "8.21.3",
             "resolved": "https://registry.npmjs.org/@tanstack/table-core/-/table-core-8.21.3.tgz",
@@ -8582,6 +8732,16 @@
                 "url": "https://github.com/sponsors/tannerlinsley"
             }
         },
+        "node_modules/@tanstack/virtual-core": {
+            "version": "3.13.12",
+            "resolved": "https://registry.npmjs.org/@tanstack/virtual-core/-/virtual-core-3.13.12.tgz",
+            "integrity": "sha512-1YBOJfRHV4sXUmWsFSf5rQor4Ss82G8dQWLRbnk3GA4jeP8hQt1hxXh0tmflpC0dz3VgEv/1+qwPyLeWkQuPFA==",
+            "license": "MIT",
+            "funding": {
+                "type": "github",
+                "url": "https://github.com/sponsors/tannerlinsley"
+            }
+        },
         "node_modules/@tybys/wasm-util": {
             "version": "0.10.1",
             "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.1.tgz",
@@ -21334,6 +21494,12 @@
                 "express": ">=4.0.0 || >=5.0.0-beta"
             }
         },
+        "node_modules/tabbable": {
+            "version": "6.3.0",
+            "resolved": "https://registry.npmjs.org/tabbable/-/tabbable-6.3.0.tgz",
+            "integrity": "sha512-EIHvdY5bPLuWForiR/AN2Bxngzpuwn1is4asboytXtpTgsArc+WmSJKVLlhdh71u7jFcryDqB2A8lQvj78MkyQ==",
+            "license": "MIT"
+        },
         "node_modules/tailwind-merge": {
             "version": "3.3.1",
             "resolved": "https://registry.npmjs.org/tailwind-merge/-/tailwind-merge-3.3.1.tgz",
diff --git a/package.json b/package.json
index cac47634..e07f5d91 100644
--- a/package.json
+++ b/package.json
@@ -35,6 +35,7 @@
         "@asteasolutions/zod-to-openapi": "^7.3.4",
         "@aws-sdk/client-s3": "3.922.0",
         "@faker-js/faker": "^10.1.0",
+        "@headlessui/react": "^2.2.9",
         "@hookform/resolvers": "5.2.2",
         "@monaco-editor/react": "^4.7.0",
         "@node-rs/argon2": "^2.0.2",

From c64b102aaa35df453cb957007cd3e57fc4125fcf Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 23:29:48 +0100
Subject: [PATCH 12/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20refactor?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/LayoutSidebar.tsx  |   2 +-
 src/components/ProductUpdates.tsx | 261 +++++++++++++++++++++---------
 src/lib/queries.ts                |   2 +-
 3 files changed, 189 insertions(+), 76 deletions(-)

diff --git a/src/components/LayoutSidebar.tsx b/src/components/LayoutSidebar.tsx
index 32bae1e8..50a0c8e8 100644
--- a/src/components/LayoutSidebar.tsx
+++ b/src/components/LayoutSidebar.tsx
@@ -139,7 +139,7 @@ export function LayoutSidebar({
             </div>
 
             <div className="p-4 flex flex-col gap-4 shrink-0">
-                <ProductUpdates />
+                <ProductUpdates isCollapsed={isSidebarCollapsed} />
 
                 {build === "enterprise" && (
                     <div className="mb-3">
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 5d56892b..b0b3530a 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -3,45 +3,159 @@
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useLocalStorage } from "@app/hooks/useLocalStorage";
 import { cn } from "@app/lib/cn";
-import { productUpdatesQueries } from "@app/lib/queries";
+import { type ProductUpdate, productUpdatesQueries } from "@app/lib/queries";
 import { useQueries } from "@tanstack/react-query";
-import { ArrowRight, BellIcon, XIcon } from "lucide-react";
+import { ArrowRight, BellIcon, ChevronRightIcon, XIcon } from "lucide-react";
 import { useTranslations } from "next-intl";
+import { Transition } from "@headlessui/react";
+import * as React from "react";
 
-export default function ProductUpdates() {
+export default function ProductUpdates({
+    isCollapsed
+}: {
+    isCollapsed?: boolean;
+}) {
     const data = useQueries({
         queries: [
             productUpdatesQueries.list,
             productUpdatesQueries.latestVersion
         ],
         combine(result) {
+            if (result[0].isLoading || result[1].isLoading) return null;
             return {
                 updates: result[0].data?.data ?? [],
                 latestVersion: result[1].data
             };
         }
     });
-
+    const { env } = useEnvContext();
     const t = useTranslations();
+    const [showMoreUpdatesText, setShowMoreUpdatesText] = React.useState(false);
+
+    // we need to delay the initial
+    React.useEffect(() => {
+        const timeout = setTimeout(() => setShowMoreUpdatesText(true), 500);
+        return () => clearTimeout(timeout);
+    }, []);
+
+    const [ignoredVersionUpdate, setIgnoredVersionUpdate] = useLocalStorage<
+        string | null
+    >("ignored-version", null);
+
+    const [showNewVersionPopup, setShowNewVersionPopup] = React.useState(true);
+
+    if (!data) return null;
+
+    // const showNewVersionPopup = Boolean(
+    //     data?.latestVersion?.data &&
+    //         ignoredVersionUpdate !==
+    //             data.latestVersion.data?.pangolin.latestVersion &&
+    //         env.app.version !== data.latestVersion.data?.pangolin.latestVersion
+    // );
 
     return (
-        <div className="flex flex-col gap-1 overflow-clip">
-            {data.updates.length > 0 && (
-                <small className="text-xs text-muted-foreground flex items-center gap-1">
-                    <BellIcon className="flex-none size-3" />
-                    <span>
-                        {t("productUpdateMoreInfo", {
-                            noOfUpdates: data.updates.length
-                        })}
-                    </span>
-                </small>
+        <div
+            className={cn(
+                "flex flex-col gap-1 overflow-clip",
+                isCollapsed && "hidden"
             )}
-            <NewVersionAvailable version={data.latestVersion} />
+        >
+            <NewVersionAvailable
+                version={data.latestVersion?.data}
+                onClose={() => {
+                    // setIgnoredVersionUpdate(
+                    //     data.latestVersion?.data?.pangolin.latestVersion ?? null
+                    // );
+                    setShowNewVersionPopup(false);
+                }}
+                show={showNewVersionPopup}
+            />
+
+            <Transition show={showMoreUpdatesText}>
+                <small
+                    className={cn(
+                        "text-xs text-muted-foreground flex items-center gap-1 mt-2",
+                        "transition ease-in duration-300 data-closed:opacity-0"
+                    )}
+                >
+                    {data.updates.length > 0 && (
+                        <>
+                            <BellIcon className="flex-none size-3" />
+                            <span>
+                                {showNewVersionPopup
+                                    ? t("productUpdateMoreInfo", {
+                                          noOfUpdates: data.updates.length
+                                      })
+                                    : t("productUpdateInfo", {
+                                          noOfUpdates: data.updates.length
+                                      })}
+                            </span>
+                        </>
+                    )}
+                </small>
+            </Transition>
+            <ProductUpdatesPopup
+                updates={data.updates}
+                show={data.updates.length > 0}
+            />
         </div>
     );
 }
 
+type ProductUpdatesPopupProps = { updates: ProductUpdate[]; show: boolean };
+
+function ProductUpdatesPopup({ updates, show }: ProductUpdatesPopupProps) {
+    const [open, setOpen] = React.useState(false);
+    const t = useTranslations();
+
+    // we need to delay the initial opening state to have an animation on `appear`
+    React.useEffect(() => {
+        if (show) {
+            requestAnimationFrame(() => setOpen(true));
+        }
+    }, [show]);
+
+    return (
+        <Transition show={open}>
+            <div
+                className={cn(
+                    "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
+                    "transition duration-300 ease-in-out",
+                    "data-closed:opacity-0 data-closed:translate-y-full"
+                )}
+            >
+                <div className="rounded-md bg-muted-foreground/20 p-2">
+                    <BellIcon className="flex-none size-4" />
+                </div>
+                <div className="flex flex-col gap-2">
+                    <p className="font-medium">What's new</p>
+                    <small
+                        className={cn(
+                            "text-muted-foreground",
+                            "overflow-hidden h-8",
+                            "[-webkit-box-orient:vertical] [-webkit-line-clamp:2] [display:-webkit-box]"
+                        )}
+                    >
+                        {updates[0].contents}
+                    </small>
+                </div>
+                <button
+                    className="p-1 cursor-pointer"
+                    onClick={() => {
+                        setOpen(false);
+                        // onClose();
+                    }}
+                >
+                    <ChevronRightIcon className="size-4 flex-none" />
+                </button>
+            </div>
+        </Transition>
+    );
+}
+
 type NewVersionAvailableProps = {
+    onClose: () => void;
+    show: boolean;
     version:
         | Awaited<
               ReturnType<
@@ -49,72 +163,71 @@ type NewVersionAvailableProps = {
                       typeof productUpdatesQueries.latestVersion.queryFn
                   >
               >
-          >
+          >["data"]
         | undefined;
 };
 
-function NewVersionAvailable({ version }: NewVersionAvailableProps) {
-    const { env } = useEnvContext();
-    console.log({
-        env
-    });
+function NewVersionAvailable({
+    version,
+    show,
+    onClose
+}: NewVersionAvailableProps) {
     const t = useTranslations();
+    const [open, setOpen] = React.useState(false);
 
-    const [ignoredVersionUpdate, setIgnoredVersionUpdate] = useLocalStorage<
-        string | null
-    >("ignored-version", null);
-
-    const showNewVersionPopup =
-        version?.data &&
-        ignoredVersionUpdate !== version.data?.pangolin.latestVersion &&
-        env.app.version !== version.data?.pangolin.latestVersion;
-
-    if (!showNewVersionPopup) return null;
+    // we need to delay the initial opening state to have an animation on `appear`
+    React.useEffect(() => {
+        if (show) {
+            requestAnimationFrame(() => setOpen(true));
+        }
+    }, [show]);
 
     return (
-        <div
-            className={cn(
-                "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
-                "animate-in slide-in-from-bottom duration-300"
-            )}
-        >
-            {version?.data && (
-                <>
-                    <div className="rounded-md bg-muted-foreground/20 p-2">
-                        <BellIcon className="flex-none size-4" />
-                    </div>
-                    <div className="flex flex-col gap-2">
-                        <p className="font-medium">
-                            {t("pangolinUpdateAvailable")}
-                        </p>
-                        <small className="text-muted-foreground">
-                            {t("pangolinUpdateAvailableInfo", {
-                                version: version.data.pangolin.latestVersion
-                            })}
-                        </small>
-                        <a
-                            href={version.data.pangolin.releaseNotes}
-                            target="_blank"
-                            className="inline-flex items-center gap-0.5 text-xs font-medium"
+        <Transition show={open}>
+            <div
+                className={cn(
+                    "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
+                    "transition duration-300 ease-in-out",
+                    "data-closed:opacity-0 data-closed:translate-y-full"
+                )}
+            >
+                {version && (
+                    <>
+                        <div className="rounded-md bg-muted-foreground/20 p-2">
+                            <BellIcon className="flex-none size-4" />
+                        </div>
+                        <div className="flex flex-col gap-2">
+                            <p className="font-medium">
+                                {t("pangolinUpdateAvailable")}
+                            </p>
+                            <small className="text-muted-foreground">
+                                {t("pangolinUpdateAvailableInfo", {
+                                    version: version.pangolin.latestVersion
+                                })}
+                            </small>
+                            <a
+                                href={version.pangolin.releaseNotes}
+                                target="_blank"
+                                className="inline-flex items-center gap-0.5 text-xs font-medium"
+                            >
+                                <span>
+                                    {t("pangolinUpdateAvailableReleaseNotes")}
+                                </span>
+                                <ArrowRight className="flex-none size-3" />
+                            </a>
+                        </div>
+                        <button
+                            className="p-1 cursor-pointer"
+                            onClick={() => {
+                                setOpen(false);
+                                onClose();
+                            }}
                         >
-                            <span>
-                                {t("pangolinUpdateAvailableReleaseNotes")}
-                            </span>
-                            <ArrowRight className="flex-none size-3" />
-                        </a>
-                    </div>
-                    <button
-                        className="p-1 cursor-pointer"
-                        onClick={() =>
-                            setIgnoredVersionUpdate(
-                                version.data?.pangolin.latestVersion ?? null
-                            )
-                        }
-                    >
-                        <XIcon className="size-4 flex-none" />
-                    </button>
-                </>
-            )}
-        </div>
+                            <XIcon className="size-4 flex-none" />
+                        </button>
+                    </>
+                )}
+            </div>
+        </Transition>
     );
 }
diff --git a/src/lib/queries.ts b/src/lib/queries.ts
index 9f1ca81c..d8e4ee89 100644
--- a/src/lib/queries.ts
+++ b/src/lib/queries.ts
@@ -4,7 +4,7 @@ import { build } from "@server/build";
 import { remote } from "./api";
 import type ResponseT from "@server/types/Response";
 
-type ProductUpdate = {
+export type ProductUpdate = {
     link: string | null;
     edition: "enterprise" | "community" | "cloud" | null;
     id: number;

From 64b87e203a1a38d47c2fd84fd691dc74d5a84d23 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 23:57:43 +0100
Subject: [PATCH 13/70] =?UTF-8?q?=F0=9F=92=84=20animate=20product=20update?=
 =?UTF-8?q?s=20&=20new=20version?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 messages/en-US.json               |   1 +
 src/components/ProductUpdates.tsx | 101 ++++++++++++++++--------------
 2 files changed, 56 insertions(+), 46 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 3466edf4..d5521aec 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1281,6 +1281,7 @@
     "sidebarExpand": "Expand",
     "productUpdateMoreInfo": "{noOfUpdates} more updates",
     "productUpdateInfo": "{noOfUpdates} updates",
+    "productUpdateWhatsNew": "What's New",
     "pangolinUpdateAvailable": "New version available",
     "pangolinUpdateAvailableInfo": "Version {version} is ready to install",
     "pangolinUpdateAvailableReleaseNotes": "View release notes",
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index b0b3530a..6243cf88 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -5,9 +5,15 @@ import { useLocalStorage } from "@app/hooks/useLocalStorage";
 import { cn } from "@app/lib/cn";
 import { type ProductUpdate, productUpdatesQueries } from "@app/lib/queries";
 import { useQueries } from "@tanstack/react-query";
-import { ArrowRight, BellIcon, ChevronRightIcon, XIcon } from "lucide-react";
+import {
+    ArrowRight,
+    BellIcon,
+    ChevronRightIcon,
+    RocketIcon,
+    XIcon
+} from "lucide-react";
 import { useTranslations } from "next-intl";
-import { Transition } from "@headlessui/react";
+import { Transition, TransitionChild } from "@headlessui/react";
 import * as React from "react";
 
 export default function ProductUpdates({
@@ -34,7 +40,7 @@ export default function ProductUpdates({
 
     // we need to delay the initial
     React.useEffect(() => {
-        const timeout = setTimeout(() => setShowMoreUpdatesText(true), 500);
+        const timeout = setTimeout(() => setShowMoreUpdatesText(true), 600);
         return () => clearTimeout(timeout);
     }, []);
 
@@ -42,62 +48,63 @@ export default function ProductUpdates({
         string | null
     >("ignored-version", null);
 
-    const [showNewVersionPopup, setShowNewVersionPopup] = React.useState(true);
-
     if (!data) return null;
 
-    // const showNewVersionPopup = Boolean(
-    //     data?.latestVersion?.data &&
-    //         ignoredVersionUpdate !==
-    //             data.latestVersion.data?.pangolin.latestVersion &&
-    //         env.app.version !== data.latestVersion.data?.pangolin.latestVersion
-    // );
+    const showNewVersionPopup = Boolean(
+        data?.latestVersion?.data &&
+            ignoredVersionUpdate !==
+                data.latestVersion.data?.pangolin.latestVersion &&
+            env.app.version !== data.latestVersion.data?.pangolin.latestVersion
+    );
 
     return (
         <div
             className={cn(
-                "flex flex-col gap-1 overflow-clip",
+                "flex flex-col gap-2 overflow-clip",
                 isCollapsed && "hidden"
             )}
         >
+            <>
+                <div className="flex flex-col gap-1">
+                    <small
+                        className={cn(
+                            "text-xs text-muted-foreground flex items-center gap-1 mt-2",
+                            showMoreUpdatesText
+                                ? "animate-in fade-in duration-300"
+                                : "opacity-0"
+                        )}
+                    >
+                        {data.updates.length > 0 && (
+                            <>
+                                <BellIcon className="flex-none size-3" />
+                                <span>
+                                    {showNewVersionPopup
+                                        ? t("productUpdateMoreInfo", {
+                                              noOfUpdates: data.updates.length
+                                          })
+                                        : t("productUpdateInfo", {
+                                              noOfUpdates: data.updates.length
+                                          })}
+                                </span>
+                            </>
+                        )}
+                    </small>
+                    <ProductUpdatesPopup
+                        updates={data.updates}
+                        show={data.updates.length > 0}
+                    />
+                </div>
+            </>
+
             <NewVersionAvailable
                 version={data.latestVersion?.data}
                 onClose={() => {
-                    // setIgnoredVersionUpdate(
-                    //     data.latestVersion?.data?.pangolin.latestVersion ?? null
-                    // );
-                    setShowNewVersionPopup(false);
+                    setIgnoredVersionUpdate(
+                        data.latestVersion?.data?.pangolin.latestVersion ?? null
+                    );
                 }}
                 show={showNewVersionPopup}
             />
-
-            <Transition show={showMoreUpdatesText}>
-                <small
-                    className={cn(
-                        "text-xs text-muted-foreground flex items-center gap-1 mt-2",
-                        "transition ease-in duration-300 data-closed:opacity-0"
-                    )}
-                >
-                    {data.updates.length > 0 && (
-                        <>
-                            <BellIcon className="flex-none size-3" />
-                            <span>
-                                {showNewVersionPopup
-                                    ? t("productUpdateMoreInfo", {
-                                          noOfUpdates: data.updates.length
-                                      })
-                                    : t("productUpdateInfo", {
-                                          noOfUpdates: data.updates.length
-                                      })}
-                            </span>
-                        </>
-                    )}
-                </small>
-            </Transition>
-            <ProductUpdatesPopup
-                updates={data.updates}
-                show={data.updates.length > 0}
-            />
         </div>
     );
 }
@@ -119,6 +126,7 @@ function ProductUpdatesPopup({ updates, show }: ProductUpdatesPopupProps) {
         <Transition show={open}>
             <div
                 className={cn(
+                    "relative z-1",
                     "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
                     "transition duration-300 ease-in-out",
                     "data-closed:opacity-0 data-closed:translate-y-full"
@@ -128,7 +136,7 @@ function ProductUpdatesPopup({ updates, show }: ProductUpdatesPopupProps) {
                     <BellIcon className="flex-none size-4" />
                 </div>
                 <div className="flex flex-col gap-2">
-                    <p className="font-medium">What's new</p>
+                    <p className="font-medium">{t("productUpdateWhatsNew")}</p>
                     <small
                         className={cn(
                             "text-muted-foreground",
@@ -186,6 +194,7 @@ function NewVersionAvailable({
         <Transition show={open}>
             <div
                 className={cn(
+                    "relative z-2",
                     "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
                     "transition duration-300 ease-in-out",
                     "data-closed:opacity-0 data-closed:translate-y-full"
@@ -194,7 +203,7 @@ function NewVersionAvailable({
                 {version && (
                     <>
                         <div className="rounded-md bg-muted-foreground/20 p-2">
-                            <BellIcon className="flex-none size-4" />
+                            <RocketIcon className="flex-none size-4" />
                         </div>
                         <div className="flex flex-col gap-2">
                             <p className="font-medium">

From 41601010f4cc063c23fcc301f1926b1a740c4664 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Wed, 5 Nov 2025 23:58:56 +0100
Subject: [PATCH 14/70] =?UTF-8?q?=F0=9F=92=A1=20comment?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 6243cf88..2fe30c75 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -38,7 +38,7 @@ export default function ProductUpdates({
     const t = useTranslations();
     const [showMoreUpdatesText, setShowMoreUpdatesText] = React.useState(false);
 
-    // we need to delay the initial
+    // we delay the small text so that the user can notice it
     React.useEffect(() => {
         const timeout = setTimeout(() => setShowMoreUpdatesText(true), 600);
         return () => clearTimeout(timeout);

From 096ca379cedf4a2ec4122ec45e5c2fde98f63ae6 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Thu, 6 Nov 2025 00:06:05 +0100
Subject: [PATCH 15/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20refactor?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 64 +++++++++++++++----------------
 1 file changed, 31 insertions(+), 33 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 2fe30c75..c8247ff8 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -13,7 +13,7 @@ import {
     XIcon
 } from "lucide-react";
 import { useTranslations } from "next-intl";
-import { Transition, TransitionChild } from "@headlessui/react";
+import { Transition } from "@headlessui/react";
 import * as React from "react";
 
 export default function ProductUpdates({
@@ -38,7 +38,7 @@ export default function ProductUpdates({
     const t = useTranslations();
     const [showMoreUpdatesText, setShowMoreUpdatesText] = React.useState(false);
 
-    // we delay the small text so that the user can notice it
+    // we delay the small text animation so that the user can notice it
     React.useEffect(() => {
         const timeout = setTimeout(() => setShowMoreUpdatesText(true), 600);
         return () => clearTimeout(timeout);
@@ -64,37 +64,35 @@ export default function ProductUpdates({
                 isCollapsed && "hidden"
             )}
         >
-            <>
-                <div className="flex flex-col gap-1">
-                    <small
-                        className={cn(
-                            "text-xs text-muted-foreground flex items-center gap-1 mt-2",
-                            showMoreUpdatesText
-                                ? "animate-in fade-in duration-300"
-                                : "opacity-0"
-                        )}
-                    >
-                        {data.updates.length > 0 && (
-                            <>
-                                <BellIcon className="flex-none size-3" />
-                                <span>
-                                    {showNewVersionPopup
-                                        ? t("productUpdateMoreInfo", {
-                                              noOfUpdates: data.updates.length
-                                          })
-                                        : t("productUpdateInfo", {
-                                              noOfUpdates: data.updates.length
-                                          })}
-                                </span>
-                            </>
-                        )}
-                    </small>
-                    <ProductUpdatesPopup
-                        updates={data.updates}
-                        show={data.updates.length > 0}
-                    />
-                </div>
-            </>
+            <div className="flex flex-col gap-1">
+                <small
+                    className={cn(
+                        "text-xs text-muted-foreground flex items-center gap-1 mt-2",
+                        showMoreUpdatesText
+                            ? "animate-in fade-in duration-300"
+                            : "opacity-0"
+                    )}
+                >
+                    {data.updates.length > 0 && (
+                        <>
+                            <BellIcon className="flex-none size-3" />
+                            <span>
+                                {showNewVersionPopup
+                                    ? t("productUpdateMoreInfo", {
+                                          noOfUpdates: data.updates.length
+                                      })
+                                    : t("productUpdateInfo", {
+                                          noOfUpdates: data.updates.length
+                                      })}
+                            </span>
+                        </>
+                    )}
+                </small>
+                <ProductUpdatesPopup
+                    updates={data.updates}
+                    show={data.updates.length > 0}
+                />
+            </div>
 
             <NewVersionAvailable
                 version={data.latestVersion?.data}

From 7a2dd3101926c11458d486c1586a2fadf8e72bd0 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Thu, 6 Nov 2025 00:16:07 +0100
Subject: [PATCH 16/70] =?UTF-8?q?=F0=9F=9A=A7=20use=20popup?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 77 +++++++++++++++++--------------
 1 file changed, 42 insertions(+), 35 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index c8247ff8..b67d324a 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -15,6 +15,7 @@ import {
 import { useTranslations } from "next-intl";
 import { Transition } from "@headlessui/react";
 import * as React from "react";
+import { Popover, PopoverContent, PopoverTrigger } from "./ui/popover";
 
 export default function ProductUpdates({
     isCollapsed
@@ -88,7 +89,7 @@ export default function ProductUpdates({
                         </>
                     )}
                 </small>
-                <ProductUpdatesPopup
+                <ProductUpdatesListPopup
                     updates={data.updates}
                     show={data.updates.length > 0}
                 />
@@ -107,9 +108,12 @@ export default function ProductUpdates({
     );
 }
 
-type ProductUpdatesPopupProps = { updates: ProductUpdate[]; show: boolean };
+type ProductUpdatesListPopupProps = { updates: ProductUpdate[]; show: boolean };
 
-function ProductUpdatesPopup({ updates, show }: ProductUpdatesPopupProps) {
+function ProductUpdatesListPopup({
+    updates,
+    show
+}: ProductUpdatesListPopupProps) {
     const [open, setOpen] = React.useState(false);
     const t = useTranslations();
 
@@ -121,41 +125,44 @@ function ProductUpdatesPopup({ updates, show }: ProductUpdatesPopupProps) {
     }, [show]);
 
     return (
-        <Transition show={open}>
-            <div
-                className={cn(
-                    "relative z-1",
-                    "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
-                    "transition duration-300 ease-in-out",
-                    "data-closed:opacity-0 data-closed:translate-y-full"
-                )}
-            >
-                <div className="rounded-md bg-muted-foreground/20 p-2">
-                    <BellIcon className="flex-none size-4" />
-                </div>
-                <div className="flex flex-col gap-2">
-                    <p className="font-medium">{t("productUpdateWhatsNew")}</p>
-                    <small
+        <Popover>
+            <Transition show={open}>
+                <PopoverTrigger asChild>
+                    <button
                         className={cn(
-                            "text-muted-foreground",
-                            "overflow-hidden h-8",
-                            "[-webkit-box-orient:vertical] [-webkit-line-clamp:2] [display:-webkit-box]"
+                            "relative z-1 cursor-pointer",
+                            "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
+                            "transition duration-300 ease-in-out",
+                            "data-closed:opacity-0 data-closed:translate-y-full"
                         )}
                     >
-                        {updates[0].contents}
-                    </small>
-                </div>
-                <button
-                    className="p-1 cursor-pointer"
-                    onClick={() => {
-                        setOpen(false);
-                        // onClose();
-                    }}
-                >
-                    <ChevronRightIcon className="size-4 flex-none" />
-                </button>
-            </div>
-        </Transition>
+                        <div className="rounded-md bg-muted-foreground/20 p-2">
+                            <BellIcon className="flex-none size-4" />
+                        </div>
+                        <div className="flex flex-col gap-2">
+                            <p className="font-medium text-start">
+                                {t("productUpdateWhatsNew")}
+                            </p>
+                            <small
+                                className={cn(
+                                    "text-start text-muted-foreground",
+                                    "overflow-hidden h-8",
+                                    "[-webkit-box-orient:vertical] [-webkit-line-clamp:2] [display:-webkit-box]"
+                                )}
+                            >
+                                {updates[0].contents}
+                            </small>
+                        </div>
+                        <div className="p-1 cursor-pointer">
+                            <ChevronRightIcon className="size-4 flex-none" />
+                        </div>
+                    </button>
+                </PopoverTrigger>
+                <PopoverContent side="right" align="end">
+                    Hello
+                </PopoverContent>
+            </Transition>
+        </Popover>
     );
 }
 

From 18757d7eb3df3d411e187840ea49c3c8fdca32d3 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Thu, 6 Nov 2025 22:42:49 +0100
Subject: [PATCH 17/70] =?UTF-8?q?=F0=9F=92=84=20show=20product=20updates?=
 =?UTF-8?q?=20list?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 messages/en-US.json               |  2 ++
 src/components/ProductUpdates.tsx | 39 +++++++++++++++++++++++--
 src/lib/timeAgoFormatter.ts       | 48 +++++++++++++++++++++++++++++++
 3 files changed, 87 insertions(+), 2 deletions(-)
 create mode 100644 src/lib/timeAgoFormatter.ts

diff --git a/messages/en-US.json b/messages/en-US.json
index d5521aec..e731009d 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1282,6 +1282,8 @@
     "productUpdateMoreInfo": "{noOfUpdates} more updates",
     "productUpdateInfo": "{noOfUpdates} updates",
     "productUpdateWhatsNew": "What's New",
+    "productUpdateTitle": "Product Updates",
+    "dismissAll": "Dismiss all",
     "pangolinUpdateAvailable": "New version available",
     "pangolinUpdateAvailableInfo": "Version {version} is ready to install",
     "pangolinUpdateAvailableReleaseNotes": "View release notes",
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index b67d324a..5df3acd8 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -16,6 +16,9 @@ import { useTranslations } from "next-intl";
 import { Transition } from "@headlessui/react";
 import * as React from "react";
 import { Popover, PopoverContent, PopoverTrigger } from "./ui/popover";
+import { Button } from "./ui/button";
+import { Badge } from "./ui/badge";
+import { timeAgoFormatter } from "@app/lib/timeAgoFormatter";
 
 export default function ProductUpdates({
     isCollapsed
@@ -158,8 +161,40 @@ function ProductUpdatesListPopup({
                         </div>
                     </button>
                 </PopoverTrigger>
-                <PopoverContent side="right" align="end">
-                    Hello
+                <PopoverContent
+                    side="right"
+                    align="end"
+                    className="p-0 flex flex-col w-80"
+                >
+                    <div className="p-3 flex justify-between border-b items-center">
+                        <span className="text-sm inline-flex gap-2 items-center font-medium">
+                            {t("productUpdateTitle")}
+                            <Badge variant="secondary">{updates.length}</Badge>
+                        </span>
+                        <Button variant="ghost">{t("dismissAll")}</Button>
+                    </div>
+                    <ol className="p-3 flex flex-col gap-1 max-h-112 overflow-y-auto">
+                        {updates.map((update) => (
+                            <li
+                                key={update.id}
+                                className="border rounded-md flex flex-col p-4 gap-2"
+                            >
+                                <h4 className="text-sm font-medium inline-flex items-start gap-1">
+                                    <span>{update.title}</span>
+                                    <Badge variant="secondary">New</Badge>
+                                </h4>
+                                <small className="text-muted-foreground">
+                                    {update.contents}
+                                </small>
+                                <time
+                                    dateTime={update.publishedAt.toLocaleString()}
+                                    className="text-xs text-muted-foreground"
+                                >
+                                    {timeAgoFormatter(update.publishedAt)}
+                                </time>
+                            </li>
+                        ))}
+                    </ol>
                 </PopoverContent>
             </Transition>
         </Popover>
diff --git a/src/lib/timeAgoFormatter.ts b/src/lib/timeAgoFormatter.ts
new file mode 100644
index 00000000..0aeff8bc
--- /dev/null
+++ b/src/lib/timeAgoFormatter.ts
@@ -0,0 +1,48 @@
+export function timeAgoFormatter(
+    dateInput: string | Date,
+    short: boolean = false
+): string {
+    const date = new Date(dateInput);
+    const now = new Date();
+    const diffInSeconds = Math.floor((now.getTime() - date.getTime()) / 1000);
+
+    const secondsInMinute = 60;
+    const secondsInHour = 60 * secondsInMinute;
+    const secondsInDay = 24 * secondsInHour;
+    const secondsInWeek = 7 * secondsInDay;
+    const secondsInMonth = 30 * secondsInDay;
+    const secondsInYear = 365 * secondsInDay;
+
+    let value: number;
+    let unit: Intl.RelativeTimeFormatUnit;
+
+    if (diffInSeconds < secondsInMinute) {
+        value = diffInSeconds;
+        unit = "second";
+    } else if (diffInSeconds < secondsInHour) {
+        value = Math.floor(diffInSeconds / secondsInMinute);
+        unit = "minute";
+    } else if (diffInSeconds < secondsInDay) {
+        value = Math.floor(diffInSeconds / secondsInHour);
+        unit = "hour";
+    } else if (diffInSeconds < secondsInWeek) {
+        value = Math.floor(diffInSeconds / secondsInDay);
+        unit = "day";
+    } else if (diffInSeconds < secondsInMonth) {
+        value = Math.floor(diffInSeconds / secondsInWeek);
+        unit = "week";
+    } else if (diffInSeconds < secondsInYear) {
+        value = Math.floor(diffInSeconds / secondsInMonth);
+        unit = "month";
+    } else {
+        value = Math.floor(diffInSeconds / secondsInYear);
+        unit = "year";
+    }
+
+    const rtf = new Intl.RelativeTimeFormat("en", {
+        numeric: "auto",
+        style: short ? "narrow" : "long"
+    });
+    const formatedValue = rtf.format(-value, unit);
+    return formatedValue === "now" ? "Just now" : formatedValue;
+}

From a62299c387e70b168ccd2427e838c5ebcaacd698 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Thu, 6 Nov 2025 23:25:53 +0100
Subject: [PATCH 18/70] =?UTF-8?q?=F0=9F=8E=A8=20prettier=20format?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ui/badge.tsx | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/src/components/ui/badge.tsx b/src/components/ui/badge.tsx
index 3bcf2bea..50ba04e0 100644
--- a/src/components/ui/badge.tsx
+++ b/src/components/ui/badge.tsx
@@ -10,7 +10,8 @@ const badgeVariants = cva(
             variant: {
                 default:
                     "border-transparent bg-primary text-primary-foreground",
-                outlinePrimary: "border-transparent bg-transparent border-primary text-primary",
+                outlinePrimary:
+                    "border-transparent bg-transparent border-primary text-primary",
                 secondary:
                     "border-transparent bg-secondary text-secondary-foreground",
                 destructive:
@@ -18,12 +19,12 @@ const badgeVariants = cva(
                 outline: "text-foreground",
                 green: "border-green-600 bg-green-500/20 text-green-700 dark:text-green-300",
                 yellow: "border-yellow-600 bg-yellow-500/20 text-yellow-700 dark:text-yellow-300",
-                red: "border-red-400 bg-red-300/20 text-red-600 dark:text-red-300",
-            },
+                red: "border-red-400 bg-red-300/20 text-red-600 dark:text-red-300"
+            }
         },
         defaultVariants: {
-            variant: "default",
-        },
+            variant: "default"
+        }
     }
 );
 

From 45fb0a4156b6de624d201e237821d900f0bfe8cd Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Thu, 6 Nov 2025 23:26:13 +0100
Subject: [PATCH 19/70] =?UTF-8?q?=F0=9F=92=84=20button=20for=20`mark=20as?=
 =?UTF-8?q?=20read`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 47 ++++++++++++++++++++++++++-----
 1 file changed, 40 insertions(+), 7 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 5df3acd8..c5f48d68 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -8,6 +8,7 @@ import { useQueries } from "@tanstack/react-query";
 import {
     ArrowRight,
     BellIcon,
+    CheckIcon,
     ChevronRightIcon,
     RocketIcon,
     XIcon
@@ -19,6 +20,12 @@ import { Popover, PopoverContent, PopoverTrigger } from "./ui/popover";
 import { Button } from "./ui/button";
 import { Badge } from "./ui/badge";
 import { timeAgoFormatter } from "@app/lib/timeAgoFormatter";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger
+} from "./ui/tooltip";
 
 export default function ProductUpdates({
     isCollapsed
@@ -164,25 +171,51 @@ function ProductUpdatesListPopup({
                 <PopoverContent
                     side="right"
                     align="end"
-                    className="p-0 flex flex-col w-80"
+                    sideOffset={10}
+                    className="p-0 flex flex-col w-85"
                 >
                     <div className="p-3 flex justify-between border-b items-center">
                         <span className="text-sm inline-flex gap-2 items-center font-medium">
                             {t("productUpdateTitle")}
                             <Badge variant="secondary">{updates.length}</Badge>
                         </span>
-                        <Button variant="ghost">{t("dismissAll")}</Button>
+                        <Button variant="outline">{t("dismissAll")}</Button>
                     </div>
                     <ol className="p-3 flex flex-col gap-1 max-h-112 overflow-y-auto">
                         {updates.map((update) => (
                             <li
                                 key={update.id}
-                                className="border rounded-md flex flex-col p-4 gap-2"
+                                className="border rounded-md flex flex-col p-4 gap-2.5 group hover:bg-accent relative"
                             >
-                                <h4 className="text-sm font-medium inline-flex items-start gap-1">
-                                    <span>{update.title}</span>
-                                    <Badge variant="secondary">New</Badge>
-                                </h4>
+                                <div className="flex justify-between gap-2 items-start">
+                                    <h4 className="text-sm font-medium inline-flex items-start gap-1">
+                                        <span>{update.title}</span>
+                                        <Badge
+                                            variant="secondary"
+                                            className="bg-black text-white dark:bg-white dark:text-black"
+                                        >
+                                            New
+                                        </Badge>
+                                    </h4>
+                                    <TooltipProvider>
+                                        <Tooltip>
+                                            <TooltipTrigger asChild>
+                                                <Button
+                                                    variant="outline"
+                                                    className="p-1 py-1 opacity-100 h-auto group-hover:opacity-100"
+                                                >
+                                                    <CheckIcon className="flex-none size-4" />
+                                                </Button>
+                                            </TooltipTrigger>
+                                            <TooltipContent
+                                                side="right"
+                                                sideOffset={8}
+                                            >
+                                                Mark as read
+                                            </TooltipContent>
+                                        </Tooltip>
+                                    </TooltipProvider>
+                                </div>
                                 <small className="text-muted-foreground">
                                     {update.contents}
                                 </small>

From f9287081565398f8281a62abfd825931fa6c54d2 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Fri, 7 Nov 2025 00:27:57 +0100
Subject: [PATCH 20/70] =?UTF-8?q?=F0=9F=92=84=20animate=20exit=20and=20mor?=
 =?UTF-8?q?e?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 207 ++++++++++++++++++------------
 src/lib/timeAgoFormatter.ts       |   5 +-
 2 files changed, 127 insertions(+), 85 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index c5f48d68..83fa32e6 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -8,7 +8,6 @@ import { useQueries } from "@tanstack/react-query";
 import {
     ArrowRight,
     BellIcon,
-    CheckIcon,
     ChevronRightIcon,
     RocketIcon,
     XIcon
@@ -57,7 +56,11 @@ export default function ProductUpdates({
 
     const [ignoredVersionUpdate, setIgnoredVersionUpdate] = useLocalStorage<
         string | null
-    >("ignored-version", null);
+    >("product-updates:skip-version", null);
+
+    const [productUpdatesRead, setProductUpdatesRead] = useLocalStorage<
+        number[]
+    >("product-updates:read", []);
 
     if (!data) return null;
 
@@ -68,6 +71,10 @@ export default function ProductUpdates({
             env.app.version !== data.latestVersion.data?.pangolin.latestVersion
     );
 
+    const filteredUpdates = data.updates.filter(
+        (update) => !productUpdatesRead.includes(update.id)
+    );
+
     return (
         <div
             className={cn(
@@ -84,30 +91,39 @@ export default function ProductUpdates({
                             : "opacity-0"
                     )}
                 >
-                    {data.updates.length > 0 && (
+                    {filteredUpdates.length > 0 && (
                         <>
                             <BellIcon className="flex-none size-3" />
                             <span>
                                 {showNewVersionPopup
                                     ? t("productUpdateMoreInfo", {
-                                          noOfUpdates: data.updates.length
+                                          noOfUpdates: filteredUpdates.length
                                       })
                                     : t("productUpdateInfo", {
-                                          noOfUpdates: data.updates.length
+                                          noOfUpdates: filteredUpdates.length
                                       })}
                             </span>
                         </>
                     )}
                 </small>
                 <ProductUpdatesListPopup
-                    updates={data.updates}
-                    show={data.updates.length > 0}
+                    updates={filteredUpdates}
+                    show={filteredUpdates.length > 0}
+                    onDimissAll={() =>
+                        setProductUpdatesRead([
+                            ...productUpdatesRead,
+                            ...filteredUpdates.map((update) => update.id)
+                        ])
+                    }
+                    onDimiss={(id) =>
+                        setProductUpdatesRead([...productUpdatesRead, id])
+                    }
                 />
             </div>
 
             <NewVersionAvailable
                 version={data.latestVersion?.data}
-                onClose={() => {
+                onDimiss={() => {
                     setIgnoredVersionUpdate(
                         data.latestVersion?.data?.pangolin.latestVersion ?? null
                     );
@@ -118,29 +134,44 @@ export default function ProductUpdates({
     );
 }
 
-type ProductUpdatesListPopupProps = { updates: ProductUpdate[]; show: boolean };
+type ProductUpdatesListPopupProps = {
+    updates: ProductUpdate[];
+    show: boolean;
+    onDimiss: (id: number) => void;
+    onDimissAll: () => void;
+};
 
 function ProductUpdatesListPopup({
     updates,
-    show
+    show,
+    onDimiss,
+    onDimissAll
 }: ProductUpdatesListPopupProps) {
-    const [open, setOpen] = React.useState(false);
+    const [showContent, setShowContent] = React.useState(false);
+    const [popoverOpen, setPopoverOpen] = React.useState(false);
     const t = useTranslations();
 
     // we need to delay the initial opening state to have an animation on `appear`
     React.useEffect(() => {
         if (show) {
-            requestAnimationFrame(() => setOpen(true));
+            requestAnimationFrame(() => setShowContent(true));
         }
     }, [show]);
 
+    React.useEffect(() => {
+        if (updates.length === 0) {
+            setShowContent(false);
+            setPopoverOpen(false);
+        }
+    }, [updates.length]);
+
     return (
-        <Popover>
-            <Transition show={open}>
+        <Popover open={popoverOpen} onOpenChange={setPopoverOpen}>
+            <Transition show={showContent}>
                 <PopoverTrigger asChild>
-                    <button
+                    <div
                         className={cn(
-                            "relative z-1 cursor-pointer",
+                            "relative z-1 cursor-pointer block",
                             "rounded-md border bg-muted p-2 py-3 w-full flex items-start gap-2 text-sm",
                             "transition duration-300 ease-in-out",
                             "data-closed:opacity-0 data-closed:translate-y-full"
@@ -160,82 +191,94 @@ function ProductUpdatesListPopup({
                                     "[-webkit-box-orient:vertical] [-webkit-line-clamp:2] [display:-webkit-box]"
                                 )}
                             >
-                                {updates[0].contents}
+                                {updates[0]?.contents}
                             </small>
                         </div>
                         <div className="p-1 cursor-pointer">
                             <ChevronRightIcon className="size-4 flex-none" />
                         </div>
-                    </button>
-                </PopoverTrigger>
-                <PopoverContent
-                    side="right"
-                    align="end"
-                    sideOffset={10}
-                    className="p-0 flex flex-col w-85"
-                >
-                    <div className="p-3 flex justify-between border-b items-center">
-                        <span className="text-sm inline-flex gap-2 items-center font-medium">
-                            {t("productUpdateTitle")}
-                            <Badge variant="secondary">{updates.length}</Badge>
-                        </span>
-                        <Button variant="outline">{t("dismissAll")}</Button>
                     </div>
-                    <ol className="p-3 flex flex-col gap-1 max-h-112 overflow-y-auto">
-                        {updates.map((update) => (
-                            <li
-                                key={update.id}
-                                className="border rounded-md flex flex-col p-4 gap-2.5 group hover:bg-accent relative"
-                            >
-                                <div className="flex justify-between gap-2 items-start">
-                                    <h4 className="text-sm font-medium inline-flex items-start gap-1">
-                                        <span>{update.title}</span>
-                                        <Badge
-                                            variant="secondary"
-                                            className="bg-black text-white dark:bg-white dark:text-black"
-                                        >
-                                            New
-                                        </Badge>
-                                    </h4>
-                                    <TooltipProvider>
-                                        <Tooltip>
-                                            <TooltipTrigger asChild>
-                                                <Button
-                                                    variant="outline"
-                                                    className="p-1 py-1 opacity-100 h-auto group-hover:opacity-100"
-                                                >
-                                                    <CheckIcon className="flex-none size-4" />
-                                                </Button>
-                                            </TooltipTrigger>
-                                            <TooltipContent
-                                                side="right"
-                                                sideOffset={8}
-                                            >
-                                                Mark as read
-                                            </TooltipContent>
-                                        </Tooltip>
-                                    </TooltipProvider>
-                                </div>
-                                <small className="text-muted-foreground">
-                                    {update.contents}
-                                </small>
-                                <time
-                                    dateTime={update.publishedAt.toLocaleString()}
-                                    className="text-xs text-muted-foreground"
-                                >
-                                    {timeAgoFormatter(update.publishedAt)}
-                                </time>
-                            </li>
-                        ))}
-                    </ol>
-                </PopoverContent>
+                </PopoverTrigger>
             </Transition>
+            <PopoverContent
+                side="right"
+                align="end"
+                sideOffset={10}
+                className="p-0 flex flex-col w-85"
+            >
+                <div className="p-3 flex justify-between border-b items-center">
+                    <span className="text-sm inline-flex gap-2 items-center font-medium">
+                        {t("productUpdateTitle")}
+                        {updates.length > 0 && (
+                            <Badge variant="secondary">{updates.length}</Badge>
+                        )}
+                    </span>
+                    <Button variant="outline" onClick={onDimissAll}>
+                        {t("dismissAll")}
+                    </Button>
+                </div>
+                <ol className="p-3 flex flex-col gap-1 max-h-112 overflow-y-auto">
+                    {updates.length === 0 && (
+                        <small className="border rounded-md flex p-4 border-dashed justify-center items-center text-muted-foreground">
+                            No updates
+                        </small>
+                    )}
+                    {updates.map((update) => (
+                        <li
+                            key={update.id}
+                            className="border rounded-md flex flex-col p-4 gap-2.5 group hover:bg-accent relative"
+                        >
+                            <div className="flex justify-between gap-2 items-start">
+                                <h4 className="text-sm font-medium inline-flex items-start gap-1">
+                                    <span>{update.title}</span>
+                                    {/* <Badge
+                                        variant="secondary"
+                                        className="bg-black text-white dark:bg-white dark:text-black"
+                                    >
+                                        {t("new")}
+                                    </Badge> */}
+                                </h4>
+                                <TooltipProvider>
+                                    <Tooltip>
+                                        <TooltipTrigger asChild>
+                                            <Button
+                                                variant="outline"
+                                                className="p-1 py-1 opacity-100 h-auto group-hover:opacity-100"
+                                                onClick={() =>
+                                                    onDimiss(update.id)
+                                                }
+                                            >
+                                                <XIcon className="flex-none size-4" />
+                                            </Button>
+                                        </TooltipTrigger>
+                                        <TooltipContent
+                                            side="right"
+                                            sideOffset={8}
+                                        >
+                                            {t("dismiss")}
+                                        </TooltipContent>
+                                    </Tooltip>
+                                </TooltipProvider>
+                            </div>
+                            <small className="text-muted-foreground">
+                                {update.contents}
+                            </small>
+                            <time
+                                dateTime={update.publishedAt.toLocaleString()}
+                                className="text-xs text-muted-foreground"
+                            >
+                                {timeAgoFormatter(update.publishedAt)}
+                            </time>
+                        </li>
+                    ))}
+                </ol>
+            </PopoverContent>
         </Popover>
     );
 }
 
 type NewVersionAvailableProps = {
-    onClose: () => void;
+    onDimiss: () => void;
     show: boolean;
     version:
         | Awaited<
@@ -251,7 +294,7 @@ type NewVersionAvailableProps = {
 function NewVersionAvailable({
     version,
     show,
-    onClose
+    onDimiss
 }: NewVersionAvailableProps) {
     const t = useTranslations();
     const [open, setOpen] = React.useState(false);
@@ -302,7 +345,7 @@ function NewVersionAvailable({
                             className="p-1 cursor-pointer"
                             onClick={() => {
                                 setOpen(false);
-                                onClose();
+                                onDimiss();
                             }}
                         >
                             <XIcon className="size-4 flex-none" />
diff --git a/src/lib/timeAgoFormatter.ts b/src/lib/timeAgoFormatter.ts
index 0aeff8bc..f6ae0175 100644
--- a/src/lib/timeAgoFormatter.ts
+++ b/src/lib/timeAgoFormatter.ts
@@ -39,10 +39,9 @@ export function timeAgoFormatter(
         unit = "year";
     }
 
-    const rtf = new Intl.RelativeTimeFormat("en", {
+    const rtf = new Intl.RelativeTimeFormat(navigator.languages[0] ?? "en", {
         numeric: "auto",
         style: short ? "narrow" : "long"
     });
-    const formatedValue = rtf.format(-value, unit);
-    return formatedValue === "now" ? "Just now" : formatedValue;
+    return rtf.format(-value, unit);
 }

From 0b70cbb1a3ad0e34108ecdd73c882b3ad1cb3d72 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Fri, 7 Nov 2025 01:10:20 +0100
Subject: [PATCH 21/70] =?UTF-8?q?=F0=9F=92=84=20show=20update=20type=20in?=
 =?UTF-8?q?=20badge?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 6 +++---
 src/lib/queries.ts                | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 83fa32e6..094acd5e 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -231,12 +231,12 @@ function ProductUpdatesListPopup({
                             <div className="flex justify-between gap-2 items-start">
                                 <h4 className="text-sm font-medium inline-flex items-start gap-1">
                                     <span>{update.title}</span>
-                                    {/* <Badge
+                                    <Badge
                                         variant="secondary"
                                         className="bg-black text-white dark:bg-white dark:text-black"
                                     >
-                                        {t("new")}
-                                    </Badge> */}
+                                        {update.type}
+                                    </Badge>
                                 </h4>
                                 <TooltipProvider>
                                     <Tooltip>
diff --git a/src/lib/queries.ts b/src/lib/queries.ts
index d8e4ee89..53aaeee7 100644
--- a/src/lib/queries.ts
+++ b/src/lib/queries.ts
@@ -8,7 +8,7 @@ export type ProductUpdate = {
     link: string | null;
     edition: "enterprise" | "community" | "cloud" | null;
     id: number;
-    priority: "CRITICAL" | "IMPORTANT" | "NORMAL" | null;
+    type: "Update" | "Important" | "New";
     title: string;
     contents: string;
     publishedAt: Date;

From ea744f8d284b4dadff65c54031f95af2145934c6 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Fri, 7 Nov 2025 01:14:05 +0100
Subject: [PATCH 22/70] =?UTF-8?q?=F0=9F=92=84=20show=20update=20type?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 094acd5e..6d8a39f6 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -232,8 +232,15 @@ function ProductUpdatesListPopup({
                                 <h4 className="text-sm font-medium inline-flex items-start gap-1">
                                     <span>{update.title}</span>
                                     <Badge
-                                        variant="secondary"
-                                        className="bg-black text-white dark:bg-white dark:text-black"
+                                        variant={
+                                            update.type === "Important"
+                                                ? "yellow"
+                                                : "secondary"
+                                        }
+                                        className={cn(
+                                            update.type === "New" &&
+                                                "bg-black text-white dark:bg-white dark:text-black"
+                                        )}
                                     >
                                         {update.type}
                                     </Badge>

From 9f9aa07c2d8a2bc37edfadef2f7ba38d43bff4c2 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 24 Oct 2025 23:36:20 +0530
Subject: [PATCH 23/70] Option to regenerate remote-nodes keys

---
 server/private/routers/external.ts            |   8 +
 .../private/routers/remoteExitNode/index.ts   |   1 +
 .../remoteExitNode/updateRemoteExitNode.ts    | 106 +++++++++++
 server/routers/remoteExitNode/types.ts        |   5 +
 .../remote-exit-nodes/ExitNodesTable.tsx      |   9 +
 .../[remoteExitNodeId]/general/page.tsx       | 170 +++++++++++++++++-
 .../[remoteExitNodeId]/layout.tsx             |  14 +-
 src/components/ExitNodeInfoCard.tsx           |  52 ++++++
 src/hooks/useRemoteExitNodeContext.ts         |   6 +-
 9 files changed, 368 insertions(+), 3 deletions(-)
 create mode 100644 server/private/routers/remoteExitNode/updateRemoteExitNode.ts
 create mode 100644 src/components/ExitNodeInfoCard.tsx

diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 00ad117f..8e2b2bbc 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -236,6 +236,14 @@ authenticated.put(
     remoteExitNode.createRemoteExitNode
 );
 
+authenticated.put(
+    "/org/:orgId/update-remote-exit-node",
+    verifyValidLicense,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
+    remoteExitNode.updateRemoteExitNode
+);
+
 authenticated.get(
     "/org/:orgId/remote-exit-nodes",
     verifyValidLicense,
diff --git a/server/private/routers/remoteExitNode/index.ts b/server/private/routers/remoteExitNode/index.ts
index 2a04f9d9..a30e204c 100644
--- a/server/private/routers/remoteExitNode/index.ts
+++ b/server/private/routers/remoteExitNode/index.ts
@@ -21,3 +21,4 @@ export * from "./deleteRemoteExitNode";
 export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
+export * from "./updateRemoteExitNode"
diff --git a/server/private/routers/remoteExitNode/updateRemoteExitNode.ts b/server/private/routers/remoteExitNode/updateRemoteExitNode.ts
new file mode 100644
index 00000000..9de017f8
--- /dev/null
+++ b/server/private/routers/remoteExitNode/updateRemoteExitNode.ts
@@ -0,0 +1,106 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
+import { NextFunction, Request, Response } from "express";
+import { db, exitNodes, exitNodeOrgs, ExitNode, ExitNodeOrg } from "@server/db";
+import HttpCode from "@server/types/HttpCode";
+import { z } from "zod";
+import { remoteExitNodes } from "@server/db";
+import createHttpError from "http-errors";
+import response from "@server/lib/response";
+import { fromError } from "zod-validation-error";
+import { hashPassword } from "@server/auth/password";
+import logger from "@server/logger";
+import { and, eq } from "drizzle-orm";
+import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
+import { paramsSchema } from "./createRemoteExitNode";
+
+const bodySchema = z
+    .object({
+        remoteExitNodeId: z.string().length(15),
+        secret: z.string().length(48)
+    })
+    .strict();
+
+export async function updateRemoteExitNode(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const parsedBody = bodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { remoteExitNodeId, secret } = parsedBody.data;
+
+        if (req.user && !req.userOrgRoleId) {
+            return next(
+                createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
+            );
+        }
+
+        const [existingRemoteExitNode] = await db
+            .select()
+            .from(remoteExitNodes)
+            .where(eq(remoteExitNodes.remoteExitNodeId, remoteExitNodeId));
+
+        if (!existingRemoteExitNode) {
+            return next(
+                createHttpError(HttpCode.NOT_FOUND, "Remote Exit Node does not exist")
+            );
+        }
+
+        const secretHash = await hashPassword(secret);
+
+        await db
+            .update(remoteExitNodes)
+            .set({ secretHash })
+            .where(eq(remoteExitNodes.remoteExitNodeId, remoteExitNodeId));
+
+        return response<UpdateRemoteExitNodeResponse>(res, {
+            data: {
+                remoteExitNodeId,
+                secret,
+            },
+            success: true,
+            error: false,
+            message: "Remote Exit Node secret updated successfully",
+            status: HttpCode.OK,
+        });
+    } catch (e) {
+        logger.error("Failed to update remoteExitNode", e);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Failed to update remoteExitNode"
+            )
+        );
+    }
+}
diff --git a/server/routers/remoteExitNode/types.ts b/server/routers/remoteExitNode/types.ts
index 55d0a286..ae0c2130 100644
--- a/server/routers/remoteExitNode/types.ts
+++ b/server/routers/remoteExitNode/types.ts
@@ -6,6 +6,11 @@ export type CreateRemoteExitNodeResponse = {
     secret: string;
 };
 
+export type UpdateRemoteExitNodeResponse = {
+    remoteExitNodeId: string;
+    secret: string;
+}
+
 export type PickRemoteExitNodeDefaultsResponse = {
     remoteExitNodeId: string;
     secret: string;
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
index 6e9ab237..06da3dc5 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
@@ -232,6 +232,7 @@ export default function ExitNodesTable({
             id: "actions",
             cell: ({ row }) => {
                 const nodeRow = row.original;
+                const remoteExitNodeId = nodeRow.id;
                 return (
                     <div className="flex items-center justify-end gap-2">
                         <DropdownMenu>
@@ -242,6 +243,14 @@ export default function ExitNodesTable({
                                 </Button>
                             </DropdownMenuTrigger>
                             <DropdownMenuContent align="end">
+                                <Link
+                                    className="block w-full"
+                                    href={`/${nodeRow.orgId}/settings/remote-exit-nodes/${remoteExitNodeId}`}
+                                >
+                                    <DropdownMenuItem>
+                                        {t("viewSettings")}
+                                    </DropdownMenuItem>
+                                </Link>
                                 <DropdownMenuItem
                                     onClick={() => {
                                         setSelectedNode(nodeRow);
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
index 191ce3f3..6711177b 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
@@ -1,3 +1,171 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionBody,
+    SettingsSectionDescription,
+    SettingsSectionHeader,
+    SettingsSectionTitle
+} from "@app/components/Settings";
+import { Button } from "@app/components/ui/button";
+import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
+import { InfoIcon } from "lucide-react";
+import CopyTextBox from "@app/components/CopyTextBox";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { toast } from "@app/hooks/useToast";
+import { useParams, useRouter } from "next/navigation";
+import { AxiosResponse } from "axios";
+import { useTranslations } from "next-intl";
+import {
+    PickRemoteExitNodeDefaultsResponse,
+    QuickStartRemoteExitNodeResponse
+} from "@server/routers/remoteExitNode/types";
+import { useRemoteExitNodeContext } from "@app/hooks/useRemoteExitNodeContext";
+
 export default function GeneralPage() {
-    return <></>;
+    const { env } = useEnvContext();
+    const api = createApiClient({ env });
+    const { orgId } = useParams();
+    const router = useRouter();
+    const t = useTranslations();
+    const { remoteExitNode, updateRemoteExitNode } = useRemoteExitNodeContext();
+
+    const [credentials, setCredentials] =
+        useState<PickRemoteExitNodeDefaultsResponse | null>(null);
+    const [loading, setLoading] = useState(false);
+    const [saving, setSaving] = useState(false);
+
+    // Clear credentials when user leaves/reloads
+    useEffect(() => {
+        const clearCreds = () => setCredentials(null);
+        window.addEventListener("beforeunload", clearCreds);
+        return () => window.removeEventListener("beforeunload", clearCreds);
+    }, []);
+
+    const handleRegenerate = async () => {
+        try {
+            setLoading(true);
+            const response = await api.get<
+                AxiosResponse<PickRemoteExitNodeDefaultsResponse>
+            >(`/org/${orgId}/pick-remote-exit-node-defaults`);
+
+            setCredentials(response.data.data);
+            toast({
+                title: t("success"),
+                description: t("Credentials generated successfully."),
+            });
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: formatAxiosError(
+                    error,
+                    t("Failed to generate credentials")
+                ),
+                variant: "destructive",
+            });
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleSave = async () => {
+        if (!credentials) return;
+
+        try {
+            setSaving(true);
+
+            const response = await api.put<
+                AxiosResponse<QuickStartRemoteExitNodeResponse>
+            >(`/org/${orgId}/update-remote-exit-node`, {
+                remoteExitNodeId: remoteExitNode.remoteExitNodeId,
+                secret: credentials.secret,
+            });
+
+            toast({
+                title: t("success"),
+                description: t("Credentials saved successfully."),
+            });
+
+            // For security, clear them from UI
+            setCredentials(null);
+
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: formatAxiosError(
+                    error,
+                    t("Failed to save credentials")
+                ),
+                variant: "destructive",
+            });
+        } finally {
+            setSaving(false);
+        }
+    };
+
+    return (
+        <SettingsContainer>
+            <SettingsSection>
+                <SettingsSectionHeader>
+                    <SettingsSectionTitle>
+                        {t("Generated Credentials")}
+                    </SettingsSectionTitle>
+                    <SettingsSectionDescription>
+                        {t("Regenerate and save your managed credentials")}
+                    </SettingsSectionDescription>
+                </SettingsSectionHeader>
+
+                <SettingsSectionBody>
+                    {!credentials ? (
+                        <Button
+                            onClick={handleRegenerate}
+                            loading={loading}
+                            disabled={loading}
+                        >
+                            {t("Regenerate Credentials")}
+                        </Button>
+                    ) : (
+                        <>
+                            <CopyTextBox
+                                text={`managed:
+  id: "${remoteExitNode.remoteExitNodeId}"
+  secret: "${credentials.secret}"`}
+                            />
+
+                            <Alert variant="neutral" className="mt-4">
+                                <InfoIcon className="h-4 w-4" />
+                                <AlertTitle className="font-semibold">
+                                    {t("Copy and save these credentials")}
+                                </AlertTitle>
+                                <AlertDescription>
+                                    {t(
+                                        "These credentials will not be shown again after you leave this page. Save them securely now."
+                                    )}
+                                </AlertDescription>
+                            </Alert>
+
+                            <div className="flex justify-end mt-6 space-x-2">
+                                <Button
+                                    variant="outline"
+                                    onClick={() => setCredentials(null)}
+                                >
+                                    {t("Cancel")}
+                                </Button>
+                                <Button
+                                    onClick={handleSave}
+                                    loading={saving}
+                                    disabled={saving}
+                                >
+                                    {t("Save Credentials")}
+                                </Button>
+                            </div>
+                        </>
+                    )}
+                </SettingsSectionBody>
+            </SettingsSection>
+        </SettingsContainer>
+    );
 }
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx
index 7a7b3611..6473999d 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx
@@ -6,6 +6,8 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { getTranslations } from "next-intl/server";
 import RemoteExitNodeProvider from "@app/providers/RemoteExitNodeProvider";
+import { HorizontalTabs } from "@app/components/HorizontalTabs";
+import ExitNodeInfoCard from "@app/components/ExitNodeInfoCard";
 
 interface SettingsLayoutProps {
     children: React.ReactNode;
@@ -31,6 +33,13 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
 
     const t = await getTranslations();
 
+    const navItems = [
+        {
+            title: t('general'),
+            href: "/{orgId}/settings/remote-exit-nodes/{remoteExitNodeId}/general"
+        }
+    ];
+
     return (
         <>
             <SettingsSectionTitle
@@ -39,7 +48,10 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
             />
 
             <RemoteExitNodeProvider remoteExitNode={remoteExitNode}>
-                <div className="space-y-6">{children}</div>
+                <div className="space-y-6">
+                    <ExitNodeInfoCard />
+                    <HorizontalTabs items={navItems}>{children}</HorizontalTabs>
+                </div>
             </RemoteExitNodeProvider>
         </>
     );
diff --git a/src/components/ExitNodeInfoCard.tsx b/src/components/ExitNodeInfoCard.tsx
new file mode 100644
index 00000000..49ae1b61
--- /dev/null
+++ b/src/components/ExitNodeInfoCard.tsx
@@ -0,0 +1,52 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
+import { InfoIcon } from "lucide-react";
+import {
+    InfoSection,
+    InfoSectionContent,
+    InfoSections,
+    InfoSectionTitle
+} from "@app/components/InfoSection";
+import { useTranslations } from "next-intl";
+import { useRemoteExitNodeContext } from "@app/hooks/useRemoteExitNodeContext";
+
+type ExitNodeInfoCardProps = {};
+
+export default function ExitNodeInfoCard({}: ExitNodeInfoCardProps) {
+    const { remoteExitNode, updateRemoteExitNode } = useRemoteExitNodeContext();
+    const t = useTranslations();
+
+    return (
+        <Alert>
+            <AlertDescription className="mt-4">
+                <InfoSections cols={2}>
+                        <>
+                            <InfoSection>
+                                <InfoSectionTitle>{t("status")}</InfoSectionTitle>
+                                <InfoSectionContent>
+                                    {remoteExitNode.online ? (
+                                        <div className="text-green-500 flex items-center space-x-2">
+                                            <div className="w-2 h-2 bg-green-500 rounded-full"></div>
+                                            <span>{t("online")}</span>
+                                        </div>
+                                    ) : (
+                                        <div className="text-neutral-500 flex items-center space-x-2">
+                                            <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
+                                            <span>{t("offline")}</span>
+                                        </div>
+                                    )}
+                                </InfoSectionContent>
+                            </InfoSection>
+                        </>
+                    <InfoSection>
+                        <InfoSectionTitle>{t("address")}</InfoSectionTitle>
+                        <InfoSectionContent>
+                            {remoteExitNode.address}
+                        </InfoSectionContent>
+                    </InfoSection>
+                </InfoSections>
+            </AlertDescription>
+        </Alert>
+    );
+}
diff --git a/src/hooks/useRemoteExitNodeContext.ts b/src/hooks/useRemoteExitNodeContext.ts
index 486147c4..6fe244c8 100644
--- a/src/hooks/useRemoteExitNodeContext.ts
+++ b/src/hooks/useRemoteExitNodeContext.ts
@@ -2,11 +2,15 @@
 
 import RemoteExitNodeContext from "@app/contexts/remoteExitNodeContext";
 import { build } from "@server/build";
+import { GetRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
 import { useContext } from "react";
 
 export function useRemoteExitNodeContext() {
     if (build == "oss") {
-        return null;
+         return {
+            remoteExitNode: {} as GetRemoteExitNodeResponse,
+            updateRemoteExitNode: () => {},
+        };
     }
     const context = useContext(RemoteExitNodeContext);
     if (context === undefined) {

From 3f38080b46bdf56cb326936b1d9c215f45148dd2 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 24 Oct 2025 23:42:25 +0530
Subject: [PATCH 24/70] fix lint

---
 server/private/routers/remoteExitNode/index.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/private/routers/remoteExitNode/index.ts b/server/private/routers/remoteExitNode/index.ts
index a30e204c..5677520d 100644
--- a/server/private/routers/remoteExitNode/index.ts
+++ b/server/private/routers/remoteExitNode/index.ts
@@ -21,4 +21,4 @@ export * from "./deleteRemoteExitNode";
 export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
-export * from "./updateRemoteExitNode"
+export * from "./updateRemoteExitNode";

From c2f607bb9ad41adc62c5d7917c800478697fd543 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 25 Oct 2025 22:42:51 +0530
Subject: [PATCH 25/70] Option to regenerate olm keys inside client

---
 messages/en-US.json                           |   8 +-
 server/routers/client/updateClient.ts         |  32 ++-
 .../[remoteExitNodeId]/general/page.tsx       |  14 +-
 .../clients/[clientId]/credentials/page.tsx   | 208 ++++++++++++++++++
 .../settings/clients/[clientId]/layout.tsx    |   4 +
 5 files changed, 255 insertions(+), 11 deletions(-)
 create mode 100644 src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 063d9efc..9b2c35f8 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2095,5 +2095,11 @@
     "selectedResources": "Selected Resources",
     "enableSelected": "Enable Selected",
     "disableSelected": "Disable Selected",
-    "checkSelectedStatus": "Check Status of Selected"
+    "checkSelectedStatus": "Check Status of Selected",
+    "savecredentials": "Save Credentials",
+    "regeneratecredentials": "Regenerate Credentials",
+    "regenerateClientCredentials": "Regenerate and save your managed credentials",
+    "generatedcredentials": "Generated Credentials",
+    "copyandsavethesecredentials": "Copy and save these credentials",
+    "copyandsavethesecredentialsdescription": "These credentials will not be shown again after you leave this page. Save them securely now."
 }
diff --git a/server/routers/client/updateClient.ts b/server/routers/client/updateClient.ts
index 884a9864..84e5f619 100644
--- a/server/routers/client/updateClient.ts
+++ b/server/routers/client/updateClient.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { Client, db, exitNodes, sites } from "@server/db";
+import { Client, db, exitNodes, olms, sites } from "@server/db";
 import { clients, clientSites } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -18,6 +18,7 @@ import {
     deletePeer as olmDeletePeer
 } from "../olm/peers";
 import { sendToExitNode } from "#dynamic/lib/exitNodes";
+import { hashPassword } from "@server/auth/password";
 
 const updateClientParamsSchema = z
     .object({
@@ -30,7 +31,10 @@ const updateClientSchema = z
         name: z.string().min(1).max(255).optional(),
         siteIds: z
             .array(z.number().int().positive())
-            .optional()
+            .optional(),
+        olmId: z.string().min(1).optional(),
+        secret: z.string().min(1).optional(),
+
     })
     .strict();
 
@@ -75,7 +79,7 @@ export async function updateClient(
             );
         }
 
-        const { name, siteIds } = parsedBody.data;
+        const { name, siteIds, olmId, secret } = parsedBody.data;
 
         const parsedParams = updateClientParamsSchema.safeParse(req.params);
         if (!parsedParams.success) {
@@ -89,6 +93,12 @@ export async function updateClient(
 
         const { clientId } = parsedParams.data;
 
+        let secretHash = undefined;
+        if (secret) {
+            secretHash = await hashPassword(secret);
+        }
+
+
         // Fetch the client to make sure it exists and the user has access to it
         const [client] = await db
             .select()
@@ -136,6 +146,22 @@ export async function updateClient(
                     .where(eq(clients.clientId, clientId));
             }
 
+            const [existingOlm] = await trx
+                .select()
+                .from(olms)
+                .where(eq(olms.clientId, clientId))
+                .limit(1);
+
+            if (existingOlm && olmId && secretHash) {
+                await trx
+                    .update(olms)
+                    .set({
+                        olmId,
+                        secretHash
+                    })
+                    .where(eq(olms.clientId, clientId));
+            }
+
             // Update site associations if provided
             // Remove sites that are no longer associated
             for (const siteId of sitesRemoved) {
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
index 6711177b..d207f0de 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
@@ -111,10 +111,10 @@ export default function GeneralPage() {
             <SettingsSection>
                 <SettingsSectionHeader>
                     <SettingsSectionTitle>
-                        {t("Generated Credentials")}
+                        {t("generatedcredentials")}
                     </SettingsSectionTitle>
                     <SettingsSectionDescription>
-                        {t("Regenerate and save your managed credentials")}
+                        {t("regenerateClientCredentials")}
                     </SettingsSectionDescription>
                 </SettingsSectionHeader>
 
@@ -125,7 +125,7 @@ export default function GeneralPage() {
                             loading={loading}
                             disabled={loading}
                         >
-                            {t("Regenerate Credentials")}
+                            {t("regeneratecredentials")}
                         </Button>
                     ) : (
                         <>
@@ -138,11 +138,11 @@ export default function GeneralPage() {
                             <Alert variant="neutral" className="mt-4">
                                 <InfoIcon className="h-4 w-4" />
                                 <AlertTitle className="font-semibold">
-                                    {t("Copy and save these credentials")}
+                                    {t("copyandsavethesecredentials")}
                                 </AlertTitle>
                                 <AlertDescription>
                                     {t(
-                                        "These credentials will not be shown again after you leave this page. Save them securely now."
+                                        "copyandsavethesecredentialsdescription"
                                     )}
                                 </AlertDescription>
                             </Alert>
@@ -152,14 +152,14 @@ export default function GeneralPage() {
                                     variant="outline"
                                     onClick={() => setCredentials(null)}
                                 >
-                                    {t("Cancel")}
+                                    {t("cancel")}
                                 </Button>
                                 <Button
                                     onClick={handleSave}
                                     loading={saving}
                                     disabled={saving}
                                 >
-                                    {t("Save Credentials")}
+                                    {t("savecredentials")}
                                 </Button>
                             </div>
                         </>
diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
new file mode 100644
index 00000000..fc86a93c
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
@@ -0,0 +1,208 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionBody,
+    SettingsSectionDescription,
+    SettingsSectionHeader,
+    SettingsSectionTitle
+} from "@app/components/Settings";
+import { Button } from "@app/components/ui/button";
+import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
+import { InfoIcon } from "lucide-react";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { toast } from "@app/hooks/useToast";
+import { useParams, useRouter } from "next/navigation";
+import { useTranslations } from "next-intl";
+import { InfoSection, InfoSectionContent, InfoSections, InfoSectionTitle } from "@app/components/InfoSection";
+import CopyToClipboard from "@app/components/CopyToClipboard";
+import { PickClientDefaultsResponse } from "@server/routers/client";
+import { useClientContext } from "@app/hooks/useClientContext";
+
+export default function GeneralPage() {
+    const { env } = useEnvContext();
+    const api = createApiClient({ env });
+    const { orgId } = useParams();
+    const router = useRouter();
+    const t = useTranslations();
+    const [olmId, setOlmId] = useState("");
+    const [olmSecret, setOlmSecret] = useState("");
+    const { client, updateClient } = useClientContext();
+
+    const [clientDefaults, setClientDefaults] =
+        useState<PickClientDefaultsResponse | null>(null);
+    const [loading, setLoading] = useState(false);
+    const [saving, setSaving] = useState(false);
+
+    // Clear credentials when user leaves/reloads
+    useEffect(() => {
+        const clearCreds = () => {
+            setOlmId("");
+            setOlmSecret("");
+        };
+        window.addEventListener("beforeunload", clearCreds);
+        return () => window.removeEventListener("beforeunload", clearCreds);
+    }, []);
+
+    const handleRegenerate = async () => {
+        try {
+            setLoading(true);
+            await api
+                .get(`/org/${orgId}/pick-client-defaults`)
+                .then((res) => {
+                    if (res && res.status === 200) {
+                        const data = res.data.data;
+
+                        setClientDefaults(data);
+
+                        const olmId = data.olmId;
+                        const olmSecret = data.olmSecret;
+                        setOlmId(olmId);
+                        setOlmSecret(olmSecret);
+
+                    }
+                });
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleSave = async () => {
+        setLoading(true);
+
+        try {
+            await api.post(`/client/${client?.clientId}`, {
+                olmId: clientDefaults?.olmId,
+                secret: clientDefaults?.olmSecret,
+            });
+
+            toast({
+                title: t("clientUpdated"),
+                description: t("clientUpdatedDescription")
+            });
+
+            router.refresh();
+        } catch (e) {
+            toast({
+                variant: "destructive",
+                title: t("clientUpdateFailed"),
+                description: formatAxiosError(
+                    e,
+                    t("clientUpdateError")
+                )
+            });
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    return (
+        <SettingsContainer>
+            <SettingsSection>
+                <SettingsSectionHeader>
+                    <SettingsSectionTitle>
+                        {t("generatedcredentials")}
+                    </SettingsSectionTitle>
+                    <SettingsSectionDescription>
+                        {t("regenerateClientCredentials")}
+                    </SettingsSectionDescription>
+                </SettingsSectionHeader>
+
+                <SettingsSectionBody>
+                    {!clientDefaults ? (
+                        <Button
+                            onClick={handleRegenerate}
+                            loading={loading}
+                            disabled={loading}
+                        >
+                            {t("regeneratecredentials")}
+                        </Button>
+                    ) : (
+                        <>
+                            <SettingsSection>
+                                <SettingsSectionHeader>
+                                    <SettingsSectionTitle>
+                                        {t("clientOlmCredentials")}
+                                    </SettingsSectionTitle>
+                                    <SettingsSectionDescription>
+                                        {t("clientOlmCredentialsDescription")}
+                                    </SettingsSectionDescription>
+                                </SettingsSectionHeader>
+                                <SettingsSectionBody>
+                                    <InfoSections cols={3}>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("olmEndpoint")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard
+                                                    text={
+                                                        env.app.dashboardUrl
+                                                    }
+                                                />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("olmId")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard
+                                                    text={olmId}
+                                                />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("olmSecretKey")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard
+                                                    text={olmSecret}
+                                                />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                    </InfoSections>
+
+                                    <Alert variant="neutral" className="mt-4">
+                                        <InfoIcon className="h-4 w-4" />
+                                        <AlertTitle className="font-semibold">
+                                            {t("copyandsavethesecredentials")}
+                                        </AlertTitle>
+                                        <AlertDescription>
+                                            {t(
+                                                "copyandsavethesecredentialsdescription"
+                                            )}
+                                        </AlertDescription>
+                                    </Alert>
+                                </SettingsSectionBody>
+                            </SettingsSection>
+
+                            <div className="flex justify-end mt-6 space-x-2">
+                                <Button
+                                    variant="outline"
+                                    onClick={() => {
+                                        setOlmId("");
+                                        setOlmSecret("");
+                                    }}
+                                >
+                                    {t("cancel")}
+                                </Button>
+                                <Button
+                                    onClick={handleSave}
+                                    loading={saving}
+                                    disabled={saving}
+                                >
+                                    {t("savecredentials")}
+                                </Button>
+                            </div>
+                        </>
+                    )}
+                </SettingsSectionBody>
+            </SettingsSection>
+        </SettingsContainer>
+    );
+}
diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
index c9c9fd14..e597f90d 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
@@ -34,6 +34,10 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
         {
             title: "General",
             href: `/{orgId}/settings/clients/{clientId}/general`
+        },
+        {
+            title: "Credentials",
+            href: `/{orgId}/settings/clients/{clientId}/credentials`
         }
     ];
 

From 42091e88cb19c31ce4d541500cc84433221a71e1 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 25 Oct 2025 23:25:18 +0530
Subject: [PATCH 26/70] rename exit node tab to credentials

---
 messages/en-US.json                                           | 1 +
 .../[remoteExitNodeId]/{general => credentials}/page.tsx      | 2 +-
 .../(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx | 4 ++--
 .../(private)/remote-exit-nodes/[remoteExitNodeId]/page.tsx   | 2 +-
 .../[orgId]/settings/clients/[clientId]/credentials/page.tsx  | 2 +-
 5 files changed, 6 insertions(+), 5 deletions(-)
 rename src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/{general => credentials}/page.tsx (99%)

diff --git a/messages/en-US.json b/messages/en-US.json
index 9b2c35f8..3f4083b1 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2096,6 +2096,7 @@
     "enableSelected": "Enable Selected",
     "disableSelected": "Disable Selected",
     "checkSelectedStatus": "Check Status of Selected",
+    "credentials": "Credentials",
     "savecredentials": "Save Credentials",
     "regeneratecredentials": "Regenerate Credentials",
     "regenerateClientCredentials": "Regenerate and save your managed credentials",
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
similarity index 99%
rename from src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
rename to src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
index d207f0de..38ccc334 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/general/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
@@ -25,7 +25,7 @@ import {
 } from "@server/routers/remoteExitNode/types";
 import { useRemoteExitNodeContext } from "@app/hooks/useRemoteExitNodeContext";
 
-export default function GeneralPage() {
+export default function CredentialsPage() {
     const { env } = useEnvContext();
     const api = createApiClient({ env });
     const { orgId } = useParams();
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx
index 6473999d..19357a7f 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/layout.tsx
@@ -35,8 +35,8 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
 
     const navItems = [
         {
-            title: t('general'),
-            href: "/{orgId}/settings/remote-exit-nodes/{remoteExitNodeId}/general"
+            title: t('credentials'),
+            href: "/{orgId}/settings/remote-exit-nodes/{remoteExitNodeId}/credentials"
         }
     ];
 
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/page.tsx
index 6b39c1de..5b9fd628 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/page.tsx
@@ -5,6 +5,6 @@ export default async function RemoteExitNodePage(props: {
 }) {
     const params = await props.params;
     redirect(
-        `/${params.orgId}/settings/remote-exit-nodes/${params.remoteExitNodeId}/general`
+        `/${params.orgId}/settings/remote-exit-nodes/${params.remoteExitNodeId}/credentials`
     );
 }
diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
index fc86a93c..1de1e696 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
@@ -22,7 +22,7 @@ import CopyToClipboard from "@app/components/CopyToClipboard";
 import { PickClientDefaultsResponse } from "@server/routers/client";
 import { useClientContext } from "@app/hooks/useClientContext";
 
-export default function GeneralPage() {
+export default function CredentialsPage() {
     const { env } = useEnvContext();
     const api = createApiClient({ env });
     const { orgId } = useParams();

From d32505a833253dc937781bde5d2bc67f9750fff9 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sun, 26 Oct 2025 21:00:46 +0530
Subject: [PATCH 27/70] Option to regenerate Newt keys

---
 messages/en-US.json                           |   8 +-
 server/auth/actions.ts                        |   1 +
 server/routers/client/index.ts                |   3 +-
 .../routers/client/reGenerateClientSecret.ts  | 130 +++++++++++
 server/routers/client/updateClient.ts         |  26 +--
 server/routers/external.ts                    |  15 ++
 server/routers/site/index.ts                  |   1 +
 server/routers/site/reGenerateSiteSecret.ts   | 106 +++++++++
 .../clients/[clientId]/credentials/page.tsx   |  12 +-
 .../settings/clients/[clientId]/layout.tsx    |   7 +-
 .../sites/[niceId]/credentials/page.tsx       | 212 ++++++++++++++++++
 .../settings/sites/[niceId]/layout.tsx        |   4 +
 src/components/ClientInfoCard.tsx             |   7 +-
 13 files changed, 491 insertions(+), 41 deletions(-)
 create mode 100644 server/routers/client/reGenerateClientSecret.ts
 create mode 100644 server/routers/site/reGenerateSiteSecret.ts
 create mode 100644 src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 3f4083b1..a7d825f5 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2099,8 +2099,12 @@
     "credentials": "Credentials",
     "savecredentials": "Save Credentials",
     "regeneratecredentials": "Regenerate Credentials",
-    "regenerateClientCredentials": "Regenerate and save your managed credentials",
+    "regenerateCredentials": "Regenerate and save your credentials",
     "generatedcredentials": "Generated Credentials",
     "copyandsavethesecredentials": "Copy and save these credentials",
-    "copyandsavethesecredentialsdescription": "These credentials will not be shown again after you leave this page. Save them securely now."
+    "copyandsavethesecredentialsdescription": "These credentials will not be shown again after you leave this page. Save them securely now.",
+    "credentialsSaved" : "Credentials Saved",
+    "credentialsSavedDescription": "Credentials have been regenerated and saved successfully.",
+    "credentialsSaveError": "Credentials Save Error",
+    "credentialsSaveErrorDescription": "An error occurred while regenerating and saving the credentials."
 }
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index d08457e5..4608757b 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -19,6 +19,7 @@ export enum ActionsEnum {
     getSite = "getSite",
     listSites = "listSites",
     updateSite = "updateSite",
+    reGenerateSecret = "reGenerateSecret",
     createResource = "createResource",
     deleteResource = "deleteResource",
     getResource = "getResource",
diff --git a/server/routers/client/index.ts b/server/routers/client/index.ts
index 385c7bed..9f97446e 100644
--- a/server/routers/client/index.ts
+++ b/server/routers/client/index.ts
@@ -3,4 +3,5 @@ export * from "./createClient";
 export * from "./deleteClient";
 export * from "./listClients";
 export * from "./updateClient";
-export * from "./getClient";
\ No newline at end of file
+export * from "./getClient";
+export * from "./reGenerateClientSecret";
\ No newline at end of file
diff --git a/server/routers/client/reGenerateClientSecret.ts b/server/routers/client/reGenerateClientSecret.ts
new file mode 100644
index 00000000..2bce396a
--- /dev/null
+++ b/server/routers/client/reGenerateClientSecret.ts
@@ -0,0 +1,130 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, olms, } from "@server/db";
+import { clients } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { eq, and } from "drizzle-orm";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+import { hashPassword } from "@server/auth/password";
+
+const reGenerateSecretParamsSchema = z
+    .object({
+        clientId: z.string().transform(Number).pipe(z.number().int().positive())
+    })
+    .strict();
+
+const reGenerateSecretBodySchema = z
+    .object({
+        olmId: z.string().min(1).optional(),
+        secret: z.string().min(1).optional(),
+
+    })
+    .strict();
+
+export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
+
+registry.registerPath({
+    method: "post",
+    path: "/client/{clientId}/regenerate-secret",
+    description: "Regenerate a client's OLM credentials by its client ID.",
+    tags: [OpenAPITags.Client],
+    request: {
+        params: reGenerateSecretParamsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: reGenerateSecretBodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+
+export async function reGenerateClientSecret(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedBody = reGenerateSecretBodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { olmId, secret } = parsedBody.data;
+
+        const parsedParams = reGenerateSecretParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { clientId } = parsedParams.data;
+
+        let secretHash = undefined;
+        if (secret) {
+            secretHash = await hashPassword(secret);
+        }
+
+
+        // Fetch the client to make sure it exists and the user has access to it
+        const [client] = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.clientId, clientId))
+            .limit(1);
+
+        if (!client) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Client with ID ${clientId} not found`
+                )
+            );
+        }
+
+        const [existingOlm] = await db
+            .select()
+            .from(olms)
+            .where(eq(olms.clientId, clientId))
+            .limit(1);
+
+        if (existingOlm && olmId && secretHash) {
+            await db
+                .update(olms)
+                .set({
+                    olmId,
+                    secretHash
+                })
+                .where(eq(olms.clientId, clientId));
+        }
+
+        return response(res, {
+            data: existingOlm,
+            success: true,
+            error: false,
+            message: "Credentials regenerated successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/client/updateClient.ts b/server/routers/client/updateClient.ts
index 84e5f619..d458c4f8 100644
--- a/server/routers/client/updateClient.ts
+++ b/server/routers/client/updateClient.ts
@@ -32,9 +32,6 @@ const updateClientSchema = z
         siteIds: z
             .array(z.number().int().positive())
             .optional(),
-        olmId: z.string().min(1).optional(),
-        secret: z.string().min(1).optional(),
-
     })
     .strict();
 
@@ -79,7 +76,7 @@ export async function updateClient(
             );
         }
 
-        const { name, siteIds, olmId, secret } = parsedBody.data;
+        const { name, siteIds } = parsedBody.data;
 
         const parsedParams = updateClientParamsSchema.safeParse(req.params);
         if (!parsedParams.success) {
@@ -93,11 +90,6 @@ export async function updateClient(
 
         const { clientId } = parsedParams.data;
 
-        let secretHash = undefined;
-        if (secret) {
-            secretHash = await hashPassword(secret);
-        }
-
 
         // Fetch the client to make sure it exists and the user has access to it
         const [client] = await db
@@ -146,22 +138,6 @@ export async function updateClient(
                     .where(eq(clients.clientId, clientId));
             }
 
-            const [existingOlm] = await trx
-                .select()
-                .from(olms)
-                .where(eq(olms.clientId, clientId))
-                .limit(1);
-
-            if (existingOlm && olmId && secretHash) {
-                await trx
-                    .update(olms)
-                    .set({
-                        olmId,
-                        secretHash
-                    })
-                    .where(eq(olms.clientId, clientId));
-            }
-
             // Update site associations if provided
             // Remove sites that are no longer associated
             for (const siteId of sitesRemoved) {
diff --git a/server/routers/external.ts b/server/routers/external.ts
index 5c235902..c2c518fa 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -178,6 +178,14 @@ authenticated.post(
     client.updateClient,
 );
 
+authenticated.post(
+    "/client/:clientId/regenerate-secret",
+    verifyClientsEnabled,
+    verifyClientAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    client.reGenerateClientSecret
+);
+
 // authenticated.get(
 //     "/site/:siteId/roles",
 //     verifySiteAccess,
@@ -191,6 +199,13 @@ authenticated.post(
     logActionAudit(ActionsEnum.updateSite),
     site.updateSite,
 );
+
+authenticated.post(
+    "/site/:siteId/regenerate-secret",
+    verifySiteAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    site.reGenerateSiteSecret
+);
 authenticated.delete(
     "/site/:siteId",
     verifySiteAccess,
diff --git a/server/routers/site/index.ts b/server/routers/site/index.ts
index 3edf67c1..9b8b89cb 100644
--- a/server/routers/site/index.ts
+++ b/server/routers/site/index.ts
@@ -6,3 +6,4 @@ export * from "./listSites";
 export * from "./listSiteRoles";
 export * from "./pickSiteDefaults";
 export * from "./socketIntegration";
+export * from "./reGenerateSiteSecret";
\ No newline at end of file
diff --git a/server/routers/site/reGenerateSiteSecret.ts b/server/routers/site/reGenerateSiteSecret.ts
new file mode 100644
index 00000000..979212a4
--- /dev/null
+++ b/server/routers/site/reGenerateSiteSecret.ts
@@ -0,0 +1,106 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, newts } from "@server/db";
+import { eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+import { hashPassword } from "@server/auth/password";
+
+const updateSiteParamsSchema = z
+    .object({
+        siteId: z.string().transform(Number).pipe(z.number().int().positive())
+    })
+    .strict();
+
+const updateSiteBodySchema = z
+    .object({
+        newtId: z.string().min(1).max(255).optional(),
+        newtSecret: z.string().min(1).max(255).optional(),
+    })
+    .strict()
+
+registry.registerPath({
+    method: "post",
+    path: "/site/{siteId}/regenerate-secret",
+    description:
+        "Regenerate a site's Newt credentials by its site ID.",
+    tags: [OpenAPITags.Site],
+    request: {
+        params: updateSiteParamsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: updateSiteBodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function reGenerateSiteSecret(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = updateSiteParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const parsedBody = updateSiteBodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { siteId } = parsedParams.data;
+        const { newtId, newtSecret } = parsedBody.data;
+
+        const secretHash = await hashPassword(newtSecret!);
+        const updatedSite = await db
+            .update(newts)
+            .set({
+                newtId,
+                secretHash
+            })
+            .where(eq(newts.siteId, siteId))
+            .returning();
+
+        if (updatedSite.length === 0) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Site with ID ${siteId} not found`
+                )
+            );
+        }
+
+        return response(res, {
+            data: updatedSite[0],
+            success: true,
+            error: false,
+            message: "Credentials regenerated successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
index 1de1e696..7d34b5eb 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
@@ -74,24 +74,24 @@ export default function CredentialsPage() {
         setLoading(true);
 
         try {
-            await api.post(`/client/${client?.clientId}`, {
+            await api.post(`/client/${client?.clientId}/regenerate-secret`, {
                 olmId: clientDefaults?.olmId,
                 secret: clientDefaults?.olmSecret,
             });
 
             toast({
-                title: t("clientUpdated"),
-                description: t("clientUpdatedDescription")
+                title: t("credentialsSaved"),
+                description: t("credentialsSavedDescription")
             });
 
             router.refresh();
         } catch (e) {
             toast({
                 variant: "destructive",
-                title: t("clientUpdateFailed"),
+                title: t("credentialsSaveError"),
                 description: formatAxiosError(
                     e,
-                    t("clientUpdateError")
+                    t("credentialsSaveErrorDescription")
                 )
             });
         } finally {
@@ -107,7 +107,7 @@ export default function CredentialsPage() {
                         {t("generatedcredentials")}
                     </SettingsSectionTitle>
                     <SettingsSectionDescription>
-                        {t("regenerateClientCredentials")}
+                        {t("regenerateCredentials")}
                     </SettingsSectionDescription>
                 </SettingsSectionHeader>
 
diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
index e597f90d..dc4ef0b4 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
@@ -7,6 +7,7 @@ import ClientInfoCard from "../../../../../components/ClientInfoCard";
 import ClientProvider from "@app/providers/ClientProvider";
 import { redirect } from "next/navigation";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
+import { getTranslations } from "next-intl/server";
 
 type SettingsLayoutProps = {
     children: React.ReactNode;
@@ -30,13 +31,15 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
         redirect(`/${params.orgId}/settings/clients`);
     }
 
+    const t = await getTranslations();
+
     const navItems = [
         {
-            title: "General",
+            title: t('general'),
             href: `/{orgId}/settings/clients/{clientId}/general`
         },
         {
-            title: "Credentials",
+            title: t('credentials'),
             href: `/{orgId}/settings/clients/{clientId}/credentials`
         }
     ];
diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
new file mode 100644
index 00000000..14840b66
--- /dev/null
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -0,0 +1,212 @@
+"use client";
+
+import { useEffect, useState } from "react";
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionBody,
+    SettingsSectionDescription,
+    SettingsSectionHeader,
+    SettingsSectionTitle
+} from "@app/components/Settings";
+import { Button } from "@app/components/ui/button";
+import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
+import { InfoIcon } from "lucide-react";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { toast } from "@app/hooks/useToast";
+import { useParams, useRouter } from "next/navigation";
+import { useTranslations } from "next-intl";
+import { InfoSection, InfoSectionContent, InfoSections, InfoSectionTitle } from "@app/components/InfoSection";
+import CopyToClipboard from "@app/components/CopyToClipboard";
+import { PickSiteDefaultsResponse } from "@server/routers/site";
+import { useSiteContext } from "@app/hooks/useSiteContext";
+
+export default function CredentialsPage() {
+    const { env } = useEnvContext();
+    const api = createApiClient({ env });
+    const { orgId } = useParams();
+    const router = useRouter();
+    const t = useTranslations();
+    const [newtId, setNewtId] = useState("");
+    const [newtSecret, setNewtSecret] = useState("");
+    const { site, updateSite } = useSiteContext();
+
+    const [siteDefaults, setSiteDefaults] =
+        useState<PickSiteDefaultsResponse | null>(null);
+
+    const [loading, setLoading] = useState(false);
+    const [saving, setSaving] = useState(false);
+
+    // Clear credentials when user leaves/reloads
+    useEffect(() => {
+        const clearCreds = () => {
+            setNewtId("");
+            setNewtSecret("");
+        };
+        window.addEventListener("beforeunload", clearCreds);
+        return () => window.removeEventListener("beforeunload", clearCreds);
+    }, []);
+
+    const handleRegenerate = async () => {
+        try {
+            setLoading(true);
+            await api
+                .get(`/org/${orgId}/pick-site-defaults`)
+                .then((res) => {
+                    if (res && res.status === 200) {
+                        const data = res.data.data;
+
+                        setSiteDefaults(data);
+
+                        const newtId = data.newtId;
+                        const newtSecret = data.newtSecret;
+                        setNewtId(newtId);
+                        setNewtSecret(newtSecret);
+
+                    }
+                });
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleSave = async () => {
+        setLoading(true);
+
+        try {
+            await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+                newtId: siteDefaults?.newtId,
+                newtSecret: siteDefaults?.newtSecret,
+            });
+
+            toast({
+                title: t("credentialsSaved"),
+                description: t("credentialsSavedDescription")
+            });
+
+            router.refresh();
+        } catch (e) {
+            toast({
+                variant: "destructive",
+                title: t("credentialsSaveError"),
+                description: formatAxiosError(
+                    e,
+                    t("credentialsSaveErrorDescription")
+                )
+            });
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    return (
+        <SettingsContainer>
+            <SettingsSection>
+                <SettingsSectionHeader>
+                    <SettingsSectionTitle>
+                        {t("generatedcredentials")}
+                    </SettingsSectionTitle>
+                    <SettingsSectionDescription>
+                        {t("regenerateCredentials")}
+                    </SettingsSectionDescription>
+                </SettingsSectionHeader>
+
+                <SettingsSectionBody>
+                    {!siteDefaults ? (
+                        <Button
+                            onClick={handleRegenerate}
+                            loading={loading}
+                            disabled={loading}
+                        >
+                            {t("regeneratecredentials")}
+                        </Button>
+                    ) : (
+                        <>
+                            <SettingsSection>
+                                <SettingsSectionHeader>
+                                    <SettingsSectionTitle>
+                                        {t("siteNewtCredentials")}
+                                    </SettingsSectionTitle>
+                                    <SettingsSectionDescription>
+                                        {t(
+                                            "siteNewtCredentialsDescription"
+                                        )}
+                                    </SettingsSectionDescription>
+                                </SettingsSectionHeader>
+                                <SettingsSectionBody>
+                                    <InfoSections cols={3}>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("newtEndpoint")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard
+                                                    text={
+                                                        env.app.dashboardUrl
+                                                    }
+                                                />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("newtId")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard
+                                                    text={newtId}
+                                                />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("newtSecretKey")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard
+                                                    text={newtSecret}
+                                                />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                    </InfoSections>
+
+
+                                    <Alert variant="neutral" className="mt-4">
+                                        <InfoIcon className="h-4 w-4" />
+                                        <AlertTitle className="font-semibold">
+                                            {t("copyandsavethesecredentials")}
+                                        </AlertTitle>
+                                        <AlertDescription>
+                                            {t(
+                                                "copyandsavethesecredentialsdescription"
+                                            )}
+                                        </AlertDescription>
+                                    </Alert>
+                                </SettingsSectionBody>
+                            </SettingsSection>
+
+                            <div className="flex justify-end mt-6 space-x-2">
+                                <Button
+                                    variant="outline"
+                                    onClick={() => {
+                                        setNewtId("");
+                                        setNewtSecret("");
+                                    }}
+                                >
+                                    {t("cancel")}
+                                </Button>
+                                <Button
+                                    onClick={handleSave}
+                                    loading={saving}
+                                    disabled={saving}
+                                >
+                                    {t("savecredentials")}
+                                </Button>
+                            </div>
+                        </>
+                    )}
+                </SettingsSectionBody>
+            </SettingsSection>
+        </SettingsContainer>
+    );
+}
diff --git a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
index 039deebb..abd9aefb 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
@@ -36,6 +36,10 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
         {
             title: t('general'),
             href: "/{orgId}/settings/sites/{niceId}/general"
+        },
+        {
+            title: t('credentials'),
+            href: "/{orgId}/settings/sites/{niceId}/credentials"
         }
     ];
 
diff --git a/src/components/ClientInfoCard.tsx b/src/components/ClientInfoCard.tsx
index ec8ecacf..f8d96158 100644
--- a/src/components/ClientInfoCard.tsx
+++ b/src/components/ClientInfoCard.tsx
@@ -1,7 +1,6 @@
 "use client";
 
-import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { InfoIcon } from "lucide-react";
+import { Alert, AlertDescription } from "@/components/ui/alert";
 import { useClientContext } from "@app/hooks/useClientContext";
 import {
     InfoSection,
@@ -19,9 +18,7 @@ export default function SiteInfoCard({}: ClientInfoCardProps) {
 
     return (
         <Alert>
-            <InfoIcon className="h-4 w-4" />
-            <AlertTitle className="font-semibold">{t("clientInformation")}</AlertTitle>
-            <AlertDescription className="mt-4">
+            <AlertDescription>
                 <InfoSections cols={2}>
                         <>
                             <InfoSection>

From 58a13de0ff2e7a29100f0578ba7ca014c0a39885 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sun, 26 Oct 2025 21:09:00 +0530
Subject: [PATCH 28/70] fix lint

---
 server/routers/site/reGenerateSiteSecret.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/routers/site/reGenerateSiteSecret.ts b/server/routers/site/reGenerateSiteSecret.ts
index 979212a4..73d89a48 100644
--- a/server/routers/site/reGenerateSiteSecret.ts
+++ b/server/routers/site/reGenerateSiteSecret.ts
@@ -21,7 +21,7 @@ const updateSiteBodySchema = z
         newtId: z.string().min(1).max(255).optional(),
         newtSecret: z.string().min(1).max(255).optional(),
     })
-    .strict()
+    .strict();
 
 registry.registerPath({
     method: "post",

From 3756aaecdab99b19aa930ac107180704c0d2a619 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sun, 26 Oct 2025 21:24:48 +0530
Subject: [PATCH 29/70] change file naming structure to reGenerate exit node
 keys

---
 server/private/routers/external.ts                            | 4 ++--
 server/private/routers/remoteExitNode/index.ts                | 2 +-
 .../{updateRemoteExitNode.ts => reGenerateExitNodeSecret.ts}  | 2 +-
 .../remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx | 2 +-
 4 files changed, 5 insertions(+), 5 deletions(-)
 rename server/private/routers/remoteExitNode/{updateRemoteExitNode.ts => reGenerateExitNodeSecret.ts} (98%)

diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 8e2b2bbc..493e9646 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -237,11 +237,11 @@ authenticated.put(
 );
 
 authenticated.put(
-    "/org/:orgId/update-remote-exit-node",
+    "/org/:orgId/reGenerate-remote-exit-node-secret",
     verifyValidLicense,
     verifyOrgAccess,
     verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
-    remoteExitNode.updateRemoteExitNode
+    remoteExitNode.reGenerateExitNodeSecret
 );
 
 authenticated.get(
diff --git a/server/private/routers/remoteExitNode/index.ts b/server/private/routers/remoteExitNode/index.ts
index 5677520d..7c001098 100644
--- a/server/private/routers/remoteExitNode/index.ts
+++ b/server/private/routers/remoteExitNode/index.ts
@@ -21,4 +21,4 @@ export * from "./deleteRemoteExitNode";
 export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
-export * from "./updateRemoteExitNode";
+export * from "./reGenerateExitNodeSecret";
diff --git a/server/private/routers/remoteExitNode/updateRemoteExitNode.ts b/server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts
similarity index 98%
rename from server/private/routers/remoteExitNode/updateRemoteExitNode.ts
rename to server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts
index 9de017f8..b3785d2e 100644
--- a/server/private/routers/remoteExitNode/updateRemoteExitNode.ts
+++ b/server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts
@@ -32,7 +32,7 @@ const bodySchema = z
     })
     .strict();
 
-export async function updateRemoteExitNode(
+export async function reGenerateExitNodeSecret(
     req: Request,
     res: Response,
     next: NextFunction
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
index 38ccc334..12a79dd6 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
@@ -79,7 +79,7 @@ export default function CredentialsPage() {
 
             const response = await api.put<
                 AxiosResponse<QuickStartRemoteExitNodeResponse>
-            >(`/org/${orgId}/update-remote-exit-node`, {
+            >(`/org/${orgId}/reGenerate-remote-exit-node-secret`, {
                 remoteExitNodeId: remoteExitNode.remoteExitNodeId,
                 secret: credentials.secret,
             });

From 563a5b3e7e594d2cbeee69d3e5ae0c61e2609b76 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 27 Oct 2025 19:16:11 +0530
Subject: [PATCH 30/70] disable credential regenerate button for local and
 wireguard

---
 src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index 14840b66..cb88ecba 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -117,7 +117,7 @@ export default function CredentialsPage() {
                         <Button
                             onClick={handleRegenerate}
                             loading={loading}
-                            disabled={loading}
+                            disabled={site.type != "newt"}
                         >
                             {t("regeneratecredentials")}
                         </Button>

From 18cdf070c72e5bbdcfb3a5ae2bbe7912f7de0b20 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Mon, 27 Oct 2025 19:34:43 +0530
Subject: [PATCH 31/70] add view setting options

---
 .../remote-exit-nodes/ExitNodesTable.tsx         |  8 ++++++++
 src/components/ClientsTable.tsx                  | 16 ++++++++--------
 2 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
index 06da3dc5..0834608d 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/ExitNodesTable.tsx
@@ -263,6 +263,14 @@ export default function ExitNodesTable({
                                 </DropdownMenuItem>
                             </DropdownMenuContent>
                         </DropdownMenu>
+                        <Link
+                            href={`/${nodeRow.orgId}/settings/remote-exit-nodes/${remoteExitNodeId}`}
+                        >
+                            <Button variant={"secondary"} size="sm">
+                                {t("edit")}
+                                <ArrowRight className="ml-2 w-4 h-4" />
+                            </Button>
+                        </Link>
                     </div>
                 );
             }
diff --git a/src/components/ClientsTable.tsx b/src/components/ClientsTable.tsx
index 471cdf28..e5f6a006 100644
--- a/src/components/ClientsTable.tsx
+++ b/src/components/ClientsTable.tsx
@@ -278,14 +278,14 @@ export default function ClientsTable({ clients, orgId }: ClientTableProps) {
                                 </Button>
                             </DropdownMenuTrigger>
                             <DropdownMenuContent align="end">
-                                {/* <Link */}
-                                {/*     className="block w-full" */}
-                                {/*     href={`/${clientRow.orgId}/settings/sites/${clientRow.nice}`} */}
-                                {/* > */}
-                                {/*     <DropdownMenuItem> */}
-                                {/*         View settings */}
-                                {/*     </DropdownMenuItem> */}
-                                {/* </Link> */}
+                                <Link
+                                    className="block w-full"
+                                    href={`/${clientRow.orgId}/settings/clients/${clientRow.id}`}
+                                >
+                                    <DropdownMenuItem>
+                                        View settings
+                                    </DropdownMenuItem>
+                                </Link>
                                 <DropdownMenuItem
                                     onClick={() => {
                                         setSelectedClient(clientRow);

From f7e7993fd4dacd8a3e27a0aee88409670839059a Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 28 Oct 2025 19:26:58 +0530
Subject: [PATCH 32/70] regenerate secret for wireguard

---
 server/routers/site/reGenerateSiteSecret.ts   | 123 ++++++---
 .../sites/[niceId]/credentials/page.tsx       | 251 +++++++++++++-----
 2 files changed, 272 insertions(+), 102 deletions(-)

diff --git a/server/routers/site/reGenerateSiteSecret.ts b/server/routers/site/reGenerateSiteSecret.ts
index 73d89a48..7965b6f8 100644
--- a/server/routers/site/reGenerateSiteSecret.ts
+++ b/server/routers/site/reGenerateSiteSecret.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, newts } from "@server/db";
+import { db, newts, sites } from "@server/db";
 import { eq } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -9,6 +9,8 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
+import { addPeer } from "../gerbil/peers";
+
 
 const updateSiteParamsSchema = z
     .object({
@@ -18,28 +20,31 @@ const updateSiteParamsSchema = z
 
 const updateSiteBodySchema = z
     .object({
+        type: z.enum(["newt", "wireguard"]),
         newtId: z.string().min(1).max(255).optional(),
         newtSecret: z.string().min(1).max(255).optional(),
+        exitNodeId: z.number().int().positive().optional(),
+        pubKey: z.string().optional(),
+        subnet: z.string().optional(),
     })
     .strict();
 
 registry.registerPath({
     method: "post",
     path: "/site/{siteId}/regenerate-secret",
-    description:
-        "Regenerate a site's Newt credentials by its site ID.",
+    description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
     tags: [OpenAPITags.Site],
     request: {
         params: updateSiteParamsSchema,
         body: {
             content: {
                 "application/json": {
-                    schema: updateSiteBodySchema
-                }
-            }
-        }
+                    schema: updateSiteBodySchema,
+                },
+            },
+        },
     },
-    responses: {}
+    responses: {},
 });
 
 export async function reGenerateSiteSecret(
@@ -51,56 +56,100 @@ export async function reGenerateSiteSecret(
         const parsedParams = updateSiteParamsSchema.safeParse(req.params);
         if (!parsedParams.success) {
             return next(
-                createHttpError(
-                    HttpCode.BAD_REQUEST,
-                    fromError(parsedParams.error).toString()
-                )
+                createHttpError(HttpCode.BAD_REQUEST, fromError(parsedParams.error).toString())
             );
         }
 
         const parsedBody = updateSiteBodySchema.safeParse(req.body);
         if (!parsedBody.success) {
             return next(
-                createHttpError(
-                    HttpCode.BAD_REQUEST,
-                    fromError(parsedBody.error).toString()
-                )
+                createHttpError(HttpCode.BAD_REQUEST, fromError(parsedBody.error).toString())
             );
         }
 
         const { siteId } = parsedParams.data;
-        const { newtId, newtSecret } = parsedBody.data;
+        const { type, exitNodeId, pubKey, subnet, newtId, newtSecret } = parsedBody.data;
 
-        const secretHash = await hashPassword(newtSecret!);
-        const updatedSite = await db
-            .update(newts)
-            .set({
-                newtId,
-                secretHash
-            })
-            .where(eq(newts.siteId, siteId))
-            .returning();
+        let updatedSite = undefined;
 
-        if (updatedSite.length === 0) {
-            return next(
-                createHttpError(
-                    HttpCode.NOT_FOUND,
-                    `Site with ID ${siteId} not found`
-                )
-            );
+        if (type === "newt") {
+            if (!newtSecret) {
+                return next(
+                    createHttpError(HttpCode.BAD_REQUEST, "newtSecret is required for newt sites")
+                );
+            }
+
+            const secretHash = await hashPassword(newtSecret);
+
+            updatedSite = await db
+                .update(newts)
+                .set({
+                    newtId,
+                    secretHash,
+                })
+                .where(eq(newts.siteId, siteId))
+                .returning();
+
+            logger.info(`Regenerated Newt credentials for site ${siteId}`);
+
+        } else if (type === "wireguard") {
+            if (!pubKey) {
+                return next(
+                    createHttpError(HttpCode.BAD_REQUEST, "Public key is required for wireguard sites")
+                );
+            }
+
+            if (!exitNodeId) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Exit node ID is required for wireguard sites"
+                    )
+                );
+            }
+
+            try {
+                updatedSite = await db.transaction(async (tx) => {
+                    await addPeer(exitNodeId, {
+                        publicKey: pubKey,
+                        allowedIps: subnet ? [subnet] : [],
+                    });
+                    const result = await tx
+                        .update(sites)
+                        .set({ pubKey })
+                        .where(eq(sites.siteId, siteId))
+                        .returning();
+
+                    return result;
+                });
+
+                logger.info(`Regenerated WireGuard credentials for site ${siteId}`);
+            } catch (err) {
+                logger.error(
+                    `Transaction failed while regenerating WireGuard secret for site ${siteId}`,
+                    err
+                );
+                return next(
+                    createHttpError(
+                        HttpCode.INTERNAL_SERVER_ERROR,
+                        "Failed to regenerate WireGuard credentials. Rolled back transaction."
+                    )
+                );
+            }
         }
 
         return response(res, {
-            data: updatedSite[0],
+            data: updatedSite,
             success: true,
             error: false,
             message: "Credentials regenerated successfully",
-            status: HttpCode.OK
+            status: HttpCode.OK,
         });
+
     } catch (error) {
-        logger.error(error);
+        logger.error("Unexpected error in reGenerateSiteSecret", error);
         return next(
-            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An unexpected error occurred")
         );
     }
 }
diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index cb88ecba..0526149d 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -21,6 +21,9 @@ import { InfoSection, InfoSectionContent, InfoSections, InfoSectionTitle } from
 import CopyToClipboard from "@app/components/CopyToClipboard";
 import { PickSiteDefaultsResponse } from "@server/routers/site";
 import { useSiteContext } from "@app/hooks/useSiteContext";
+import CopyTextBox from "@app/components/CopyTextBox";
+import { QRCodeCanvas } from "qrcode.react";
+import { generateKeypair } from "../wireguardConfig";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -31,12 +34,36 @@ export default function CredentialsPage() {
     const [newtId, setNewtId] = useState("");
     const [newtSecret, setNewtSecret] = useState("");
     const { site, updateSite } = useSiteContext();
-
+    const [wgConfig, setWgConfig] = useState("");
     const [siteDefaults, setSiteDefaults] =
         useState<PickSiteDefaultsResponse | null>(null);
 
     const [loading, setLoading] = useState(false);
     const [saving, setSaving] = useState(false);
+    const [publicKey, setPublicKey] = useState("");
+    const [privateKey, setPrivateKey] = useState("");
+
+    const hydrateWireGuardConfig = (
+        privateKey: string,
+        publicKey: string,
+        subnet: string,
+        address: string,
+        endpoint: string,
+        listenPort: string
+    ) => {
+        const wgConfig = `[Interface]
+Address = ${subnet}
+ListenPort = 51820
+PrivateKey = ${privateKey}
+
+[Peer]
+PublicKey = ${publicKey}
+AllowedIPs = ${address.split("/")[0]}/32
+Endpoint = ${endpoint}:${listenPort}
+PersistentKeepalive = 5`;
+        setWgConfig(wgConfig);
+    };
+
 
     // Clear credentials when user leaves/reloads
     useEffect(() => {
@@ -49,6 +76,14 @@ export default function CredentialsPage() {
     }, []);
 
     const handleRegenerate = async () => {
+
+        const generatedKeypair = generateKeypair();
+
+        const privateKey = generatedKeypair.privateKey;
+        const publicKey = generatedKeypair.publicKey;
+
+        setPrivateKey(privateKey);
+        setPublicKey(publicKey);
         try {
             setLoading(true);
             await api
@@ -64,6 +99,15 @@ export default function CredentialsPage() {
                         setNewtId(newtId);
                         setNewtSecret(newtSecret);
 
+                        hydrateWireGuardConfig(
+                            privateKey,
+                            data.publicKey,
+                            data.subnet,
+                            data.address,
+                            data.endpoint,
+                            data.listenPort
+                        );
+
                     }
                 });
         } finally {
@@ -74,11 +118,46 @@ export default function CredentialsPage() {
     const handleSave = async () => {
         setLoading(true);
 
-        try {
-            await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+        let payload: any = {};
+
+        if (site?.type === "wireguard") {
+            if (!siteDefaults || !wgConfig) {
+                toast({
+                    variant: "destructive",
+                    title: t("siteErrorCreate"),
+                    description: t("siteErrorCreateKeyPair")
+                });
+                setLoading(false);
+                return;
+            }
+
+            payload = {
+                type: "wireguard",
+                subnet: siteDefaults.subnet,
+                exitNodeId: siteDefaults.exitNodeId,
+                pubKey: publicKey
+            };
+        }
+        if (site?.type === "newt") {
+            if (!siteDefaults) {
+                toast({
+                    variant: "destructive",
+                    title: t("siteErrorCreate"),
+                    description: t("siteErrorCreateDefaults")
+                });
+                setLoading(false);
+                return;
+            }
+
+            payload = {
+                type: "newt",
                 newtId: siteDefaults?.newtId,
-                newtSecret: siteDefaults?.newtSecret,
-            });
+                newtSecret: siteDefaults?.newtSecret
+            };
+        }
+
+        try {
+            await api.post(`/site/${site?.siteId}/regenerate-secret`, payload);
 
             toast({
                 title: t("credentialsSaved"),
@@ -100,6 +179,7 @@ export default function CredentialsPage() {
         }
     };
 
+
     return (
         <SettingsContainer>
             <SettingsSection>
@@ -117,73 +197,114 @@ export default function CredentialsPage() {
                         <Button
                             onClick={handleRegenerate}
                             loading={loading}
-                            disabled={site.type != "newt"}
+                            disabled={site.type === "local"}
                         >
                             {t("regeneratecredentials")}
                         </Button>
                     ) : (
                         <>
-                            <SettingsSection>
-                                <SettingsSectionHeader>
-                                    <SettingsSectionTitle>
-                                        {t("siteNewtCredentials")}
-                                    </SettingsSectionTitle>
-                                    <SettingsSectionDescription>
-                                        {t(
-                                            "siteNewtCredentialsDescription"
-                                        )}
-                                    </SettingsSectionDescription>
-                                </SettingsSectionHeader>
-                                <SettingsSectionBody>
-                                    <InfoSections cols={3}>
-                                        <InfoSection>
-                                            <InfoSectionTitle>
-                                                {t("newtEndpoint")}
-                                            </InfoSectionTitle>
-                                            <InfoSectionContent>
-                                                <CopyToClipboard
-                                                    text={
-                                                        env.app.dashboardUrl
-                                                    }
-                                                />
-                                            </InfoSectionContent>
-                                        </InfoSection>
-                                        <InfoSection>
-                                            <InfoSectionTitle>
-                                                {t("newtId")}
-                                            </InfoSectionTitle>
-                                            <InfoSectionContent>
-                                                <CopyToClipboard
-                                                    text={newtId}
-                                                />
-                                            </InfoSectionContent>
-                                        </InfoSection>
-                                        <InfoSection>
-                                            <InfoSectionTitle>
-                                                {t("newtSecretKey")}
-                                            </InfoSectionTitle>
-                                            <InfoSectionContent>
-                                                <CopyToClipboard
-                                                    text={newtSecret}
-                                                />
-                                            </InfoSectionContent>
-                                        </InfoSection>
-                                    </InfoSections>
-
-
-                                    <Alert variant="neutral" className="mt-4">
-                                        <InfoIcon className="h-4 w-4" />
-                                        <AlertTitle className="font-semibold">
-                                            {t("copyandsavethesecredentials")}
-                                        </AlertTitle>
-                                        <AlertDescription>
+                            {site.type === "wireguard" && (
+                                <SettingsSection>
+                                    <SettingsSectionHeader>
+                                        <SettingsSectionTitle>
+                                            {t("WgConfiguration")}
+                                        </SettingsSectionTitle>
+                                        <SettingsSectionDescription>
+                                            {t("WgConfigurationDescription")}
+                                        </SettingsSectionDescription>
+                                    </SettingsSectionHeader>
+                                    <SettingsSectionBody>
+                                        <div className="flex items-center gap-4">
+                                            <CopyTextBox text={wgConfig} />
+                                            <div
+                                                className={`relative w-fit border rounded-md`}
+                                            >
+                                                <div className="bg-white p-6 rounded-md">
+                                                    <QRCodeCanvas
+                                                        value={wgConfig}
+                                                        size={168}
+                                                        className="mx-auto"
+                                                    />
+                                                </div>
+                                            </div>
+                                        </div>
+                                        <Alert variant="neutral">
+                                            <InfoIcon className="h-4 w-4" />
+                                            <AlertTitle className="font-semibold">
+                                                {t("siteCredentialsSave")}
+                                            </AlertTitle>
+                                            <AlertDescription>
+                                                {t(
+                                                    "siteCredentialsSaveDescription"
+                                                )}
+                                            </AlertDescription>
+                                        </Alert>
+                                    </SettingsSectionBody>
+                                </SettingsSection>
+                            )}
+                            {site.type === "newt" && (
+                                <SettingsSection>
+                                    <SettingsSectionHeader>
+                                        <SettingsSectionTitle>
+                                            {t("siteNewtCredentials")}
+                                        </SettingsSectionTitle>
+                                        <SettingsSectionDescription>
                                             {t(
-                                                "copyandsavethesecredentialsdescription"
+                                                "siteNewtCredentialsDescription"
                                             )}
-                                        </AlertDescription>
-                                    </Alert>
-                                </SettingsSectionBody>
-                            </SettingsSection>
+                                        </SettingsSectionDescription>
+                                    </SettingsSectionHeader>
+                                    <SettingsSectionBody>
+                                        <InfoSections cols={3}>
+                                            <InfoSection>
+                                                <InfoSectionTitle>
+                                                    {t("newtEndpoint")}
+                                                </InfoSectionTitle>
+                                                <InfoSectionContent>
+                                                    <CopyToClipboard
+                                                        text={
+                                                            env.app.dashboardUrl
+                                                        }
+                                                    />
+                                                </InfoSectionContent>
+                                            </InfoSection>
+                                            <InfoSection>
+                                                <InfoSectionTitle>
+                                                    {t("newtId")}
+                                                </InfoSectionTitle>
+                                                <InfoSectionContent>
+                                                    <CopyToClipboard
+                                                        text={newtId}
+                                                    />
+                                                </InfoSectionContent>
+                                            </InfoSection>
+                                            <InfoSection>
+                                                <InfoSectionTitle>
+                                                    {t("newtSecretKey")}
+                                                </InfoSectionTitle>
+                                                <InfoSectionContent>
+                                                    <CopyToClipboard
+                                                        text={newtSecret}
+                                                    />
+                                                </InfoSectionContent>
+                                            </InfoSection>
+                                        </InfoSections>
+
+
+                                        <Alert variant="neutral" className="mt-4">
+                                            <InfoIcon className="h-4 w-4" />
+                                            <AlertTitle className="font-semibold">
+                                                {t("copyandsavethesecredentials")}
+                                            </AlertTitle>
+                                            <AlertDescription>
+                                                {t(
+                                                    "copyandsavethesecredentialsdescription"
+                                                )}
+                                            </AlertDescription>
+                                        </Alert>
+                                    </SettingsSectionBody>
+                                </SettingsSection>
+                            )}
 
                             <div className="flex justify-end mt-6 space-x-2">
                                 <Button

From 62e2b7ca9e2d48b899e2c59a25da6c8529e6c713 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 29 Oct 2025 16:47:09 +0530
Subject: [PATCH 33/70] change alert text

---
 .../[orgId]/settings/sites/[niceId]/credentials/page.tsx    | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index 0526149d..1420680c 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -228,14 +228,14 @@ PersistentKeepalive = 5`;
                                                 </div>
                                             </div>
                                         </div>
-                                        <Alert variant="neutral">
+                                        <Alert variant="neutral" className="mt-4">
                                             <InfoIcon className="h-4 w-4" />
                                             <AlertTitle className="font-semibold">
-                                                {t("siteCredentialsSave")}
+                                                {t("copyandsavethesecredentials")}
                                             </AlertTitle>
                                             <AlertDescription>
                                                 {t(
-                                                    "siteCredentialsSaveDescription"
+                                                    "copyandsavethesecredentialsdescription"
                                                 )}
                                             </AlertDescription>
                                         </Alert>

From 90e72c6aca7098551b3bac7c5b61a3fc01fcf8b3 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 7 Nov 2025 00:59:03 +0530
Subject: [PATCH 34/70] hide credentials tab for local sites

---
 messages/en-US.json                             |  2 +-
 .../[orgId]/settings/sites/[niceId]/layout.tsx  | 17 +++++++++++------
 2 files changed, 12 insertions(+), 7 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index a7d825f5..7928b69b 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2098,7 +2098,7 @@
     "checkSelectedStatus": "Check Status of Selected",
     "credentials": "Credentials",
     "savecredentials": "Save Credentials",
-    "regeneratecredentials": "Regenerate Credentials",
+    "regeneratecredentials": "Re-key",
     "regenerateCredentials": "Regenerate and save your credentials",
     "generatedcredentials": "Generated Credentials",
     "copyandsavethesecredentials": "Copy and save these credentials",
diff --git a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
index abd9aefb..01008dab 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
@@ -35,18 +35,23 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
     const navItems = [
         {
             title: t('general'),
-            href: "/{orgId}/settings/sites/{niceId}/general"
+            href: `/${params.orgId}/settings/sites/${params.niceId}/general`,
         },
-        {
-            title: t('credentials'),
-            href: "/{orgId}/settings/sites/{niceId}/credentials"
-        }
+        ...(site.type !== 'local'
+            ? [
+                {
+                    title: t('credentials'),
+                    href: `/${params.orgId}/settings/sites/${params.niceId}/credentials`,
+                },
+            ]
+            : []),
     ];
 
+
     return (
         <>
             <SettingsSectionTitle
-                title={t('siteSetting', {siteName: site?.name})}
+                title={t('siteSetting', { siteName: site?.name })}
                 description={t('siteSettingDescription')}
             />
 

From 2b8204fdc8b916546497b96f378d00b6173a69eb Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Fri, 7 Nov 2025 23:30:24 +0530
Subject: [PATCH 35/70] seperate credentials rekeying in modal for reuse

---
 messages/en-US.json                           |   8 +-
 .../[remoteExitNodeId]/credentials/page.tsx   | 164 +++------
 .../clients/[clientId]/credentials/page.tsx   | 189 ++--------
 .../sites/[niceId]/credentials/page.tsx       | 337 +++++-------------
 src/components/RegenerateCredentialsModal.tsx | 216 +++++++++++
 5 files changed, 391 insertions(+), 523 deletions(-)
 create mode 100644 src/components/RegenerateCredentialsModal.tsx

diff --git a/messages/en-US.json b/messages/en-US.json
index 7928b69b..dc4b429a 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2106,5 +2106,11 @@
     "credentialsSaved" : "Credentials Saved",
     "credentialsSavedDescription": "Credentials have been regenerated and saved successfully.",
     "credentialsSaveError": "Credentials Save Error",
-    "credentialsSaveErrorDescription": "An error occurred while regenerating and saving the credentials."
+    "credentialsSaveErrorDescription": "An error occurred while regenerating and saving the credentials.",
+    "regenerateCredentialsWarning": "Regenerating credentials will invalidate the previous ones. Make sure to update any configurations that use these credentials.",
+    "confirm": "Confirm",
+    "regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
+    "endpoint": "Endpoint",
+    "id": "Id",
+    "SecretKey": "Secret Key"
 }
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
index 12a79dd6..b605ad35 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useEffect, useState } from "react";
+import { useState } from "react";
 import {
     SettingsContainer,
     SettingsSection,
@@ -10,9 +10,6 @@ import {
     SettingsSectionTitle
 } from "@app/components/Settings";
 import { Button } from "@app/components/ui/button";
-import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
-import { InfoIcon } from "lucide-react";
-import CopyTextBox from "@app/components/CopyTextBox";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
@@ -24,6 +21,7 @@ import {
     QuickStartRemoteExitNodeResponse
 } from "@server/routers/remoteExitNode/types";
 import { useRemoteExitNodeContext } from "@app/hooks/useRemoteExitNodeContext";
+import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -31,79 +29,44 @@ export default function CredentialsPage() {
     const { orgId } = useParams();
     const router = useRouter();
     const t = useTranslations();
-    const { remoteExitNode, updateRemoteExitNode } = useRemoteExitNodeContext();
+    const { remoteExitNode } = useRemoteExitNodeContext();
 
-    const [credentials, setCredentials] =
-        useState<PickRemoteExitNodeDefaultsResponse | null>(null);
-    const [loading, setLoading] = useState(false);
-    const [saving, setSaving] = useState(false);
+    const [modalOpen, setModalOpen] = useState(false);
+    const [credentials, setCredentials] = useState<PickRemoteExitNodeDefaultsResponse | null>(null);
 
-    // Clear credentials when user leaves/reloads
-    useEffect(() => {
-        const clearCreds = () => setCredentials(null);
-        window.addEventListener("beforeunload", clearCreds);
-        return () => window.removeEventListener("beforeunload", clearCreds);
-    }, []);
+    const handleConfirmRegenerate = async () => {
+  
+        const response = await api.get<AxiosResponse<PickRemoteExitNodeDefaultsResponse>>(
+            `/org/${orgId}/pick-remote-exit-node-defaults`
+        );
 
-    const handleRegenerate = async () => {
-        try {
-            setLoading(true);
-            const response = await api.get<
-                AxiosResponse<PickRemoteExitNodeDefaultsResponse>
-            >(`/org/${orgId}/pick-remote-exit-node-defaults`);
+        const data = response.data.data;
+        setCredentials(data);
 
-            setCredentials(response.data.data);
-            toast({
-                title: t("success"),
-                description: t("Credentials generated successfully."),
-            });
-        } catch (error) {
-            toast({
-                title: t("error"),
-                description: formatAxiosError(
-                    error,
-                    t("Failed to generate credentials")
-                ),
-                variant: "destructive",
-            });
-        } finally {
-            setLoading(false);
-        }
+        await api.put<AxiosResponse<QuickStartRemoteExitNodeResponse>>(
+            `/org/${orgId}/reGenerate-remote-exit-node-secret`,
+            {
+                remoteExitNodeId: remoteExitNode.remoteExitNodeId,
+                secret: data.secret,
+            }
+        );
+
+        toast({
+            title: t("credentialsSaved"),
+            description: t("credentialsSavedDescription")
+        });
+
+        router.refresh();
     };
 
-    const handleSave = async () => {
-        if (!credentials) return;
-
-        try {
-            setSaving(true);
-
-            const response = await api.put<
-                AxiosResponse<QuickStartRemoteExitNodeResponse>
-            >(`/org/${orgId}/reGenerate-remote-exit-node-secret`, {
-                remoteExitNodeId: remoteExitNode.remoteExitNodeId,
-                secret: credentials.secret,
-            });
-
-            toast({
-                title: t("success"),
-                description: t("Credentials saved successfully."),
-            });
-
-            // For security, clear them from UI
-            setCredentials(null);
-
-        } catch (error) {
-            toast({
-                title: t("error"),
-                description: formatAxiosError(
-                    error,
-                    t("Failed to save credentials")
-                ),
-                variant: "destructive",
-            });
-        } finally {
-            setSaving(false);
+    const getCredentials = () => {
+        if (credentials) {
+            return {
+                Id: remoteExitNode.remoteExitNodeId,
+                Secret: credentials.secret
+            };
         }
+        return undefined;
     };
 
     return (
@@ -114,58 +77,25 @@ export default function CredentialsPage() {
                         {t("generatedcredentials")}
                     </SettingsSectionTitle>
                     <SettingsSectionDescription>
-                        {t("regenerateClientCredentials")}
+                        {t("regenerateCredentials")}
                     </SettingsSectionDescription>
                 </SettingsSectionHeader>
 
                 <SettingsSectionBody>
-                    {!credentials ? (
-                        <Button
-                            onClick={handleRegenerate}
-                            loading={loading}
-                            disabled={loading}
-                        >
-                            {t("regeneratecredentials")}
-                        </Button>
-                    ) : (
-                        <>
-                            <CopyTextBox
-                                text={`managed:
-  id: "${remoteExitNode.remoteExitNodeId}"
-  secret: "${credentials.secret}"`}
-                            />
-
-                            <Alert variant="neutral" className="mt-4">
-                                <InfoIcon className="h-4 w-4" />
-                                <AlertTitle className="font-semibold">
-                                    {t("copyandsavethesecredentials")}
-                                </AlertTitle>
-                                <AlertDescription>
-                                    {t(
-                                        "copyandsavethesecredentialsdescription"
-                                    )}
-                                </AlertDescription>
-                            </Alert>
-
-                            <div className="flex justify-end mt-6 space-x-2">
-                                <Button
-                                    variant="outline"
-                                    onClick={() => setCredentials(null)}
-                                >
-                                    {t("cancel")}
-                                </Button>
-                                <Button
-                                    onClick={handleSave}
-                                    loading={saving}
-                                    disabled={saving}
-                                >
-                                    {t("savecredentials")}
-                                </Button>
-                            </div>
-                        </>
-                    )}
+                    <Button onClick={() => setModalOpen(true)}>
+                        {t("regeneratecredentials")}
+                    </Button>
                 </SettingsSectionBody>
             </SettingsSection>
+
+            <RegenerateCredentialsModal
+                open={modalOpen}
+                onOpenChange={setModalOpen}
+                type="remote-exit-node"
+                onConfirmRegenerate={handleConfirmRegenerate}
+                dashboardUrl={env.app.dashboardUrl}
+                credentials={getCredentials()}
+            />
         </SettingsContainer>
     );
-}
+}
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
index 7d34b5eb..e4a67544 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useEffect, useState } from "react";
+import { useState } from "react";
 import {
     SettingsContainer,
     SettingsSection,
@@ -10,17 +10,14 @@ import {
     SettingsSectionTitle
 } from "@app/components/Settings";
 import { Button } from "@app/components/ui/button";
-import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
-import { InfoIcon } from "lucide-react";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
 import { useParams, useRouter } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { InfoSection, InfoSectionContent, InfoSections, InfoSectionTitle } from "@app/components/InfoSection";
-import CopyToClipboard from "@app/components/CopyToClipboard";
 import { PickClientDefaultsResponse } from "@server/routers/client";
 import { useClientContext } from "@app/hooks/useClientContext";
+import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -28,55 +25,21 @@ export default function CredentialsPage() {
     const { orgId } = useParams();
     const router = useRouter();
     const t = useTranslations();
-    const [olmId, setOlmId] = useState("");
-    const [olmSecret, setOlmSecret] = useState("");
-    const { client, updateClient } = useClientContext();
+    const { client } = useClientContext();
+    
+    const [modalOpen, setModalOpen] = useState(false);
+    const [clientDefaults, setClientDefaults] = useState<PickClientDefaultsResponse | null>(null);
 
-    const [clientDefaults, setClientDefaults] =
-        useState<PickClientDefaultsResponse | null>(null);
-    const [loading, setLoading] = useState(false);
-    const [saving, setSaving] = useState(false);
+    const handleConfirmRegenerate = async () => {
+    
+        const res = await api.get(`/org/${orgId}/pick-client-defaults`);
+        if (res && res.status === 200) {
+            const data = res.data.data;
+            setClientDefaults(data);
 
-    // Clear credentials when user leaves/reloads
-    useEffect(() => {
-        const clearCreds = () => {
-            setOlmId("");
-            setOlmSecret("");
-        };
-        window.addEventListener("beforeunload", clearCreds);
-        return () => window.removeEventListener("beforeunload", clearCreds);
-    }, []);
-
-    const handleRegenerate = async () => {
-        try {
-            setLoading(true);
-            await api
-                .get(`/org/${orgId}/pick-client-defaults`)
-                .then((res) => {
-                    if (res && res.status === 200) {
-                        const data = res.data.data;
-
-                        setClientDefaults(data);
-
-                        const olmId = data.olmId;
-                        const olmSecret = data.olmSecret;
-                        setOlmId(olmId);
-                        setOlmSecret(olmSecret);
-
-                    }
-                });
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const handleSave = async () => {
-        setLoading(true);
-
-        try {
             await api.post(`/client/${client?.clientId}/regenerate-secret`, {
-                olmId: clientDefaults?.olmId,
-                secret: clientDefaults?.olmSecret,
+                olmId: data.olmId,
+                secret: data.olmSecret,
             });
 
             toast({
@@ -85,20 +48,19 @@ export default function CredentialsPage() {
             });
 
             router.refresh();
-        } catch (e) {
-            toast({
-                variant: "destructive",
-                title: t("credentialsSaveError"),
-                description: formatAxiosError(
-                    e,
-                    t("credentialsSaveErrorDescription")
-                )
-            });
-        } finally {
-            setLoading(false);
         }
     };
 
+    const getCredentials = () => {
+        if (clientDefaults) {
+            return {
+                Id: clientDefaults.olmId,
+                Secret: clientDefaults.olmSecret
+            };
+        }
+        return undefined;
+    };
+
     return (
         <SettingsContainer>
             <SettingsSection>
@@ -112,97 +74,20 @@ export default function CredentialsPage() {
                 </SettingsSectionHeader>
 
                 <SettingsSectionBody>
-                    {!clientDefaults ? (
-                        <Button
-                            onClick={handleRegenerate}
-                            loading={loading}
-                            disabled={loading}
-                        >
-                            {t("regeneratecredentials")}
-                        </Button>
-                    ) : (
-                        <>
-                            <SettingsSection>
-                                <SettingsSectionHeader>
-                                    <SettingsSectionTitle>
-                                        {t("clientOlmCredentials")}
-                                    </SettingsSectionTitle>
-                                    <SettingsSectionDescription>
-                                        {t("clientOlmCredentialsDescription")}
-                                    </SettingsSectionDescription>
-                                </SettingsSectionHeader>
-                                <SettingsSectionBody>
-                                    <InfoSections cols={3}>
-                                        <InfoSection>
-                                            <InfoSectionTitle>
-                                                {t("olmEndpoint")}
-                                            </InfoSectionTitle>
-                                            <InfoSectionContent>
-                                                <CopyToClipboard
-                                                    text={
-                                                        env.app.dashboardUrl
-                                                    }
-                                                />
-                                            </InfoSectionContent>
-                                        </InfoSection>
-                                        <InfoSection>
-                                            <InfoSectionTitle>
-                                                {t("olmId")}
-                                            </InfoSectionTitle>
-                                            <InfoSectionContent>
-                                                <CopyToClipboard
-                                                    text={olmId}
-                                                />
-                                            </InfoSectionContent>
-                                        </InfoSection>
-                                        <InfoSection>
-                                            <InfoSectionTitle>
-                                                {t("olmSecretKey")}
-                                            </InfoSectionTitle>
-                                            <InfoSectionContent>
-                                                <CopyToClipboard
-                                                    text={olmSecret}
-                                                />
-                                            </InfoSectionContent>
-                                        </InfoSection>
-                                    </InfoSections>
-
-                                    <Alert variant="neutral" className="mt-4">
-                                        <InfoIcon className="h-4 w-4" />
-                                        <AlertTitle className="font-semibold">
-                                            {t("copyandsavethesecredentials")}
-                                        </AlertTitle>
-                                        <AlertDescription>
-                                            {t(
-                                                "copyandsavethesecredentialsdescription"
-                                            )}
-                                        </AlertDescription>
-                                    </Alert>
-                                </SettingsSectionBody>
-                            </SettingsSection>
-
-                            <div className="flex justify-end mt-6 space-x-2">
-                                <Button
-                                    variant="outline"
-                                    onClick={() => {
-                                        setOlmId("");
-                                        setOlmSecret("");
-                                    }}
-                                >
-                                    {t("cancel")}
-                                </Button>
-                                <Button
-                                    onClick={handleSave}
-                                    loading={saving}
-                                    disabled={saving}
-                                >
-                                    {t("savecredentials")}
-                                </Button>
-                            </div>
-                        </>
-                    )}
+                    <Button onClick={() => setModalOpen(true)}>
+                        {t("regeneratecredentials")}
+                    </Button>
                 </SettingsSectionBody>
             </SettingsSection>
+
+            <RegenerateCredentialsModal
+                open={modalOpen}
+                onOpenChange={setModalOpen}
+                type="client-olm"
+                onConfirmRegenerate={handleConfirmRegenerate}
+                dashboardUrl={env.app.dashboardUrl}
+                credentials={getCredentials()}
+            />
         </SettingsContainer>
     );
-}
+}
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index 1420680c..3942ef83 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { useEffect, useState } from "react";
+import { useState } from "react";
 import {
     SettingsContainer,
     SettingsSection,
@@ -10,20 +10,15 @@ import {
     SettingsSectionTitle
 } from "@app/components/Settings";
 import { Button } from "@app/components/ui/button";
-import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
-import { InfoIcon } from "lucide-react";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
 import { useParams, useRouter } from "next/navigation";
 import { useTranslations } from "next-intl";
-import { InfoSection, InfoSectionContent, InfoSections, InfoSectionTitle } from "@app/components/InfoSection";
-import CopyToClipboard from "@app/components/CopyToClipboard";
 import { PickSiteDefaultsResponse } from "@server/routers/site";
 import { useSiteContext } from "@app/hooks/useSiteContext";
-import CopyTextBox from "@app/components/CopyTextBox";
-import { QRCodeCanvas } from "qrcode.react";
 import { generateKeypair } from "../wireguardConfig";
+import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -31,17 +26,12 @@ export default function CredentialsPage() {
     const { orgId } = useParams();
     const router = useRouter();
     const t = useTranslations();
-    const [newtId, setNewtId] = useState("");
-    const [newtSecret, setNewtSecret] = useState("");
-    const { site, updateSite } = useSiteContext();
+    const { site } = useSiteContext();
+    
+    const [modalOpen, setModalOpen] = useState(false);
+    const [siteDefaults, setSiteDefaults] = useState<PickSiteDefaultsResponse | null>(null);
     const [wgConfig, setWgConfig] = useState("");
-    const [siteDefaults, setSiteDefaults] =
-        useState<PickSiteDefaultsResponse | null>(null);
-
-    const [loading, setLoading] = useState(false);
-    const [saving, setSaving] = useState(false);
     const [publicKey, setPublicKey] = useState("");
-    const [privateKey, setPrivateKey] = useState("");
 
     const hydrateWireGuardConfig = (
         privateKey: string,
@@ -51,7 +41,7 @@ export default function CredentialsPage() {
         endpoint: string,
         listenPort: string
     ) => {
-        const wgConfig = `[Interface]
+        const config = `[Interface]
 Address = ${subnet}
 ListenPort = 51820
 PrivateKey = ${privateKey}
@@ -61,124 +51,83 @@ PublicKey = ${publicKey}
 AllowedIPs = ${address.split("/")[0]}/32
 Endpoint = ${endpoint}:${listenPort}
 PersistentKeepalive = 5`;
-        setWgConfig(wgConfig);
+        setWgConfig(config);
+        return config;
     };
 
-
-    // Clear credentials when user leaves/reloads
-    useEffect(() => {
-        const clearCreds = () => {
-            setNewtId("");
-            setNewtSecret("");
-        };
-        window.addEventListener("beforeunload", clearCreds);
-        return () => window.removeEventListener("beforeunload", clearCreds);
-    }, []);
-
-    const handleRegenerate = async () => {
-
-        const generatedKeypair = generateKeypair();
-
-        const privateKey = generatedKeypair.privateKey;
-        const publicKey = generatedKeypair.publicKey;
-
-        setPrivateKey(privateKey);
-        setPublicKey(publicKey);
-        try {
-            setLoading(true);
-            await api
-                .get(`/org/${orgId}/pick-site-defaults`)
-                .then((res) => {
-                    if (res && res.status === 200) {
-                        const data = res.data.data;
-
-                        setSiteDefaults(data);
-
-                        const newtId = data.newtId;
-                        const newtSecret = data.newtSecret;
-                        setNewtId(newtId);
-                        setNewtSecret(newtSecret);
-
-                        hydrateWireGuardConfig(
-                            privateKey,
-                            data.publicKey,
-                            data.subnet,
-                            data.address,
-                            data.endpoint,
-                            data.listenPort
-                        );
-
-                    }
-                });
-        } finally {
-            setLoading(false);
-        }
-    };
-
-    const handleSave = async () => {
-        setLoading(true);
-
-        let payload: any = {};
+    const handleConfirmRegenerate = async () => {
+        let generatedPublicKey = "";
+        let generatedWgConfig = "";
 
         if (site?.type === "wireguard") {
-            if (!siteDefaults || !wgConfig) {
-                toast({
-                    variant: "destructive",
-                    title: t("siteErrorCreate"),
-                    description: t("siteErrorCreateKeyPair")
-                });
-                setLoading(false);
-                return;
+            const generatedKeypair = generateKeypair();
+            generatedPublicKey = generatedKeypair.publicKey;
+            setPublicKey(generatedPublicKey);
+
+            const res = await api.get(`/org/${orgId}/pick-site-defaults`);
+            if (res && res.status === 200) {
+                const data = res.data.data;
+                setSiteDefaults(data);
+
+                // generate config with the fetched data
+                generatedWgConfig = hydrateWireGuardConfig(
+                    generatedKeypair.privateKey,
+                    data.publicKey,
+                    data.subnet,
+                    data.address,
+                    data.endpoint,
+                    data.listenPort
+                );
             }
 
-            payload = {
+            await api.post(`/site/${site?.siteId}/regenerate-secret`, {
                 type: "wireguard",
-                subnet: siteDefaults.subnet,
-                exitNodeId: siteDefaults.exitNodeId,
-                pubKey: publicKey
-            };
+                subnet: res.data.data.subnet,
+                exitNodeId: res.data.data.exitNodeId,
+                pubKey: generatedPublicKey
+            });
         }
+
         if (site?.type === "newt") {
-            if (!siteDefaults) {
-                toast({
-                    variant: "destructive",
-                    title: t("siteErrorCreate"),
-                    description: t("siteErrorCreateDefaults")
+            const res = await api.get(`/org/${orgId}/pick-site-defaults`);
+            if (res && res.status === 200) {
+                const data = res.data.data;
+                setSiteDefaults(data);
+
+                await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+                    type: "newt",
+                    newtId: data.newtId,
+                    newtSecret: data.newtSecret
                 });
-                setLoading(false);
-                return;
             }
-
-            payload = {
-                type: "newt",
-                newtId: siteDefaults?.newtId,
-                newtSecret: siteDefaults?.newtSecret
-            };
         }
 
-        try {
-            await api.post(`/site/${site?.siteId}/regenerate-secret`, payload);
+        toast({
+            title: t("credentialsSaved"),
+            description: t("credentialsSavedDescription")
+        });
 
-            toast({
-                title: t("credentialsSaved"),
-                description: t("credentialsSavedDescription")
-            });
-
-            router.refresh();
-        } catch (e) {
-            toast({
-                variant: "destructive",
-                title: t("credentialsSaveError"),
-                description: formatAxiosError(
-                    e,
-                    t("credentialsSaveErrorDescription")
-                )
-            });
-        } finally {
-            setLoading(false);
-        }
+        router.refresh();
     };
 
+    const getCredentialType = () => {
+        if (site?.type === "wireguard") return "site-wireguard";
+        if (site?.type === "newt") return "site-newt";
+        return "site-newt"; 
+    };
+
+    const getCredentials = () => {
+        if (site?.type === "wireguard" && wgConfig) {
+            return { wgConfig };
+        }
+        if (site?.type === "newt" && siteDefaults) {
+            return {
+                Id: siteDefaults.newtId,
+                Secret: siteDefaults.newtSecret
+            };
+        }
+        return undefined;
+    };
 
     return (
         <SettingsContainer>
@@ -193,141 +142,23 @@ PersistentKeepalive = 5`;
                 </SettingsSectionHeader>
 
                 <SettingsSectionBody>
-                    {!siteDefaults ? (
-                        <Button
-                            onClick={handleRegenerate}
-                            loading={loading}
-                            disabled={site.type === "local"}
-                        >
-                            {t("regeneratecredentials")}
-                        </Button>
-                    ) : (
-                        <>
-                            {site.type === "wireguard" && (
-                                <SettingsSection>
-                                    <SettingsSectionHeader>
-                                        <SettingsSectionTitle>
-                                            {t("WgConfiguration")}
-                                        </SettingsSectionTitle>
-                                        <SettingsSectionDescription>
-                                            {t("WgConfigurationDescription")}
-                                        </SettingsSectionDescription>
-                                    </SettingsSectionHeader>
-                                    <SettingsSectionBody>
-                                        <div className="flex items-center gap-4">
-                                            <CopyTextBox text={wgConfig} />
-                                            <div
-                                                className={`relative w-fit border rounded-md`}
-                                            >
-                                                <div className="bg-white p-6 rounded-md">
-                                                    <QRCodeCanvas
-                                                        value={wgConfig}
-                                                        size={168}
-                                                        className="mx-auto"
-                                                    />
-                                                </div>
-                                            </div>
-                                        </div>
-                                        <Alert variant="neutral" className="mt-4">
-                                            <InfoIcon className="h-4 w-4" />
-                                            <AlertTitle className="font-semibold">
-                                                {t("copyandsavethesecredentials")}
-                                            </AlertTitle>
-                                            <AlertDescription>
-                                                {t(
-                                                    "copyandsavethesecredentialsdescription"
-                                                )}
-                                            </AlertDescription>
-                                        </Alert>
-                                    </SettingsSectionBody>
-                                </SettingsSection>
-                            )}
-                            {site.type === "newt" && (
-                                <SettingsSection>
-                                    <SettingsSectionHeader>
-                                        <SettingsSectionTitle>
-                                            {t("siteNewtCredentials")}
-                                        </SettingsSectionTitle>
-                                        <SettingsSectionDescription>
-                                            {t(
-                                                "siteNewtCredentialsDescription"
-                                            )}
-                                        </SettingsSectionDescription>
-                                    </SettingsSectionHeader>
-                                    <SettingsSectionBody>
-                                        <InfoSections cols={3}>
-                                            <InfoSection>
-                                                <InfoSectionTitle>
-                                                    {t("newtEndpoint")}
-                                                </InfoSectionTitle>
-                                                <InfoSectionContent>
-                                                    <CopyToClipboard
-                                                        text={
-                                                            env.app.dashboardUrl
-                                                        }
-                                                    />
-                                                </InfoSectionContent>
-                                            </InfoSection>
-                                            <InfoSection>
-                                                <InfoSectionTitle>
-                                                    {t("newtId")}
-                                                </InfoSectionTitle>
-                                                <InfoSectionContent>
-                                                    <CopyToClipboard
-                                                        text={newtId}
-                                                    />
-                                                </InfoSectionContent>
-                                            </InfoSection>
-                                            <InfoSection>
-                                                <InfoSectionTitle>
-                                                    {t("newtSecretKey")}
-                                                </InfoSectionTitle>
-                                                <InfoSectionContent>
-                                                    <CopyToClipboard
-                                                        text={newtSecret}
-                                                    />
-                                                </InfoSectionContent>
-                                            </InfoSection>
-                                        </InfoSections>
-
-
-                                        <Alert variant="neutral" className="mt-4">
-                                            <InfoIcon className="h-4 w-4" />
-                                            <AlertTitle className="font-semibold">
-                                                {t("copyandsavethesecredentials")}
-                                            </AlertTitle>
-                                            <AlertDescription>
-                                                {t(
-                                                    "copyandsavethesecredentialsdescription"
-                                                )}
-                                            </AlertDescription>
-                                        </Alert>
-                                    </SettingsSectionBody>
-                                </SettingsSection>
-                            )}
-
-                            <div className="flex justify-end mt-6 space-x-2">
-                                <Button
-                                    variant="outline"
-                                    onClick={() => {
-                                        setNewtId("");
-                                        setNewtSecret("");
-                                    }}
-                                >
-                                    {t("cancel")}
-                                </Button>
-                                <Button
-                                    onClick={handleSave}
-                                    loading={saving}
-                                    disabled={saving}
-                                >
-                                    {t("savecredentials")}
-                                </Button>
-                            </div>
-                        </>
-                    )}
+                    <Button
+                        onClick={() => setModalOpen(true)}
+                        disabled={site?.type === "local"}
+                    >
+                        {t("regeneratecredentials")}
+                    </Button>
                 </SettingsSectionBody>
             </SettingsSection>
+
+            <RegenerateCredentialsModal
+                open={modalOpen}
+                onOpenChange={setModalOpen}
+                type={getCredentialType()}
+                onConfirmRegenerate={handleConfirmRegenerate}
+                dashboardUrl={env.app.dashboardUrl}
+                credentials={getCredentials()}
+            />
         </SettingsContainer>
     );
-}
+}
\ No newline at end of file
diff --git a/src/components/RegenerateCredentialsModal.tsx b/src/components/RegenerateCredentialsModal.tsx
new file mode 100644
index 00000000..f485746b
--- /dev/null
+++ b/src/components/RegenerateCredentialsModal.tsx
@@ -0,0 +1,216 @@
+"use client";
+
+import { useState } from "react";
+import {
+    Credenza,
+    CredenzaBody,
+    CredenzaClose,
+    CredenzaContent,
+    CredenzaDescription,
+    CredenzaFooter,
+    CredenzaHeader,
+    CredenzaTitle
+} from "@app/components/Credenza";
+import { Button } from "@app/components/ui/button";
+import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
+import { InfoIcon, AlertTriangle } from "lucide-react";
+import { useTranslations } from "next-intl";
+import { InfoSection, InfoSectionContent, InfoSections, InfoSectionTitle } from "@app/components/InfoSection";
+import CopyToClipboard from "@app/components/CopyToClipboard";
+import CopyTextBox from "@app/components/CopyTextBox";
+import { QRCodeCanvas } from "qrcode.react";
+
+type CredentialType = "site-wireguard" | "site-newt" | "client-olm" | "remote-exit-node";
+
+interface RegenerateCredentialsModalProps {
+    open: boolean;
+    onOpenChange: (open: boolean) => void;
+    type: CredentialType;
+    onConfirmRegenerate: () => Promise<void>;
+    dashboardUrl: string;
+    credentials?: {
+        // For WireGuard sites
+        wgConfig?: string;
+
+        Id?: string;
+        Secret?: string;
+    };
+}
+
+export default function RegenerateCredentialsModal({
+    open,
+    onOpenChange,
+    type,
+    onConfirmRegenerate,
+    dashboardUrl,
+    credentials
+}: RegenerateCredentialsModalProps) {
+    const t = useTranslations();
+    const [stage, setStage] = useState<"confirm" | "show">("confirm");
+    const [loading, setLoading] = useState(false);
+
+    const handleConfirm = async () => {
+        try {
+            setLoading(true);
+            await onConfirmRegenerate();
+            setStage("show");
+        } catch (error) {
+        } finally {
+            setLoading(false);
+        }
+    };
+
+    const handleClose = () => {
+        setStage("confirm");
+        onOpenChange(false);
+    };
+
+    const getTitle = () => {
+        if (stage === "confirm") {
+            return t("regeneratecredentials");
+        }
+        switch (type) {
+            case "site-wireguard":
+                return t("WgConfiguration");
+            case "site-newt":
+                return t("siteNewtCredentials");
+            case "client-olm":
+                return t("clientOlmCredentials");
+            case "remote-exit-node":
+                return t("remoteExitNodeCreate.generate.title");
+        }
+    };
+
+    const getDescription = () => {
+        if (stage === "confirm") {
+            return t("regenerateCredentialsWarning");
+        }
+        switch (type) {
+            case "site-wireguard":
+                return t("WgConfigurationDescription");
+            case "site-newt":
+                return t("siteNewtCredentialsDescription");
+            case "client-olm":
+                return t("clientOlmCredentialsDescription");
+            case "remote-exit-node":
+                return t("remoteExitNodeCreate.generate.description");
+        }
+    };
+
+    return (
+        <Credenza open={open} onOpenChange={onOpenChange}>
+            <CredenzaContent className="max-h-[80vh] flex flex-col">
+                <CredenzaHeader>
+                    <CredenzaTitle>{getTitle()}</CredenzaTitle>
+                    <CredenzaDescription>{getDescription()}</CredenzaDescription>
+                </CredenzaHeader>
+
+                <CredenzaBody className="overflow-y-auto px-4">
+                    {stage === "confirm" ? (
+                        <Alert variant="destructive">
+                            <AlertTriangle className="h-4 w-4" />
+                            <AlertTitle className="font-semibold">
+                                {t("warning")}
+                            </AlertTitle>
+                            <AlertDescription>
+                                {t("regenerateCredentialsConfirmation")}
+                            </AlertDescription>
+                        </Alert>
+                    ) : (
+                        <>
+                            {credentials?.wgConfig && (
+                                <div className="space-y-4">
+                                    <div className="flex flex-col items-center gap-4">
+                                        <CopyTextBox text={credentials.wgConfig} />
+                                        <div className="relative w-fit border rounded-md">
+                                            <div className="bg-white p-6 rounded-md">
+                                                <QRCodeCanvas
+                                                    value={credentials.wgConfig}
+                                                    size={168}
+                                                    className="mx-auto"
+                                                />
+                                            </div>
+                                        </div>
+                                    </div>
+
+                                    <Alert variant="neutral">
+                                        <InfoIcon className="h-4 w-4" />
+                                        <AlertTitle className="font-semibold">
+                                            {t("copyandsavethesecredentials")}
+                                        </AlertTitle>
+                                        <AlertDescription>
+                                            {t("copyandsavethesecredentialsdescription")}
+                                        </AlertDescription>
+                                    </Alert>
+                                </div>
+                            )}
+
+                            {credentials?.Id && credentials.Secret && (
+                                <div className="space-y-4">
+                                    <InfoSections cols={1}>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("endpoint")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard text={dashboardUrl} />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("Id")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard text={credentials?.Id} />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                        <InfoSection>
+                                            <InfoSectionTitle>
+                                                {t("SecretKey")}
+                                            </InfoSectionTitle>
+                                            <InfoSectionContent>
+                                                <CopyToClipboard text={credentials?.Secret} />
+                                            </InfoSectionContent>
+                                        </InfoSection>
+                                    </InfoSections>
+                                    <Alert variant="neutral">
+                                        <InfoIcon className="h-4 w-4" />
+                                        <AlertTitle className="font-semibold">
+                                            {t("copyandsavethesecredentials")}
+                                        </AlertTitle>
+                                        <AlertDescription>
+                                            {t("copyandsavethesecredentialsdescription")}
+                                        </AlertDescription>
+                                    </Alert>
+                                </div>
+
+                            )}
+                        </>
+                    )}
+                </CredenzaBody>
+
+                <CredenzaFooter>
+                    {stage === "confirm" ? (
+                        <>
+                            <CredenzaClose asChild>
+                                <Button variant="outline">{t("cancel")}</Button>
+                            </CredenzaClose>
+                            <Button
+                                onClick={handleConfirm}
+                                loading={loading}
+                                disabled={loading}
+                                variant="destructive"
+                            >
+                                {t("confirm")}
+                            </Button>
+                        </>
+                    ) : (
+                        <Button onClick={handleClose} className="w-full">
+                            {t("close")}
+                        </Button>
+                    )}
+                </CredenzaFooter>
+            </CredenzaContent>
+        </Credenza>
+    );
+}
\ No newline at end of file

From aa3f07f1bae235ca93682bdf421423e1345835bd Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Fri, 7 Nov 2025 20:05:29 +0100
Subject: [PATCH 36/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20make=20fossorial=20r?=
 =?UTF-8?q?emote=20API=20only=20configurable=20on=20the=20frontend=20and?=
 =?UTF-8?q?=20only=20in=20`DEV`?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/lib/config.ts                                      | 4 +---
 .../routers/generatedLicense/generateNewLicense.ts        | 4 +---
 .../routers/generatedLicense/listGeneratedLicenses.ts     | 4 +---
 server/routers/supporterKey/validateSupporterKey.ts       | 6 +-----
 src/lib/api/index.ts                                      | 8 +++++++-
 src/lib/pullEnv.ts                                        | 8 +-------
 src/lib/types/env.ts                                      | 1 -
 7 files changed, 12 insertions(+), 23 deletions(-)

diff --git a/server/lib/config.ts b/server/lib/config.ts
index f71cfd51..13a1f6a4 100644
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -6,7 +6,6 @@ import { eq } from "drizzle-orm";
 import { configSchema, readConfigFile } from "./readConfigFile";
 import { fromError } from "zod-validation-error";
 import { build } from "@server/build";
-import { pullEnv } from "@app/lib/pullEnv";
 
 export class Config {
     private rawConfig!: z.infer<typeof configSchema>;
@@ -150,7 +149,6 @@ export class Config {
 
     public async checkSupporterKey() {
         const [key] = await db.select().from(supporterKey).limit(1);
-        const env = pullEnv();
 
         if (!key) {
             return;
@@ -160,7 +158,7 @@ export class Config {
 
         try {
             const response = await fetch(
-                `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license/validate`,
+                `https://api.fossorial.io/api/v1/license/validate`,
                 {
                     method: "POST",
                     headers: {
diff --git a/server/private/routers/generatedLicense/generateNewLicense.ts b/server/private/routers/generatedLicense/generateNewLicense.ts
index dfbaaa89..2c0c4420 100644
--- a/server/private/routers/generatedLicense/generateNewLicense.ts
+++ b/server/private/routers/generatedLicense/generateNewLicense.ts
@@ -18,13 +18,11 @@ import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
 import privateConfig from "#private/lib/config";
 import { GenerateNewLicenseResponse } from "@server/routers/generatedLicense/types";
-import { pullEnv } from "@app/lib/pullEnv";
 
 async function createNewLicense(orgId: string, licenseData: any): Promise<any> {
     try {
-        const env = pullEnv();
         const response = await fetch(
-            `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license-internal/enterprise/${orgId}/create`,
+            `https://api.fossorial.io/api/v1/license-internal/enterprise/${orgId}/create`,
             {
                 method: "PUT",
                 headers: {
diff --git a/server/private/routers/generatedLicense/listGeneratedLicenses.ts b/server/private/routers/generatedLicense/listGeneratedLicenses.ts
index 839c8a2c..fb54c763 100644
--- a/server/private/routers/generatedLicense/listGeneratedLicenses.ts
+++ b/server/private/routers/generatedLicense/listGeneratedLicenses.ts
@@ -21,13 +21,11 @@ import {
     GeneratedLicenseKey,
     ListGeneratedLicenseKeysResponse
 } from "@server/routers/generatedLicense/types";
-import { pullEnv } from "@app/lib/pullEnv";
 
 async function fetchLicenseKeys(orgId: string): Promise<any> {
     try {
-        const env = pullEnv();
         const response = await fetch(
-            `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license-internal/enterprise/${orgId}/list`,
+            `https://api.fossorial.io/api/v1/license-internal/enterprise/${orgId}/list`,
             {
                 method: "GET",
                 headers: {
diff --git a/server/routers/supporterKey/validateSupporterKey.ts b/server/routers/supporterKey/validateSupporterKey.ts
index 82315017..338c920e 100644
--- a/server/routers/supporterKey/validateSupporterKey.ts
+++ b/server/routers/supporterKey/validateSupporterKey.ts
@@ -5,12 +5,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { response as sendResponse } from "@server/lib/response";
-import { suppressDeprecationWarnings } from "moment";
 import { supporterKey } from "@server/db";
 import { db } from "@server/db";
-import { eq } from "drizzle-orm";
 import config from "@server/lib/config";
-import { pullEnv } from "@app/lib/pullEnv";
 
 const validateSupporterKeySchema = z
     .object({
@@ -32,7 +29,6 @@ export async function validateSupporterKey(
     next: NextFunction
 ): Promise<any> {
     try {
-        const env = pullEnv();
         const parsedBody = validateSupporterKeySchema.safeParse(req.body);
         if (!parsedBody.success) {
             return next(
@@ -46,7 +42,7 @@ export async function validateSupporterKey(
         const { githubUsername, key } = parsedBody.data;
 
         const response = await fetch(
-            `${env.app.fossorialRemoteAPIBaseUrl}/api/v1/license/validate`,
+            `https://api.fossorial.io/api/v1/license/validate`,
             {
                 method: "POST",
                 headers: {
diff --git a/src/lib/api/index.ts b/src/lib/api/index.ts
index a75d3abe..14735053 100644
--- a/src/lib/api/index.ts
+++ b/src/lib/api/index.ts
@@ -51,8 +51,14 @@ export const internal = axios.create({
     }
 });
 
+const remoteAPIURL =
+    process.env.NODE_ENV === "development"
+        ? (process.env.NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL ??
+          "https://api.fossorial.io")
+        : "https://api.fossorial.io";
+
 export const remote = axios.create({
-    baseURL: `${process.env.NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL}/api/v1`,
+    baseURL: `${remoteAPIURL}/api/v1`,
     timeout: 10000,
     headers: {
         "Content-Type": "application/json",
diff --git a/src/lib/pullEnv.ts b/src/lib/pullEnv.ts
index 7e5a0dc4..7893a8c6 100644
--- a/src/lib/pullEnv.ts
+++ b/src/lib/pullEnv.ts
@@ -21,11 +21,6 @@ const envSchema = z.object({
         .transform((val) => val === "true"),
     APP_VERSION: z.string(),
     DASHBOARD_URL: z.string(),
-    NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL: z
-        .string()
-        .url()
-        .default("https://api.fossorial.io")
-        .transform((url) => url.replace(/(.*)\/?$/, "$1")),
 
     // Email configuration
     EMAIL_ENABLED: z
@@ -117,8 +112,7 @@ export function pullEnv(): Env {
             environment: env.ENVIRONMENT,
             sandbox_mode: env.SANDBOX_MODE,
             version: env.APP_VERSION,
-            dashboardUrl: env.DASHBOARD_URL,
-            fossorialRemoteAPIBaseUrl: env.NEXT_PUBLIC_FOSSORIAL_REMOTE_API_URL
+            dashboardUrl: env.DASHBOARD_URL
         },
         email: {
             emailEnabled: env.EMAIL_ENABLED
diff --git a/src/lib/types/env.ts b/src/lib/types/env.ts
index 64bc8d73..6ebf758a 100644
--- a/src/lib/types/env.ts
+++ b/src/lib/types/env.ts
@@ -4,7 +4,6 @@ export type Env = {
         sandbox_mode: boolean;
         version: string;
         dashboardUrl: string;
-        fossorialRemoteAPIBaseUrl: string;
     };
     server: {
         externalPort: string;

From 0745734273a5d348386b6ed7a9534c1223165537 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Fri, 7 Nov 2025 20:05:51 +0100
Subject: [PATCH 37/70] =?UTF-8?q?=E2=99=BB=EF=B8=8F=20include=20`build`=20?=
 =?UTF-8?q?when=20getting=20product=20udpates?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/lib/queries.ts | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/src/lib/queries.ts b/src/lib/queries.ts
index 53aaeee7..7ea4b07b 100644
--- a/src/lib/queries.ts
+++ b/src/lib/queries.ts
@@ -6,9 +6,9 @@ import type ResponseT from "@server/types/Response";
 
 export type ProductUpdate = {
     link: string | null;
-    edition: "enterprise" | "community" | "cloud" | null;
+    build: "enterprise" | "oss" | "saas" | null;
     id: number;
-    type: "Update" | "Important" | "New";
+    type: "Update" | "Important" | "New" | "Warning";
     title: string;
     contents: string;
     publishedAt: Date;
@@ -19,8 +19,11 @@ export const productUpdatesQueries = {
     list: queryOptions({
         queryKey: ["PRODUCT_UPDATES"] as const,
         queryFn: async ({ signal }) => {
+            const sp = new URLSearchParams({
+                build
+            });
             const data = await remote.get<ResponseT<ProductUpdate[]>>(
-                "/product-updates",
+                `/product-updates?${sp.toString()}`,
                 { signal }
             );
             return data.data;

From 8a5f59cb9ffc014437777ce6ce5273050c8839fb Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 8 Nov 2025 01:38:47 +0530
Subject: [PATCH 38/70] disable re-key button for non licensed

---
 messages/en-US.json                           |  3 +-
 .../[remoteExitNodeId]/credentials/page.tsx   | 40 +++++++++++++++--
 .../clients/[clientId]/credentials/page.tsx   | 41 ++++++++++++++---
 .../sites/[niceId]/credentials/page.tsx       | 45 +++++++++++++++----
 4 files changed, 111 insertions(+), 18 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index dc4b429a..c9d55062 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2112,5 +2112,6 @@
     "regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
     "endpoint": "Endpoint",
     "id": "Id",
-    "SecretKey": "Secret Key"
+    "SecretKey": "Secret Key",
+    "featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it."
 }
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
index b605ad35..0fcdcbbb 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
@@ -22,6 +22,10 @@ import {
 } from "@server/routers/remoteExitNode/types";
 import { useRemoteExitNodeContext } from "@app/hooks/useRemoteExitNodeContext";
 import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { build } from "@server/build";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -34,8 +38,19 @@ export default function CredentialsPage() {
     const [modalOpen, setModalOpen] = useState(false);
     const [credentials, setCredentials] = useState<PickRemoteExitNodeDefaultsResponse | null>(null);
 
+    const { licenseStatus, isUnlocked } = useLicenseStatusContext();
+    const subscription = useSubscriptionStatusContext();
+
+    const isSecurityFeatureDisabled = () => {
+        const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked();
+        const isSaasNotSubscribed =
+            build === "saas" && !subscription?.isSubscribed();
+        return isEnterpriseNotLicensed || isSaasNotSubscribed;
+    };
+
+
     const handleConfirmRegenerate = async () => {
-  
+
         const response = await api.get<AxiosResponse<PickRemoteExitNodeDefaultsResponse>>(
             `/org/${orgId}/pick-remote-exit-node-defaults`
         );
@@ -82,9 +97,26 @@ export default function CredentialsPage() {
                 </SettingsSectionHeader>
 
                 <SettingsSectionBody>
-                    <Button onClick={() => setModalOpen(true)}>
-                        {t("regeneratecredentials")}
-                    </Button>
+                    <TooltipProvider>
+                        <Tooltip>
+                            <TooltipTrigger asChild>
+                                <div className="inline-block">
+                                    <Button
+                                        onClick={() => setModalOpen(true)}
+                                        disabled={isSecurityFeatureDisabled()}
+                                    >
+                                        {t("regeneratecredentials")}
+                                    </Button>
+                                </div>
+                            </TooltipTrigger>
+
+                            {isSecurityFeatureDisabled() && (
+                                <TooltipContent side="top">
+                                    {t("featureDisabledTooltip")}
+                                </TooltipContent>
+                            )}
+                        </Tooltip>
+                    </TooltipProvider>
                 </SettingsSectionBody>
             </SettingsSection>
 
diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
index e4a67544..024c539a 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
@@ -18,6 +18,10 @@ import { useTranslations } from "next-intl";
 import { PickClientDefaultsResponse } from "@server/routers/client";
 import { useClientContext } from "@app/hooks/useClientContext";
 import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
+import { build } from "@server/build";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -26,12 +30,23 @@ export default function CredentialsPage() {
     const router = useRouter();
     const t = useTranslations();
     const { client } = useClientContext();
-    
+
     const [modalOpen, setModalOpen] = useState(false);
     const [clientDefaults, setClientDefaults] = useState<PickClientDefaultsResponse | null>(null);
 
+    const { licenseStatus, isUnlocked } = useLicenseStatusContext();
+    const subscription = useSubscriptionStatusContext();
+
+    const isSecurityFeatureDisabled = () => {
+        const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked();
+        const isSaasNotSubscribed =
+            build === "saas" && !subscription?.isSubscribed();
+        return isEnterpriseNotLicensed || isSaasNotSubscribed;
+    };
+
+
     const handleConfirmRegenerate = async () => {
-    
+
         const res = await api.get(`/org/${orgId}/pick-client-defaults`);
         if (res && res.status === 200) {
             const data = res.data.data;
@@ -74,9 +89,25 @@ export default function CredentialsPage() {
                 </SettingsSectionHeader>
 
                 <SettingsSectionBody>
-                    <Button onClick={() => setModalOpen(true)}>
-                        {t("regeneratecredentials")}
-                    </Button>
+                    <TooltipProvider>
+                        <Tooltip>
+                            <TooltipTrigger asChild>
+                                <div className="inline-block">
+                                    <Button
+                                        onClick={() => setModalOpen(true)}
+                                        disabled={isSecurityFeatureDisabled()}>
+                                        {t("regeneratecredentials")}
+                                    </Button>
+                                </div>
+                            </TooltipTrigger>
+
+                            {isSecurityFeatureDisabled() && (
+                                <TooltipContent side="top">
+                                    {t("featureDisabledTooltip")}
+                                </TooltipContent>
+                            )}
+                        </Tooltip>
+                    </TooltipProvider>
                 </SettingsSectionBody>
             </SettingsSection>
 
diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index 3942ef83..8351c730 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -19,6 +19,10 @@ import { PickSiteDefaultsResponse } from "@server/routers/site";
 import { useSiteContext } from "@app/hooks/useSiteContext";
 import { generateKeypair } from "../wireguardConfig";
 import RegenerateCredentialsModal from "@app/components/RegenerateCredentialsModal";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { useSubscriptionStatusContext } from "@app/hooks/useSubscriptionStatusContext";
+import { build } from "@server/build";
+import { Tooltip, TooltipContent, TooltipProvider, TooltipTrigger } from "@app/components/ui/tooltip";
 
 export default function CredentialsPage() {
     const { env } = useEnvContext();
@@ -27,12 +31,23 @@ export default function CredentialsPage() {
     const router = useRouter();
     const t = useTranslations();
     const { site } = useSiteContext();
-    
+
     const [modalOpen, setModalOpen] = useState(false);
     const [siteDefaults, setSiteDefaults] = useState<PickSiteDefaultsResponse | null>(null);
     const [wgConfig, setWgConfig] = useState("");
     const [publicKey, setPublicKey] = useState("");
 
+    const { licenseStatus, isUnlocked } = useLicenseStatusContext();
+    const subscription = useSubscriptionStatusContext();
+
+    const isSecurityFeatureDisabled = () => {
+        const isEnterpriseNotLicensed = build === "enterprise" && !isUnlocked();
+        const isSaasNotSubscribed =
+            build === "saas" && !subscription?.isSubscribed();
+        return isEnterpriseNotLicensed || isSaasNotSubscribed;
+    };
+
+
     const hydrateWireGuardConfig = (
         privateKey: string,
         publicKey: string,
@@ -113,7 +128,7 @@ PersistentKeepalive = 5`;
     const getCredentialType = () => {
         if (site?.type === "wireguard") return "site-wireguard";
         if (site?.type === "newt") return "site-newt";
-        return "site-newt"; 
+        return "site-newt";
     };
 
     const getCredentials = () => {
@@ -142,12 +157,26 @@ PersistentKeepalive = 5`;
                 </SettingsSectionHeader>
 
                 <SettingsSectionBody>
-                    <Button
-                        onClick={() => setModalOpen(true)}
-                        disabled={site?.type === "local"}
-                    >
-                        {t("regeneratecredentials")}
-                    </Button>
+                    <TooltipProvider>
+                        <Tooltip>
+                            <TooltipTrigger asChild>
+                                <div className="inline-block">
+                                    <Button
+                                        onClick={() => setModalOpen(true)}
+                                        disabled={isSecurityFeatureDisabled()}
+                                    >
+                                        {t("regeneratecredentials")}
+                                    </Button>
+                                </div>
+                            </TooltipTrigger>
+
+                            {isSecurityFeatureDisabled() && (
+                                <TooltipContent side="top">
+                                    {t("featureDisabledTooltip")}
+                                </TooltipContent>
+                            )}
+                        </Tooltip>
+                    </TooltipProvider>
                 </SettingsSectionBody>
             </SettingsSection>
 

From b6e98632b5efa5efefcae201f1ce7d1048204f3c Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Sat, 8 Nov 2025 02:43:47 +0530
Subject: [PATCH 39/70] move re-key API routes to private api

---
 messages/en-US.json                           |  2 +-
 server/private/routers/external.ts            | 37 ++++++++++++++-----
 server/private/routers/re-key/index.ts        |  3 ++
 .../routers/re-key}/reGenerateClientSecret.ts |  2 +-
 .../reGenerateExitNodeSecret.ts               | 25 ++++++++++++-
 .../routers/re-key}/reGenerateSiteSecret.ts   |  4 +-
 .../private/routers/remoteExitNode/index.ts   |  1 -
 server/routers/client/index.ts                |  3 +-
 server/routers/external.ts                    | 13 -------
 server/routers/site/index.ts                  |  3 +-
 .../[remoteExitNodeId]/credentials/page.tsx   |  2 +-
 .../clients/[clientId]/credentials/page.tsx   |  2 +-
 .../settings/clients/[clientId]/layout.tsx    | 12 ++++--
 .../sites/[niceId]/credentials/page.tsx       |  4 +-
 .../settings/sites/[niceId]/layout.tsx        |  3 +-
 15 files changed, 75 insertions(+), 41 deletions(-)
 create mode 100644 server/private/routers/re-key/index.ts
 rename server/{routers/client => private/routers/re-key}/reGenerateClientSecret.ts (98%)
 rename server/private/routers/{remoteExitNode => re-key}/reGenerateExitNodeSecret.ts (85%)
 rename server/{routers/site => private/routers/re-key}/reGenerateSiteSecret.ts (97%)

diff --git a/messages/en-US.json b/messages/en-US.json
index c9d55062..e7efb66b 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2111,7 +2111,7 @@
     "confirm": "Confirm",
     "regenerateCredentialsConfirmation": "Are you sure you want to regenerate the credentials?",
     "endpoint": "Endpoint",
-    "id": "Id",
+    "Id": "Id",
     "SecretKey": "Secret Key",
     "featureDisabledTooltip": "This feature is only available in the enterprise plan and require a license to use it."
 }
diff --git a/server/private/routers/external.ts b/server/private/routers/external.ts
index 493e9646..eefd175c 100644
--- a/server/private/routers/external.ts
+++ b/server/private/routers/external.ts
@@ -23,11 +23,15 @@ import * as license from "#private/routers/license";
 import * as generateLicense from "./generatedLicense";
 import * as logs from "#private/routers/auditLogs";
 import * as misc from "#private/routers/misc";
+import * as reKey from "#private/routers/re-key";
 
 import {
     verifyOrgAccess,
     verifyUserHasAction,
-    verifyUserIsServerAdmin
+    verifyUserIsServerAdmin,
+    verifySiteAccess,
+    verifyClientAccess,
+    verifyClientsEnabled,
 } from "@server/middlewares";
 import { ActionsEnum } from "@server/auth/actions";
 import {
@@ -236,14 +240,6 @@ authenticated.put(
     remoteExitNode.createRemoteExitNode
 );
 
-authenticated.put(
-    "/org/:orgId/reGenerate-remote-exit-node-secret",
-    verifyValidLicense,
-    verifyOrgAccess,
-    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
-    remoteExitNode.reGenerateExitNodeSecret
-);
-
 authenticated.get(
     "/org/:orgId/remote-exit-nodes",
     verifyValidLicense,
@@ -411,3 +407,26 @@ authenticated.get(
     logActionAudit(ActionsEnum.exportLogs),
     logs.exportAccessAuditLogs
 );
+
+authenticated.post(
+    "/re-key/:clientId/regenerate-client-secret",
+    verifyClientsEnabled,
+    verifyClientAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    reKey.reGenerateClientSecret
+);
+
+authenticated.post(
+    "/re-key/:siteId/regenerate-site-secret",
+    verifySiteAccess,
+    verifyUserHasAction(ActionsEnum.reGenerateSecret),
+    reKey.reGenerateSiteSecret
+);
+
+authenticated.put(
+    "/re-key/:orgId/reGenerate-remote-exit-node-secret",
+    verifyValidLicense,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.updateRemoteExitNode),
+    reKey.reGenerateExitNodeSecret
+);
diff --git a/server/private/routers/re-key/index.ts b/server/private/routers/re-key/index.ts
new file mode 100644
index 00000000..7e04d9e4
--- /dev/null
+++ b/server/private/routers/re-key/index.ts
@@ -0,0 +1,3 @@
+export * from "./reGenerateClientSecret";
+export * from "./reGenerateSiteSecret";
+export * from "./reGenerateExitNodeSecret";
\ No newline at end of file
diff --git a/server/routers/client/reGenerateClientSecret.ts b/server/private/routers/re-key/reGenerateClientSecret.ts
similarity index 98%
rename from server/routers/client/reGenerateClientSecret.ts
rename to server/private/routers/re-key/reGenerateClientSecret.ts
index 2bce396a..d16d433b 100644
--- a/server/routers/client/reGenerateClientSecret.ts
+++ b/server/private/routers/re-key/reGenerateClientSecret.ts
@@ -29,7 +29,7 @@ export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
 
 registry.registerPath({
     method: "post",
-    path: "/client/{clientId}/regenerate-secret",
+    path: "/re-key/{clientId}/regenerate-client-secret",
     description: "Regenerate a client's OLM credentials by its client ID.",
     tags: [OpenAPITags.Client],
     request: {
diff --git a/server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts b/server/private/routers/re-key/reGenerateExitNodeSecret.ts
similarity index 85%
rename from server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts
rename to server/private/routers/re-key/reGenerateExitNodeSecret.ts
index b3785d2e..1503e75a 100644
--- a/server/private/routers/remoteExitNode/reGenerateExitNodeSecret.ts
+++ b/server/private/routers/re-key/reGenerateExitNodeSecret.ts
@@ -23,7 +23,11 @@ import { hashPassword } from "@server/auth/password";
 import logger from "@server/logger";
 import { and, eq } from "drizzle-orm";
 import { UpdateRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
-import { paramsSchema } from "./createRemoteExitNode";
+import { OpenAPITags, registry } from "@server/openApi";
+
+export const paramsSchema = z.object({
+    orgId: z.string()
+});
 
 const bodySchema = z
     .object({
@@ -32,6 +36,25 @@ const bodySchema = z
     })
     .strict();
 
+
+registry.registerPath({
+    method: "post",
+    path: "/re-key/{orgId}/regenerate-secret",
+    description: "Regenerate a exit node credentials by its org ID.",
+    tags: [OpenAPITags.Org],
+    request: {
+        params: paramsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: bodySchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
 export async function reGenerateExitNodeSecret(
     req: Request,
     res: Response,
diff --git a/server/routers/site/reGenerateSiteSecret.ts b/server/private/routers/re-key/reGenerateSiteSecret.ts
similarity index 97%
rename from server/routers/site/reGenerateSiteSecret.ts
rename to server/private/routers/re-key/reGenerateSiteSecret.ts
index 7965b6f8..1d046933 100644
--- a/server/routers/site/reGenerateSiteSecret.ts
+++ b/server/private/routers/re-key/reGenerateSiteSecret.ts
@@ -9,7 +9,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
-import { addPeer } from "../gerbil/peers";
+import { addPeer } from "@server/routers/gerbil/peers";
 
 
 const updateSiteParamsSchema = z
@@ -31,7 +31,7 @@ const updateSiteBodySchema = z
 
 registry.registerPath({
     method: "post",
-    path: "/site/{siteId}/regenerate-secret",
+    path: "/re-key/{siteId}/regenerate-site-secret",
     description: "Regenerate a site's Newt or WireGuard credentials by its site ID.",
     tags: [OpenAPITags.Site],
     request: {
diff --git a/server/private/routers/remoteExitNode/index.ts b/server/private/routers/remoteExitNode/index.ts
index 7c001098..2a04f9d9 100644
--- a/server/private/routers/remoteExitNode/index.ts
+++ b/server/private/routers/remoteExitNode/index.ts
@@ -21,4 +21,3 @@ export * from "./deleteRemoteExitNode";
 export * from "./listRemoteExitNodes";
 export * from "./pickRemoteExitNodeDefaults";
 export * from "./quickStartRemoteExitNode";
-export * from "./reGenerateExitNodeSecret";
diff --git a/server/routers/client/index.ts b/server/routers/client/index.ts
index 9f97446e..385c7bed 100644
--- a/server/routers/client/index.ts
+++ b/server/routers/client/index.ts
@@ -3,5 +3,4 @@ export * from "./createClient";
 export * from "./deleteClient";
 export * from "./listClients";
 export * from "./updateClient";
-export * from "./getClient";
-export * from "./reGenerateClientSecret";
\ No newline at end of file
+export * from "./getClient";
\ No newline at end of file
diff --git a/server/routers/external.ts b/server/routers/external.ts
index c2c518fa..f500f483 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -178,13 +178,6 @@ authenticated.post(
     client.updateClient,
 );
 
-authenticated.post(
-    "/client/:clientId/regenerate-secret",
-    verifyClientsEnabled,
-    verifyClientAccess,
-    verifyUserHasAction(ActionsEnum.reGenerateSecret),
-    client.reGenerateClientSecret
-);
 
 // authenticated.get(
 //     "/site/:siteId/roles",
@@ -200,12 +193,6 @@ authenticated.post(
     site.updateSite,
 );
 
-authenticated.post(
-    "/site/:siteId/regenerate-secret",
-    verifySiteAccess,
-    verifyUserHasAction(ActionsEnum.reGenerateSecret),
-    site.reGenerateSiteSecret
-);
 authenticated.delete(
     "/site/:siteId",
     verifySiteAccess,
diff --git a/server/routers/site/index.ts b/server/routers/site/index.ts
index 9b8b89cb..b97557a8 100644
--- a/server/routers/site/index.ts
+++ b/server/routers/site/index.ts
@@ -5,5 +5,4 @@ export * from "./updateSite";
 export * from "./listSites";
 export * from "./listSiteRoles";
 export * from "./pickSiteDefaults";
-export * from "./socketIntegration";
-export * from "./reGenerateSiteSecret";
\ No newline at end of file
+export * from "./socketIntegration";
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
index 0fcdcbbb..115b1bd3 100644
--- a/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/(private)/remote-exit-nodes/[remoteExitNodeId]/credentials/page.tsx
@@ -59,7 +59,7 @@ export default function CredentialsPage() {
         setCredentials(data);
 
         await api.put<AxiosResponse<QuickStartRemoteExitNodeResponse>>(
-            `/org/${orgId}/reGenerate-remote-exit-node-secret`,
+            `/re-key/${orgId}/reGenerate-remote-exit-node-secret`,
             {
                 remoteExitNodeId: remoteExitNode.remoteExitNodeId,
                 secret: data.secret,
diff --git a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
index 024c539a..f14d49e4 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/credentials/page.tsx
@@ -52,7 +52,7 @@ export default function CredentialsPage() {
             const data = res.data.data;
             setClientDefaults(data);
 
-            await api.post(`/client/${client?.clientId}/regenerate-secret`, {
+            await api.post(`/re-key/${client?.clientId}/regenerate-client-secret`, {
                 olmId: data.olmId,
                 secret: data.olmSecret,
             });
diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
index dc4ef0b4..257cb20f 100644
--- a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
+++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
@@ -8,6 +8,7 @@ import ClientProvider from "@app/providers/ClientProvider";
 import { redirect } from "next/navigation";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import { getTranslations } from "next-intl/server";
+import { build } from "@server/build";
 
 type SettingsLayoutProps = {
     children: React.ReactNode;
@@ -38,10 +39,13 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
             title: t('general'),
             href: `/{orgId}/settings/clients/{clientId}/general`
         },
-        {
-            title: t('credentials'),
-            href: `/{orgId}/settings/clients/{clientId}/credentials`
-        }
+        ...(build === 'enterprise'
+            ? [{
+                title: t('credentials'),
+                href: `/{orgId}/settings/clients/{clientId}/credentials`
+            },
+            ]
+            : []),
     ];
 
     return (
diff --git a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
index 8351c730..6dcee413 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/credentials/page.tsx
@@ -95,7 +95,7 @@ PersistentKeepalive = 5`;
                 );
             }
 
-            await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+            await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
                 type: "wireguard",
                 subnet: res.data.data.subnet,
                 exitNodeId: res.data.data.exitNodeId,
@@ -109,7 +109,7 @@ PersistentKeepalive = 5`;
                 const data = res.data.data;
                 setSiteDefaults(data);
 
-                await api.post(`/site/${site?.siteId}/regenerate-secret`, {
+                await api.post(`/re-key/${site?.siteId}/regenerate-site-secret`, {
                     type: "newt",
                     newtId: data.newtId,
                     newtSecret: data.newtSecret
diff --git a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
index 01008dab..8ef00410 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
@@ -8,6 +8,7 @@ import { HorizontalTabs } from "@app/components/HorizontalTabs";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import SiteInfoCard from "../../../../../components/SiteInfoCard";
 import { getTranslations } from "next-intl/server";
+import { build } from "@server/build";
 
 interface SettingsLayoutProps {
     children: React.ReactNode;
@@ -37,7 +38,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
             title: t('general'),
             href: `/${params.orgId}/settings/sites/${params.niceId}/general`,
         },
-        ...(site.type !== 'local'
+        ...(site.type !== 'local' && build === 'enterprise'
             ? [
                 {
                     title: t('credentials'),

From 94e1c534ca5a574ee58d868075626db01c4d6e89 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Sat, 8 Nov 2025 00:19:30 +0100
Subject: [PATCH 40/70] =?UTF-8?q?=F0=9F=92=84=20add=20link=20to=20read=20m?=
 =?UTF-8?q?ore?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 src/components/ProductUpdates.tsx | 33 ++++++++++++++++++++++---------
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 6d8a39f6..6c56d69d 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -9,6 +9,7 @@ import {
     ArrowRight,
     BellIcon,
     ChevronRightIcon,
+    ExternalLinkIcon,
     RocketIcon,
     XIcon
 } from "lucide-react";
@@ -181,9 +182,14 @@ function ProductUpdatesListPopup({
                             <BellIcon className="flex-none size-4" />
                         </div>
                         <div className="flex flex-col gap-2">
-                            <p className="font-medium text-start">
-                                {t("productUpdateWhatsNew")}
-                            </p>
+                            <div className="flex justify-between items-center">
+                                <p className="font-medium text-start">
+                                    {t("productUpdateWhatsNew")}
+                                </p>
+                                <div className="p-1 cursor-pointer">
+                                    <ChevronRightIcon className="size-4 flex-none" />
+                                </div>
+                            </div>
                             <small
                                 className={cn(
                                     "text-start text-muted-foreground",
@@ -194,9 +200,6 @@ function ProductUpdatesListPopup({
                                 {updates[0]?.contents}
                             </small>
                         </div>
-                        <div className="p-1 cursor-pointer">
-                            <ChevronRightIcon className="size-4 flex-none" />
-                        </div>
                     </div>
                 </PopoverTrigger>
             </Transition>
@@ -267,9 +270,21 @@ function ProductUpdatesListPopup({
                                     </Tooltip>
                                 </TooltipProvider>
                             </div>
-                            <small className="text-muted-foreground">
-                                {update.contents}
-                            </small>
+                            <div className="flex flex-col gap-0.5">
+                                <small className="text-muted-foreground">
+                                    {update.contents}{" "}
+                                    {update.link && (
+                                        <a
+                                            href={update.link}
+                                            target="_blank"
+                                            className="underline text-foreground inline-flex flex-wrap items-center gap-1 text-xs"
+                                        >
+                                            Read more{" "}
+                                            <ExternalLinkIcon className="size-3 flex-none" />
+                                        </a>
+                                    )}
+                                </small>
+                            </div>
                             <time
                                 dateTime={update.publishedAt.toLocaleString()}
                                 className="text-xs text-muted-foreground"

From 579a4e1021498756f36bc3674cdd5a9798ae20b9 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Sat, 8 Nov 2025 00:51:56 +0100
Subject: [PATCH 41/70] =?UTF-8?q?=E2=9C=A8=20add=20flags=20for=20enabling?=
 =?UTF-8?q?=20notifications=20for=20product=20updates=20&=20new=20releases?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/lib/config.ts              | 10 ++++
 server/lib/readConfigFile.ts      | 27 ++++++++-
 src/components/ProductUpdates.tsx | 25 ++++-----
 src/lib/pullEnv.ts                | 14 ++++-
 src/lib/queries.ts                | 92 ++++++++++++++++---------------
 src/lib/types/env.ts              |  4 ++
 6 files changed, 112 insertions(+), 60 deletions(-)

diff --git a/server/lib/config.ts b/server/lib/config.ts
index 13a1f6a4..b49814f0 100644
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -89,6 +89,16 @@ export class Config {
             ? "true"
             : "false";
 
+        process.env.PRODUCT_UPDATES_NOTIFICATION_ENABLED = parsedConfig.app
+            .notifications.product_updates
+            ? "true"
+            : "false";
+
+        process.env.NEW_RELEASES_NOTIFICATION_ENABLED = parsedConfig.app
+            .notifications.new_releases
+            ? "true"
+            : "false";
+
         if (parsedConfig.server.maxmind_db_path) {
             process.env.MAXMIND_DB_PATH = parsedConfig.server.maxmind_db_path;
         }
diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index 571708ef..9d6cafb9 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -31,6 +31,13 @@ export const configSchema = z
                         anonymous_usage: z.boolean().optional().default(true)
                     })
                     .optional()
+                    .default({}),
+                notifications: z
+                    .object({
+                        product_updates: z.boolean().optional().default(true),
+                        new_releases: z.boolean().optional().default(true)
+                    })
+                    .optional()
                     .default({})
             })
             .optional()
@@ -40,6 +47,10 @@ export const configSchema = z
                 log_failed_attempts: false,
                 telemetry: {
                     anonymous_usage: true
+                },
+                notifications: {
+                    product_updates: true,
+                    new_releases: true
                 }
             }),
         domains: z
@@ -205,7 +216,10 @@ export const configSchema = z
                     .default(["newt", "wireguard", "local"]),
                 allow_raw_resources: z.boolean().optional().default(true),
                 file_mode: z.boolean().optional().default(false),
-                pp_transport_prefix: z.string().optional().default("pp-transport-v")
+                pp_transport_prefix: z
+                    .string()
+                    .optional()
+                    .default("pp-transport-v")
             })
             .optional()
             .default({}),
@@ -315,8 +329,15 @@ export const configSchema = z
                 nameservers: z
                     .array(z.string().optional().optional())
                     .optional()
-                    .default(["ns1.pangolin.net", "ns2.pangolin.net", "ns3.pangolin.net"]),
-                cname_extension: z.string().optional().default("cname.pangolin.net")
+                    .default([
+                        "ns1.pangolin.net",
+                        "ns2.pangolin.net",
+                        "ns3.pangolin.net"
+                    ]),
+                cname_extension: z
+                    .string()
+                    .optional()
+                    .default("cname.pangolin.net")
             })
             .optional()
             .default({})
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index 6c56d69d..be7436be 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -3,7 +3,11 @@
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useLocalStorage } from "@app/hooks/useLocalStorage";
 import { cn } from "@app/lib/cn";
-import { type ProductUpdate, productUpdatesQueries } from "@app/lib/queries";
+import {
+    type LatestVersionResponse,
+    type ProductUpdate,
+    productUpdatesQueries
+} from "@app/lib/queries";
 import { useQueries } from "@tanstack/react-query";
 import {
     ArrowRight,
@@ -32,10 +36,14 @@ export default function ProductUpdates({
 }: {
     isCollapsed?: boolean;
 }) {
+    const { env } = useEnvContext();
+
     const data = useQueries({
         queries: [
-            productUpdatesQueries.list,
-            productUpdatesQueries.latestVersion
+            productUpdatesQueries.list(env.app.notifications.product_updates),
+            productUpdatesQueries.latestVersion(
+                env.app.notifications.new_releases
+            )
         ],
         combine(result) {
             if (result[0].isLoading || result[1].isLoading) return null;
@@ -45,7 +53,6 @@ export default function ProductUpdates({
             };
         }
     });
-    const { env } = useEnvContext();
     const t = useTranslations();
     const [showMoreUpdatesText, setShowMoreUpdatesText] = React.useState(false);
 
@@ -302,15 +309,7 @@ function ProductUpdatesListPopup({
 type NewVersionAvailableProps = {
     onDimiss: () => void;
     show: boolean;
-    version:
-        | Awaited<
-              ReturnType<
-                  NonNullable<
-                      typeof productUpdatesQueries.latestVersion.queryFn
-                  >
-              >
-          >["data"]
-        | undefined;
+    version: LatestVersionResponse | null | undefined;
 };
 
 function NewVersionAvailable({
diff --git a/src/lib/pullEnv.ts b/src/lib/pullEnv.ts
index 7893a8c6..4b0567c8 100644
--- a/src/lib/pullEnv.ts
+++ b/src/lib/pullEnv.ts
@@ -21,6 +21,14 @@ const envSchema = z.object({
         .transform((val) => val === "true"),
     APP_VERSION: z.string(),
     DASHBOARD_URL: z.string(),
+    PRODUCT_UPDATES_NOTIFICATION_ENABLED: z
+        .string()
+        .default("true")
+        .transform((val) => val === "true"),
+    NEW_RELEASES_NOTIFICATION_ENABLED: z
+        .string()
+        .default("true")
+        .transform((val) => val === "true"),
 
     // Email configuration
     EMAIL_ENABLED: z
@@ -112,7 +120,11 @@ export function pullEnv(): Env {
             environment: env.ENVIRONMENT,
             sandbox_mode: env.SANDBOX_MODE,
             version: env.APP_VERSION,
-            dashboardUrl: env.DASHBOARD_URL
+            dashboardUrl: env.DASHBOARD_URL,
+            notifications: {
+                product_updates: env.PRODUCT_UPDATES_NOTIFICATION_ENABLED,
+                new_releases: env.NEW_RELEASES_NOTIFICATION_ENABLED
+            }
         },
         email: {
             emailEnabled: env.EMAIL_ENABLED
diff --git a/src/lib/queries.ts b/src/lib/queries.ts
index 7ea4b07b..3ddf32bf 100644
--- a/src/lib/queries.ts
+++ b/src/lib/queries.ts
@@ -15,47 +15,53 @@ export type ProductUpdate = {
     showUntil: Date;
 };
 
-export const productUpdatesQueries = {
-    list: queryOptions({
-        queryKey: ["PRODUCT_UPDATES"] as const,
-        queryFn: async ({ signal }) => {
-            const sp = new URLSearchParams({
-                build
-            });
-            const data = await remote.get<ResponseT<ProductUpdate[]>>(
-                `/product-updates?${sp.toString()}`,
-                { signal }
-            );
-            return data.data;
-        },
-        refetchInterval: (query) => {
-            if (query.state.data) {
-                return durationToMs(5, "minutes");
-            }
-            return false;
-        }
-    }),
-    latestVersion: queryOptions({
-        queryKey: ["LATEST_VERSION"] as const,
-        queryFn: async ({ signal }) => {
-            const data = await remote.get<
-                ResponseT<{
-                    pangolin: {
-                        latestVersion: string;
-                        releaseNotes: string;
-                    };
-                }>
-            >("/versions", { signal });
-            return data.data;
-        },
-        placeholderData: keepPreviousData,
-        refetchInterval: (query) => {
-            if (query.state.data) {
-                return durationToMs(30, "minutes");
-            }
-            return false;
-        },
-        enabled: build === "oss" || build === "enterprise" // disabled in cloud version
-        // because we don't need to listen for new versions there
-    })
+export type LatestVersionResponse = {
+    pangolin: {
+        latestVersion: string;
+        releaseNotes: string;
+    };
+};
+
+export const productUpdatesQueries = {
+    list: (enabled: boolean) =>
+        queryOptions({
+            queryKey: ["PRODUCT_UPDATES"] as const,
+            queryFn: async ({ signal }) => {
+                const sp = new URLSearchParams({
+                    build
+                });
+                const data = await remote.get<ResponseT<ProductUpdate[]>>(
+                    `/product-updates?${sp.toString()}`,
+                    { signal }
+                );
+                return data.data;
+            },
+            refetchInterval: (query) => {
+                if (query.state.data) {
+                    return durationToMs(5, "minutes");
+                }
+                return false;
+            },
+            enabled
+        }),
+    latestVersion: (enabled: boolean) =>
+        queryOptions({
+            queryKey: ["LATEST_VERSION"] as const,
+            queryFn: async ({ signal }) => {
+                const data = await remote.get<ResponseT<LatestVersionResponse>>(
+                    "/versions",
+                    { signal }
+                );
+                return data.data;
+            },
+            placeholderData: keepPreviousData,
+            refetchInterval: (query) => {
+                if (query.state.data) {
+                    return durationToMs(30, "minutes");
+                }
+                return false;
+            },
+            enabled: enabled && (build === "oss" || build === "enterprise") // disabled in cloud version
+            // because we don't need to listen for new versions there
+        })
 };
diff --git a/src/lib/types/env.ts b/src/lib/types/env.ts
index 6ebf758a..ff2a67bf 100644
--- a/src/lib/types/env.ts
+++ b/src/lib/types/env.ts
@@ -4,6 +4,10 @@ export type Env = {
         sandbox_mode: boolean;
         version: string;
         dashboardUrl: string;
+        notifications: {
+            product_updates: boolean;
+            new_releases: boolean;
+        };
     };
     server: {
         externalPort: string;

From 0e7f5b1aef417c2d4fc9edcf1e9c771a717b8662 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Sat, 8 Nov 2025 00:57:07 +0100
Subject: [PATCH 42/70] =?UTF-8?q?=F0=9F=8C=90=20localize=20product=20updat?=
 =?UTF-8?q?e=20empty=20text?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 messages/en-US.json               | 1 +
 src/components/ProductUpdates.tsx | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 36a9a5dd..ca046e4c 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1283,6 +1283,7 @@
     "productUpdateInfo": "{noOfUpdates} updates",
     "productUpdateWhatsNew": "What's New",
     "productUpdateTitle": "Product Updates",
+    "productUpdateEmpty": "No updates",
     "dismissAll": "Dismiss all",
     "pangolinUpdateAvailable": "New version available",
     "pangolinUpdateAvailableInfo": "Version {version} is ready to install",
diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index be7436be..d2350118 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -230,7 +230,7 @@ function ProductUpdatesListPopup({
                 <ol className="p-3 flex flex-col gap-1 max-h-112 overflow-y-auto">
                     {updates.length === 0 && (
                         <small className="border rounded-md flex p-4 border-dashed justify-center items-center text-muted-foreground">
-                            No updates
+                            {t("productUpdateEmpty")}
                         </small>
                     )}
                     {updates.map((update) => (

From b4535f3dc49e502376b6e1b829f1d28708ff6854 Mon Sep 17 00:00:00 2001
From: Fred KISSIE <fredkiss3@gmail.com>
Date: Sat, 8 Nov 2025 01:34:08 +0100
Subject: [PATCH 43/70] =?UTF-8?q?=E2=9C=8F=EF=B8=8F=20typo=20fix?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 server/lib/telemetry.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/lib/telemetry.ts b/server/lib/telemetry.ts
index d3b0b9d6..9583cadd 100644
--- a/server/lib/telemetry.ts
+++ b/server/lib/telemetry.ts
@@ -188,7 +188,7 @@ class TelemetryClient {
                     license_tier: licenseStatus.tier || "unknown"
                 }
             };
-            logger.debug("Sending enterprise startup telemtry payload:", {
+            logger.debug("Sending enterprise startup telemetry payload:", {
                 payload
             });
             // this.client.capture(payload);

From 8e1bb6a6fd462fd9838b917dc7ca4deeac8c3cab Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 28 Oct 2025 21:29:58 +0530
Subject: [PATCH 44/70] add niceId inside info box

---
 messages/en-US.json             |  3 ++-
 src/components/SiteInfoCard.tsx | 12 ++++++++++--
 2 files changed, 12 insertions(+), 3 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 063d9efc..fa5d229c 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2095,5 +2095,6 @@
     "selectedResources": "Selected Resources",
     "enableSelected": "Enable Selected",
     "disableSelected": "Disable Selected",
-    "checkSelectedStatus": "Check Status of Selected"
+    "checkSelectedStatus": "Check Status of Selected",
+    "niceId": "Nice ID"
 }
diff --git a/src/components/SiteInfoCard.tsx b/src/components/SiteInfoCard.tsx
index 5eed91c5..6d2ded82 100644
--- a/src/components/SiteInfoCard.tsx
+++ b/src/components/SiteInfoCard.tsx
@@ -14,7 +14,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
 
 type SiteInfoCardProps = {};
 
-export default function SiteInfoCard({}: SiteInfoCardProps) {
+export default function SiteInfoCard({ }: SiteInfoCardProps) {
     const { site, updateSite } = useSiteContext();
     const t = useTranslations();
     const { env } = useEnvContext();
@@ -34,7 +34,15 @@ export default function SiteInfoCard({}: SiteInfoCardProps) {
     return (
         <Alert>
             <AlertDescription>
-                <InfoSections cols={env.flags.enableClients ? 3 : 2}>
+                <InfoSections cols={env.flags.enableClients ? 4 : 3}>
+                    <InfoSection>
+                        <InfoSectionTitle>
+                            {t("niceId")}
+                        </InfoSectionTitle>
+                        <InfoSectionContent>
+                            {site.niceId}
+                        </InfoSectionContent>
+                    </InfoSection>
                     {(site.type == "newt" || site.type == "wireguard") && (
                         <>
                             <InfoSection>

From 84d24d9bf52b698913a6096938b2cba52fa2f38f Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Tue, 28 Oct 2025 21:54:56 +0530
Subject: [PATCH 45/70] niceId inside resource info

---
 src/components/ResourceInfoBox.tsx | 20 ++++++++++++++------
 src/components/ResourcesTable.tsx  | 16 ----------------
 src/components/SitesTable.tsx      | 24 ------------------------
 3 files changed, 14 insertions(+), 46 deletions(-)

diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index 50bb9af2..e7cf2c82 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -17,7 +17,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
 
 type ResourceInfoBoxType = {};
 
-export default function ResourceInfoBox({}: ResourceInfoBoxType) {
+export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
     const { resource, authInfo } = useResourceContext();
     const { env } = useEnvContext();
 
@@ -30,8 +30,16 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) {
             <AlertDescription>
                 {/* 4 cols because of the certs */}
                 <InfoSections
-                    cols={resource.http && env.flags.usePangolinDns ? 4 : 3}
+                    cols={resource.http && env.flags.usePangolinDns ? 5 : 4}
                 >
+                    <InfoSection>
+                        <InfoSectionTitle>
+                            {t("niceId")}
+                        </InfoSectionTitle>
+                        <InfoSectionContent>
+                            {resource.niceId}
+                        </InfoSectionContent>
+                    </InfoSection>
                     {resource.http ? (
                         <>
                             <InfoSection>
@@ -40,10 +48,10 @@ export default function ResourceInfoBox({}: ResourceInfoBoxType) {
                                 </InfoSectionTitle>
                                 <InfoSectionContent>
                                     {authInfo.password ||
-                                    authInfo.pincode ||
-                                    authInfo.sso ||
-                                    authInfo.whitelist ||
-                                    authInfo.headerAuth ? (
+                                        authInfo.pincode ||
+                                        authInfo.sso ||
+                                        authInfo.whitelist ||
+                                        authInfo.headerAuth ? (
                                         <div className="flex items-start space-x-2 text-green-500">
                                             <ShieldCheck className="w-4 h-4 mt-0.5" />
                                             <span>{t("protected")}</span>
diff --git a/src/components/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
index 0e613da8..252ac7d2 100644
--- a/src/components/ResourcesTable.tsx
+++ b/src/components/ResourcesTable.tsx
@@ -507,22 +507,6 @@ export default function ResourcesTable({
                 );
             }
         },
-        {
-            accessorKey: "nice",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("resource")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            }
-        },
         {
             accessorKey: "protocol",
             header: t("protocol"),
diff --git a/src/components/SitesTable.tsx b/src/components/SitesTable.tsx
index 0f1b0536..0d8b161c 100644
--- a/src/components/SitesTable.tsx
+++ b/src/components/SitesTable.tsx
@@ -164,30 +164,6 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                 }
             }
         },
-        {
-            accessorKey: "nice",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                        className="hidden md:flex whitespace-nowrap"
-                    >
-                        {t("site")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            },
-            cell: ({ row }) => {
-                return (
-                    <div className="hidden md:block whitespace-nowrap">
-                        {row.original.nice}
-                    </div>
-                );
-            }
-        },
         {
             accessorKey: "mbIn",
             header: ({ column }) => {

From 32949127d28fc0aa2604a9f6c033d80ab2990733 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 29 Oct 2025 00:12:41 +0530
Subject: [PATCH 46/70] Make site niceId editable

---
 server/routers/site/updateSite.ts |  19 +++++
 src/components/SiteInfoCard.tsx   | 124 +++++++++++++++++++++++++++++-
 2 files changed, 141 insertions(+), 2 deletions(-)

diff --git a/server/routers/site/updateSite.ts b/server/routers/site/updateSite.ts
index e3724f36..de0c3f9c 100644
--- a/server/routers/site/updateSite.ts
+++ b/server/routers/site/updateSite.ts
@@ -20,6 +20,7 @@ const updateSiteParamsSchema = z
 const updateSiteBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional(),
+        niceId: z.string().min(1).max(255).optional(),
         dockerSocketEnabled: z.boolean().optional(),
         remoteSubnets: z
             .string()
@@ -89,6 +90,24 @@ export async function updateSite(
         const { siteId } = parsedParams.data;
         const updateData = parsedBody.data;
 
+        // if niceId is provided, check if it's already in use by another site
+        if (updateData.niceId) {
+            const existingSite = await db
+                .select()
+                .from(sites)
+                .where(eq(sites.niceId, updateData.niceId))
+                .limit(1);
+
+            if (existingSite.length > 0 && existingSite[0].siteId !== siteId) {
+                return next(
+                    createHttpError(
+                        HttpCode.CONFLICT,
+                        `A site with niceId "${updateData.niceId}" already exists`
+                    )
+                );
+            }
+        }
+
         // if remoteSubnets is provided, ensure it's a valid comma-separated list of cidrs
         if (updateData.remoteSubnets) {
             const subnets = updateData.remoteSubnets.split(",").map((s) => s.trim());
diff --git a/src/components/SiteInfoCard.tsx b/src/components/SiteInfoCard.tsx
index 6d2ded82..5e3e1194 100644
--- a/src/components/SiteInfoCard.tsx
+++ b/src/components/SiteInfoCard.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { InfoIcon } from "lucide-react";
+import { Check, InfoIcon, Pencil, X } from "lucide-react";
 import { useSiteContext } from "@app/hooks/useSiteContext";
 import {
     InfoSection,
@@ -11,6 +11,11 @@ import {
 } from "@app/components/InfoSection";
 import { useTranslations } from "next-intl";
 import { useEnvContext } from "@app/hooks/useEnvContext";
+import { Input } from "./ui/input";
+import { Button } from "./ui/button";
+import { useState } from "react";
+import { useToast } from "@app/hooks/useToast";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
 
 type SiteInfoCardProps = {};
 
@@ -18,6 +23,13 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
     const { site, updateSite } = useSiteContext();
     const t = useTranslations();
     const { env } = useEnvContext();
+    const api = createApiClient(useEnvContext());
+
+    const [isEditing, setIsEditing] = useState(false);
+    const [niceId, setNiceId] = useState(site.niceId);
+    const [tempNiceId, setTempNiceId] = useState(site.niceId);
+    const [isLoading, setIsLoading] = useState(false);
+    const { toast } = useToast();
 
     const getConnectionTypeString = (type: string) => {
         if (type === "newt") {
@@ -31,6 +43,71 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
         }
     };
 
+    const handleEdit = () => {
+        setTempNiceId(niceId);
+        setIsEditing(true);
+    };
+
+    const handleCancel = () => {
+        setTempNiceId(niceId);
+        setIsEditing(false);
+    };
+
+    const handleSave = async () => {
+        if (tempNiceId.trim() === "") {
+            toast({
+                variant: "destructive",
+                title: t("error"),
+                description: t("niceIdCannotBeEmpty")
+            });
+            return;
+        }
+
+        if (tempNiceId === niceId) {
+            setIsEditing(false);
+            return;
+        }
+
+        setIsLoading(true);
+
+        try {
+            const response = await api.post(`/site/${site.siteId}`, {
+                niceId: tempNiceId.trim()
+            });
+
+            setNiceId(tempNiceId.trim());
+            setIsEditing(false);
+
+            updateSite({
+                niceId: tempNiceId.trim()
+            });
+
+            toast({
+                title: t("niceIdUpdated"),
+                description: t("niceIdUpdatedSuccessfully")
+            });
+        } catch (e: any) {
+            toast({
+                variant: "destructive",
+                title: t("niceIdUpdateError"),
+                description: formatAxiosError(
+                    e,
+                    t("niceIdUpdateErrorDescription")
+                )
+            });
+        } finally {
+            setIsLoading(false);
+        }
+    };
+
+    const handleKeyDown = (e: React.KeyboardEvent) => {
+        if (e.key === "Enter") {
+            handleSave();
+        } else if (e.key === "Escape") {
+            handleCancel();
+        }
+    };
+
     return (
         <Alert>
             <AlertDescription>
@@ -40,7 +117,50 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
                             {t("niceId")}
                         </InfoSectionTitle>
                         <InfoSectionContent>
-                            {site.niceId}
+                            <div className="flex items-center gap-2">
+                                {isEditing ? (
+                                    <>
+                                        <Input
+                                            value={tempNiceId}
+                                            onChange={(e) => setTempNiceId(e.target.value)}
+                                            onKeyDown={handleKeyDown}
+                                            disabled={isLoading}
+                                            className="flex-1"
+                                            autoFocus
+                                        />
+                                        <Button
+                                            size="icon"
+                                            variant="ghost"
+                                            onClick={handleSave}
+                                            disabled={isLoading}
+                                            className="h-8 w-8"
+                                        >
+                                            <Check className="h-4 w-4" />
+                                        </Button>
+                                        <Button
+                                            size="icon"
+                                            variant="ghost"
+                                            onClick={handleCancel}
+                                            disabled={isLoading}
+                                            className="h-8 w-8"
+                                        >
+                                            <X className="h-4 w-4" />
+                                        </Button>
+                                    </>
+                                ) : (
+                                    <>
+                                        <span>{niceId}</span>
+                                        <Button
+                                            size="icon"
+                                            variant="ghost"
+                                            onClick={handleEdit}
+                                            className="h-8 w-8"
+                                        >
+                                            <Pencil className="h-4 w-4" />
+                                        </Button>
+                                    </>
+                                )}
+                            </div>
                         </InfoSectionContent>
                     </InfoSection>
                     {(site.type == "newt" || site.type == "wireguard") && (

From feb0bd58c809febd5c2c2f38b3a69b080faea8dc Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 29 Oct 2025 18:56:38 +0530
Subject: [PATCH 47/70] make resource niceid editable

---
 messages/en-US.json                       |   7 +-
 server/routers/resource/updateResource.ts |  40 +++++++
 src/components/ResourceInfoBox.tsx        | 136 +++++++++++++++++++++-
 3 files changed, 178 insertions(+), 5 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index fa5d229c..936ef98c 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2096,5 +2096,10 @@
     "enableSelected": "Enable Selected",
     "disableSelected": "Disable Selected",
     "checkSelectedStatus": "Check Status of Selected",
-    "niceId": "Nice ID"
+    "niceId": "Nice ID",
+    "niceIdUpdated": "Nice ID Updated",
+    "niceIdUpdatedSuccessfully": "Nice ID Updated Successfully",
+    "niceIdUpdateError": "Error updating Nice ID",
+    "niceIdUpdateErrorDescription": "An error occurred while updating the Nice ID.",
+    "niceIdCannotBeEmpty": "Nice ID cannot be empty"
 }
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index 13c5220d..bfe6b2cf 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -37,6 +37,7 @@ const updateResourceParamsSchema = z
 const updateHttpResourceBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional(),
+        niceId: z.string().min(1).max(255).optional(),
         subdomain: subdomainSchema.nullable().optional(),
         ssl: z.boolean().optional(),
         sso: z.boolean().optional(),
@@ -97,6 +98,7 @@ export type UpdateResourceResponse = Resource;
 const updateRawResourceBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional(),
+        niceId: z.string().min(1).max(255).optional(),
         proxyPort: z.number().int().min(1).max(65535).optional(),
         stickySession: z.boolean().optional(),
         enabled: z.boolean().optional(),
@@ -236,6 +238,25 @@ async function updateHttpResource(
 
     const updateData = parsedBody.data;
 
+    if (updateData.niceId) {
+        const [existingResource] = await db
+            .select()
+            .from(resources)
+            .where(eq(resources.niceId, updateData.niceId));
+
+        if (
+            existingResource &&
+            existingResource.resourceId !== resource.resourceId
+        ) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    `A resource with niceId "${updateData.niceId}" already exists`
+                )
+            );
+        }
+    }
+
     if (updateData.domainId) {
         const domainId = updateData.domainId;
 
@@ -362,6 +383,25 @@ async function updateRawResource(
 
     const updateData = parsedBody.data;
 
+    if (updateData.niceId) {
+        const [existingResource] = await db
+            .select()
+            .from(resources)
+            .where(eq(resources.niceId, updateData.niceId));
+
+        if (
+            existingResource &&
+            existingResource.resourceId !== resource.resourceId
+        ) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    `A resource with niceId "${updateData.niceId}" already exists`
+                )
+            );
+        }
+    }
+
     const updatedResource = await db
         .update(resources)
         .set(updateData)
diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index e7cf2c82..7997ccc7 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { InfoIcon, ShieldCheck, ShieldOff } from "lucide-react";
+import { Check, InfoIcon, Pencil, ShieldCheck, ShieldOff, X } from "lucide-react";
 import { useResourceContext } from "@app/hooks/useResourceContext";
 import CopyToClipboard from "@app/components/CopyToClipboard";
 import {
@@ -14,30 +14,158 @@ import { useTranslations } from "next-intl";
 import CertificateStatus from "@app/components/private/CertificateStatus";
 import { toUnicode } from "punycode";
 import { useEnvContext } from "@app/hooks/useEnvContext";
+import { Button } from "./ui/button";
+import { Input } from "./ui/input";
+import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useState } from "react";
+import { useToast } from "@app/hooks/useToast";
+import { UpdateResourceResponse } from "@server/routers/resource";
+import { AxiosResponse } from "axios";
 
 type ResourceInfoBoxType = {};
 
 export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
-    const { resource, authInfo } = useResourceContext();
+    const { resource, authInfo, updateResource } = useResourceContext();
     const { env } = useEnvContext();
+    const api = createApiClient(useEnvContext());
+
+    const [isEditing, setIsEditing] = useState(false);
+    const [niceId, setNiceId] = useState(resource.niceId);
+    const [tempNiceId, setTempNiceId] = useState(resource.niceId);
+    const [isLoading, setIsLoading] = useState(false);
+    const { toast } = useToast();
 
     const t = useTranslations();
 
     const fullUrl = `${resource.ssl ? "https" : "http"}://${toUnicode(resource.fullDomain || "")}`;
 
+
+    const handleEdit = () => {
+        setTempNiceId(niceId);
+        setIsEditing(true);
+    };
+
+    const handleCancel = () => {
+        setTempNiceId(niceId);
+        setIsEditing(false);
+    };
+
+    const handleSave = async () => {
+        if (tempNiceId.trim() === "") {
+            toast({
+                variant: "destructive",
+                title: t("error"),
+                description: t("niceIdCannotBeEmpty")
+            });
+            return;
+        }
+
+        if (tempNiceId === niceId) {
+            setIsEditing(false);
+            return;
+        }
+
+        setIsLoading(true);
+
+        try {
+            const res = await api
+                .post<AxiosResponse<UpdateResourceResponse>>(
+                    `resource/${resource?.resourceId}`,
+                    {
+                        niceId: tempNiceId.trim()
+                    }
+                )
+
+            setNiceId(tempNiceId.trim());
+            setIsEditing(false);
+
+            updateResource({
+                niceId: tempNiceId.trim()
+            });
+
+            toast({
+                title: t("niceIdUpdated"),
+                description: t("niceIdUpdatedSuccessfully")
+            });
+        } catch (e: any) {
+            toast({
+                variant: "destructive",
+                title: t("niceIdUpdateError"),
+                description: formatAxiosError(
+                    e,
+                    t("niceIdUpdateErrorDescription")
+                )
+            });
+        } finally {
+            setIsLoading(false);
+        }
+    };
+
+
+    const handleKeyDown = (e: React.KeyboardEvent) => {
+        if (e.key === "Enter") {
+            handleSave();
+        } else if (e.key === "Escape") {
+            handleCancel();
+        }
+    };
+
     return (
         <Alert>
             <AlertDescription>
                 {/* 4 cols because of the certs */}
                 <InfoSections
-                    cols={resource.http && env.flags.usePangolinDns ? 5 : 4}
+                    cols={resource.http && env.flags.usePangolinDns ? 6 : 5}
                 >
                     <InfoSection>
                         <InfoSectionTitle>
                             {t("niceId")}
                         </InfoSectionTitle>
                         <InfoSectionContent>
-                            {resource.niceId}
+                            <div className="flex items-center gap-2">
+                                {isEditing ? (
+                                    <>
+                                        <Input
+                                            value={tempNiceId}
+                                            onChange={(e) => setTempNiceId(e.target.value)}
+                                            onKeyDown={handleKeyDown}
+                                            disabled={isLoading}
+                                            className="flex-1"
+                                            autoFocus
+                                        />
+                                        <Button
+                                            size="icon"
+                                            variant="ghost"
+                                            onClick={handleSave}
+                                            disabled={isLoading}
+                                            className="h-8 w-8"
+                                        >
+                                            <Check className="h-4 w-4" />
+                                        </Button>
+                                        <Button
+                                            size="icon"
+                                            variant="ghost"
+                                            onClick={handleCancel}
+                                            disabled={isLoading}
+                                            className="h-8 w-8"
+                                        >
+                                            <X className="h-4 w-4" />
+                                        </Button>
+                                    </>
+                                ) : (
+                                    <>
+                                        <span>{niceId}</span>
+                                        <Button
+                                            size="icon"
+                                            variant="ghost"
+                                            onClick={handleEdit}
+                                            className="h-8 w-8"
+                                        >
+                                            <Pencil className="h-4 w-4" />
+                                        </Button>
+                                    </>
+                                )}
+                            </div>
                         </InfoSectionContent>
                     </InfoSection>
                     {resource.http ? (

From f85d9f8b6e034945549dedcf0940c45bee9e3889 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 29 Oct 2025 18:58:47 +0530
Subject: [PATCH 48/70] fix col

---
 src/components/ResourceInfoBox.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index 7997ccc7..545594eb 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -115,7 +115,7 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
             <AlertDescription>
                 {/* 4 cols because of the certs */}
                 <InfoSections
-                    cols={resource.http && env.flags.usePangolinDns ? 6 : 5}
+                    cols={resource.http && env.flags.usePangolinDns ? 5 : 4}
                 >
                     <InfoSection>
                         <InfoSectionTitle>

From 50ac52d3163916396cc8c0f71bcbfc56246d2b65 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 29 Oct 2025 19:10:21 +0530
Subject: [PATCH 49/70] fix lint

---
 src/components/ResourceInfoBox.tsx | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index 545594eb..04f4f558 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -74,7 +74,7 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                     {
                         niceId: tempNiceId.trim()
                     }
-                )
+                );
 
             setNiceId(tempNiceId.trim());
             setIsEditing(false);

From ac5fe1486a5dd4d0005e4317b968545cdb179abf Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 29 Oct 2025 20:10:37 +0530
Subject: [PATCH 50/70] update url to prevent page redirect

---
 src/components/ResourceInfoBox.tsx | 7 +++++++
 src/components/SiteInfoCard.tsx    | 7 +++++++
 2 files changed, 14 insertions(+)

diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index 04f4f558..d16c4bae 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -21,6 +21,7 @@ import { useState } from "react";
 import { useToast } from "@app/hooks/useToast";
 import { UpdateResourceResponse } from "@server/routers/resource";
 import { AxiosResponse } from "axios";
+import { useRouter, usePathname } from "next/navigation";
 
 type ResourceInfoBoxType = {};
 
@@ -28,6 +29,8 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
     const { resource, authInfo, updateResource } = useResourceContext();
     const { env } = useEnvContext();
     const api = createApiClient(useEnvContext());
+    const router = useRouter();
+    const pathname = usePathname();
 
     const [isEditing, setIsEditing] = useState(false);
     const [niceId, setNiceId] = useState(resource.niceId);
@@ -83,6 +86,10 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                 niceId: tempNiceId.trim()
             });
 
+            // update the URL to reflect the new niceId
+            const newPath = pathname.replace(`/resources/${niceId}`, `/resources/${tempNiceId.trim()}`);
+            router.replace(newPath);
+
             toast({
                 title: t("niceIdUpdated"),
                 description: t("niceIdUpdatedSuccessfully")
diff --git a/src/components/SiteInfoCard.tsx b/src/components/SiteInfoCard.tsx
index 5e3e1194..08519b22 100644
--- a/src/components/SiteInfoCard.tsx
+++ b/src/components/SiteInfoCard.tsx
@@ -16,6 +16,7 @@ import { Button } from "./ui/button";
 import { useState } from "react";
 import { useToast } from "@app/hooks/useToast";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
+import { useRouter, usePathname } from "next/navigation";
 
 type SiteInfoCardProps = {};
 
@@ -24,6 +25,8 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
     const t = useTranslations();
     const { env } = useEnvContext();
     const api = createApiClient(useEnvContext());
+    const router = useRouter();
+    const pathname = usePathname();
 
     const [isEditing, setIsEditing] = useState(false);
     const [niceId, setNiceId] = useState(site.niceId);
@@ -82,6 +85,10 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
                 niceId: tempNiceId.trim()
             });
 
+            // update the URL to reflect the new niceId
+            const newPath = pathname.replace(`/sites/${niceId}`, `/sites/${tempNiceId.trim()}`);
+            router.replace(newPath);
+
             toast({
                 title: t("niceIdUpdated"),
                 description: t("niceIdUpdatedSuccessfully")

From 66124f09c49ec0b899e6e9c942720b2f9fa177b3 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 30 Oct 2025 19:16:20 +0530
Subject: [PATCH 51/70] move site niceId details to general setting page

---
 .../settings/sites/[niceId]/general/page.tsx  |  86 ++++++-----
 src/components/SiteInfoCard.tsx               | 138 +-----------------
 2 files changed, 55 insertions(+), 169 deletions(-)

diff --git a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
index 75406f48..50a1faff 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
@@ -15,7 +15,7 @@ import {
 import { Input } from "@/components/ui/input";
 import { useSiteContext } from "@app/hooks/useSiteContext";
 import { useForm } from "react-hook-form";
-import { toast } from "@app/hooks/useToast";
+import { toast, useToast } from "@app/hooks/useToast";
 import { useRouter } from "next/navigation";
 import {
     SettingsContainer,
@@ -37,6 +37,7 @@ import { Tag, TagInput } from "@app/components/tags/tag-input";
 
 const GeneralFormSchema = z.object({
     name: z.string().nonempty("Name is required"),
+    niceId: z.string().optional(),
     dockerSocketEnabled: z.boolean().optional(),
     remoteSubnets: z
         .array(
@@ -55,19 +56,18 @@ export default function GeneralPage() {
 
     const { env } = useEnvContext();
     const api = createApiClient(useEnvContext());
-
-    const [loading, setLoading] = useState(false);
-    const [activeCidrTagIndex, setActiveCidrTagIndex] = useState<number | null>(
-        null
-    );
-
     const router = useRouter();
     const t = useTranslations();
+    const { toast } = useToast();
+
+    const [loading, setLoading] = useState(false);
+    const [activeCidrTagIndex, setActiveCidrTagIndex] = useState<number | null>(null);
 
     const form = useForm({
         resolver: zodResolver(GeneralFormSchema),
         defaultValues: {
             name: site?.name,
+            niceId: site?.niceId || "",
             dockerSocketEnabled: site?.dockerSocketEnabled ?? false,
             remoteSubnets: site?.remoteSubnets
                 ? site.remoteSubnets.split(",").map((subnet, index) => ({
@@ -82,37 +82,40 @@ export default function GeneralPage() {
     async function onSubmit(data: GeneralFormValues) {
         setLoading(true);
 
-        await api
-            .post(`/site/${site?.siteId}`, {
+        try {
+            await api.post(`/site/${site?.siteId}`, {
                 name: data.name,
+                niceId: data.niceId,
                 dockerSocketEnabled: data.dockerSocketEnabled,
                 remoteSubnets:
                     data.remoteSubnets
-                        ?.map((subnet) => subnet.text)
-                        .join(",") || ""
-            })
-            .catch((e) => {
-                toast({
-                    variant: "destructive",
-                    title: t("siteErrorUpdate"),
-                    description: formatAxiosError(
-                        e,
-                        t("siteErrorUpdateDescription")
-                    )
-                });
+                    ?.map((subnet) => subnet.text)
+                    .join(",") || ""
             });
 
-        updateSite({
-            name: data.name,
-            dockerSocketEnabled: data.dockerSocketEnabled,
-            remoteSubnets:
-                data.remoteSubnets?.map((subnet) => subnet.text).join(",") || ""
-        });
+            updateSite({
+                name: data.name,
+                niceId: data.niceId,
+                dockerSocketEnabled: data.dockerSocketEnabled,
+                remoteSubnets:
+                    data.remoteSubnets?.map((subnet) => subnet.text).join(",") || ""
+            });
 
-        toast({
-            title: t("siteUpdated"),
-            description: t("siteUpdatedDescription")
-        });
+            if (data.niceId && data.niceId !== site?.niceId) {
+                router.replace(`/${site?.orgId}/settings/sites/${data.niceId}/general`);
+            }
+
+            toast({
+                title: t("siteUpdated"),
+                description: t("siteUpdatedDescription")
+            });
+        } catch (e) {
+            toast({
+                variant: "destructive",
+                title: t("siteErrorUpdate"),
+                description: formatAxiosError(e, t("siteErrorUpdateDescription"))
+            });
+        }
 
         setLoading(false);
 
@@ -153,8 +156,25 @@ export default function GeneralPage() {
                                     )}
                                 />
 
-                                {env.flags.enableClients &&
-                                site.type === "newt" ? (
+                                <FormField
+                                    control={form.control}
+                                    name="niceId"
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <FormLabel>{t("niceId") || "Nice ID"}</FormLabel>
+                                            <FormControl>
+                                                <Input
+                                                    {...field}
+                                                    placeholder="Enter Nice ID"
+                                                    className="flex-1"
+                                                />
+                                            </FormControl>
+                                            <FormMessage />
+                                        </FormItem>
+                                    )}
+                                />
+
+                                {env.flags.enableClients && site.type === "newt" ? (
                                     <FormField
                                         control={form.control}
                                         name="remoteSubnets"
diff --git a/src/components/SiteInfoCard.tsx b/src/components/SiteInfoCard.tsx
index 08519b22..35d7120c 100644
--- a/src/components/SiteInfoCard.tsx
+++ b/src/components/SiteInfoCard.tsx
@@ -1,7 +1,6 @@
 "use client";
 
 import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { Check, InfoIcon, Pencil, X } from "lucide-react";
 import { useSiteContext } from "@app/hooks/useSiteContext";
 import {
     InfoSection,
@@ -11,12 +10,7 @@ import {
 } from "@app/components/InfoSection";
 import { useTranslations } from "next-intl";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { Input } from "./ui/input";
-import { Button } from "./ui/button";
-import { useState } from "react";
-import { useToast } from "@app/hooks/useToast";
-import { createApiClient, formatAxiosError } from "@app/lib/api";
-import { useRouter, usePathname } from "next/navigation";
+
 
 type SiteInfoCardProps = {};
 
@@ -24,15 +18,6 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
     const { site, updateSite } = useSiteContext();
     const t = useTranslations();
     const { env } = useEnvContext();
-    const api = createApiClient(useEnvContext());
-    const router = useRouter();
-    const pathname = usePathname();
-
-    const [isEditing, setIsEditing] = useState(false);
-    const [niceId, setNiceId] = useState(site.niceId);
-    const [tempNiceId, setTempNiceId] = useState(site.niceId);
-    const [isLoading, setIsLoading] = useState(false);
-    const { toast } = useToast();
 
     const getConnectionTypeString = (type: string) => {
         if (type === "newt") {
@@ -46,130 +31,11 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
         }
     };
 
-    const handleEdit = () => {
-        setTempNiceId(niceId);
-        setIsEditing(true);
-    };
-
-    const handleCancel = () => {
-        setTempNiceId(niceId);
-        setIsEditing(false);
-    };
-
-    const handleSave = async () => {
-        if (tempNiceId.trim() === "") {
-            toast({
-                variant: "destructive",
-                title: t("error"),
-                description: t("niceIdCannotBeEmpty")
-            });
-            return;
-        }
-
-        if (tempNiceId === niceId) {
-            setIsEditing(false);
-            return;
-        }
-
-        setIsLoading(true);
-
-        try {
-            const response = await api.post(`/site/${site.siteId}`, {
-                niceId: tempNiceId.trim()
-            });
-
-            setNiceId(tempNiceId.trim());
-            setIsEditing(false);
-
-            updateSite({
-                niceId: tempNiceId.trim()
-            });
-
-            // update the URL to reflect the new niceId
-            const newPath = pathname.replace(`/sites/${niceId}`, `/sites/${tempNiceId.trim()}`);
-            router.replace(newPath);
-
-            toast({
-                title: t("niceIdUpdated"),
-                description: t("niceIdUpdatedSuccessfully")
-            });
-        } catch (e: any) {
-            toast({
-                variant: "destructive",
-                title: t("niceIdUpdateError"),
-                description: formatAxiosError(
-                    e,
-                    t("niceIdUpdateErrorDescription")
-                )
-            });
-        } finally {
-            setIsLoading(false);
-        }
-    };
-
-    const handleKeyDown = (e: React.KeyboardEvent) => {
-        if (e.key === "Enter") {
-            handleSave();
-        } else if (e.key === "Escape") {
-            handleCancel();
-        }
-    };
 
     return (
         <Alert>
             <AlertDescription>
-                <InfoSections cols={env.flags.enableClients ? 4 : 3}>
-                    <InfoSection>
-                        <InfoSectionTitle>
-                            {t("niceId")}
-                        </InfoSectionTitle>
-                        <InfoSectionContent>
-                            <div className="flex items-center gap-2">
-                                {isEditing ? (
-                                    <>
-                                        <Input
-                                            value={tempNiceId}
-                                            onChange={(e) => setTempNiceId(e.target.value)}
-                                            onKeyDown={handleKeyDown}
-                                            disabled={isLoading}
-                                            className="flex-1"
-                                            autoFocus
-                                        />
-                                        <Button
-                                            size="icon"
-                                            variant="ghost"
-                                            onClick={handleSave}
-                                            disabled={isLoading}
-                                            className="h-8 w-8"
-                                        >
-                                            <Check className="h-4 w-4" />
-                                        </Button>
-                                        <Button
-                                            size="icon"
-                                            variant="ghost"
-                                            onClick={handleCancel}
-                                            disabled={isLoading}
-                                            className="h-8 w-8"
-                                        >
-                                            <X className="h-4 w-4" />
-                                        </Button>
-                                    </>
-                                ) : (
-                                    <>
-                                        <span>{niceId}</span>
-                                        <Button
-                                            size="icon"
-                                            variant="ghost"
-                                            onClick={handleEdit}
-                                            className="h-8 w-8"
-                                        >
-                                            <Pencil className="h-4 w-4" />
-                                        </Button>
-                                    </>
-                                )}
-                            </div>
-                        </InfoSectionContent>
-                    </InfoSection>
+                <InfoSections cols={env.flags.enableClients ? 3 : 2}>
                     {(site.type == "newt" || site.type == "wireguard") && (
                         <>
                             <InfoSection>

From aeda85fcfb5d8f1cb89e224a3d0925a2890b258d Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 30 Oct 2025 20:37:31 +0530
Subject: [PATCH 52/70] move resource niceid update to general page

---
 .../resources/[niceId]/general/page.tsx       |  47 ++++--
 .../settings/sites/[niceId]/general/page.tsx  |   2 +-
 src/components/ResourceInfoBox.tsx            | 146 +-----------------
 3 files changed, 41 insertions(+), 154 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
index 28f7754b..dfd16ad0 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
@@ -68,9 +68,9 @@ export default function GeneralForm() {
     const router = useRouter();
     const t = useTranslations();
     const [editDomainOpen, setEditDomainOpen] = useState(false);
-    const {licenseStatus } = useLicenseStatusContext();
+    const { licenseStatus } = useLicenseStatusContext();
     const subscriptionStatus = useSubscriptionStatusContext();
-    const {user} = useUserContext();
+    const { user } = useUserContext();
 
     const { env } = useEnvContext();
 
@@ -102,6 +102,7 @@ export default function GeneralForm() {
             enabled: z.boolean(),
             subdomain: z.string().optional(),
             name: z.string().min(1).max(255),
+            niceId: z.string().min(1).max(255).optional(),
             domainId: z.string().optional(),
             proxyPort: z.number().int().min(1).max(65535).optional(),
             // enableProxy: z.boolean().optional()
@@ -130,6 +131,7 @@ export default function GeneralForm() {
         defaultValues: {
             enabled: resource.enabled,
             name: resource.name,
+            niceId: resource.niceId,
             subdomain: resource.subdomain ? resource.subdomain : undefined,
             domainId: resource.domainId || undefined,
             proxyPort: resource.proxyPort || undefined,
@@ -192,6 +194,7 @@ export default function GeneralForm() {
                 {
                     enabled: data.enabled,
                     name: data.name,
+                    niceId: data.niceId,
                     subdomain: data.subdomain ? toASCII(data.subdomain) : undefined,
                     domainId: data.domainId,
                     proxyPort: data.proxyPort,
@@ -212,16 +215,12 @@ export default function GeneralForm() {
             });
 
         if (res && res.status === 200) {
-            toast({
-                title: t("resourceUpdated"),
-                description: t("resourceUpdatedDescription")
-            });
-
-            const resource = res.data.data;
+            const updated = res.data.data;
 
             updateResource({
                 enabled: data.enabled,
                 name: data.name,
+                niceId: data.niceId,
                 subdomain: data.subdomain,
                 fullDomain: resource.fullDomain,
                 proxyPort: data.proxyPort,
@@ -230,8 +229,20 @@ export default function GeneralForm() {
                 // })
             });
 
-            router.refresh();
+            toast({
+                title: t("resourceUpdated"),
+                description: t("resourceUpdatedDescription")
+            });
+
+            if (data.niceId && data.niceId !== resource?.niceId) {
+                router.replace(`/${updated.orgId}/settings/resources/${data.niceId}/general`);
+            } else {
+                router.refresh();
+            }
+
+            setSaveLoading(false);
         }
+
         setSaveLoading(false);
     }
 
@@ -304,6 +315,24 @@ export default function GeneralForm() {
                                             )}
                                         />
 
+                                        <FormField
+                                            control={form.control}
+                                            name="niceId"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>{t("niceId") || "Nice ID"}</FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            {...field}
+                                                            placeholder="Enter Nice ID"
+                                                            className="flex-1"
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+
                                         {!resource.http && (
                                             <>
                                                 <FormField
diff --git a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
index 50a1faff..07655957 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
@@ -37,7 +37,7 @@ import { Tag, TagInput } from "@app/components/tags/tag-input";
 
 const GeneralFormSchema = z.object({
     name: z.string().nonempty("Name is required"),
-    niceId: z.string().optional(),
+    niceId: z.string().min(1).max(255).optional(),
     dockerSocketEnabled: z.boolean().optional(),
     remoteSubnets: z
         .array(
diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index d16c4bae..7d6a171e 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { Check, InfoIcon, Pencil, ShieldCheck, ShieldOff, X } from "lucide-react";
+import { ShieldCheck, ShieldOff } from "lucide-react";
 import { useResourceContext } from "@app/hooks/useResourceContext";
 import CopyToClipboard from "@app/components/CopyToClipboard";
 import {
@@ -14,167 +14,25 @@ import { useTranslations } from "next-intl";
 import CertificateStatus from "@app/components/private/CertificateStatus";
 import { toUnicode } from "punycode";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { Button } from "./ui/button";
-import { Input } from "./ui/input";
-import { createApiClient, formatAxiosError } from "@app/lib/api";
-import { useState } from "react";
-import { useToast } from "@app/hooks/useToast";
-import { UpdateResourceResponse } from "@server/routers/resource";
-import { AxiosResponse } from "axios";
-import { useRouter, usePathname } from "next/navigation";
 
 type ResourceInfoBoxType = {};
 
 export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
     const { resource, authInfo, updateResource } = useResourceContext();
     const { env } = useEnvContext();
-    const api = createApiClient(useEnvContext());
-    const router = useRouter();
-    const pathname = usePathname();
-
-    const [isEditing, setIsEditing] = useState(false);
-    const [niceId, setNiceId] = useState(resource.niceId);
-    const [tempNiceId, setTempNiceId] = useState(resource.niceId);
-    const [isLoading, setIsLoading] = useState(false);
-    const { toast } = useToast();
 
     const t = useTranslations();
 
     const fullUrl = `${resource.ssl ? "https" : "http"}://${toUnicode(resource.fullDomain || "")}`;
 
 
-    const handleEdit = () => {
-        setTempNiceId(niceId);
-        setIsEditing(true);
-    };
-
-    const handleCancel = () => {
-        setTempNiceId(niceId);
-        setIsEditing(false);
-    };
-
-    const handleSave = async () => {
-        if (tempNiceId.trim() === "") {
-            toast({
-                variant: "destructive",
-                title: t("error"),
-                description: t("niceIdCannotBeEmpty")
-            });
-            return;
-        }
-
-        if (tempNiceId === niceId) {
-            setIsEditing(false);
-            return;
-        }
-
-        setIsLoading(true);
-
-        try {
-            const res = await api
-                .post<AxiosResponse<UpdateResourceResponse>>(
-                    `resource/${resource?.resourceId}`,
-                    {
-                        niceId: tempNiceId.trim()
-                    }
-                );
-
-            setNiceId(tempNiceId.trim());
-            setIsEditing(false);
-
-            updateResource({
-                niceId: tempNiceId.trim()
-            });
-
-            // update the URL to reflect the new niceId
-            const newPath = pathname.replace(`/resources/${niceId}`, `/resources/${tempNiceId.trim()}`);
-            router.replace(newPath);
-
-            toast({
-                title: t("niceIdUpdated"),
-                description: t("niceIdUpdatedSuccessfully")
-            });
-        } catch (e: any) {
-            toast({
-                variant: "destructive",
-                title: t("niceIdUpdateError"),
-                description: formatAxiosError(
-                    e,
-                    t("niceIdUpdateErrorDescription")
-                )
-            });
-        } finally {
-            setIsLoading(false);
-        }
-    };
-
-
-    const handleKeyDown = (e: React.KeyboardEvent) => {
-        if (e.key === "Enter") {
-            handleSave();
-        } else if (e.key === "Escape") {
-            handleCancel();
-        }
-    };
-
     return (
         <Alert>
             <AlertDescription>
                 {/* 4 cols because of the certs */}
                 <InfoSections
-                    cols={resource.http && env.flags.usePangolinDns ? 5 : 4}
+                    cols={resource.http && env.flags.usePangolinDns ? 4 : 3}
                 >
-                    <InfoSection>
-                        <InfoSectionTitle>
-                            {t("niceId")}
-                        </InfoSectionTitle>
-                        <InfoSectionContent>
-                            <div className="flex items-center gap-2">
-                                {isEditing ? (
-                                    <>
-                                        <Input
-                                            value={tempNiceId}
-                                            onChange={(e) => setTempNiceId(e.target.value)}
-                                            onKeyDown={handleKeyDown}
-                                            disabled={isLoading}
-                                            className="flex-1"
-                                            autoFocus
-                                        />
-                                        <Button
-                                            size="icon"
-                                            variant="ghost"
-                                            onClick={handleSave}
-                                            disabled={isLoading}
-                                            className="h-8 w-8"
-                                        >
-                                            <Check className="h-4 w-4" />
-                                        </Button>
-                                        <Button
-                                            size="icon"
-                                            variant="ghost"
-                                            onClick={handleCancel}
-                                            disabled={isLoading}
-                                            className="h-8 w-8"
-                                        >
-                                            <X className="h-4 w-4" />
-                                        </Button>
-                                    </>
-                                ) : (
-                                    <>
-                                        <span>{niceId}</span>
-                                        <Button
-                                            size="icon"
-                                            variant="ghost"
-                                            onClick={handleEdit}
-                                            className="h-8 w-8"
-                                        >
-                                            <Pencil className="h-4 w-4" />
-                                        </Button>
-                                    </>
-                                )}
-                            </div>
-                        </InfoSectionContent>
-                    </InfoSection>
                     {resource.http ? (
                         <>
                             <InfoSection>

From ddc14d164ee42457dc042f2bd62660a3a3f95145 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Tue, 4 Nov 2025 12:47:08 -0800
Subject: [PATCH 53/70] Rename nice id to Identifier in the ui

---
 messages/en-US.json                                          | 4 +++-
 src/app/[orgId]/settings/resources/[niceId]/general/page.tsx | 4 ++--
 src/app/[orgId]/settings/sites/[niceId]/general/page.tsx     | 4 ++--
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 936ef98c..486be02a 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -2101,5 +2101,7 @@
     "niceIdUpdatedSuccessfully": "Nice ID Updated Successfully",
     "niceIdUpdateError": "Error updating Nice ID",
     "niceIdUpdateErrorDescription": "An error occurred while updating the Nice ID.",
-    "niceIdCannotBeEmpty": "Nice ID cannot be empty"
+    "niceIdCannotBeEmpty": "Nice ID cannot be empty",
+    "enterIdentifier": "Enter identifier",
+    "identifier": "Identifier"
 }
diff --git a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
index dfd16ad0..50155b3e 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
@@ -320,11 +320,11 @@ export default function GeneralForm() {
                                             name="niceId"
                                             render={({ field }) => (
                                                 <FormItem>
-                                                    <FormLabel>{t("niceId") || "Nice ID"}</FormLabel>
+                                                    <FormLabel>{t("identifier")}</FormLabel>
                                                     <FormControl>
                                                         <Input
                                                             {...field}
-                                                            placeholder="Enter Nice ID"
+                                                            placeholder={t("enterIdentifier")}
                                                             className="flex-1"
                                                         />
                                                     </FormControl>
diff --git a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
index 07655957..eef981a8 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
@@ -161,11 +161,11 @@ export default function GeneralPage() {
                                     name="niceId"
                                     render={({ field }) => (
                                         <FormItem>
-                                            <FormLabel>{t("niceId") || "Nice ID"}</FormLabel>
+                                            <FormLabel>{t("identifier")}</FormLabel>
                                             <FormControl>
                                                 <Input
                                                     {...field}
-                                                    placeholder="Enter Nice ID"
+                                                    placeholder={t("enterIdentifier")}
                                                     className="flex-1"
                                                 />
                                             </FormControl>

From abc5f8ec68d99f3169f8032cec57df17778486bf Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 6 Nov 2025 23:36:54 +0530
Subject: [PATCH 54/70] show the identifier in the info box

---
 src/components/ResourceInfoBox.tsx | 10 +++++++++-
 src/components/SiteInfoCard.tsx    | 10 +++++++++-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index 7d6a171e..4d77a434 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -31,8 +31,16 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
             <AlertDescription>
                 {/* 4 cols because of the certs */}
                 <InfoSections
-                    cols={resource.http && env.flags.usePangolinDns ? 4 : 3}
+                    cols={resource.http && env.flags.usePangolinDns ? 5 : 4}
                 >
+                    <InfoSection>
+                        <InfoSectionTitle>
+                            {t("identifier")}
+                        </InfoSectionTitle>
+                        <InfoSectionContent>
+                            {resource.niceId}
+                        </InfoSectionContent>
+                    </InfoSection>
                     {resource.http ? (
                         <>
                             <InfoSection>
diff --git a/src/components/SiteInfoCard.tsx b/src/components/SiteInfoCard.tsx
index 35d7120c..6d35e145 100644
--- a/src/components/SiteInfoCard.tsx
+++ b/src/components/SiteInfoCard.tsx
@@ -35,7 +35,15 @@ export default function SiteInfoCard({ }: SiteInfoCardProps) {
     return (
         <Alert>
             <AlertDescription>
-                <InfoSections cols={env.flags.enableClients ? 3 : 2}>
+                <InfoSections cols={env.flags.enableClients ? 4 : 3}>
+                    <InfoSection>
+                        <InfoSectionTitle>
+                            {t("identifier")}
+                        </InfoSectionTitle>
+                        <InfoSectionContent>
+                            {site.niceId}
+                        </InfoSectionContent>
+                    </InfoSection>
                     {(site.type == "newt" || site.type == "wireguard") && (
                         <>
                             <InfoSection>

From 0af51cebbe75996a18c2d4a9a5cfa5d276b6c7e5 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 6 Nov 2025 23:50:57 +0530
Subject: [PATCH 55/70] scope niceid to the orgId

---
 server/routers/resource/updateResource.ts | 14 ++++++++++++--
 server/routers/site/updateSite.ts         |  9 +++++++--
 2 files changed, 19 insertions(+), 4 deletions(-)

diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index bfe6b2cf..04a57ec1 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -242,7 +242,12 @@ async function updateHttpResource(
         const [existingResource] = await db
             .select()
             .from(resources)
-            .where(eq(resources.niceId, updateData.niceId));
+            .where(
+            and(
+                eq(resources.niceId, updateData.niceId),
+                eq(resources.orgId, resource.orgId)
+            )
+        );
 
         if (
             existingResource &&
@@ -387,7 +392,12 @@ async function updateRawResource(
         const [existingResource] = await db
             .select()
             .from(resources)
-            .where(eq(resources.niceId, updateData.niceId));
+            .where(
+            and(
+                eq(resources.niceId, updateData.niceId),
+                eq(resources.orgId, resource.orgId)
+            )
+        );
 
         if (
             existingResource &&
diff --git a/server/routers/site/updateSite.ts b/server/routers/site/updateSite.ts
index de0c3f9c..2041420c 100644
--- a/server/routers/site/updateSite.ts
+++ b/server/routers/site/updateSite.ts
@@ -2,7 +2,7 @@ import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db } from "@server/db";
 import { sites } from "@server/db";
-import { eq } from "drizzle-orm";
+import { eq, and } from "drizzle-orm";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
@@ -95,7 +95,12 @@ export async function updateSite(
             const existingSite = await db
                 .select()
                 .from(sites)
-                .where(eq(sites.niceId, updateData.niceId))
+                .where(
+                    and(
+                        eq(sites.niceId, updateData.niceId),
+                        eq(sites.orgId, sites.orgId)
+                    )
+                )
                 .limit(1);
 
             if (existingSite.length > 0 && existingSite[0].siteId !== siteId) {

From bdf1625976fa375108a3177e8ef114ce40229a50 Mon Sep 17 00:00:00 2001
From: Owen <owen@txv.io>
Date: Sun, 9 Nov 2025 10:46:46 -0800
Subject: [PATCH 56/70] Add headers

---
 server/private/routers/re-key/index.ts              | 13 +++++++++++++
 .../routers/re-key/reGenerateClientSecret.ts        | 13 +++++++++++++
 .../private/routers/re-key/reGenerateSiteSecret.ts  | 13 +++++++++++++
 3 files changed, 39 insertions(+)

diff --git a/server/private/routers/re-key/index.ts b/server/private/routers/re-key/index.ts
index 7e04d9e4..41a1c967 100644
--- a/server/private/routers/re-key/index.ts
+++ b/server/private/routers/re-key/index.ts
@@ -1,3 +1,16 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
 export * from "./reGenerateClientSecret";
 export * from "./reGenerateSiteSecret";
 export * from "./reGenerateExitNodeSecret";
\ No newline at end of file
diff --git a/server/private/routers/re-key/reGenerateClientSecret.ts b/server/private/routers/re-key/reGenerateClientSecret.ts
index d16d433b..e07099a4 100644
--- a/server/private/routers/re-key/reGenerateClientSecret.ts
+++ b/server/private/routers/re-key/reGenerateClientSecret.ts
@@ -1,3 +1,16 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db, olms, } from "@server/db";
diff --git a/server/private/routers/re-key/reGenerateSiteSecret.ts b/server/private/routers/re-key/reGenerateSiteSecret.ts
index 1d046933..3826cbc3 100644
--- a/server/private/routers/re-key/reGenerateSiteSecret.ts
+++ b/server/private/routers/re-key/reGenerateSiteSecret.ts
@@ -1,3 +1,16 @@
+/*
+ * This file is part of a proprietary work.
+ *
+ * Copyright (c) 2025 Fossorial, Inc.
+ * All rights reserved.
+ *
+ * This file is licensed under the Fossorial Commercial License.
+ * You may not use this file except in compliance with the License.
+ * Unauthorized use, copying, modification, or distribution is strictly prohibited.
+ *
+ * This file is not licensed under the AGPLv3.
+ */
+
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { db, newts, sites } from "@server/db";

From c004e969cbbfca681e4805afb8577ec7828d4f5a Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Wed, 12 Nov 2025 00:30:08 +0530
Subject: [PATCH 57/70] improve IPv6 validation to support all variants using
 ipaddr.js

---
 server/lib/validators.ts | 28 ++++++++++++++++------------
 1 file changed, 16 insertions(+), 12 deletions(-)

diff --git a/server/lib/validators.ts b/server/lib/validators.ts
index 59776105..db6ff26b 100644
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -1,4 +1,5 @@
 import z from "zod";
+import ipaddr from "ipaddr.js";
 
 export function isValidCIDR(cidr: string): boolean {
     return z.string().cidr().safeParse(cidr).success;
@@ -68,11 +69,11 @@ export function isUrlValid(url: string | undefined) {
     if (!url) return true; // the link is optional in the schema so if it's empty it's valid
     var pattern = new RegExp(
         "^(https?:\\/\\/)?" + // protocol
-            "((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|" + // domain name
-            "((\\d{1,3}\\.){3}\\d{1,3}))" + // OR ip (v4) address
-            "(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*" + // port and path
-            "(\\?[;&a-z\\d%_.~+=-]*)?" + // query string
-            "(\\#[-a-z\\d_]*)?$",
+        "((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|" + // domain name
+        "((\\d{1,3}\\.){3}\\d{1,3}))" + // OR ip (v4) address
+        "(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*" + // port and path
+        "(\\?[;&a-z\\d%_.~+=-]*)?" + // query string
+        "(\\#[-a-z\\d_]*)?$",
         "i"
     );
     return !!pattern.test(url);
@@ -83,12 +84,15 @@ export function isTargetValid(value: string | undefined) {
 
     const DOMAIN_REGEX =
         /^[a-zA-Z0-9_](?:[a-zA-Z0-9-_]{0,61}[a-zA-Z0-9_])?(?:\.[a-zA-Z0-9_](?:[a-zA-Z0-9-_]{0,61}[a-zA-Z0-9_])?)*$/;
-    const IPV4_REGEX =
-        /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
-    const IPV6_REGEX = /^(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}$/i;
+    // const IPV4_REGEX =
+    //     /^(?:(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(?:25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/;
+    // const IPV6_REGEX = /^(?:[A-F0-9]{1,4}:){7}[A-F0-9]{1,4}$/i;
 
-    if (IPV4_REGEX.test(value) || IPV6_REGEX.test(value)) {
-        return true;
+    try {
+        const addr = ipaddr.parse(value);
+        return addr.kind() === "ipv4" || addr.kind() === "ipv6";
+    } catch {
+        // fall through to domain regex check
     }
 
     return DOMAIN_REGEX.test(value);
@@ -169,10 +173,10 @@ export function isSecondLevelDomain(domain: string): boolean {
     }
 
     const trimmedDomain = domain.trim().toLowerCase();
-    
+
     // Split into parts
     const parts = trimmedDomain.split('.');
-    
+
     // Should have exactly 2 parts for a second-level domain (e.g., "example.com")
     if (parts.length !== 2) {
         return false;

From 63a1ecfb86b554986ef36154aa1457ce4adf98b1 Mon Sep 17 00:00:00 2001
From: Pallavi Kumari <pallavilpmt1995@gmail.com>
Date: Thu, 13 Nov 2025 23:31:29 +0530
Subject: [PATCH 58/70] role in header

---
 server/routers/badger/verifySession.ts | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index eec83d0f..da5b0f18 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -60,6 +60,7 @@ type BasicUserData = {
     username: string;
     email: string | null;
     name: string | null;
+    role: string | null;
 };
 
 export type VerifyUserResponse = {
@@ -883,7 +884,8 @@ async function isUserAllowedToAccessResource(
         return {
             username: user.username,
             email: user.email,
-            name: user.name
+            name: user.name,
+            role: user.role
         };
     }
 
@@ -896,7 +898,8 @@ async function isUserAllowedToAccessResource(
         return {
             username: user.username,
             email: user.email,
-            name: user.name
+            name: user.name,
+            role: user.role
         };
     }
 

From 8674ca931b158cee6135575e6396dbe040f3dc1f Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 13 Nov 2025 17:34:49 -0500
Subject: [PATCH 59/70] remove from address in saas suppport email

---
 server/private/routers/misc/sendSupportEmail.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/private/routers/misc/sendSupportEmail.ts b/server/private/routers/misc/sendSupportEmail.ts
index fef43ef8..9b3f9c14 100644
--- a/server/private/routers/misc/sendSupportEmail.ts
+++ b/server/private/routers/misc/sendSupportEmail.ts
@@ -68,7 +68,7 @@ export async function sendSupportEmail(
                 {
                     name: req.user?.email || "Support User",
                     to: "support@pangolin.net",
-                    from: req.user?.email || config.getNoReplyEmail(),
+                    from: config.getNoReplyEmail(),
                     subject: `Support Request: ${subject}`
                 }
             );

From 0798a0c6c2108dcd1433fa92de5a8ff71bbd27b2 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 13 Nov 2025 21:48:37 -0500
Subject: [PATCH 60/70] clean up info box

---
 src/components/InfoSection.tsx     |  8 +++++++-
 src/components/ResourceInfoBox.tsx | 26 +++++++++++++++-----------
 2 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/src/components/InfoSection.tsx b/src/components/InfoSection.tsx
index 41f5cd89..5959bfc3 100644
--- a/src/components/InfoSection.tsx
+++ b/src/components/InfoSection.tsx
@@ -50,5 +50,11 @@ export function InfoSectionContent({
     children: React.ReactNode;
     className?: string;
 }) {
-    return <div className={cn("break-words", className)}>{children}</div>;
+    return (
+        <div className={cn("min-w-0 overflow-hidden", className)}>
+            <div className="w-full truncate [&>div.flex]:min-w-0 [&>div.flex]:!whitespace-normal [&>div.flex>span]:truncate [&>div.flex>a]:truncate">
+                {children}
+            </div>
+        </div>
+    );
 }
diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index 4d77a434..a75ca78c 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -1,7 +1,7 @@
 "use client";
 
 import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
-import { ShieldCheck, ShieldOff } from "lucide-react";
+import { ShieldCheck, ShieldOff, Eye, EyeOff } from "lucide-react";
 import { useResourceContext } from "@app/hooks/useResourceContext";
 import CopyToClipboard from "@app/components/CopyToClipboard";
 import {
@@ -54,12 +54,12 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                                         authInfo.whitelist ||
                                         authInfo.headerAuth ? (
                                         <div className="flex items-start space-x-2 text-green-500">
-                                            <ShieldCheck className="w-4 h-4 mt-0.5" />
+                                            <ShieldCheck className="w-4 h-4 mt-0.5 flex-shrink-0" />
                                             <span>{t("protected")}</span>
                                         </div>
                                     ) : (
                                         <div className="flex items-center space-x-2 text-yellow-500">
-                                            <ShieldOff className="w-4 h-4" />
+                                            <ShieldOff className="w-4 h-4 flex-shrink-0" />
                                             <span>{t("notProtected")}</span>
                                         </div>
                                     )}
@@ -100,9 +100,7 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                                     {t("protocol")}
                                 </InfoSectionTitle>
                                 <InfoSectionContent>
-                                    <span>
-                                        {resource.protocol.toUpperCase()}
-                                    </span>
+                                    {resource.protocol.toUpperCase()}
                                 </InfoSectionContent>
                             </InfoSection>
                             <InfoSection>
@@ -164,11 +162,17 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                     <InfoSection>
                         <InfoSectionTitle>{t("visibility")}</InfoSectionTitle>
                         <InfoSectionContent>
-                            <span>
-                                {resource.enabled
-                                    ? t("enabled")
-                                    : t("disabled")}
-                            </span>
+                            {resource.enabled ? (
+                                <div className="flex items-center space-x-2 text-green-500">
+                                    <Eye className="w-4 h-4 flex-shrink-0" />
+                                    <span>{t("enabled")}</span>
+                                </div>
+                            ) : (
+                                <div className="flex items-center space-x-2 text-neutral-500">
+                                    <EyeOff className="w-4 h-4 flex-shrink-0" />
+                                    <span>{t("disabled")}</span>
+                                </div>
+                            )}
                         </InfoSectionContent>
                     </InfoSection>
                 </InfoSections>

From d9564ed6fea37bbe55e60e4153ac8e8184916464 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Thu, 13 Nov 2025 22:04:29 -0500
Subject: [PATCH 61/70] improve spacing and colors

---
 messages/en-US.json                |   6 +
 src/components/ResourceInfoBox.tsx |  12 +-
 src/components/ResourcesTable.tsx  | 218 +++++++++++++++++------------
 3 files changed, 143 insertions(+), 93 deletions(-)

diff --git a/messages/en-US.json b/messages/en-US.json
index 7f877984..08d4e21a 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1525,6 +1525,12 @@
     "resourcesTableTheseResourcesForUseWith": "These resources are for use with",
     "resourcesTableClients": "Clients",
     "resourcesTableAndOnlyAccessibleInternally": "and are only accessible internally when connected with a client.",
+    "resourcesTableNoTargets": "No targets",
+    "resourcesTableHealthy": "Healthy",
+    "resourcesTableDegraded": "Degraded",
+    "resourcesTableOffline": "Offline",
+    "resourcesTableUnknown": "Unknown",
+    "resourcesTableNotMonitored": "Not monitored",
     "editInternalResourceDialogEditClientResource": "Edit Client Resource",
     "editInternalResourceDialogUpdateResourceProperties": "Update the resource properties and target configuration for {resourceName}.",
     "editInternalResourceDialogResourceProperties": "Resource Properties",
diff --git a/src/components/ResourceInfoBox.tsx b/src/components/ResourceInfoBox.tsx
index a75ca78c..0696c605 100644
--- a/src/components/ResourceInfoBox.tsx
+++ b/src/components/ResourceInfoBox.tsx
@@ -53,8 +53,8 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                                         authInfo.sso ||
                                         authInfo.whitelist ||
                                         authInfo.headerAuth ? (
-                                        <div className="flex items-start space-x-2 text-green-500">
-                                            <ShieldCheck className="w-4 h-4 mt-0.5 flex-shrink-0" />
+                                        <div className="flex items-start space-x-2">
+                                            <ShieldCheck className="w-4 h-4 mt-0.5 flex-shrink-0 text-green-500" />
                                             <span>{t("protected")}</span>
                                         </div>
                                     ) : (
@@ -163,13 +163,13 @@ export default function ResourceInfoBox({ }: ResourceInfoBoxType) {
                         <InfoSectionTitle>{t("visibility")}</InfoSectionTitle>
                         <InfoSectionContent>
                             {resource.enabled ? (
-                                <div className="flex items-center space-x-2 text-green-500">
-                                    <Eye className="w-4 h-4 flex-shrink-0" />
+                                <div className="flex items-center space-x-2">
+                                    <Eye className="w-4 h-4 flex-shrink-0 text-green-500" />
                                     <span>{t("enabled")}</span>
                                 </div>
                             ) : (
-                                <div className="flex items-center space-x-2 text-neutral-500">
-                                    <EyeOff className="w-4 h-4 flex-shrink-0" />
+                                <div className="flex items-center space-x-2">
+                                    <EyeOff className="w-4 h-4 flex-shrink-0 text-neutral-500" />
                                     <span>{t("disabled")}</span>
                                 </div>
                             )}
diff --git a/src/components/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
index 252ac7d2..171f3491 100644
--- a/src/components/ResourcesTable.tsx
+++ b/src/components/ResourcesTable.tsx
@@ -17,7 +17,7 @@ import {
     DropdownMenuContent,
     DropdownMenuItem,
     DropdownMenuTrigger,
-    DropdownMenuCheckboxItem,
+    DropdownMenuCheckboxItem
 } from "@app/components/ui/dropdown-menu";
 import { Button } from "@app/components/ui/button";
 import {
@@ -36,7 +36,7 @@ import {
     Wifi,
     WifiOff,
     CheckCircle2,
-    XCircle,
+    XCircle
 } from "lucide-react";
 import Link from "next/link";
 import { useRouter } from "next/navigation";
@@ -75,13 +75,12 @@ import EditInternalResourceDialog from "@app/components/EditInternalResourceDial
 import CreateInternalResourceDialog from "@app/components/CreateInternalResourceDialog";
 import { Alert, AlertDescription } from "@app/components/ui/alert";
 
-
 export type TargetHealth = {
     targetId: number;
     ip: string;
     port: number;
     enabled: boolean;
-    healthStatus?: 'healthy' | 'unhealthy' | 'unknown';
+    healthStatus?: "healthy" | "unhealthy" | "unknown";
 };
 
 export type ResourceRow = {
@@ -102,45 +101,55 @@ export type ResourceRow = {
     targets?: TargetHealth[];
 };
 
-
-function getOverallHealthStatus(targets?: TargetHealth[]): 'online' | 'degraded' | 'offline' | 'unknown' {
+function getOverallHealthStatus(
+    targets?: TargetHealth[]
+): "online" | "degraded" | "offline" | "unknown" {
     if (!targets || targets.length === 0) {
-        return 'unknown';
+        return "unknown";
     }
 
-    const monitoredTargets = targets.filter(t => t.enabled && t.healthStatus && t.healthStatus !== 'unknown');
+    const monitoredTargets = targets.filter(
+        (t) => t.enabled && t.healthStatus && t.healthStatus !== "unknown"
+    );
 
     if (monitoredTargets.length === 0) {
-        return 'unknown';
+        return "unknown";
     }
 
-    const healthyCount = monitoredTargets.filter(t => t.healthStatus === 'healthy').length;
-    const unhealthyCount = monitoredTargets.filter(t => t.healthStatus === 'unhealthy').length;
+    const healthyCount = monitoredTargets.filter(
+        (t) => t.healthStatus === "healthy"
+    ).length;
+    const unhealthyCount = monitoredTargets.filter(
+        (t) => t.healthStatus === "unhealthy"
+    ).length;
 
     if (healthyCount === monitoredTargets.length) {
-        return 'online';
+        return "online";
     } else if (unhealthyCount === monitoredTargets.length) {
-        return 'offline';
+        return "offline";
     } else {
-        return 'degraded';
+        return "degraded";
     }
 }
 
-function StatusIcon({ status, className = "" }: {
-    status: 'online' | 'degraded' | 'offline' | 'unknown';
+function StatusIcon({
+    status,
+    className = ""
+}: {
+    status: "online" | "degraded" | "offline" | "unknown";
     className?: string;
 }) {
     const iconClass = `h-4 w-4 ${className}`;
 
     switch (status) {
-        case 'online':
+        case "online":
             return <CheckCircle2 className={`${iconClass} text-green-500`} />;
-        case 'degraded':
+        case "degraded":
             return <CheckCircle2 className={`${iconClass} text-yellow-500`} />;
-        case 'offline':
+        case "offline":
             return <XCircle className={`${iconClass} text-destructive`} />;
-        case 'unknown':
-            return <Clock className={`${iconClass} text-gray-400`} />;
+        case "unknown":
+            return <Clock className={`${iconClass} text-muted-foreground`} />;
         default:
             return null;
     }
@@ -171,15 +180,14 @@ type ResourcesTableProps = {
     };
 };
 
-
 const STORAGE_KEYS = {
-    PAGE_SIZE: 'datatable-page-size',
+    PAGE_SIZE: "datatable-page-size",
     getTablePageSize: (tableId?: string) =>
         tableId ? `datatable-${tableId}-page-size` : STORAGE_KEYS.PAGE_SIZE
 };
 
 const getStoredPageSize = (tableId?: string, defaultSize = 20): number => {
-    if (typeof window === 'undefined') return defaultSize;
+    if (typeof window === "undefined") return defaultSize;
 
     try {
         const key = STORAGE_KEYS.getTablePageSize(tableId);
@@ -191,24 +199,22 @@ const getStoredPageSize = (tableId?: string, defaultSize = 20): number => {
             }
         }
     } catch (error) {
-        console.warn('Failed to read page size from localStorage:', error);
+        console.warn("Failed to read page size from localStorage:", error);
     }
     return defaultSize;
 };
 
 const setStoredPageSize = (pageSize: number, tableId?: string): void => {
-    if (typeof window === 'undefined') return;
+    if (typeof window === "undefined") return;
 
     try {
         const key = STORAGE_KEYS.getTablePageSize(tableId);
         localStorage.setItem(key, pageSize.toString());
     } catch (error) {
-        console.warn('Failed to save page size to localStorage:', error);
+        console.warn("Failed to save page size to localStorage:", error);
     }
 };
 
-
-
 export default function ResourcesTable({
     resources,
     internalResources,
@@ -224,12 +230,11 @@ export default function ResourcesTable({
 
     const api = createApiClient({ env });
 
-
     const [proxyPageSize, setProxyPageSize] = useState<number>(() =>
-        getStoredPageSize('proxy-resources', 20)
+        getStoredPageSize("proxy-resources", 20)
     );
     const [internalPageSize, setInternalPageSize] = useState<number>(() =>
-        getStoredPageSize('internal-resources', 20)
+        getStoredPageSize("internal-resources", 20)
     );
 
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
@@ -247,8 +252,10 @@ export default function ResourcesTable({
         defaultSort ? [defaultSort] : []
     );
 
-    const [proxyColumnVisibility, setProxyColumnVisibility] = useState<VisibilityState>({});
-    const [internalColumnVisibility, setInternalColumnVisibility] = useState<VisibilityState>({});
+    const [proxyColumnVisibility, setProxyColumnVisibility] =
+        useState<VisibilityState>({});
+    const [internalColumnVisibility, setInternalColumnVisibility] =
+        useState<VisibilityState>({});
 
     const [proxyColumnFilters, setProxyColumnFilters] =
         useState<ColumnFiltersState>([]);
@@ -427,24 +434,34 @@ export default function ResourcesTable({
             return (
                 <div className="flex items-center gap-2">
                     <StatusIcon status="unknown" />
-                    <span className="text-sm text-muted-foreground">No targets</span>
+                    <span className="text-sm">
+                        {t("resourcesTableNoTargets")}
+                    </span>
                 </div>
             );
         }
 
-        const monitoredTargets = targets.filter(t => t.enabled && t.healthStatus && t.healthStatus !== 'unknown');
-        const unknownTargets = targets.filter(t => !t.enabled || !t.healthStatus || t.healthStatus === 'unknown');
+        const monitoredTargets = targets.filter(
+            (t) => t.enabled && t.healthStatus && t.healthStatus !== "unknown"
+        );
+        const unknownTargets = targets.filter(
+            (t) => !t.enabled || !t.healthStatus || t.healthStatus === "unknown"
+        );
 
         return (
             <DropdownMenu>
                 <DropdownMenuTrigger asChild>
-                    <Button variant="ghost" size="sm" className="flex items-center gap-2 h-8">
+                    <Button
+                        variant="ghost"
+                        size="sm"
+                        className="flex items-center gap-2 h-8 px-0"
+                    >
                         <StatusIcon status={overallStatus} />
                         <span className="text-sm">
-                            {overallStatus === 'online' && 'Healthy'}
-                            {overallStatus === 'degraded' && 'Degraded'}
-                            {overallStatus === 'offline' && 'Offline'}
-                            {overallStatus === 'unknown' && 'Unknown'}
+                            {overallStatus === "online" && t("resourcesTableHealthy")}
+                            {overallStatus === "degraded" && t("resourcesTableDegraded")}
+                            {overallStatus === "offline" && t("resourcesTableOffline")}
+                            {overallStatus === "unknown" && t("resourcesTableUnknown")}
                         </span>
                         <ChevronDown className="h-3 w-3" />
                     </Button>
@@ -453,16 +470,29 @@ export default function ResourcesTable({
                     {monitoredTargets.length > 0 && (
                         <>
                             {monitoredTargets.map((target) => (
-                                <DropdownMenuItem key={target.targetId} className="flex items-center justify-between gap-4">
+                                <DropdownMenuItem
+                                    key={target.targetId}
+                                    className="flex items-center justify-between gap-4"
+                                >
                                     <div className="flex items-center gap-2">
                                         <StatusIcon
-                                            status={target.healthStatus === 'healthy' ? 'online' : 'offline'}
+                                            status={
+                                                target.healthStatus ===
+                                                "healthy"
+                                                    ? "online"
+                                                    : "offline"
+                                            }
                                             className="h-3 w-3"
                                         />
                                         {`${target.ip}:${target.port}`}
                                     </div>
-                                    <span className={`capitalize ${target.healthStatus === 'healthy' ? 'text-green-500' : 'text-destructive'
-                                        }`}>
+                                    <span
+                                        className={`capitalize ${
+                                            target.healthStatus === "healthy"
+                                                ? "text-green-500"
+                                                : "text-destructive"
+                                        }`}
+                                    >
                                         {target.healthStatus}
                                     </span>
                                 </DropdownMenuItem>
@@ -472,13 +502,21 @@ export default function ResourcesTable({
                     {unknownTargets.length > 0 && (
                         <>
                             {unknownTargets.map((target) => (
-                                <DropdownMenuItem key={target.targetId} className="flex items-center justify-between gap-4">
+                                <DropdownMenuItem
+                                    key={target.targetId}
+                                    className="flex items-center justify-between gap-4"
+                                >
                                     <div className="flex items-center gap-2">
-                                        <StatusIcon status="unknown" className="h-3 w-3" />
+                                        <StatusIcon
+                                            status="unknown"
+                                            className="h-3 w-3"
+                                        />
                                         {`${target.ip}:${target.port}`}
                                     </div>
                                     <span className="text-muted-foreground">
-                                        {!target.enabled ? 'Disabled' : 'Not monitored'}
+                                        {!target.enabled
+                                            ? t("disabled")
+                                            : t("resourcesTableNotMonitored")}
                                     </span>
                                 </DropdownMenuItem>
                             ))}
@@ -489,7 +527,6 @@ export default function ResourcesTable({
         );
     }
 
-    
     const proxyColumns: ColumnDef<ResourceRow>[] = [
         {
             accessorKey: "name",
@@ -512,7 +549,15 @@ export default function ResourcesTable({
             header: t("protocol"),
             cell: ({ row }) => {
                 const resourceRow = row.original;
-                return <span>{resourceRow.http ? (resourceRow.ssl ? "HTTPS" : "HTTP") : resourceRow.protocol.toUpperCase()}</span>;
+                return (
+                    <span>
+                        {resourceRow.http
+                            ? resourceRow.ssl
+                                ? "HTTPS"
+                                : "HTTP"
+                            : resourceRow.protocol.toUpperCase()}
+                    </span>
+                );
             }
         },
         {
@@ -538,7 +583,12 @@ export default function ResourcesTable({
             sortingFn: (rowA, rowB) => {
                 const statusA = getOverallHealthStatus(rowA.original.targets);
                 const statusB = getOverallHealthStatus(rowB.original.targets);
-                const statusOrder = { online: 3, degraded: 2, offline: 1, unknown: 0 };
+                const statusOrder = {
+                    online: 3,
+                    degraded: 2,
+                    offline: 1,
+                    unknown: 0
+                };
                 return statusOrder[statusA] - statusOrder[statusB];
             }
         },
@@ -589,13 +639,13 @@ export default function ResourcesTable({
                 return (
                     <div>
                         {resourceRow.authState === "protected" ? (
-                            <span className="text-green-500 flex items-center space-x-2">
-                                <ShieldCheck className="w-4 h-4" />
+                            <span className="flex items-center space-x-2">
+                                <ShieldCheck className="w-4 h-4 text-green-500" />
                                 <span>{t("protected")}</span>
                             </span>
                         ) : resourceRow.authState === "not_protected" ? (
-                            <span className="text-yellow-500 flex items-center space-x-2">
-                                <ShieldOff className="w-4 h-4" />
+                            <span className="flex items-center space-x-2">
+                                <ShieldOff className="w-4 h-4 text-yellow-500" />
                                 <span>{t("notProtected")}</span>
                             </span>
                         ) : (
@@ -841,12 +891,12 @@ export default function ResourcesTable({
 
     const handleProxyPageSizeChange = (newPageSize: number) => {
         setProxyPageSize(newPageSize);
-        setStoredPageSize(newPageSize, 'proxy-resources');
+        setStoredPageSize(newPageSize, "proxy-resources");
     };
 
     const handleInternalPageSizeChange = (newPageSize: number) => {
         setInternalPageSize(newPageSize);
-        setStoredPageSize(newPageSize, 'internal-resources');
+        setStoredPageSize(newPageSize, "internal-resources");
     };
 
     return (
@@ -860,12 +910,8 @@ export default function ResourcesTable({
                     }}
                     dialog={
                         <div>
-                            <p>
-                                {t("resourceQuestionRemove")}
-                            </p>
-                            <p>
-                                {t("resourceMessageRemove")}
-                            </p>
+                            <p>{t("resourceQuestionRemove")}</p>
+                            <p>{t("resourceMessageRemove")}</p>
                         </div>
                     }
                     buttonText={t("resourceDeleteConfirm")}
@@ -884,12 +930,8 @@ export default function ResourcesTable({
                     }}
                     dialog={
                         <div>
-                            <p>
-                                {t("resourceQuestionRemove")}
-                            </p>
-                            <p>
-                                {t("resourceMessageRemove")}
-                            </p>
+                            <p>{t("resourceQuestionRemove")}</p>
+                            <p>{t("resourceMessageRemove")}</p>
                         </div>
                     }
                     buttonText={t("resourceDeleteConfirm")}
@@ -939,9 +981,7 @@ export default function ResourcesTable({
                                         {t("refresh")}
                                     </Button>
                                 </div>
-                                <div>
-                                    {getActionButton()}
-                                </div>
+                                <div>{getActionButton()}</div>
                             </div>
                         </CardHeader>
                         <CardContent>
@@ -960,12 +1000,12 @@ export default function ResourcesTable({
                                                                 {header.isPlaceholder
                                                                     ? null
                                                                     : flexRender(
-                                                                        header
-                                                                            .column
-                                                                            .columnDef
-                                                                            .header,
-                                                                        header.getContext()
-                                                                    )}
+                                                                          header
+                                                                              .column
+                                                                              .columnDef
+                                                                              .header,
+                                                                          header.getContext()
+                                                                      )}
                                                             </TableHead>
                                                         )
                                                     )}
@@ -1023,7 +1063,9 @@ export default function ResourcesTable({
                                 <div className="mt-4">
                                     <DataTablePagination
                                         table={proxyTable}
-                                        onPageSizeChange={handleProxyPageSizeChange}
+                                        onPageSizeChange={
+                                            handleProxyPageSizeChange
+                                        }
                                     />
                                 </div>
                             </TabsContent>
@@ -1061,12 +1103,12 @@ export default function ResourcesTable({
                                                                 {header.isPlaceholder
                                                                     ? null
                                                                     : flexRender(
-                                                                        header
-                                                                            .column
-                                                                            .columnDef
-                                                                            .header,
-                                                                        header.getContext()
-                                                                    )}
+                                                                          header
+                                                                              .column
+                                                                              .columnDef
+                                                                              .header,
+                                                                          header.getContext()
+                                                                      )}
                                                             </TableHead>
                                                         )
                                                     )}
@@ -1124,7 +1166,9 @@ export default function ResourcesTable({
                                 <div className="mt-4">
                                     <DataTablePagination
                                         table={internalTable}
-                                        onPageSizeChange={handleInternalPageSizeChange}
+                                        onPageSizeChange={
+                                            handleInternalPageSizeChange
+                                        }
                                     />
                                 </div>
                             </TabsContent>

From 4e0a2e441b1454911afeb9b965b0a750699fdd91 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Fri, 14 Nov 2025 11:31:44 -0500
Subject: [PATCH 62/70] hide domain status info if not flags.use_pangolin_dns

---
 src/components/DNSRecordTable.tsx | 48 ++++++++++----------
 src/components/DomainInfoCard.tsx | 50 +++++++++++----------
 src/components/DomainsTable.tsx   | 73 ++++++++++++++++---------------
 3 files changed, 91 insertions(+), 80 deletions(-)

diff --git a/src/components/DNSRecordTable.tsx b/src/components/DNSRecordTable.tsx
index 37fa66c0..8c8f6bb4 100644
--- a/src/components/DNSRecordTable.tsx
+++ b/src/components/DNSRecordTable.tsx
@@ -5,6 +5,7 @@ import { useTranslations } from "next-intl";
 import { Badge } from "@app/components/ui/badge";
 import { DNSRecordsDataTable } from "./DNSRecordsDataTable";
 import CopyToClipboard from "@app/components/CopyToClipboard";
+import { useEnvContext } from "@app/hooks/useEnvContext";
 
 export type DNSRecordRow = {
     id: string;
@@ -24,6 +25,30 @@ export default function DNSRecordsTable({
     type
 }: Props) {
     const t = useTranslations();
+    const env = useEnvContext();
+
+    const statusColumn: ColumnDef<DNSRecordRow> = {
+        accessorKey: "verified",
+        header: ({ column }) => {
+            return <div>{t("status")}</div>;
+        },
+        cell: ({ row }) => {
+            const verified = row.original.verified;
+            return verified ? (
+                type === "wildcard" ? (
+                    <Badge variant="outlinePrimary">
+                        {t("manual", { fallback: "Manual" })}
+                    </Badge>
+                ) : (
+                    <Badge variant="green">{t("verified")}</Badge>
+                )
+            ) : (
+                <Badge variant="yellow">
+                    {t("pending", { fallback: "Pending" })}
+                </Badge>
+            );
+        }
+    };
 
     const columns: ColumnDef<DNSRecordRow>[] = [
         {
@@ -81,28 +106,7 @@ export default function DNSRecordsTable({
                 );
             }
         },
-        {
-            accessorKey: "verified",
-            header: ({ column }) => {
-                return <div>{t("status")}</div>;
-            },
-            cell: ({ row }) => {
-                const verified = row.original.verified;
-                return verified ? (
-                    type === "wildcard" ? (
-                        <Badge variant="outlinePrimary">
-                            {t("manual", { fallback: "Manual" })}
-                        </Badge>
-                    ) : (
-                        <Badge variant="green">{t("verified")}</Badge>
-                    )
-                ) : (
-                    <Badge variant="yellow">
-                        {t("pending", { fallback: "Pending" })}
-                    </Badge>
-                );
-            }
-        }
+        ...(env.env.flags.usePangolinDns ? [statusColumn] : [])
     ];
 
     return (
diff --git a/src/components/DomainInfoCard.tsx b/src/components/DomainInfoCard.tsx
index b5de6cd3..e33998da 100644
--- a/src/components/DomainInfoCard.tsx
+++ b/src/components/DomainInfoCard.tsx
@@ -9,6 +9,7 @@ import {
 } from "@app/components/InfoSection";
 import { useTranslations } from "next-intl";
 import { Badge } from "./ui/badge";
+import { useEnvContext } from "@app/hooks/useEnvContext";
 
 type DomainInfoCardProps = {
     failed: boolean;
@@ -22,6 +23,7 @@ export default function DomainInfoCard({
     type
 }: DomainInfoCardProps) {
     const t = useTranslations();
+    const env = useEnvContext();
 
     const getTypeDisplay = (type: string) => {
         switch (type) {
@@ -46,32 +48,34 @@ export default function DomainInfoCard({
                             <span>{getTypeDisplay(type ? type : "")}</span>
                         </InfoSectionContent>
                     </InfoSection>
-                    <InfoSection>
-                        <InfoSectionTitle>{t("status")}</InfoSectionTitle>
-                        <InfoSectionContent>
-                            {failed ? (
-                                <Badge variant="red">
-                                    {t("failed", { fallback: "Failed" })}
-                                </Badge>
-                            ) : verified ? (
-                                type === "wildcard" ? (
-                                    <Badge variant="outlinePrimary">
-                                        {t("manual", {
-                                            fallback: "Manual"
-                                        })}
+                    {env.env.flags.usePangolinDns && (
+                        <InfoSection>
+                            <InfoSectionTitle>{t("status")}</InfoSectionTitle>
+                            <InfoSectionContent>
+                                {failed ? (
+                                    <Badge variant="red">
+                                        {t("failed", { fallback: "Failed" })}
                                     </Badge>
+                                ) : verified ? (
+                                    type === "wildcard" ? (
+                                        <Badge variant="outlinePrimary">
+                                            {t("manual", {
+                                                fallback: "Manual"
+                                            })}
+                                        </Badge>
+                                    ) : (
+                                        <Badge variant="green">
+                                            {t("verified")}
+                                        </Badge>
+                                    )
                                 ) : (
-                                    <Badge variant="green">
-                                        {t("verified")}
+                                    <Badge variant="yellow">
+                                        {t("pending", { fallback: "Pending" })}
                                     </Badge>
-                                )
-                            ) : (
-                                <Badge variant="yellow">
-                                    {t("pending", { fallback: "Pending" })}
-                                </Badge>
-                            )}
-                        </InfoSectionContent>
-                    </InfoSection>
+                                )}
+                            </InfoSectionContent>
+                        </InfoSection>
+                    )}
                 </InfoSections>
             </AlertDescription>
         </Alert>
diff --git a/src/components/DomainsTable.tsx b/src/components/DomainsTable.tsx
index 3e12bab5..a099a8b8 100644
--- a/src/components/DomainsTable.tsx
+++ b/src/components/DomainsTable.tsx
@@ -55,7 +55,8 @@ export default function DomainsTable({ domains, orgId }: Props) {
     const [restartingDomains, setRestartingDomains] = useState<Set<string>>(
         new Set()
     );
-    const api = createApiClient(useEnvContext());
+    const env = useEnvContext();
+    const api = createApiClient(env);
     const router = useRouter();
     const t = useTranslations();
     const { toast } = useToast();
@@ -134,6 +135,41 @@ export default function DomainsTable({ domains, orgId }: Props) {
         }
     };
 
+    const statusColumn: ColumnDef<DomainRow> = {
+        accessorKey: "verified",
+        header: ({ column }) => {
+            return (
+                <Button
+                    variant="ghost"
+                    onClick={() =>
+                        column.toggleSorting(column.getIsSorted() === "asc")
+                    }
+                >
+                    {t("status")}
+                    <ArrowUpDown className="ml-2 h-4 w-4" />
+                </Button>
+            );
+        },
+        cell: ({ row }) => {
+            const { verified, failed, type } = row.original;
+            if (verified) {
+                return type == "wildcard" ? (
+                    <Badge variant="outlinePrimary">{t("manual")}</Badge>
+                ) : (
+                    <Badge variant="green">{t("verified")}</Badge>
+                );
+            } else if (failed) {
+                return (
+                    <Badge variant="red">
+                        {t("failed", { fallback: "Failed" })}
+                    </Badge>
+                );
+            } else {
+                return <Badge variant="yellow">{t("pending")}</Badge>;
+            }
+        }
+    };
+
     const columns: ColumnDef<DomainRow>[] = [
         {
             accessorKey: "baseDomain",
@@ -173,40 +209,7 @@ export default function DomainsTable({ domains, orgId }: Props) {
                 );
             }
         },
-        {
-            accessorKey: "verified",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t("status")}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            },
-            cell: ({ row }) => {
-                const { verified, failed, type } = row.original;
-                if (verified) {
-                    return type == "wildcard" ? (
-                        <Badge variant="outlinePrimary">{t("manual")}</Badge>
-                    ) : (
-                        <Badge variant="green">{t("verified")}</Badge>
-                    );
-                } else if (failed) {
-                    return (
-                        <Badge variant="red">
-                            {t("failed", { fallback: "Failed" })}
-                        </Badge>
-                    );
-                } else {
-                    return <Badge variant="yellow">{t("pending")}</Badge>;
-                }
-            }
-        },
+        ...(env.env.flags.usePangolinDns ? [statusColumn] : []),
         {
             id: "actions",
             cell: ({ row }) => {

From 7c728c144caaf781a684ff69b4f203c63be3832b Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Fri, 14 Nov 2025 11:57:29 -0500
Subject: [PATCH 63/70] fix broken inputs in health check form

---
 .../resources/[niceId]/proxy/page.tsx         | 20 +++++++++++++++----
 .../settings/resources/create/page.tsx        |  4 +++-
 2 files changed, 19 insertions(+), 5 deletions(-)

diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index aa268250..461d3f1c 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -512,9 +512,18 @@ export default function ReverseProxyTargets(props: {
                 port: target.port,
                 enabled: target.enabled,
                 hcEnabled: target.hcEnabled,
-                hcPath: target.hcPath,
-                hcInterval: target.hcInterval,
-                hcTimeout: target.hcTimeout
+                hcPath: target.hcPath || null,
+                hcScheme: target.hcScheme || null,
+                hcHostname: target.hcHostname || null,
+                hcPort: target.hcPort || null,
+                hcInterval: target.hcInterval || null,
+                hcTimeout: target.hcTimeout || null,
+                hcHeaders: target.hcHeaders || null,
+                hcFollowRedirects: target.hcFollowRedirects || null,
+                hcMethod: target.hcMethod || null,
+                hcStatus: target.hcStatus || null,
+                hcUnhealthyInterval: target.hcUnhealthyInterval || null,
+                hcMode: target.hcMode || null
             };
 
             // Only include path-related fields for HTTP resources
@@ -718,7 +727,9 @@ export default function ReverseProxyTargets(props: {
                     hcHeaders: target.hcHeaders || null,
                     hcFollowRedirects: target.hcFollowRedirects || null,
                     hcMethod: target.hcMethod || null,
-                    hcStatus: target.hcStatus || null
+                    hcStatus: target.hcStatus || null,
+                    hcUnhealthyInterval: target.hcUnhealthyInterval || null,
+                    hcMode: target.hcMode || null
                 };
 
                 // Only include path-related fields for HTTP resources
@@ -1814,6 +1825,7 @@ export default function ReverseProxyTargets(props: {
                             30
                     }}
                     onChanges={async (config) => {
+                        console.log("here");
                         if (selectedTargetForHealthCheck) {
                             console.log(config);
                             updateTargetHealthCheck(
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 1f98cf69..ae5e452d 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -574,7 +574,9 @@ export default function Page() {
                                 hcPort: target.hcPort || null,
                                 hcFollowRedirects:
                                     target.hcFollowRedirects || null,
-                                hcStatus: target.hcStatus || null
+                                hcStatus: target.hcStatus || null,
+                                hcUnhealthyInterval: target.hcUnhealthyInterval || null,
+                                hcMode: target.hcMode || null
                             };
 
                             // Only include path-related fields for HTTP resources

From 5b31bbce8de7834f5acb95ab479904a380724a08 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Fri, 14 Nov 2025 12:25:32 -0500
Subject: [PATCH 64/70] remove frontend env parsing

---
 next.config.ts     |   7 --
 src/lib/pullEnv.ts | 228 +++++++++++++++++----------------------------
 2 files changed, 83 insertions(+), 152 deletions(-)

diff --git a/next.config.ts b/next.config.ts
index e530fb7f..a211a701 100644
--- a/next.config.ts
+++ b/next.config.ts
@@ -1,13 +1,6 @@
 import type { NextConfig } from "next";
 import createNextIntlPlugin from "next-intl/plugin";
 
-import { pullEnv } from "./src/lib/pullEnv";
-
-// validate env variables on local dev
-if (process.env.NODE_ENV === "development") {
-    pullEnv();
-}
-
 const withNextIntl = createNextIntlPlugin();
 
 const nextConfig: NextConfig = {
diff --git a/src/lib/pullEnv.ts b/src/lib/pullEnv.ts
index 4b0567c8..19f1e212 100644
--- a/src/lib/pullEnv.ts
+++ b/src/lib/pullEnv.ts
@@ -1,175 +1,113 @@
-import z from "zod";
 import { Env } from "./types/env";
 
-const envSchema = z.object({
-    // Server configuration
-    NEXT_PORT: z.string(),
-    SERVER_EXTERNAL_PORT: z.string(),
-    SESSION_COOKIE_NAME: z.string(),
-    RESOURCE_ACCESS_TOKEN_PARAM: z.string(),
-    RESOURCE_SESSION_REQUEST_PARAM: z.string(),
-    RESOURCE_ACCESS_TOKEN_HEADERS_ID: z.string(),
-    RESOURCE_ACCESS_TOKEN_HEADERS_TOKEN: z.string(),
-    REO_CLIENT_ID: z.string().optional(),
-    MAXMIND_DB_PATH: z.string().optional(),
-
-    // App configuration
-    ENVIRONMENT: z.string(),
-    SANDBOX_MODE: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    APP_VERSION: z.string(),
-    DASHBOARD_URL: z.string(),
-    PRODUCT_UPDATES_NOTIFICATION_ENABLED: z
-        .string()
-        .default("true")
-        .transform((val) => val === "true"),
-    NEW_RELEASES_NOTIFICATION_ENABLED: z
-        .string()
-        .default("true")
-        .transform((val) => val === "true"),
-
-    // Email configuration
-    EMAIL_ENABLED: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-
-    // Feature flags
-    DISABLE_USER_CREATE_ORG: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    DISABLE_SIGNUP_WITHOUT_INVITE: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    FLAGS_EMAIL_VERIFICATION_REQUIRED: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    FLAGS_ALLOW_RAW_RESOURCES: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    FLAGS_DISABLE_LOCAL_SITES: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    FLAGS_DISABLE_BASIC_WIREGUARD_SITES: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    FLAGS_ENABLE_CLIENTS: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    HIDE_SUPPORTER_KEY: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-    USE_PANGOLIN_DNS: z
-        .string()
-        .default("false")
-        .transform((val) => val === "true"),
-
-    // Branding configuration (all optional)
-    BRANDING_APP_NAME: z.string().optional(),
-    BACKGROUND_IMAGE_PATH: z.string().optional(),
-    BRANDING_LOGO_LIGHT_PATH: z.string().optional(),
-    BRANDING_LOGO_DARK_PATH: z.string().optional(),
-    BRANDING_LOGO_AUTH_WIDTH: z.coerce.number().optional(),
-    BRANDING_LOGO_AUTH_HEIGHT: z.coerce.number().optional(),
-    BRANDING_LOGO_NAVBAR_WIDTH: z.coerce.number().optional(),
-    BRANDING_LOGO_NAVBAR_HEIGHT: z.coerce.number().optional(),
-    LOGIN_PAGE_TITLE_TEXT: z.string().optional(),
-    LOGIN_PAGE_SUBTITLE_TEXT: z.string().optional(),
-    SIGNUP_PAGE_TITLE_TEXT: z.string().optional(),
-    SIGNUP_PAGE_SUBTITLE_TEXT: z.string().optional(),
-    RESOURCE_AUTH_PAGE_SHOW_LOGO: z
-        .string()
-        .transform((val) => val === "true")
-        .optional(),
-    RESOURCE_AUTH_PAGE_HIDE_POWERED_BY: z
-        .string()
-        .transform((val) => val === "true")
-        .optional(),
-    RESOURCE_AUTH_PAGE_TITLE_TEXT: z.string().optional(),
-    RESOURCE_AUTH_PAGE_SUBTITLE_TEXT: z.string().optional(),
-    BRANDING_FOOTER: z.string().optional()
-});
-
 export function pullEnv(): Env {
-    const env = envSchema.parse(process.env);
-
     return {
         server: {
-            nextPort: env.NEXT_PORT,
-            externalPort: env.SERVER_EXTERNAL_PORT,
-            sessionCookieName: env.SESSION_COOKIE_NAME,
-            resourceAccessTokenParam: env.RESOURCE_ACCESS_TOKEN_PARAM,
-            resourceSessionRequestParam: env.RESOURCE_SESSION_REQUEST_PARAM,
-            resourceAccessTokenHeadersId: env.RESOURCE_ACCESS_TOKEN_HEADERS_ID,
-            resourceAccessTokenHeadersToken:
-                env.RESOURCE_ACCESS_TOKEN_HEADERS_TOKEN,
-            reoClientId: env.REO_CLIENT_ID,
-            maxmind_db_path: env.MAXMIND_DB_PATH
+            nextPort: process.env.NEXT_PORT as string,
+            externalPort: process.env.SERVER_EXTERNAL_PORT as string,
+            sessionCookieName: process.env.SESSION_COOKIE_NAME as string,
+            resourceAccessTokenParam: process.env
+                .RESOURCE_ACCESS_TOKEN_PARAM as string,
+            resourceSessionRequestParam: process.env
+                .RESOURCE_SESSION_REQUEST_PARAM as string,
+            resourceAccessTokenHeadersId: process.env
+                .RESOURCE_ACCESS_TOKEN_HEADERS_ID as string,
+            resourceAccessTokenHeadersToken: process.env
+                .RESOURCE_ACCESS_TOKEN_HEADERS_TOKEN as string,
+            reoClientId: process.env.REO_CLIENT_ID as string,
+            maxmind_db_path: process.env.MAXMIND_DB_PATH as string
         },
         app: {
-            environment: env.ENVIRONMENT,
-            sandbox_mode: env.SANDBOX_MODE,
-            version: env.APP_VERSION,
-            dashboardUrl: env.DASHBOARD_URL,
+            environment: process.env.ENVIRONMENT as string,
+            sandbox_mode: process.env.SANDBOX_MODE === "true" ? true : false,
+            version: process.env.APP_VERSION as string,
+            dashboardUrl: process.env.DASHBOARD_URL as string,
             notifications: {
-                product_updates: env.PRODUCT_UPDATES_NOTIFICATION_ENABLED,
-                new_releases: env.NEW_RELEASES_NOTIFICATION_ENABLED
+                product_updates:
+                    process.env.PRODUCT_UPDATES_NOTIFICATION_ENABLED === "true"
+                        ? true
+                        : false,
+                new_releases:
+                    process.env.NEW_RELEASES_NOTIFICATION_ENABLED === "true"
+                        ? true
+                        : false
             }
         },
         email: {
-            emailEnabled: env.EMAIL_ENABLED
+            emailEnabled: process.env.EMAIL_ENABLED === "true" ? true : false
         },
         flags: {
-            disableUserCreateOrg: env.DISABLE_USER_CREATE_ORG,
-            disableSignupWithoutInvite: env.DISABLE_SIGNUP_WITHOUT_INVITE,
-            emailVerificationRequired: env.FLAGS_EMAIL_VERIFICATION_REQUIRED,
-            allowRawResources: env.FLAGS_ALLOW_RAW_RESOURCES,
-            disableLocalSites: env.FLAGS_DISABLE_LOCAL_SITES,
-            disableBasicWireguardSites: env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES,
-            enableClients: env.FLAGS_ENABLE_CLIENTS,
-            hideSupporterKey: env.HIDE_SUPPORTER_KEY,
-            usePangolinDns: env.USE_PANGOLIN_DNS
+            disableUserCreateOrg:
+                process.env.DISABLE_USER_CREATE_ORG === "true" ? true : false,
+            disableSignupWithoutInvite:
+                process.env.DISABLE_SIGNUP_WITHOUT_INVITE === "true"
+                    ? true
+                    : false,
+            emailVerificationRequired:
+                process.env.FLAGS_EMAIL_VERIFICATION_REQUIRED === "true"
+                    ? true
+                    : false,
+            allowRawResources:
+                process.env.FLAGS_ALLOW_RAW_RESOURCES === "true" ? true : false,
+            disableLocalSites:
+                process.env.FLAGS_DISABLE_LOCAL_SITES === "true" ? true : false,
+            disableBasicWireguardSites:
+                process.env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES === "true"
+                    ? true
+                    : false,
+            enableClients:
+                process.env.FLAGS_ENABLE_CLIENTS === "true" ? true : false,
+            hideSupporterKey:
+                process.env.HIDE_SUPPORTER_KEY === "true" ? true : false,
+            usePangolinDns:
+                process.env.USE_PANGOLIN_DNS === "true" ? true : false
         },
+
         branding: {
-            appName: env.BRANDING_APP_NAME,
-            background_image_path: env.BACKGROUND_IMAGE_PATH,
+            appName: process.env.BRANDING_APP_NAME as string,
+            background_image_path: process.env.BACKGROUND_IMAGE_PATH as string,
             logo: {
-                lightPath: env.BRANDING_LOGO_LIGHT_PATH,
-                darkPath: env.BRANDING_LOGO_DARK_PATH,
+                lightPath: process.env.BRANDING_LOGO_LIGHT_PATH as string,
+                darkPath: process.env.BRANDING_LOGO_DARK_PATH as string,
                 authPage: {
-                    width: env.BRANDING_LOGO_AUTH_WIDTH,
-                    height: env.BRANDING_LOGO_AUTH_HEIGHT
+                    width: parseInt(
+                        process.env.BRANDING_LOGO_AUTH_WIDTH as string
+                    ),
+                    height: parseInt(
+                        process.env.BRANDING_LOGO_AUTH_HEIGHT as string
+                    )
                 },
                 navbar: {
-                    width: env.BRANDING_LOGO_NAVBAR_WIDTH,
-                    height: env.BRANDING_LOGO_NAVBAR_HEIGHT
+                    width: parseInt(
+                        process.env.BRANDING_LOGO_NAVBAR_WIDTH as string
+                    ),
+                    height: parseInt(
+                        process.env.BRANDING_LOGO_NAVBAR_HEIGHT as string
+                    )
                 }
             },
             loginPage: {
-                titleText: env.LOGIN_PAGE_TITLE_TEXT,
-                subtitleText: env.LOGIN_PAGE_SUBTITLE_TEXT
+                titleText: process.env.LOGIN_PAGE_TITLE_TEXT as string,
+                subtitleText: process.env.LOGIN_PAGE_SUBTITLE_TEXT as string
             },
             signupPage: {
-                titleText: env.SIGNUP_PAGE_TITLE_TEXT,
-                subtitleText: env.SIGNUP_PAGE_SUBTITLE_TEXT
+                titleText: process.env.SIGNUP_PAGE_TITLE_TEXT as string,
+                subtitleText: process.env.SIGNUP_PAGE_SUBTITLE_TEXT as string
             },
             resourceAuthPage: {
-                showLogo: env.RESOURCE_AUTH_PAGE_SHOW_LOGO,
-                hidePoweredBy: env.RESOURCE_AUTH_PAGE_HIDE_POWERED_BY,
-                titleText: env.RESOURCE_AUTH_PAGE_TITLE_TEXT,
-                subtitleText: env.RESOURCE_AUTH_PAGE_SUBTITLE_TEXT
+                showLogo:
+                    process.env.RESOURCE_AUTH_PAGE_SHOW_LOGO === "true"
+                        ? true
+                        : false,
+                hidePoweredBy:
+                    process.env.RESOURCE_AUTH_PAGE_HIDE_POWERED_BY === "true"
+                        ? true
+                        : false,
+                titleText: process.env.RESOURCE_AUTH_PAGE_TITLE_TEXT as string,
+                subtitleText: process.env
+                    .RESOURCE_AUTH_PAGE_SUBTITLE_TEXT as string
             },
-            footer: env.BRANDING_FOOTER
+            footer: process.env.BRANDING_FOOTER as string
         }
     };
 }

From 4f026acad84f86ec66afb5987ae3699bf991cdf1 Mon Sep 17 00:00:00 2001
From: miloschwartz <mschwartz10612@gmail.com>
Date: Fri, 14 Nov 2025 17:35:51 -0500
Subject: [PATCH 65/70] adjust icon in product update

---
 src/components/ProductUpdates.tsx | 6 +++---
 src/components/ResourcesTable.tsx | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/components/ProductUpdates.tsx b/src/components/ProductUpdates.tsx
index d2350118..ac2c22d8 100644
--- a/src/components/ProductUpdates.tsx
+++ b/src/components/ProductUpdates.tsx
@@ -188,12 +188,12 @@ function ProductUpdatesListPopup({
                         <div className="rounded-md bg-muted-foreground/20 p-2">
                             <BellIcon className="flex-none size-4" />
                         </div>
-                        <div className="flex flex-col gap-2">
-                            <div className="flex justify-between items-center">
+                        <div className="flex flex-col gap-2 flex-1">
+                            <div className="flex justify-between items-center w-full">
                                 <p className="font-medium text-start">
                                     {t("productUpdateWhatsNew")}
                                 </p>
-                                <div className="p-1 cursor-pointer">
+                                <div className="p-1 cursor-pointer ml-auto">
                                     <ChevronRightIcon className="size-4 flex-none" />
                                 </div>
                             </div>
diff --git a/src/components/ResourcesTable.tsx b/src/components/ResourcesTable.tsx
index 171f3491..1cea3452 100644
--- a/src/components/ResourcesTable.tsx
+++ b/src/components/ResourcesTable.tsx
@@ -454,7 +454,7 @@ export default function ResourcesTable({
                     <Button
                         variant="ghost"
                         size="sm"
-                        className="flex items-center gap-2 h-8 px-0"
+                        className="flex items-center gap-2 h-8 px-0 font-normal"
                     >
                         <StatusIcon status={overallStatus} />
                         <span className="text-sm">

From 000904eb31f30f25f26d871baa3b5979c6e70bc3 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sun, 16 Nov 2025 14:09:22 +0000
Subject: [PATCH 66/70] upgrade zod

---
 Makefile          | 11 +++++++
 package-lock.json | 81 +++++++++++++++++++++++++++++++++++------------
 package.json      |  6 ++--
 3 files changed, 75 insertions(+), 23 deletions(-)

diff --git a/Makefile b/Makefile
index 6c538a47..3d4d8ad8 100644
--- a/Makefile
+++ b/Makefile
@@ -91,3 +91,14 @@ test:
 
 clean:
 	docker rmi pangolin
+
+test-local:
+	cp config/config.example.yml config/config.yml
+	npm run set:oss
+	npm run set:sqlite
+	npm run db:sqlite:generate
+	npm run db:sqlite:push
+	- npx tsc --noEmit
+	- docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest .
+	- docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest .
+	
\ No newline at end of file
diff --git a/package-lock.json b/package-lock.json
index d190bbb0..193007fc 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
             "version": "0.0.0",
             "license": "SEE LICENSE IN LICENSE AND README.md",
             "dependencies": {
-                "@asteasolutions/zod-to-openapi": "^7.3.4",
+                "@asteasolutions/zod-to-openapi": "8.1.0",
                 "@aws-sdk/client-s3": "3.922.0",
                 "@faker-js/faker": "^10.1.0",
                 "@headlessui/react": "^2.2.9",
@@ -108,15 +108,15 @@
                 "ws": "8.18.3",
                 "yaml": "^2.8.1",
                 "yargs": "18.0.0",
-                "zod": "3.25.76",
-                "zod-validation-error": "3.5.2"
+                "zod": "4.1.12",
+                "zod-validation-error": "5.0.0"
             },
             "devDependencies": {
                 "@dotenvx/dotenvx": "1.51.1",
                 "@esbuild-plugins/tsconfig-paths": "0.1.2",
                 "@react-email/preview-server": "4.3.2",
-                "@tanstack/react-query-devtools": "^5.90.2",
                 "@tailwindcss/postcss": "^4.1.17",
+                "@tanstack/react-query-devtools": "^5.90.2",
                 "@types/better-sqlite3": "7.6.12",
                 "@types/cookie-parser": "1.4.10",
                 "@types/cors": "2.8.19",
@@ -175,15 +175,15 @@
             }
         },
         "node_modules/@asteasolutions/zod-to-openapi": {
-            "version": "7.3.4",
-            "resolved": "https://registry.npmjs.org/@asteasolutions/zod-to-openapi/-/zod-to-openapi-7.3.4.tgz",
-            "integrity": "sha512-/2rThQ5zPi9OzVwes6U7lK1+Yvug0iXu25olp7S0XsYmOqnyMfxH7gdSQjn/+DSOHRg7wnotwGJSyL+fBKdnEA==",
+            "version": "8.1.0",
+            "resolved": "https://registry.npmjs.org/@asteasolutions/zod-to-openapi/-/zod-to-openapi-8.1.0.tgz",
+            "integrity": "sha512-tQFxVs05J/6QXXqIzj6rTRk3nj1HFs4pe+uThwE95jL5II2JfpVXkK+CqkO7aT0Do5AYqO6LDrKpleLUFXgY+g==",
             "license": "MIT",
             "dependencies": {
                 "openapi3-ts": "^4.1.2"
             },
             "peerDependencies": {
-                "zod": "^3.20.2"
+                "zod": "^4.0.0"
             }
         },
         "node_modules/@aws-crypto/crc32": {
@@ -1644,6 +1644,7 @@
             "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.26.10.tgz",
             "integrity": "sha512-vMqyb7XCDMPvJFFOaT9kxtiRh42GwlZEg1/uIgtZshS5a/8OaduUfCi7kynKgc3Tw/6Uo2D+db9qBttghhmxwQ==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@ampproject/remapping": "^2.2.0",
                 "@babel/code-frame": "^7.26.2",
@@ -4073,6 +4074,7 @@
             "integrity": "sha512-2I0gnIVPtfnMw9ee9h1dJG7tp81+8Ob3OJb3Mv37rx5L40/b0i7djjCVvGOVqc9AEIQyvyu1i6ypKdFw8R8gQw==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": "^14.21.3 || >=16"
             },
@@ -6969,6 +6971,7 @@
             "integrity": "sha512-JuRQ9KXLEjaUNjTWpzuR231Z2WpIwczOkBEIvbHNCzQefFIT0L8IqE6NV6ULLyC1SI/i234JnDoMkfg+RjQj2g==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "csstype": "^3.0.2"
             }
@@ -7174,6 +7177,7 @@
             "integrity": "sha512-V8AVnmPIICiWpGfm6GLzCR/W5FXLchHop40W4nXBmdlEceh16rCN8O8LNWm5bh5XUX91fh7KpA+W0TgMKmgTpQ==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=0.10.0"
             }
@@ -7184,6 +7188,7 @@
             "integrity": "sha512-4GV5sHFG0e/0AD4X+ySy6UJd3jVl1iNsNHdpad0qhABJ11twS3TTBnseqsKurKcsNqCEFeGL3uLpVChpIO3QfQ==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "scheduler": "^0.25.0"
             },
@@ -8618,6 +8623,7 @@
             "resolved": "https://registry.npmjs.org/@tanstack/react-query/-/react-query-5.90.6.tgz",
             "integrity": "sha512-gB1sljYjcobZKxjPbKSa31FUTyr+ROaBdoH+wSSs9Dk+yDCmMs+TkTV3PybRRVLC7ax7q0erJ9LvRWnMktnRAw==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@tanstack/query-core": "5.90.6"
             },
@@ -8723,6 +8729,7 @@
             "integrity": "sha512-fnQmj8lELIj7BSrZQAdBMHEHX8OZLYIHXqAKT1O7tDfLxaINzf00PMjw22r3N/xXh0w/sGHlO6SVaCQ2mj78lg==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@types/node": "*"
             }
@@ -8809,6 +8816,7 @@
             "integrity": "sha512-LuIQOcb6UmnF7C1PCFmEU1u2hmiHL43fgFQX67sN3H4Z+0Yk0Neo++mFsBjhOAuLzvlQeqAAkeDOZrJs9rzumQ==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@types/body-parser": "*",
                 "@types/express-serve-static-core": "^5.0.0",
@@ -8902,6 +8910,7 @@
             "integrity": "sha512-uWN8YqxXxqFMX2RqGOrumsKeti4LlmIMIyV0lgut4jx7KQBcBiW6vkDtIBvHnHIquwNfJhk8v2OtmO8zXWHfPA==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "undici-types": "~7.16.0"
             }
@@ -8937,6 +8946,7 @@
             "integrity": "sha512-NoaMtzhxOrubeL/7UZuNTrejB4MPAJ0RpxZqXQf2qXuVlTPuG6Y8p4u9dKRaue4yjmC7ZhzVO2/Yyyn25znrPQ==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@types/node": "*",
                 "pg-protocol": "*",
@@ -8970,6 +8980,7 @@
             "integrity": "sha512-6mDvHUFSjyT2B2yeNx2nUgMxh9LtOWvkhIU3uePn2I2oyNymUAX1NIsdgviM4CH+JSrp2D2hsMvJOkxY+0wNRA==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "csstype": "^3.0.2"
             }
@@ -8980,6 +8991,7 @@
             "integrity": "sha512-9KQPoO6mZCi7jcIStSnlOWn2nEF3mNmyr3rIAsGnAbQKYbRLyqmeSc39EVgtxXVia+LMT8j3knZLAZAh+xLmrw==",
             "devOptional": true,
             "license": "MIT",
+            "peer": true,
             "peerDependencies": {
                 "@types/react": "^19.2.0"
             }
@@ -9123,6 +9135,7 @@
             "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.46.3.tgz",
             "integrity": "sha512-6m1I5RmHBGTnUGS113G04DMu3CpSdxCAU/UvtjNWL4Nuf3MW9tQhiJqRlHzChIkhy6kZSAQmc+I1bcGjE3yNKg==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@typescript-eslint/scope-manager": "8.46.3",
                 "@typescript-eslint/types": "8.46.3",
@@ -9796,6 +9809,7 @@
             "resolved": "https://registry.npmjs.org/acorn/-/acorn-8.15.0.tgz",
             "integrity": "sha512-NZyJarBfL7nWwIq+FDL6Zp/yHEhePMNnnJ0y3qfieCrmNvYct8uvtiV41UvlSe6apAfk0fY1FbWx+NwfmpvtTg==",
             "license": "MIT",
+            "peer": true,
             "bin": {
                 "acorn": "bin/acorn"
             },
@@ -10325,6 +10339,7 @@
             "integrity": "sha512-mXpa5jnIKKHeoGzBrUJrc65cXFKcILGZpU3FXR0pradUEm9MA7UZz02qfEejaMcm9iXrSOCenwwYMJ/tZ1y5Ig==",
             "hasInstallScript": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "bindings": "^1.5.0",
                 "prebuild-install": "^7.1.1"
@@ -10437,6 +10452,7 @@
                 }
             ],
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "baseline-browser-mapping": "^2.8.9",
                 "caniuse-lite": "^1.0.30001746",
@@ -11437,8 +11453,7 @@
             "version": "3.1.7",
             "resolved": "https://registry.npmjs.org/dompurify/-/dompurify-3.1.7.tgz",
             "integrity": "sha512-VaTstWtsneJY8xzy7DekmYWEOZcmzIe3Qb3zPd4STve1OBTa+e+WmS1ITQec1fZYXI3HCsOZZiSMpG6oxoWMWQ==",
-            "license": "(MPL-2.0 OR Apache-2.0)",
-            "peer": true
+            "license": "(MPL-2.0 OR Apache-2.0)"
         },
         "node_modules/domutils": {
             "version": "3.2.2",
@@ -12094,6 +12109,7 @@
             "dev": true,
             "hasInstallScript": true,
             "license": "MIT",
+            "peer": true,
             "bin": {
                 "esbuild": "bin/esbuild"
             },
@@ -12190,6 +12206,7 @@
             "resolved": "https://registry.npmjs.org/eslint/-/eslint-9.39.0.tgz",
             "integrity": "sha512-iy2GE3MHrYTL5lrCtMZ0X1KLEKKUjmK0kzwcnefhR66txcEmXZD2YWgR5GNdcEwkNx3a0siYkSvl0vIC+Svjmg==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.8.0",
                 "@eslint-community/regexpp": "^4.12.1",
@@ -12367,6 +12384,7 @@
             "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.32.0.tgz",
             "integrity": "sha512-whOE1HFo/qJDyX4SnXzP4N6zOWn79WhnCUY/iDR0mPfQZO8wcYE4JClzI2oZrhBnnMUCBCHZhO6VQyoBU95mZA==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@rtsao/scc": "^1.1.0",
                 "array-includes": "^3.1.9",
@@ -12493,6 +12511,18 @@
                 "eslint": "^3.0.0 || ^4.0.0 || ^5.0.0 || ^6.0.0 || ^7.0.0 || ^8.0.0-0 || ^9.0.0"
             }
         },
+        "node_modules/eslint-plugin-react-hooks/node_modules/zod-validation-error": {
+            "version": "4.0.2",
+            "resolved": "https://registry.npmjs.org/zod-validation-error/-/zod-validation-error-4.0.2.tgz",
+            "integrity": "sha512-Q6/nZLe6jxuU80qb/4uJ4t5v2VEZ44lzQjPDhYJNztRQ4wyWc6VF3D3Kb/fAuPetZQnhS3hnajCf9CsWesghLQ==",
+            "license": "MIT",
+            "engines": {
+                "node": ">=18.0.0"
+            },
+            "peerDependencies": {
+                "zod": "^3.25.0 || ^4.0.0"
+            }
+        },
         "node_modules/eslint-plugin-react/node_modules/resolve": {
             "version": "2.0.0-next.5",
             "resolved": "https://registry.npmjs.org/resolve/-/resolve-2.0.0-next.5.tgz",
@@ -12663,6 +12693,7 @@
             "resolved": "https://registry.npmjs.org/express/-/express-5.1.0.tgz",
             "integrity": "sha512-DT9ck5YIRU+8GYzzU5kT3eHGA5iL+1Zd0EutOmTE9Dtk+Tvuzd23VBU+ec7HPNSTxXYO55gPV/hq4pSBJDjFpA==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "accepts": "^2.0.0",
                 "body-parser": "^2.2.0",
@@ -15272,7 +15303,6 @@
             "resolved": "https://registry.npmjs.org/monaco-editor/-/monaco-editor-0.54.0.tgz",
             "integrity": "sha512-hx45SEUoLatgWxHKCmlLJH81xBo0uXP4sRkESUpmDQevfi+e7K1VuiSprK6UpQ8u4zOcKNiH0pMvHvlMWA/4cw==",
             "license": "MIT",
-            "peer": true,
             "dependencies": {
                 "dompurify": "3.1.7",
                 "marked": "14.0.0"
@@ -15283,7 +15313,6 @@
             "resolved": "https://registry.npmjs.org/marked/-/marked-14.0.0.tgz",
             "integrity": "sha512-uIj4+faQ+MgHgwUW1l2PsPglZLOLOT1uErt06dAPtx2kjteLAkbsd/0FiYg/MGS+i7ZKLb7w2WClxHkzOOuryQ==",
             "license": "MIT",
-            "peer": true,
             "bin": {
                 "marked": "bin/marked.js"
             },
@@ -15406,6 +15435,7 @@
             "resolved": "https://registry.npmjs.org/next/-/next-15.5.6.tgz",
             "integrity": "sha512-zTxsnI3LQo3c9HSdSf91O1jMNsEzIXDShXd4wVdg9y5shwLqBXi4ZtUUJyB86KGVSJLZx0PFONvO54aheGX8QQ==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@next/env": "15.5.6",
                 "@swc/helpers": "0.5.15",
@@ -17852,6 +17882,7 @@
             "version": "4.0.3",
             "inBundle": true,
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=12"
             },
@@ -18836,6 +18867,7 @@
             "resolved": "https://registry.npmjs.org/pg/-/pg-8.16.3.tgz",
             "integrity": "sha512-enxc1h0jA/aq5oSDMvqyW3q89ra6XIIDZgCX9vkMrnz5DFTw/Ny3Li2lFQ+pt3L6MCgm/5o2o8HW9hiJji+xvw==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "pg-connection-string": "^2.9.1",
                 "pg-pool": "^3.10.1",
@@ -19012,6 +19044,7 @@
                 }
             ],
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "nanoid": "^3.3.11",
                 "picocolors": "^1.1.1",
@@ -19469,6 +19502,7 @@
             "resolved": "https://registry.npmjs.org/react/-/react-19.2.0.tgz",
             "integrity": "sha512-tmbWg6W31tQLeB5cdIBOicJDJRR2KzXsV7uSK9iNfLWQ5bIZfxuPEHp7M8wiHyHnn0DD1i7w3Zmin0FtkrwoCQ==",
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=0.10.0"
             }
@@ -19499,6 +19533,7 @@
             "resolved": "https://registry.npmjs.org/react-dom/-/react-dom-19.2.0.tgz",
             "integrity": "sha512-UlbRu4cAiGaIewkPyiRGJk0imDN2T3JjieT6spoL2UeSf5od4n5LB/mQ4ejmxhCFT1tYe8IvaFulzynWovsEFQ==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "scheduler": "^0.27.0"
             },
@@ -19790,6 +19825,7 @@
             "resolved": "https://registry.npmjs.org/react-hook-form/-/react-hook-form-7.66.0.tgz",
             "integrity": "sha512-xXBqsWGKrY46ZqaHDo+ZUYiMUgi8suYu5kdrS20EG8KiL7VRQitEbNjm+UcrDYrNi1YLyfpmAeGjCZYXLT9YBw==",
             "license": "MIT",
+            "peer": true,
             "engines": {
                 "node": ">=18.0.0"
             },
@@ -20283,6 +20319,7 @@
             "integrity": "sha512-B/gBuNg5SiMTrPkC+A2+cW0RszwxYmn6VYxB/inlBStS5nx6xHIt/ehKRhIMhqusl7a8LjQoZnjCs5vhwxOQ1g==",
             "dev": true,
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "fast-deep-equal": "^3.1.3",
                 "fast-uri": "^3.0.1",
@@ -21502,7 +21539,8 @@
             "version": "4.1.17",
             "resolved": "https://registry.npmjs.org/tailwindcss/-/tailwindcss-4.1.17.tgz",
             "integrity": "sha512-j9Ee2YjuQqYT9bbRTfTZht9W/ytp5H+jJpZKiYdP/bpnXARAuELt9ofP0lPnmHjbga7SNQIxdTAXCmtKVYjN+Q==",
-            "license": "MIT"
+            "license": "MIT",
+            "peer": true
         },
         "node_modules/tapable": {
             "version": "2.3.0",
@@ -22032,6 +22070,7 @@
             "resolved": "https://registry.npmjs.org/typescript/-/typescript-5.9.3.tgz",
             "integrity": "sha512-jl1vZzPDinLr9eUt3J/t7V6FgNEw9QjvBPdysz9KfQDD41fQrC2Y4vKQdiaUpFT4bXlb1RHhLpp8wtm6M5TgSw==",
             "license": "Apache-2.0",
+            "peer": true,
             "bin": {
                 "tsc": "bin/tsc",
                 "tsserver": "bin/tsserver"
@@ -22545,6 +22584,7 @@
             "resolved": "https://registry.npmjs.org/winston/-/winston-3.18.3.tgz",
             "integrity": "sha512-NoBZauFNNWENgsnC9YpgyYwOVrl2m58PpQ8lNHjV3kosGs7KJ7Npk9pCUE+WJlawVSe8mykWDKWFSVfs3QO9ww==",
             "license": "MIT",
+            "peer": true,
             "dependencies": {
                 "@colors/colors": "^1.6.0",
                 "@dabh/diagnostics": "^2.0.8",
@@ -22847,24 +22887,25 @@
             }
         },
         "node_modules/zod": {
-            "version": "3.25.76",
-            "resolved": "https://registry.npmjs.org/zod/-/zod-3.25.76.tgz",
-            "integrity": "sha512-gzUt/qt81nXsFGKIFcC3YnfEAx5NkunCfnDlvuBSSFS02bcXu4Lmea0AFIUwbLWxWPx3d9p8S5QoaujKcNQxcQ==",
+            "version": "4.1.12",
+            "resolved": "https://registry.npmjs.org/zod/-/zod-4.1.12.tgz",
+            "integrity": "sha512-JInaHOamG8pt5+Ey8kGmdcAcg3OL9reK8ltczgHTAwNhMys/6ThXHityHxVV2p3fkw/c+MAvBHFVYHFZDmjMCQ==",
             "license": "MIT",
+            "peer": true,
             "funding": {
                 "url": "https://github.com/sponsors/colinhacks"
             }
         },
         "node_modules/zod-validation-error": {
-            "version": "3.5.2",
-            "resolved": "https://registry.npmjs.org/zod-validation-error/-/zod-validation-error-3.5.2.tgz",
-            "integrity": "sha512-mdi7YOLtram5dzJ5aDtm1AG9+mxRma1iaMrZdYIpFO7epdKBUwLHIxTF8CPDeCQ828zAXYtizrKlEJAtzgfgrw==",
+            "version": "5.0.0",
+            "resolved": "https://registry.npmjs.org/zod-validation-error/-/zod-validation-error-5.0.0.tgz",
+            "integrity": "sha512-hmk+pkyKq7Q71PiWVSDUc3VfpzpvcRHZ3QPw9yEMVvmtCekaMeOHnbr3WbxfrgEnQTv6haGP4cmv0Ojmihzsxw==",
             "license": "MIT",
             "engines": {
                 "node": ">=18.0.0"
             },
             "peerDependencies": {
-                "zod": "^3.25.0"
+                "zod": "^3.25.0 || ^4.0.0"
             }
         }
     }
diff --git a/package.json b/package.json
index 2b47c1cb..d6469abb 100644
--- a/package.json
+++ b/package.json
@@ -32,7 +32,7 @@
         "build:cli": "node esbuild.mjs -e cli/index.ts -o dist/cli.mjs"
     },
     "dependencies": {
-        "@asteasolutions/zod-to-openapi": "^7.3.4",
+        "@asteasolutions/zod-to-openapi": "8.1.0",
         "@aws-sdk/client-s3": "3.922.0",
         "@faker-js/faker": "^10.1.0",
         "@headlessui/react": "^2.2.9",
@@ -131,8 +131,8 @@
         "ws": "8.18.3",
         "yaml": "^2.8.1",
         "yargs": "18.0.0",
-        "zod": "3.25.76",
-        "zod-validation-error": "3.5.2"
+        "zod": "4.1.12",
+        "zod-validation-error": "5.0.0"
     },
     "devDependencies": {
         "@dotenvx/dotenvx": "1.51.1",

From 7db99a7dd560e8b4d1b1efc56a2e41f9ee4bef81 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sun, 16 Nov 2025 14:18:17 +0000
Subject: [PATCH 67/70] used zod codemod

---
 server/lib/blueprints/types.ts                | 52 ++++++-----
 server/lib/readConfigFile.ts                  | 36 ++++----
 server/private/lib/readConfigFile.ts          |  8 +-
 .../routers/auditLogs/queryAccessAuditLog.ts  | 10 +--
 .../routers/auditLogs/queryActionAuditLog.ts  |  8 +-
 .../routers/auth/getSessionTransferToken.ts   |  2 +-
 server/private/routers/auth/quickStart.ts     |  4 +-
 .../routers/billing/createCheckoutSession.ts  |  6 +-
 .../routers/billing/createPortalSession.ts    |  6 +-
 .../routers/billing/getOrgSubscription.ts     |  6 +-
 server/private/routers/billing/getOrgUsage.ts |  6 +-
 .../routers/billing/internalGetOrgTier.ts     |  6 +-
 .../routers/certificates/getCertificate.ts    |  6 +-
 .../certificates/restartCertificate.ts        | 10 +--
 .../checkDomainNamespaceAvailability.ts       |  8 +-
 .../routers/domain/listDomainNamespaces.ts    | 12 ++-
 server/private/routers/hybrid.ts              | 86 ++++++-------------
 .../routers/license/activateLicense.ts        |  6 +-
 .../routers/license/deleteLicenseKey.ts       |  6 +-
 .../routers/loginPage/createLoginPage.ts      | 12 +--
 .../private/routers/loginPage/getLoginPage.ts |  6 +-
 .../routers/loginPage/updateLoginPage.ts      | 10 +--
 .../private/routers/misc/sendSupportEmail.ts  |  6 +-
 .../routers/orgIdp/createOrgOidcIdp.ts        | 12 ++-
 server/private/routers/orgIdp/listOrgIdps.ts  | 16 ++--
 .../routers/orgIdp/updateOrgOidcIdp.ts        |  6 +-
 .../routers/re-key/reGenerateClientSecret.ts  | 14 ++-
 .../re-key/reGenerateExitNodeSecret.ts        |  6 +-
 .../routers/re-key/reGenerateSiteSecret.ts    | 16 ++--
 .../remoteExitNode/createRemoteExitNode.ts    |  6 +-
 .../remoteExitNode/deleteRemoteExitNode.ts    |  6 +-
 .../remoteExitNode/getRemoteExitNode.ts       |  6 +-
 .../remoteExitNode/listRemoteExitNodes.ts     | 10 +--
 .../pickRemoteExitNodeDefaults.ts             |  6 +-
 .../routers/accessToken/deleteAccessToken.ts  |  6 +-
 .../accessToken/generateAccessToken.ts        | 16 ++--
 .../routers/accessToken/listAccessTokens.ts   | 12 ++-
 server/routers/apiKeys/createRootApiKey.ts    |  6 +-
 server/routers/apiKeys/listApiKeyActions.ts   |  4 +-
 server/routers/apiKeys/listOrgApiKeys.ts      |  4 +-
 server/routers/apiKeys/listRootApiKeys.ts     |  4 +-
 server/routers/apiKeys/setApiKeyActions.ts    |  9 +-
 server/routers/apiKeys/setApiKeyOrgs.ts       |  9 +-
 .../routers/auditLogs/queryRequstAuditLog.ts  | 12 +--
 server/routers/auth/changePassword.ts         |  6 +-
 server/routers/auth/checkResourceSession.ts   |  6 +-
 server/routers/auth/disable2fa.ts             |  6 +-
 server/routers/auth/login.ts                  |  8 +-
 server/routers/auth/requestPasswordReset.ts   |  8 +-
 server/routers/auth/requestTotpSecret.ts      |  8 +-
 server/routers/auth/resetPassword.ts          |  8 +-
 server/routers/auth/securityKey.ts            | 22 ++---
 server/routers/auth/setServerAdmin.ts         |  2 +-
 server/routers/auth/signup.ts                 |  2 +-
 server/routers/auth/validateSetupToken.ts     |  6 +-
 server/routers/auth/verifyEmail.ts            |  6 +-
 server/routers/auth/verifyTotp.ts             |  8 +-
 server/routers/badger/verifySession.ts        |  8 +-
 .../routers/blueprints/applyJSONBlueprint.ts  | 12 +--
 server/routers/blueprints/getBlueprint.ts     |  8 +-
 server/routers/blueprints/listBlueprints.ts   | 16 ++--
 server/routers/client/createClient.ts         | 14 ++-
 server/routers/client/deleteClient.ts         |  8 +-
 server/routers/client/getClient.ts            |  8 +-
 server/routers/client/listClients.ts          | 10 +--
 server/routers/client/pickClientDefaults.ts   |  6 +-
 server/routers/client/updateClient.ts         | 16 ++--
 server/routers/domain/createOrgDomain.ts      | 12 +--
 server/routers/domain/deleteOrgDomain.ts      |  6 +-
 server/routers/domain/getDNSRecords.ts        |  6 +-
 server/routers/domain/getDomain.ts            |  6 +-
 server/routers/domain/listDomains.ts          | 16 ++--
 server/routers/domain/restartOrgDomain.ts     |  6 +-
 server/routers/domain/updateDomain.ts         | 12 +--
 server/routers/idp/createIdpOrgPolicy.ts      | 12 +--
 server/routers/idp/createOidcIdp.ts           | 12 ++-
 server/routers/idp/deleteIdpOrgPolicy.ts      |  6 +-
 server/routers/idp/generateOidcUrl.ts         |  6 +-
 server/routers/idp/listIdpOrgPolicies.ts      | 10 +--
 server/routers/idp/listIdps.ts                | 10 +--
 server/routers/idp/updateIdpOrgPolicy.ts      | 12 +--
 server/routers/idp/updateOidcIdp.ts           |  6 +-
 server/routers/newt/createNewt.ts             |  6 +-
 server/routers/newt/handleGetConfigMessage.ts |  2 +-
 server/routers/olm/createOlm.ts               |  6 +-
 server/routers/org/checkId.ts                 |  6 +-
 server/routers/org/createOrg.ts               |  6 +-
 server/routers/org/deleteOrg.ts               |  6 +-
 server/routers/org/getOrg.ts                  |  6 +-
 server/routers/org/getOrgOverview.ts          |  6 +-
 server/routers/org/listOrgs.ts                |  4 +-
 server/routers/org/listUserOrgs.ts            |  4 +-
 server/routers/org/updateOrg.ts               | 12 +--
 .../resource/addEmailToResourceWhitelist.ts   | 21 ++---
 .../routers/resource/authWithAccessToken.ts   | 14 ++-
 server/routers/resource/authWithPassword.ts   | 14 ++-
 server/routers/resource/authWithPincode.ts    | 14 ++-
 server/routers/resource/authWithWhitelist.ts  | 16 ++--
 server/routers/resource/createResource.ts     | 22 ++---
 server/routers/resource/createResourceRule.ts | 16 ++--
 server/routers/resource/deleteResource.ts     |  8 +-
 server/routers/resource/deleteResourceRule.ts | 10 +--
 server/routers/resource/getExchangeToken.ts   |  8 +-
 server/routers/resource/getResource.ts        |  8 +-
 .../routers/resource/getResourceAuthInfo.ts   |  6 +-
 .../routers/resource/getResourceWhitelist.ts  |  8 +-
 server/routers/resource/listResourceRoles.ts  |  8 +-
 server/routers/resource/listResourceRules.ts  | 12 ++-
 server/routers/resource/listResourceUsers.ts  |  8 +-
 server/routers/resource/listResources.ts      | 10 +--
 .../removeEmailFromResourceWhitelist.ts       | 21 ++---
 .../routers/resource/setResourceHeaderAuth.ts |  8 +-
 .../routers/resource/setResourcePassword.ts   |  8 +-
 server/routers/resource/setResourcePincode.ts |  8 +-
 server/routers/resource/setResourceRoles.ts   | 16 ++--
 server/routers/resource/setResourceUsers.ts   | 14 ++-
 .../routers/resource/setResourceWhitelist.ts  | 21 ++---
 server/routers/resource/updateResource.ts     | 42 ++++-----
 server/routers/resource/updateResourceRule.ts | 18 ++--
 server/routers/role/addRoleAction.ts          | 14 ++-
 server/routers/role/addRoleSite.ts            | 16 ++--
 server/routers/role/createRole.ts             | 12 +--
 server/routers/role/deleteRole.ts             | 16 ++--
 server/routers/role/getRole.ts                |  8 +-
 server/routers/role/listRoleActions.ts        |  8 +-
 server/routers/role/listRoleResources.ts      |  8 +-
 server/routers/role/listRoleSites.ts          |  8 +-
 server/routers/role/listRoles.ts              | 10 +--
 server/routers/role/removeRoleAction.ts       | 14 ++-
 server/routers/role/removeRoleResource.ts     | 16 ++--
 server/routers/role/removeRoleSite.ts         | 16 ++--
 server/routers/role/updateRole.ts             | 14 ++-
 server/routers/site/createSite.ts             | 14 ++-
 server/routers/site/deleteSite.ts             |  8 +-
 server/routers/site/getSite.ts                |  8 +-
 server/routers/site/listSiteRoles.ts          |  8 +-
 server/routers/site/listSites.ts              | 10 +--
 server/routers/site/pickSiteDefaults.ts       |  6 +-
 server/routers/site/socketIntegration.ts      | 14 ++-
 server/routers/site/updateSite.ts             | 14 ++-
 .../siteResource/createSiteResource.ts        | 18 ++--
 .../siteResource/deleteSiteResource.ts        | 10 +--
 .../routers/siteResource/getSiteResource.ts   | 10 +--
 .../siteResource/listAllSiteResourcesByOrg.ts | 10 +--
 .../routers/siteResource/listSiteResources.ts | 12 ++-
 .../siteResource/updateSiteResource.ts        | 20 ++---
 .../supporterKey/validateSupporterKey.ts      |  6 +-
 server/routers/target/createTarget.ts         | 34 +++-----
 server/routers/target/deleteTarget.ts         |  8 +-
 server/routers/target/getTarget.ts            |  8 +-
 server/routers/target/listTargets.ts          | 12 ++-
 server/routers/target/updateTarget.ts         | 34 +++-----
 server/routers/user/acceptInvite.ts           |  6 +-
 server/routers/user/addUserAction.ts          |  6 +-
 server/routers/user/addUserRole.ts            |  6 +-
 server/routers/user/addUserSite.ts            |  8 +-
 server/routers/user/adminGetUser.ts           |  6 +-
 server/routers/user/adminListUsers.ts         | 10 +--
 server/routers/user/adminRemoveUser.ts        |  6 +-
 server/routers/user/adminUpdateUser2FA.ts     | 12 +--
 server/routers/user/createOrgUser.ts          | 17 ++--
 server/routers/user/getOrgUser.ts             |  6 +-
 server/routers/user/inviteUser.ts             | 14 ++-
 server/routers/user/listInvitations.ts        | 16 ++--
 server/routers/user/listUsers.ts              | 16 ++--
 server/routers/user/removeInvitation.ts       |  6 +-
 server/routers/user/removeUserAction.ts       | 12 +--
 server/routers/user/removeUserOrg.ts          |  6 +-
 server/routers/user/removeUserResource.ts     |  8 +-
 server/routers/user/removeUserSite.ts         | 14 ++-
 server/routers/user/updateOrgUser.ts          | 12 +--
 .../(private)/idp/[idpId]/general/page.tsx    |  4 +-
 .../settings/(private)/idp/create/page.tsx    |  8 +-
 .../settings/access/users/create/page.tsx     |  8 +-
 .../[orgId]/settings/clients/create/page.tsx  |  2 +-
 .../[niceId]/authentication/page.tsx          |  4 +-
 .../resources/[niceId]/general/page.tsx       |  2 +-
 .../resources/[niceId]/proxy/page.tsx         | 16 ++--
 .../resources/[niceId]/rules/page.tsx         |  4 +-
 .../settings/resources/create/page.tsx        | 10 +--
 src/app/admin/idp/[idpId]/general/page.tsx    |  4 +-
 src/app/admin/idp/create/page.tsx             |  4 +-
 .../auth/reset-password/ResetPasswordForm.tsx |  4 +-
 .../CreateInternalResourceDialog.tsx          | 10 +--
 src/components/EditInternalResourceDialog.tsx |  4 +-
 src/components/GenerateLicenseKeyForm.tsx     |  4 +-
 src/components/HealthCheckDialog.tsx          | 12 +--
 src/components/IdpCreateWizard.tsx            |  4 +-
 src/components/ResetPasswordForm.tsx          |  4 +-
 src/components/SupporterStatus.tsx            |  8 +-
 src/components/VerifyEmailForm.tsx            |  2 +-
 191 files changed, 764 insertions(+), 1232 deletions(-)

diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index ca3177b3..490cd7f8 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -7,20 +7,20 @@ export const SiteSchema = z.object({
 
 export const TargetHealthCheckSchema = z.object({
     hostname: z.string(),
-    port: z.number().int().min(1).max(65535),
+    port: z.int().min(1).max(65535),
     enabled: z.boolean().optional().default(true),
     path: z.string().optional(),
     scheme: z.string().optional(),
     mode: z.string().default("http"),
-    interval: z.number().int().default(30),
-    "unhealthy-interval": z.number().int().default(30),
-    unhealthyInterval: z.number().int().optional(), // deprecated alias
-    timeout: z.number().int().default(5),
+    interval: z.int().default(30),
+    "unhealthy-interval": z.int().default(30),
+    unhealthyInterval: z.int().optional(), // deprecated alias
+    timeout: z.int().default(5),
     headers: z.array(z.object({ name: z.string(), value: z.string() })).nullable().optional().default(null),
     "follow-redirects": z.boolean().default(true),
     followRedirects: z.boolean().optional(), // deprecated alias
     method: z.string().default("GET"),
-    status: z.number().int().optional()
+    status: z.int().optional()
 });
 
 // Schema for individual target within a resource
@@ -28,16 +28,16 @@ export const TargetSchema = z.object({
     site: z.string().optional(),
     method: z.enum(["http", "https", "h2c"]).optional(),
     hostname: z.string(),
-    port: z.number().int().min(1).max(65535),
+    port: z.int().min(1).max(65535),
     enabled: z.boolean().optional().default(true),
-    "internal-port": z.number().int().min(1).max(65535).optional(),
+    "internal-port": z.int().min(1).max(65535).optional(),
     path: z.string().optional(),
     "path-match": z.enum(["exact", "prefix", "regex"]).optional().nullable(),
     healthcheck: TargetHealthCheckSchema.optional(),
     rewritePath: z.string().optional(), // deprecated alias
     "rewrite-path": z.string().optional(),
     "rewrite-match": z.enum(["exact", "prefix", "regex", "stripPrefix"]).optional().nullable(),
-    priority: z.number().int().min(1).max(1000).optional().default(100)
+    priority: z.int().min(1).max(1000).optional().default(100)
 });
 export type TargetData = z.infer<typeof TargetSchema>;
 
@@ -55,10 +55,10 @@ export const AuthSchema = z.object({
         .optional()
         .default([])
         .refine((roles) => !roles.includes("Admin"), {
-            message: "Admin role cannot be included in sso-roles"
+            error: "Admin role cannot be included in sso-roles"
         }),
-    "sso-users": z.array(z.string().email()).optional().default([]),
-    "whitelist-users": z.array(z.string().email()).optional().default([]),
+    "sso-users": z.array(z.email()).optional().default([]),
+    "whitelist-users": z.array(z.email()).optional().default([]),
 });
 
 export const RuleSchema = z.object({
@@ -79,7 +79,7 @@ export const ResourceSchema = z
         protocol: z.enum(["http", "tcp", "udp"]).optional(),
         ssl: z.boolean().optional(),
         "full-domain": z.string().optional(),
-        "proxy-port": z.number().int().min(1).max(65535).optional(),
+        "proxy-port": z.int().min(1).max(65535).optional(),
         enabled: z.boolean().optional(),
         targets: z.array(TargetSchema.nullable()).optional().default([]),
         auth: AuthSchema.optional(),
@@ -100,9 +100,8 @@ export const ResourceSchema = z
             );
         },
         {
-            message:
-                "Resource must either be targets-only (only 'targets' field) or have both 'name' and 'protocol' fields at a minimum",
-            path: ["name", "protocol"]
+            path: ["name", "protocol"],
+            error: "Resource must either be targets-only (only 'targets' field) or have both 'name' and 'protocol' fields at a minimum"
         }
     )
     .refine(
@@ -156,9 +155,8 @@ export const ResourceSchema = z
             return true;
         },
         {
-            message:
-                "When protocol is 'http', a 'full-domain' must be provided",
-            path: ["full-domain"]
+            path: ["full-domain"],
+            error: "When protocol is 'http', a 'full-domain' must be provided"
         }
     )
     .refine(
@@ -174,9 +172,8 @@ export const ResourceSchema = z
             return true;
         },
         {
-            message:
-                "When protocol is 'tcp' or 'udp', 'proxy-port' must be provided",
-            path: ["proxy-port", "exit-node"]
+            path: ["proxy-port", "exit-node"],
+            error: "When protocol is 'tcp' or 'udp', 'proxy-port' must be provided"
         }
     )
     .refine(
@@ -193,9 +190,8 @@ export const ResourceSchema = z
             return true;
         },
         {
-            message:
-                "When protocol is 'tcp' or 'udp', 'auth' must not be provided",
-            path: ["auth"]
+            path: ["auth"],
+            error: "When protocol is 'tcp' or 'udp', 'auth' must not be provided"
         }
     );
 
@@ -216,9 +212,9 @@ export const ClientResourceSchema = z.object({
 // Schema for the entire configuration object
 export const ConfigSchema = z
     .object({
-        "proxy-resources": z.record(z.string(), ResourceSchema).optional().default({}),
-        "client-resources": z.record(z.string(), ClientResourceSchema).optional().default({}),
-        sites: z.record(z.string(), SiteSchema).optional().default({})
+        "proxy-resources": z.record(z.string(), ResourceSchema).optional().prefault({}),
+        "client-resources": z.record(z.string(), ClientResourceSchema).optional().prefault({}),
+        sites: z.record(z.string(), SiteSchema).optional().prefault({})
     })
     .refine(
         // Enforce the full-domain uniqueness across resources in the same stack
diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index 9d6cafb9..2da8c0a7 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -14,10 +14,8 @@ export const configSchema = z
     .object({
         app: z
             .object({
-                dashboard_url: z
-                    .string()
-                    .url()
-                    .pipe(z.string().url())
+                dashboard_url: z.url()
+                    .pipe(z.url())
                     .transform((url) => url.toLowerCase())
                     .optional(),
                 log_level: z
@@ -31,14 +29,14 @@ export const configSchema = z
                         anonymous_usage: z.boolean().optional().default(true)
                     })
                     .optional()
-                    .default({}),
+                    .prefault({}),
                 notifications: z
                     .object({
                         product_updates: z.boolean().optional().default(true),
                         new_releases: z.boolean().optional().default(true)
                     })
                     .optional()
-                    .default({})
+                    .prefault({})
             })
             .optional()
             .default({
@@ -107,7 +105,7 @@ export const configSchema = z
                         token: z.string().optional().default("P-Access-Token")
                     })
                     .optional()
-                    .default({}),
+                    .prefault({}),
                 resource_session_request_param: z
                     .string()
                     .optional()
@@ -132,7 +130,7 @@ export const configSchema = z
                         credentials: z.boolean().optional()
                     })
                     .optional(),
-                trust_proxy: z.number().int().gte(0).optional().default(1),
+                trust_proxy: z.int().gte(0).optional().default(1),
                 secret: z.string().pipe(z.string().min(8)).optional(),
                 maxmind_db_path: z.string().optional()
             })
@@ -189,7 +187,7 @@ export const configSchema = z
                             .default(5000)
                     })
                     .optional()
-                    .default({})
+                    .prefault({})
             })
             .optional(),
         traefik: z
@@ -222,7 +220,7 @@ export const configSchema = z
                     .default("pp-transport-v")
             })
             .optional()
-            .default({}),
+            .prefault({}),
         gerbil: z
             .object({
                 exit_node_name: z.string().optional(),
@@ -247,7 +245,7 @@ export const configSchema = z
                     .default(30)
             })
             .optional()
-            .default({}),
+            .prefault({}),
         orgs: z
             .object({
                 block_size: z.number().positive().gt(0).optional().default(24),
@@ -276,7 +274,7 @@ export const configSchema = z
                             .default(500)
                     })
                     .optional()
-                    .default({}),
+                    .prefault({}),
                 auth: z
                     .object({
                         window_minutes: z
@@ -293,10 +291,10 @@ export const configSchema = z
                             .default(500)
                     })
                     .optional()
-                    .default({})
+                    .prefault({})
             })
             .optional()
-            .default({}),
+            .prefault({}),
         email: z
             .object({
                 smtp_host: z.string().optional(),
@@ -308,7 +306,7 @@ export const configSchema = z
                     .transform(getEnvOrYaml("EMAIL_SMTP_PASS")),
                 smtp_secure: z.boolean().optional(),
                 smtp_tls_reject_unauthorized: z.boolean().optional(),
-                no_reply: z.string().email().optional()
+                no_reply: z.email().optional()
             })
             .optional(),
         flags: z
@@ -340,7 +338,7 @@ export const configSchema = z
                     .default("cname.pangolin.net")
             })
             .optional()
-            .default({})
+            .prefault({})
     })
     .refine(
         (data) => {
@@ -355,7 +353,7 @@ export const configSchema = z
             return true;
         },
         {
-            message: "At least one domain must be defined"
+            error: "At least one domain must be defined"
         }
     )
     .refine(
@@ -370,7 +368,7 @@ export const configSchema = z
             );
         },
         {
-            message: "Server secret must be defined"
+            error: "Server secret must be defined"
         }
     )
     .refine(
@@ -382,7 +380,7 @@ export const configSchema = z
             );
         },
         {
-            message: "Dashboard URL must be defined"
+            error: "Dashboard URL must be defined"
         }
     );
 
diff --git a/server/private/lib/readConfigFile.ts b/server/private/lib/readConfigFile.ts
index 20712704..cc12b1fb 100644
--- a/server/private/lib/readConfigFile.ts
+++ b/server/private/lib/readConfigFile.ts
@@ -50,14 +50,14 @@ export const privateConfigSchema = z.object({
             host: z.string(),
             port: portSchema,
             password: z.string().optional(),
-            db: z.number().int().nonnegative().optional().default(0),
+            db: z.int().nonnegative().optional().default(0),
             replicas: z
                 .array(
                     z.object({
                         host: z.string(),
                         port: portSchema,
                         password: z.string().optional(),
-                        db: z.number().int().nonnegative().optional().default(0)
+                        db: z.int().nonnegative().optional().default(0)
                     })
                 )
                 .optional()
@@ -79,14 +79,14 @@ export const privateConfigSchema = z.object({
                 .default("http://gerbil:3004")
         })
         .optional()
-        .default({}),
+        .prefault({}),
     flags: z
         .object({
             enable_redis: z.boolean().optional().default(false),
             use_pangolin_dns: z.boolean().optional().default(false)
         })
         .optional()
-        .default({}),
+        .prefault({}),
     branding: z
         .object({
             app_name: z.string().optional(),
diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts
index 33383c25..6329206d 100644
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -30,13 +30,13 @@ export const queryAccessAuditLogsQuery = z.object({
     timeStart: z
         .string()
         .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeStart must be a valid ISO date string"
+            error: "timeStart must be a valid ISO date string"
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
     timeEnd: z
         .string()
         .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeEnd must be a valid ISO date string"
+            error: "timeEnd must be a valid ISO date string"
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
@@ -51,7 +51,7 @@ export const queryAccessAuditLogsQuery = z.object({
         .string()
         .optional()
         .transform(Number)
-        .pipe(z.number().int().positive())
+        .pipe(z.int().positive())
         .optional(),
     actor: z.string().optional(),
     type: z.string().optional(),
@@ -61,13 +61,13 @@ export const queryAccessAuditLogsQuery = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 export const queryAccessAuditLogsParams = z.object({
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index 018651cb..eb22cc0a 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -30,13 +30,13 @@ export const queryActionAuditLogsQuery = z.object({
     timeStart: z
         .string()
         .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeStart must be a valid ISO date string"
+            error: "timeStart must be a valid ISO date string"
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
     timeEnd: z
         .string()
         .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeEnd must be a valid ISO date string"
+            error: "timeEnd must be a valid ISO date string"
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
@@ -50,13 +50,13 @@ export const queryActionAuditLogsQuery = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 export const queryActionAuditLogsParams = z.object({
diff --git a/server/private/routers/auth/getSessionTransferToken.ts b/server/private/routers/auth/getSessionTransferToken.ts
index ba295923..bd6bc545 100644
--- a/server/private/routers/auth/getSessionTransferToken.ts
+++ b/server/private/routers/auth/getSessionTransferToken.ts
@@ -28,7 +28,7 @@ import { response } from "@server/lib/response";
 import { encrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 
-const paramsSchema = z.object({}).strict();
+const paramsSchema = z.strictObject({});
 
 export type GetSessionTransferTokenRenponse = {
     token: string;
diff --git a/server/private/routers/auth/quickStart.ts b/server/private/routers/auth/quickStart.ts
index 582ac4d5..02023a0b 100644
--- a/server/private/routers/auth/quickStart.ts
+++ b/server/private/routers/auth/quickStart.ts
@@ -62,10 +62,10 @@ import { isTargetValid } from "@server/lib/validators";
 import { listExitNodes } from "#private/lib/exitNodes";
 
 const bodySchema = z.object({
-    email: z.string().toLowerCase().email(),
+    email: z.email().toLowerCase(),
     ip: z.string().refine(isTargetValid),
     method: z.enum(["http", "https"]),
-    port: z.number().int().min(1).max(65535),
+    port: z.int().min(1).max(65535),
     pincode: z
         .string()
         .regex(/^\d{6}$/)
diff --git a/server/private/routers/billing/createCheckoutSession.ts b/server/private/routers/billing/createCheckoutSession.ts
index 6e1e28c2..e0e08a20 100644
--- a/server/private/routers/billing/createCheckoutSession.ts
+++ b/server/private/routers/billing/createCheckoutSession.ts
@@ -25,11 +25,9 @@ import stripe from "#private/lib/stripe";
 import { getLineItems, getStandardFeaturePriceSet } from "@server/lib/billing";
 import { getTierPriceSet, TierId } from "@server/lib/billing/tiers";
 
-const createCheckoutSessionSchema = z
-    .object({
+const createCheckoutSessionSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function createCheckoutSession(
     req: Request,
diff --git a/server/private/routers/billing/createPortalSession.ts b/server/private/routers/billing/createPortalSession.ts
index eb55f007..a3a2f04f 100644
--- a/server/private/routers/billing/createPortalSession.ts
+++ b/server/private/routers/billing/createPortalSession.ts
@@ -23,11 +23,9 @@ import config from "@server/lib/config";
 import { fromError } from "zod-validation-error";
 import stripe from "#private/lib/stripe";
 
-const createPortalSessionSchema = z
-    .object({
+const createPortalSessionSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function createPortalSession(
     req: Request,
diff --git a/server/private/routers/billing/getOrgSubscription.ts b/server/private/routers/billing/getOrgSubscription.ts
index b97ca39f..adc4ee04 100644
--- a/server/private/routers/billing/getOrgSubscription.ts
+++ b/server/private/routers/billing/getOrgSubscription.ts
@@ -33,11 +33,9 @@ import {
     SubscriptionItem
 } from "@server/db";
 
-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/private/routers/billing/getOrgUsage.ts b/server/private/routers/billing/getOrgUsage.ts
index bc879659..9e605cca 100644
--- a/server/private/routers/billing/getOrgUsage.ts
+++ b/server/private/routers/billing/getOrgUsage.ts
@@ -27,11 +27,9 @@ import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 import { GetOrgUsageResponse } from "@server/routers/billing/types";
 
-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/private/routers/billing/internalGetOrgTier.ts b/server/private/routers/billing/internalGetOrgTier.ts
index cca96243..ec114cca 100644
--- a/server/private/routers/billing/internalGetOrgTier.ts
+++ b/server/private/routers/billing/internalGetOrgTier.ts
@@ -21,11 +21,9 @@ import { fromZodError } from "zod-validation-error";
 import { getOrgTierData } from "#private/lib/billing";
 import { GetOrgTierResponse } from "@server/routers/billing/types";
 
-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function getOrgTier(
     req: Request,
diff --git a/server/private/routers/certificates/getCertificate.ts b/server/private/routers/certificates/getCertificate.ts
index 8392cbc0..4ff8184e 100644
--- a/server/private/routers/certificates/getCertificate.ts
+++ b/server/private/routers/certificates/getCertificate.ts
@@ -23,13 +23,11 @@ import { fromError } from "zod-validation-error";
 import { registry } from "@server/openApi";
 import { GetCertificateResponse } from "@server/routers/certificates/types";
 
-const getCertificateSchema = z
-    .object({
+const getCertificateSchema = z.strictObject({
         domainId: z.string(),
         domain: z.string().min(1).max(255),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 async function query(domainId: string, domain: string) {
     const [domainRecord] = await db
diff --git a/server/private/routers/certificates/restartCertificate.ts b/server/private/routers/certificates/restartCertificate.ts
index 1ad3f6a7..a6ee5460 100644
--- a/server/private/routers/certificates/restartCertificate.ts
+++ b/server/private/routers/certificates/restartCertificate.ts
@@ -24,12 +24,10 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const restartCertificateParamsSchema = z
-    .object({
-        certId: z.string().transform(stoi).pipe(z.number().int().positive()),
+const restartCertificateParamsSchema = z.strictObject({
+        certId: z.string().transform(stoi).pipe(z.int().positive()),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "post",
@@ -41,7 +39,7 @@ registry.registerPath({
             certId: z
                 .string()
                 .transform(stoi)
-                .pipe(z.number().int().positive()),
+                .pipe(z.int().positive()),
             orgId: z.string()
         })
     },
diff --git a/server/private/routers/domain/checkDomainNamespaceAvailability.ts b/server/private/routers/domain/checkDomainNamespaceAvailability.ts
index 745af9d3..6c9cb23c 100644
--- a/server/private/routers/domain/checkDomainNamespaceAvailability.ts
+++ b/server/private/routers/domain/checkDomainNamespaceAvailability.ts
@@ -23,13 +23,11 @@ import { db, domainNamespaces, resources } from "@server/db";
 import { inArray } from "drizzle-orm";
 import { CheckDomainAvailabilityResponse } from "@server/routers/domain/types";
 
-const paramsSchema = z.object({}).strict();
+const paramsSchema = z.strictObject({});
 
-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
         subdomain: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/private/routers/domain/listDomainNamespaces.ts b/server/private/routers/domain/listDomainNamespaces.ts
index 10bcc91b..29d5d201 100644
--- a/server/private/routers/domain/listDomainNamespaces.ts
+++ b/server/private/routers/domain/listDomainNamespaces.ts
@@ -23,24 +23,22 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const paramsSchema = z.object({}).strict();
+const paramsSchema = z.strictObject({});
 
-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function query(limit: number, offset: number) {
     const res = await db
diff --git a/server/private/routers/hybrid.ts b/server/private/routers/hybrid.ts
index a8b6a174..b76cf6f9 100644
--- a/server/private/routers/hybrid.ts
+++ b/server/private/routers/hybrid.ts
@@ -78,105 +78,78 @@ import { verifyResourceAccessToken } from "@server/auth/verifyResourceAccessToke
 import semver from "semver";
 
 // Zod schemas for request validation
-const getResourceByDomainParamsSchema = z
-    .object({
+const getResourceByDomainParamsSchema = z.strictObject({
         domain: z.string().min(1, "Domain is required")
-    })
-    .strict();
+    });
 
-const getUserSessionParamsSchema = z
-    .object({
+const getUserSessionParamsSchema = z.strictObject({
         userSessionId: z.string().min(1, "User session ID is required")
-    })
-    .strict();
+    });
 
-const getUserOrgRoleParamsSchema = z
-    .object({
+const getUserOrgRoleParamsSchema = z.strictObject({
         userId: z.string().min(1, "User ID is required"),
         orgId: z.string().min(1, "Organization ID is required")
-    })
-    .strict();
+    });
 
-const getRoleResourceAccessParamsSchema = z
-    .object({
+const getRoleResourceAccessParamsSchema = z.strictObject({
         roleId: z
             .string()
             .transform(Number)
             .pipe(
-                z.number().int().positive("Role ID must be a positive integer")
+                z.int().positive("Role ID must be a positive integer")
             ),
         resourceId: z
             .string()
             .transform(Number)
             .pipe(
-                z
-                    .number()
-                    .int()
+                z.int()
                     .positive("Resource ID must be a positive integer")
             )
-    })
-    .strict();
+    });
 
-const getUserResourceAccessParamsSchema = z
-    .object({
+const getUserResourceAccessParamsSchema = z.strictObject({
         userId: z.string().min(1, "User ID is required"),
         resourceId: z
             .string()
             .transform(Number)
             .pipe(
-                z
-                    .number()
-                    .int()
+                z.int()
                     .positive("Resource ID must be a positive integer")
             )
-    })
-    .strict();
+    });
 
-const getResourceRulesParamsSchema = z
-    .object({
+const getResourceRulesParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
             .pipe(
-                z
-                    .number()
-                    .int()
+                z.int()
                     .positive("Resource ID must be a positive integer")
             )
-    })
-    .strict();
+    });
 
-const validateResourceSessionTokenParamsSchema = z
-    .object({
+const validateResourceSessionTokenParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
             .pipe(
-                z
-                    .number()
-                    .int()
+                z.int()
                     .positive("Resource ID must be a positive integer")
             )
-    })
-    .strict();
+    });
 
-const validateResourceSessionTokenBodySchema = z
-    .object({
+const validateResourceSessionTokenBodySchema = z.strictObject({
         token: z.string().min(1, "Token is required")
-    })
-    .strict();
+    });
 
-const validateResourceAccessTokenBodySchema = z
-    .object({
+const validateResourceAccessTokenBodySchema = z.strictObject({
         accessTokenId: z.string().optional(),
         resourceId: z.number().optional(),
         accessToken: z.string()
-    })
-    .strict();
+    });
 
 // Certificates by domains query validation
-const getCertificatesByDomainsQuerySchema = z
-    .object({
+const getCertificatesByDomainsQuerySchema = z.strictObject({
         // Accept domains as string or array (domains or domains[])
         domains: z
             .union([z.array(z.string().min(1)), z.string().min(1)])
@@ -185,8 +158,7 @@ const getCertificatesByDomainsQuerySchema = z
         "domains[]": z
             .union([z.array(z.string().min(1)), z.string().min(1)])
             .optional()
-    })
-    .strict();
+    });
 
 // Type exports for request schemas
 export type GetResourceByDomainParams = z.infer<
@@ -591,11 +563,9 @@ hybridRouter.get(
     }
 );
 
-const getOrgLoginPageParamsSchema = z
-    .object({
+const getOrgLoginPageParamsSchema = z.strictObject({
         orgId: z.string().min(1)
-    })
-    .strict();
+    });
 
 hybridRouter.get(
     "/org/:orgId/login-page",
@@ -1217,7 +1187,7 @@ hybridRouter.post(
 );
 
 const geoIpLookupParamsSchema = z.object({
-    ip: z.string().ip()
+    ip: z.union([z.ipv4(), z.ipv6()])
 });
 hybridRouter.get(
     "/geoip/:ip",
diff --git a/server/private/routers/license/activateLicense.ts b/server/private/routers/license/activateLicense.ts
index f5d610aa..55b7827e 100644
--- a/server/private/routers/license/activateLicense.ts
+++ b/server/private/routers/license/activateLicense.ts
@@ -20,11 +20,9 @@ import license from "#private/license/license";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         licenseKey: z.string().min(1).max(255)
-    })
-    .strict();
+    });
 
 export async function activateLicense(
     req: Request,
diff --git a/server/private/routers/license/deleteLicenseKey.ts b/server/private/routers/license/deleteLicenseKey.ts
index 93fc4ef6..6f5469fc 100644
--- a/server/private/routers/license/deleteLicenseKey.ts
+++ b/server/private/routers/license/deleteLicenseKey.ts
@@ -23,11 +23,9 @@ import { eq } from "drizzle-orm";
 import { licenseKey } from "@server/db";
 import license from "#private/license/license";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         licenseKey: z.string().min(1).max(255)
-    })
-    .strict();
+    });
 
 export async function deleteLicenseKey(
     req: Request,
diff --git a/server/private/routers/loginPage/createLoginPage.ts b/server/private/routers/loginPage/createLoginPage.ts
index cb0bb923..17050855 100644
--- a/server/private/routers/loginPage/createLoginPage.ts
+++ b/server/private/routers/loginPage/createLoginPage.ts
@@ -35,18 +35,14 @@ import { TierId } from "@server/lib/billing/tiers";
 import { build } from "@server/build";
 import { CreateLoginPageResponse } from "@server/routers/loginPage/types";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         subdomain: z.string().nullable().optional(),
         domainId: z.string()
-    })
-    .strict();
+    });
 
 export type CreateLoginPageBody = z.infer<typeof bodySchema>;
 
diff --git a/server/private/routers/loginPage/getLoginPage.ts b/server/private/routers/loginPage/getLoginPage.ts
index 76e20ffb..b3bde203 100644
--- a/server/private/routers/loginPage/getLoginPage.ts
+++ b/server/private/routers/loginPage/getLoginPage.ts
@@ -22,11 +22,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { GetLoginPageResponse } from "@server/routers/loginPage/types";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 async function query(orgId: string) {
     const [res] = await db
diff --git a/server/private/routers/loginPage/updateLoginPage.ts b/server/private/routers/loginPage/updateLoginPage.ts
index 4f2be084..8a8e8ab0 100644
--- a/server/private/routers/loginPage/updateLoginPage.ts
+++ b/server/private/routers/loginPage/updateLoginPage.ts
@@ -35,14 +35,12 @@ const paramsSchema = z
     })
     .strict();
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         subdomain: subdomainSchema.nullable().optional(),
         domainId: z.string().optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     })
     .refine(
         (data) => {
@@ -51,7 +49,9 @@ const bodySchema = z
             }
             return true;
         },
-        { message: "Invalid subdomain" }
+        {
+            error: "Invalid subdomain"
+        }
     );
 
 export type UpdateLoginPageBody = z.infer<typeof bodySchema>;
diff --git a/server/private/routers/misc/sendSupportEmail.ts b/server/private/routers/misc/sendSupportEmail.ts
index 9b3f9c14..f1f7a919 100644
--- a/server/private/routers/misc/sendSupportEmail.ts
+++ b/server/private/routers/misc/sendSupportEmail.ts
@@ -22,12 +22,10 @@ import { sendEmail } from "@server/emails";
 import SupportEmail from "@server/emails/templates/SupportEmail";
 import config from "@server/lib/config";
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         body: z.string().min(1),
         subject: z.string().min(1).max(255)
-    })
-    .strict();
+    });
 
 export async function sendSupportEmail(
     req: Request,
diff --git a/server/private/routers/orgIdp/createOrgOidcIdp.ts b/server/private/routers/orgIdp/createOrgOidcIdp.ts
index 02cef526..c3ce774e 100644
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -29,15 +29,14 @@ import { getOrgTierData } from "#private/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 import { CreateOrgIdpResponse } from "@server/routers/orgIdp/types";
 
-const paramsSchema = z.object({ orgId: z.string().nonempty() }).strict();
+const paramsSchema = z.strictObject({ orgId: z.string().nonempty() });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         name: z.string().nonempty(),
         clientId: z.string().nonempty(),
         clientSecret: z.string().nonempty(),
-        authUrl: z.string().url(),
-        tokenUrl: z.string().url(),
+        authUrl: z.url(),
+        tokenUrl: z.url(),
         identifierPath: z.string().nonempty(),
         emailPath: z.string().optional(),
         namePath: z.string().optional(),
@@ -45,8 +44,7 @@ const bodySchema = z
         autoProvision: z.boolean().optional(),
         variant: z.enum(["oidc", "google", "azure"]).optional().default("oidc"),
         roleMapping: z.string().optional()
-    })
-    .strict();
+    });
 
 // registry.registerPath({
 //     method: "put",
diff --git a/server/private/routers/orgIdp/listOrgIdps.ts b/server/private/routers/orgIdp/listOrgIdps.ts
index 0c69ff8d..646d808c 100644
--- a/server/private/routers/orgIdp/listOrgIdps.ts
+++ b/server/private/routers/orgIdp/listOrgIdps.ts
@@ -24,28 +24,24 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { ListOrgIdpsResponse } from "@server/routers/orgIdp/types";
 
-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string().nonempty()
-    })
-    .strict();
+    });
 
 async function query(orgId: string, limit: number, offset: number) {
     const res = await db
diff --git a/server/private/routers/orgIdp/updateOrgOidcIdp.ts b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
index c6e54240..f3e76054 100644
--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -35,8 +35,7 @@ const paramsSchema = z
     })
     .strict();
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         name: z.string().optional(),
         clientId: z.string().optional(),
         clientSecret: z.string().optional(),
@@ -48,8 +47,7 @@ const bodySchema = z
         scopes: z.string().optional(),
         autoProvision: z.boolean().optional(),
         roleMapping: z.string().optional()
-    })
-    .strict();
+    });
 
 export type UpdateOrgIdpResponse = {
     idpId: number;
diff --git a/server/private/routers/re-key/reGenerateClientSecret.ts b/server/private/routers/re-key/reGenerateClientSecret.ts
index e07099a4..85b3f4a6 100644
--- a/server/private/routers/re-key/reGenerateClientSecret.ts
+++ b/server/private/routers/re-key/reGenerateClientSecret.ts
@@ -24,19 +24,15 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
 
-const reGenerateSecretParamsSchema = z
-    .object({
-        clientId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const reGenerateSecretParamsSchema = z.strictObject({
+        clientId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const reGenerateSecretBodySchema = z
-    .object({
+const reGenerateSecretBodySchema = z.strictObject({
         olmId: z.string().min(1).optional(),
         secret: z.string().min(1).optional(),
 
-    })
-    .strict();
+    });
 
 export type ReGenerateSecretBody = z.infer<typeof reGenerateSecretBodySchema>;
 
diff --git a/server/private/routers/re-key/reGenerateExitNodeSecret.ts b/server/private/routers/re-key/reGenerateExitNodeSecret.ts
index 1503e75a..ee3a7a87 100644
--- a/server/private/routers/re-key/reGenerateExitNodeSecret.ts
+++ b/server/private/routers/re-key/reGenerateExitNodeSecret.ts
@@ -29,12 +29,10 @@ export const paramsSchema = z.object({
     orgId: z.string()
 });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         remoteExitNodeId: z.string().length(15),
         secret: z.string().length(48)
-    })
-    .strict();
+    });
 
 
 registry.registerPath({
diff --git a/server/private/routers/re-key/reGenerateSiteSecret.ts b/server/private/routers/re-key/reGenerateSiteSecret.ts
index 3826cbc3..bfa5df9d 100644
--- a/server/private/routers/re-key/reGenerateSiteSecret.ts
+++ b/server/private/routers/re-key/reGenerateSiteSecret.ts
@@ -25,22 +25,18 @@ import { hashPassword } from "@server/auth/password";
 import { addPeer } from "@server/routers/gerbil/peers";
 
 
-const updateSiteParamsSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const updateSiteParamsSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const updateSiteBodySchema = z
-    .object({
+const updateSiteBodySchema = z.strictObject({
         type: z.enum(["newt", "wireguard"]),
         newtId: z.string().min(1).max(255).optional(),
         newtSecret: z.string().min(1).max(255).optional(),
-        exitNodeId: z.number().int().positive().optional(),
+        exitNodeId: z.int().positive().optional(),
         pubKey: z.string().optional(),
         subnet: z.string().optional(),
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/private/routers/remoteExitNode/createRemoteExitNode.ts b/server/private/routers/remoteExitNode/createRemoteExitNode.ts
index 63209ad9..5afa82ef 100644
--- a/server/private/routers/remoteExitNode/createRemoteExitNode.ts
+++ b/server/private/routers/remoteExitNode/createRemoteExitNode.ts
@@ -35,12 +35,10 @@ export const paramsSchema = z.object({
     orgId: z.string()
 });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         remoteExitNodeId: z.string().length(15),
         secret: z.string().length(48)
-    })
-    .strict();
+    });
 
 export type CreateRemoteExitNodeBody = z.infer<typeof bodySchema>;
 
diff --git a/server/private/routers/remoteExitNode/deleteRemoteExitNode.ts b/server/private/routers/remoteExitNode/deleteRemoteExitNode.ts
index f7b9d56c..e293f421 100644
--- a/server/private/routers/remoteExitNode/deleteRemoteExitNode.ts
+++ b/server/private/routers/remoteExitNode/deleteRemoteExitNode.ts
@@ -24,12 +24,10 @@ import { fromError } from "zod-validation-error";
 import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string().min(1),
         remoteExitNodeId: z.string().min(1)
-    })
-    .strict();
+    });
 
 export async function deleteRemoteExitNode(
     req: Request,
diff --git a/server/private/routers/remoteExitNode/getRemoteExitNode.ts b/server/private/routers/remoteExitNode/getRemoteExitNode.ts
index 2ef3fb06..c7b98297 100644
--- a/server/private/routers/remoteExitNode/getRemoteExitNode.ts
+++ b/server/private/routers/remoteExitNode/getRemoteExitNode.ts
@@ -23,12 +23,10 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { GetRemoteExitNodeResponse } from "@server/routers/remoteExitNode/types";
 
-const getRemoteExitNodeSchema = z
-    .object({
+const getRemoteExitNodeSchema = z.strictObject({
         orgId: z.string().min(1),
         remoteExitNodeId: z.string().min(1)
-    })
-    .strict();
+    });
 
 async function query(remoteExitNodeId: string) {
     const [remoteExitNode] = await db
diff --git a/server/private/routers/remoteExitNode/listRemoteExitNodes.ts b/server/private/routers/remoteExitNode/listRemoteExitNodes.ts
index 1029b1e9..a13a05cd 100644
--- a/server/private/routers/remoteExitNode/listRemoteExitNodes.ts
+++ b/server/private/routers/remoteExitNode/listRemoteExitNodes.ts
@@ -23,11 +23,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { ListRemoteExitNodesResponse } from "@server/routers/remoteExitNode/types";
 
-const listRemoteExitNodesParamsSchema = z
-    .object({
+const listRemoteExitNodesParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listRemoteExitNodesSchema = z.object({
     limit: z
@@ -35,13 +33,13 @@ const listRemoteExitNodesSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 export function queryRemoteExitNodes(orgId: string) {
diff --git a/server/private/routers/remoteExitNode/pickRemoteExitNodeDefaults.ts b/server/private/routers/remoteExitNode/pickRemoteExitNodeDefaults.ts
index e5762f0d..bb7c89d5 100644
--- a/server/private/routers/remoteExitNode/pickRemoteExitNodeDefaults.ts
+++ b/server/private/routers/remoteExitNode/pickRemoteExitNodeDefaults.ts
@@ -21,11 +21,9 @@ import { fromError } from "zod-validation-error";
 import { z } from "zod";
 import { PickRemoteExitNodeDefaultsResponse } from "@server/routers/remoteExitNode/types";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function pickRemoteExitNodeDefaults(
     req: Request,
diff --git a/server/routers/accessToken/deleteAccessToken.ts b/server/routers/accessToken/deleteAccessToken.ts
index 60d8789e..5de4df9b 100644
--- a/server/routers/accessToken/deleteAccessToken.ts
+++ b/server/routers/accessToken/deleteAccessToken.ts
@@ -10,11 +10,9 @@ import { and, eq } from "drizzle-orm";
 import { db } from "@server/db";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteAccessTokenParamsSchema = z
-    .object({
+const deleteAccessTokenParamsSchema = z.strictObject({
         accessTokenId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/accessToken/generateAccessToken.ts b/server/routers/accessToken/generateAccessToken.ts
index 631b5924..36a20268 100644
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -24,22 +24,18 @@ import { encodeHexLowerCase } from "@oslojs/encoding";
 import { sha256 } from "@oslojs/crypto/sha2";
 import { OpenAPITags, registry } from "@server/openApi";
 
-export const generateAccessTokenBodySchema = z
-    .object({
-        validForSeconds: z.number().int().positive().optional(), // seconds
+export const generateAccessTokenBodySchema = z.strictObject({
+        validForSeconds: z.int().positive().optional(), // seconds
         title: z.string().optional(),
         description: z.string().optional()
-    })
-    .strict();
+    });
 
-export const generateAccssTokenParamsSchema = z
-    .object({
+export const generateAccssTokenParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export type GenerateAccessTokenResponse = Omit<
     ResourceAccessToken,
diff --git a/server/routers/accessToken/listAccessTokens.ts b/server/routers/accessToken/listAccessTokens.ts
index ab2bf826..476c858b 100644
--- a/server/routers/accessToken/listAccessTokens.ts
+++ b/server/routers/accessToken/listAccessTokens.ts
@@ -17,18 +17,16 @@ import stoi from "@server/lib/stoi";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listAccessTokensParamsSchema = z
-    .object({
+const listAccessTokensParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .optional()
             .transform(stoi)
-            .pipe(z.number().int().positive().optional()),
+            .pipe(z.int().positive().optional()),
         orgId: z.string().optional()
     })
-    .strict()
     .refine((data) => !!data.resourceId !== !!data.orgId, {
-        message: "Either resourceId or orgId must be provided, but not both"
+        error: "Either resourceId or orgId must be provided, but not both"
     });
 
 const listAccessTokensSchema = z.object({
@@ -37,14 +35,14 @@ const listAccessTokensSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().nonnegative()),
+        .pipe(z.int().nonnegative()),
 
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function queryAccessTokens(
diff --git a/server/routers/apiKeys/createRootApiKey.ts b/server/routers/apiKeys/createRootApiKey.ts
index 0754574a..8e9e571d 100644
--- a/server/routers/apiKeys/createRootApiKey.ts
+++ b/server/routers/apiKeys/createRootApiKey.ts
@@ -14,11 +14,9 @@ import {
 import logger from "@server/logger";
 import { hashPassword } from "@server/auth/password";
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         name: z.string().min(1).max(255)
-    })
-    .strict();
+    });
 
 export type CreateRootApiKeyBody = z.infer<typeof bodySchema>;
 
diff --git a/server/routers/apiKeys/listApiKeyActions.ts b/server/routers/apiKeys/listApiKeyActions.ts
index 51d20b24..7432d175 100644
--- a/server/routers/apiKeys/listApiKeyActions.ts
+++ b/server/routers/apiKeys/listApiKeyActions.ts
@@ -20,13 +20,13 @@ const querySchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function queryActions(apiKeyId: string) {
diff --git a/server/routers/apiKeys/listOrgApiKeys.ts b/server/routers/apiKeys/listOrgApiKeys.ts
index e8c8bc1c..53191ba6 100644
--- a/server/routers/apiKeys/listOrgApiKeys.ts
+++ b/server/routers/apiKeys/listOrgApiKeys.ts
@@ -16,13 +16,13 @@ const querySchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 const paramsSchema = z.object({
diff --git a/server/routers/apiKeys/listRootApiKeys.ts b/server/routers/apiKeys/listRootApiKeys.ts
index ddfade3c..654b830a 100644
--- a/server/routers/apiKeys/listRootApiKeys.ts
+++ b/server/routers/apiKeys/listRootApiKeys.ts
@@ -15,13 +15,13 @@ const querySchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function queryApiKeys() {
diff --git a/server/routers/apiKeys/setApiKeyActions.ts b/server/routers/apiKeys/setApiKeyActions.ts
index bb16deb5..fe8cc4f1 100644
--- a/server/routers/apiKeys/setApiKeyActions.ts
+++ b/server/routers/apiKeys/setApiKeyActions.ts
@@ -10,13 +10,10 @@ import { fromError } from "zod-validation-error";
 import { eq, and, inArray } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const bodySchema = z
-    .object({
-        actionIds: z
-            .array(z.string().nonempty())
+const bodySchema = z.strictObject({
+        actionIds: z.tuple([z.string()], z.string())
             .transform((v) => Array.from(new Set(v)))
-    })
-    .strict();
+    });
 
 const paramsSchema = z.object({
     apiKeyId: z.string().nonempty()
diff --git a/server/routers/apiKeys/setApiKeyOrgs.ts b/server/routers/apiKeys/setApiKeyOrgs.ts
index f03eec18..d60aad73 100644
--- a/server/routers/apiKeys/setApiKeyOrgs.ts
+++ b/server/routers/apiKeys/setApiKeyOrgs.ts
@@ -9,13 +9,10 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { eq, and, inArray } from "drizzle-orm";
 
-const bodySchema = z
-    .object({
-        orgIds: z
-            .array(z.string().nonempty())
+const bodySchema = z.strictObject({
+        orgIds: z.tuple([z.string()], z.string())
             .transform((v) => Array.from(new Set(v)))
-    })
-    .strict();
+    });
 
 const paramsSchema = z.object({
     apiKeyId: z.string().nonempty()
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index 26cba417..7c412994 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -17,13 +17,13 @@ export const queryAccessAuditLogsQuery = z.object({
     timeStart: z
         .string()
         .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeStart must be a valid ISO date string"
+            error: "timeStart must be a valid ISO date string"
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000)),
     timeEnd: z
         .string()
         .refine((val) => !isNaN(Date.parse(val)), {
-            message: "timeEnd must be a valid ISO date string"
+            error: "timeEnd must be a valid ISO date string"
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
@@ -37,13 +37,13 @@ export const queryAccessAuditLogsQuery = z.object({
         .string()
         .optional()
         .transform(Number)
-        .pipe(z.number().int().positive())
+        .pipe(z.int().positive())
         .optional(),
     resourceId: z
         .string()
         .optional()
         .transform(Number)
-        .pipe(z.number().int().positive())
+        .pipe(z.int().positive())
         .optional(),
     actor: z.string().optional(),
     location: z.string().optional(),
@@ -54,13 +54,13 @@ export const queryAccessAuditLogsQuery = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 export const queryRequestAuditLogsParams = z.object({
diff --git a/server/routers/auth/changePassword.ts b/server/routers/auth/changePassword.ts
index 0164316e..fa007d37 100644
--- a/server/routers/auth/changePassword.ts
+++ b/server/routers/auth/changePassword.ts
@@ -22,13 +22,11 @@ import { sendEmail } from "@server/emails";
 import ConfirmPasswordReset from "@server/emails/templates/NotifyResetPassword";
 import config from "@server/lib/config";
 
-export const changePasswordBody = z
-    .object({
+export const changePasswordBody = z.strictObject({
         oldPassword: z.string(),
         newPassword: passwordSchema,
         code: z.string().optional()
-    })
-    .strict();
+    });
 
 export type ChangePasswordBody = z.infer<typeof changePasswordBody>;
 
diff --git a/server/routers/auth/checkResourceSession.ts b/server/routers/auth/checkResourceSession.ts
index 9840d564..39466400 100644
--- a/server/routers/auth/checkResourceSession.ts
+++ b/server/routers/auth/checkResourceSession.ts
@@ -7,10 +7,10 @@ import { response } from "@server/lib/response";
 import { validateResourceSessionToken } from "@server/auth/sessions/resource";
 import logger from "@server/logger";
 
-export const params = z.object({
+export const params = z.strictObject({
     token: z.string(),
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive()),
-}).strict();
+    resourceId: z.string().transform(Number).pipe(z.int().positive()),
+});
 
 export type CheckResourceSessionParams = z.infer<typeof params>;
 
diff --git a/server/routers/auth/disable2fa.ts b/server/routers/auth/disable2fa.ts
index da19c0d7..ebf6ab52 100644
--- a/server/routers/auth/disable2fa.ts
+++ b/server/routers/auth/disable2fa.ts
@@ -16,12 +16,10 @@ import config from "@server/lib/config";
 import { unauthorized } from "@server/auth/unauthorizedResponse";
 import { UserType } from "@server/types/UserTypes";
 
-export const disable2faBody = z
-    .object({
+export const disable2faBody = z.strictObject({
         password: z.string(),
         code: z.string().optional()
-    })
-    .strict();
+    });
 
 export type Disable2faBody = z.infer<typeof disable2faBody>;
 
diff --git a/server/routers/auth/login.ts b/server/routers/auth/login.ts
index 418eaaa4..9c913054 100644
--- a/server/routers/auth/login.ts
+++ b/server/routers/auth/login.ts
@@ -20,14 +20,12 @@ import { verifySession } from "@server/auth/sessions/verifySession";
 import { UserType } from "@server/types/UserTypes";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 
-export const loginBodySchema = z
-    .object({
-        email: z.string().toLowerCase().email(),
+export const loginBodySchema = z.strictObject({
+        email: z.email().toLowerCase(),
         password: z.string(),
         code: z.string().optional(),
         resourceGuid: z.string().optional()
-    })
-    .strict();
+    });
 
 export type LoginBody = z.infer<typeof loginBodySchema>;
 
diff --git a/server/routers/auth/requestPasswordReset.ts b/server/routers/auth/requestPasswordReset.ts
index a7e84b9e..0f9953e8 100644
--- a/server/routers/auth/requestPasswordReset.ts
+++ b/server/routers/auth/requestPasswordReset.ts
@@ -17,11 +17,9 @@ import ResetPasswordCode from "@server/emails/templates/ResetPasswordCode";
 import { hashPassword } from "@server/auth/password";
 import { UserType } from "@server/types/UserTypes";
 
-export const requestPasswordResetBody = z
-    .object({
-        email: z.string().toLowerCase().email()
-    })
-    .strict();
+export const requestPasswordResetBody = z.strictObject({
+        email: z.email().toLowerCase()
+    });
 
 export type RequestPasswordResetBody = z.infer<typeof requestPasswordResetBody>;
 
diff --git a/server/routers/auth/requestTotpSecret.ts b/server/routers/auth/requestTotpSecret.ts
index 7c122a44..53d80147 100644
--- a/server/routers/auth/requestTotpSecret.ts
+++ b/server/routers/auth/requestTotpSecret.ts
@@ -16,12 +16,10 @@ import { UserType } from "@server/types/UserTypes";
 import { verifySession } from "@server/auth/sessions/verifySession";
 import config from "@server/lib/config";
 
-export const requestTotpSecretBody = z
-    .object({
+export const requestTotpSecretBody = z.strictObject({
         password: z.string(),
-        email: z.string().email().optional()
-    })
-    .strict();
+        email: z.email().optional()
+    });
 
 export type RequestTotpSecretBody = z.infer<typeof requestTotpSecretBody>;
 
diff --git a/server/routers/auth/resetPassword.ts b/server/routers/auth/resetPassword.ts
index 14b4236b..aeb85558 100644
--- a/server/routers/auth/resetPassword.ts
+++ b/server/routers/auth/resetPassword.ts
@@ -17,14 +17,12 @@ import ConfirmPasswordReset from "@server/emails/templates/NotifyResetPassword";
 import { sendEmail } from "@server/emails";
 import { passwordSchema } from "@server/auth/passwordSchema";
 
-export const resetPasswordBody = z
-    .object({
-        email: z.string().toLowerCase().email(),
+export const resetPasswordBody = z.strictObject({
+        email: z.email().toLowerCase(),
         token: z.string(), // reset secret code
         newPassword: passwordSchema,
         code: z.string().optional() // 2fa code
-    })
-    .strict();
+    });
 
 export type ResetPasswordBody = z.infer<typeof resetPasswordBody>;
 
diff --git a/server/routers/auth/securityKey.ts b/server/routers/auth/securityKey.ts
index 1e75764b..cde2f61a 100644
--- a/server/routers/auth/securityKey.ts
+++ b/server/routers/auth/securityKey.ts
@@ -99,28 +99,28 @@ async function clearChallenge(sessionId: string) {
     await db.delete(webauthnChallenge).where(eq(webauthnChallenge.sessionId, sessionId));
 }
 
-export const registerSecurityKeyBody = z.object({
+export const registerSecurityKeyBody = z.strictObject({
     name: z.string().min(1),
     password: z.string().min(1),
     code: z.string().optional()
-}).strict();
+});
 
-export const verifyRegistrationBody = z.object({
+export const verifyRegistrationBody = z.strictObject({
     credential: z.any()
-}).strict();
+});
 
-export const startAuthenticationBody = z.object({
-    email: z.string().email().optional()
-}).strict();
+export const startAuthenticationBody = z.strictObject({
+    email: z.email().optional()
+});
 
-export const verifyAuthenticationBody = z.object({
+export const verifyAuthenticationBody = z.strictObject({
     credential: z.any()
-}).strict();
+});
 
-export const deleteSecurityKeyBody = z.object({
+export const deleteSecurityKeyBody = z.strictObject({
     password: z.string().min(1),
     code: z.string().optional()
-}).strict();
+});
 
 export async function startRegistration(
     req: Request,
diff --git a/server/routers/auth/setServerAdmin.ts b/server/routers/auth/setServerAdmin.ts
index 307f5504..9c2489cd 100644
--- a/server/routers/auth/setServerAdmin.ts
+++ b/server/routers/auth/setServerAdmin.ts
@@ -14,7 +14,7 @@ import { UserType } from "@server/types/UserTypes";
 import moment from "moment";
 
 export const bodySchema = z.object({
-    email: z.string().toLowerCase().email(),
+    email: z.email().toLowerCase(),
     password: passwordSchema,
     setupToken: z.string().min(1, "Setup token is required")
 });
diff --git a/server/routers/auth/signup.ts b/server/routers/auth/signup.ts
index e836d109..595a9b91 100644
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@@ -26,7 +26,7 @@ import { build } from "@server/build";
 import resend, { AudienceIds, moveEmailToAudience } from "#dynamic/lib/resend";
 
 export const signupBodySchema = z.object({
-    email: z.string().toLowerCase().email(),
+    email: z.email().toLowerCase(),
     password: passwordSchema,
     inviteToken: z.string().optional(),
     inviteId: z.string().optional(),
diff --git a/server/routers/auth/validateSetupToken.ts b/server/routers/auth/validateSetupToken.ts
index e3c29833..1a4725b6 100644
--- a/server/routers/auth/validateSetupToken.ts
+++ b/server/routers/auth/validateSetupToken.ts
@@ -8,11 +8,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const validateSetupTokenSchema = z
-    .object({
+const validateSetupTokenSchema = z.strictObject({
         token: z.string().min(1, "Token is required")
-    })
-    .strict();
+    });
 
 export type ValidateSetupTokenResponse = {
     valid: boolean;
diff --git a/server/routers/auth/verifyEmail.ts b/server/routers/auth/verifyEmail.ts
index 47a81c0a..8d31eb45 100644
--- a/server/routers/auth/verifyEmail.ts
+++ b/server/routers/auth/verifyEmail.ts
@@ -13,11 +13,9 @@ import logger from "@server/logger";
 import { freeLimitSet, limitsService } from "@server/lib/billing";
 import { build } from "@server/build";
 
-export const verifyEmailBody = z
-    .object({
+export const verifyEmailBody = z.strictObject({
         code: z.string()
-    })
-    .strict();
+    });
 
 export type VerifyEmailBody = z.infer<typeof verifyEmailBody>;
 
diff --git a/server/routers/auth/verifyTotp.ts b/server/routers/auth/verifyTotp.ts
index c44c0c53..9243c9f9 100644
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -18,13 +18,11 @@ import { generateBackupCodes } from "@server/lib/totp";
 import { verifySession } from "@server/auth/sessions/verifySession";
 import { unauthorized } from "@server/auth/unauthorizedResponse";
 
-export const verifyTotpBody = z
-    .object({
-        email: z.string().email().optional(),
+export const verifyTotpBody = z.strictObject({
+        email: z.email().optional(),
         password: z.string().optional(),
         code: z.string()
-    })
-    .strict();
+    });
 
 export type VerifyTotpBody = z.infer<typeof verifyTotpBody>;
 
diff --git a/server/routers/badger/verifySession.ts b/server/routers/badger/verifySession.ts
index da5b0f18..d7fe9190 100644
--- a/server/routers/badger/verifySession.ts
+++ b/server/routers/badger/verifySession.ts
@@ -40,10 +40,10 @@ import { logRequestAudit } from "./logRequestAudit";
 import cache from "@server/lib/cache";
 
 const verifyResourceSessionSchema = z.object({
-    sessions: z.record(z.string()).optional(),
-    headers: z.record(z.string()).optional(),
-    query: z.record(z.string()).optional(),
-    originalRequestURL: z.string().url(),
+    sessions: z.record(z.string(), z.string()).optional(),
+    headers: z.record(z.string(), z.string()).optional(),
+    query: z.record(z.string(), z.string()).optional(),
+    originalRequestURL: z.url(),
     scheme: z.string(),
     host: z.string(),
     path: z.string(),
diff --git a/server/routers/blueprints/applyJSONBlueprint.ts b/server/routers/blueprints/applyJSONBlueprint.ts
index 6860307b..f8c9caec 100644
--- a/server/routers/blueprints/applyJSONBlueprint.ts
+++ b/server/routers/blueprints/applyJSONBlueprint.ts
@@ -8,17 +8,13 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { applyBlueprint } from "@server/lib/blueprints/applyBlueprint";
 
-const applyBlueprintSchema = z
-    .object({
+const applyBlueprintSchema = z.strictObject({
         blueprint: z.string()
-    })
-    .strict();
+    });
 
-const applyBlueprintParamsSchema = z
-    .object({
+const applyBlueprintParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "put",
diff --git a/server/routers/blueprints/getBlueprint.ts b/server/routers/blueprints/getBlueprint.ts
index 3d3f7366..45c36af7 100644
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -12,15 +12,13 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { BlueprintData } from "./types";
 
-const getBlueprintSchema = z
-    .object({
+const getBlueprintSchema = z.strictObject({
         blueprintId: z
             .string()
             .transform(stoi)
-            .pipe(z.number().int().positive()),
+            .pipe(z.int().positive()),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 async function query(blueprintId: number, orgId: string) {
     // Get the client
diff --git a/server/routers/blueprints/listBlueprints.ts b/server/routers/blueprints/listBlueprints.ts
index 5ae8b211..315abfed 100644
--- a/server/routers/blueprints/listBlueprints.ts
+++ b/server/routers/blueprints/listBlueprints.ts
@@ -10,28 +10,24 @@ import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { BlueprintData } from "./types";
 
-const listBluePrintsParamsSchema = z
-    .object({
+const listBluePrintsParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const listBluePrintsSchema = z
-    .object({
+const listBluePrintsSchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function queryBlueprints(orgId: string, limit: number, offset: number) {
     const res = await db
diff --git a/server/routers/client/createClient.ts b/server/routers/client/createClient.ts
index cb2bbd6e..d1346879 100644
--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -26,22 +26,18 @@ import { isIpInCidr } from "@server/lib/ip";
 import { OpenAPITags, registry } from "@server/openApi";
 import { listExitNodes } from "#dynamic/lib/exitNodes";
 
-const createClientParamsSchema = z
-    .object({
+const createClientParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const createClientSchema = z
-    .object({
+const createClientSchema = z.strictObject({
         name: z.string().min(1).max(255),
-        siteIds: z.array(z.number().int().positive()),
+        siteIds: z.array(z.int().positive()),
         olmId: z.string(),
         secret: z.string(),
         subnet: z.string(),
         type: z.enum(["olm"])
-    })
-    .strict();
+    });
 
 export type CreateClientBody = z.infer<typeof createClientSchema>;
 
diff --git a/server/routers/client/deleteClient.ts b/server/routers/client/deleteClient.ts
index a7512574..1f514c65 100644
--- a/server/routers/client/deleteClient.ts
+++ b/server/routers/client/deleteClient.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteClientSchema = z
-    .object({
-        clientId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deleteClientSchema = z.strictObject({
+        clientId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/client/getClient.ts b/server/routers/client/getClient.ts
index d362526f..a8730faf 100644
--- a/server/routers/client/getClient.ts
+++ b/server/routers/client/getClient.ts
@@ -11,11 +11,9 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getClientSchema = z
-    .object({
-        clientId: z.string().transform(stoi).pipe(z.number().int().positive())
-    })
-    .strict();
+const getClientSchema = z.strictObject({
+        clientId: z.string().transform(stoi).pipe(z.int().positive())
+    });
 
 async function query(clientId: number) {
     // Get the client
diff --git a/server/routers/client/listClients.ts b/server/routers/client/listClients.ts
index 209b54b4..dfac03a7 100644
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -78,11 +78,9 @@ async function getLatestOlmVersion(): Promise<string | null> {
 }
 
 
-const listClientsParamsSchema = z
-    .object({
+const listClientsParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listClientsSchema = z.object({
     limit: z
@@ -90,13 +88,13 @@ const listClientsSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function queryClients(orgId: string, accessibleClientIds: number[]) {
diff --git a/server/routers/client/pickClientDefaults.ts b/server/routers/client/pickClientDefaults.ts
index 6f452142..3d447ecd 100644
--- a/server/routers/client/pickClientDefaults.ts
+++ b/server/routers/client/pickClientDefaults.ts
@@ -15,11 +15,9 @@ export type PickClientDefaultsResponse = {
     subnet: string;
 };
 
-const pickClientDefaultsSchema = z
-    .object({
+const pickClientDefaultsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/routers/client/updateClient.ts b/server/routers/client/updateClient.ts
index d458c4f8..27f85238 100644
--- a/server/routers/client/updateClient.ts
+++ b/server/routers/client/updateClient.ts
@@ -20,20 +20,16 @@ import {
 import { sendToExitNode } from "#dynamic/lib/exitNodes";
 import { hashPassword } from "@server/auth/password";
 
-const updateClientParamsSchema = z
-    .object({
-        clientId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const updateClientParamsSchema = z.strictObject({
+        clientId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const updateClientSchema = z
-    .object({
+const updateClientSchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         siteIds: z
-            .array(z.number().int().positive())
+            .array(z.int().positive())
             .optional(),
-    })
-    .strict();
+    });
 
 export type UpdateClientBody = z.infer<typeof updateClientSchema>;
 
diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
index 4c2451e3..3f223bce 100644
--- a/server/routers/domain/createOrgDomain.ts
+++ b/server/routers/domain/createOrgDomain.ts
@@ -15,20 +15,16 @@ import { isSecondLevelDomain, isValidDomain } from "@server/lib/validators";
 import { build } from "@server/build";
 import config from "@server/lib/config";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         type: z.enum(["ns", "cname", "wildcard"]),
         baseDomain: subdomainSchema,
         certResolver: z.string().optional().nullable(),
         preferWildcardCert: z.boolean().optional().nullable() // optional, only for wildcard
-    })
-    .strict();
+    });
 
 
 export type CreateDomainResponse = {
diff --git a/server/routers/domain/deleteOrgDomain.ts b/server/routers/domain/deleteOrgDomain.ts
index 8836584b..fe4a4805 100644
--- a/server/routers/domain/deleteOrgDomain.ts
+++ b/server/routers/domain/deleteOrgDomain.ts
@@ -10,12 +10,10 @@ import { and, eq } from "drizzle-orm";
 import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         domainId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export type DeleteAccountDomainResponse = {
     success: boolean;
diff --git a/server/routers/domain/getDNSRecords.ts b/server/routers/domain/getDNSRecords.ts
index c705b4fa..239cc455 100644
--- a/server/routers/domain/getDNSRecords.ts
+++ b/server/routers/domain/getDNSRecords.ts
@@ -10,12 +10,10 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { getServerIp } from "@server/lib/serverIpService"; // your in-memory IP module
 
-const getDNSRecordsSchema = z
-    .object({
+const getDNSRecordsSchema = z.strictObject({
         domainId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 async function query(domainId: string) {
     const records = await db
diff --git a/server/routers/domain/getDomain.ts b/server/routers/domain/getDomain.ts
index 77bd18ae..408cf37d 100644
--- a/server/routers/domain/getDomain.ts
+++ b/server/routers/domain/getDomain.ts
@@ -10,14 +10,12 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { domain } from "zod/v4/core/regexes";
 
-const getDomainSchema = z
-    .object({
+const getDomainSchema = z.strictObject({
         domainId: z
             .string()
             .optional(),
         orgId: z.string().optional()
-    })
-    .strict();
+    });
 
 async function query(domainId?: string, orgId?: string) {
     if (domainId) {
diff --git a/server/routers/domain/listDomains.ts b/server/routers/domain/listDomains.ts
index 55ea99cb..48f22c6c 100644
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -10,28 +10,24 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listDomainsParamsSchema = z
-    .object({
+const listDomainsParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const listDomainsSchema = z
-    .object({
+const listDomainsSchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function queryDomains(orgId: string, limit: number, offset: number) {
     const res = await db
diff --git a/server/routers/domain/restartOrgDomain.ts b/server/routers/domain/restartOrgDomain.ts
index f40f2516..f2bf7c39 100644
--- a/server/routers/domain/restartOrgDomain.ts
+++ b/server/routers/domain/restartOrgDomain.ts
@@ -8,12 +8,10 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         domainId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export type RestartOrgDomainResponse = {
     success: boolean;
diff --git a/server/routers/domain/updateDomain.ts b/server/routers/domain/updateDomain.ts
index c684466e..08301189 100644
--- a/server/routers/domain/updateDomain.ts
+++ b/server/routers/domain/updateDomain.ts
@@ -9,19 +9,15 @@ import { fromError } from "zod-validation-error";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string(),
         domainId: z.string()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         certResolver: z.string().optional().nullable(),
         preferWildcardCert: z.boolean().optional().nullable()
-    })
-    .strict();
+    });
 
 export type UpdateDomainResponse = {
     domainId: string;
diff --git a/server/routers/idp/createIdpOrgPolicy.ts b/server/routers/idp/createIdpOrgPolicy.ts
index 448b39cd..b59d2fc7 100644
--- a/server/routers/idp/createIdpOrgPolicy.ts
+++ b/server/routers/idp/createIdpOrgPolicy.ts
@@ -11,19 +11,15 @@ import config from "@server/lib/config";
 import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         idpId: z.coerce.number(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         roleMapping: z.string().optional(),
         orgMapping: z.string().optional()
-    })
-    .strict();
+    });
 
 export type CreateIdpOrgPolicyResponse = {};
 
diff --git a/server/routers/idp/createOidcIdp.ts b/server/routers/idp/createOidcIdp.ts
index 67357d76..2548cb04 100644
--- a/server/routers/idp/createOidcIdp.ts
+++ b/server/routers/idp/createOidcIdp.ts
@@ -12,22 +12,20 @@ import { generateOidcRedirectUrl } from "@server/lib/idp/generateRedirectUrl";
 import { encrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 
-const paramsSchema = z.object({}).strict();
+const paramsSchema = z.strictObject({});
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         name: z.string().nonempty(),
         clientId: z.string().nonempty(),
         clientSecret: z.string().nonempty(),
-        authUrl: z.string().url(),
-        tokenUrl: z.string().url(),
+        authUrl: z.url(),
+        tokenUrl: z.url(),
         identifierPath: z.string().nonempty(),
         emailPath: z.string().optional(),
         namePath: z.string().optional(),
         scopes: z.string().nonempty(),
         autoProvision: z.boolean().optional()
-    })
-    .strict();
+    });
 
 export type CreateIdpResponse = {
     idpId: number;
diff --git a/server/routers/idp/deleteIdpOrgPolicy.ts b/server/routers/idp/deleteIdpOrgPolicy.ts
index 8314a6d5..424bae4f 100644
--- a/server/routers/idp/deleteIdpOrgPolicy.ts
+++ b/server/routers/idp/deleteIdpOrgPolicy.ts
@@ -10,12 +10,10 @@ import { idp, idpOrg } from "@server/db";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         idpId: z.coerce.number(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/idp/generateOidcUrl.ts b/server/routers/idp/generateOidcUrl.ts
index 3c81ce0b..d99f61ba 100644
--- a/server/routers/idp/generateOidcUrl.ts
+++ b/server/routers/idp/generateOidcUrl.ts
@@ -23,11 +23,9 @@ const paramsSchema = z
     })
     .strict();
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         redirectUrl: z.string()
-    })
-    .strict();
+    });
 
 const querySchema = z.object({
     orgId: z.string().optional() // check what actuall calls it
diff --git a/server/routers/idp/listIdpOrgPolicies.ts b/server/routers/idp/listIdpOrgPolicies.ts
index bd288837..481cddad 100644
--- a/server/routers/idp/listIdpOrgPolicies.ts
+++ b/server/routers/idp/listIdpOrgPolicies.ts
@@ -14,22 +14,20 @@ const paramsSchema = z.object({
     idpId: z.coerce.number()
 });
 
-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function query(idpId: number, limit: number, offset: number) {
     const res = await db
diff --git a/server/routers/idp/listIdps.ts b/server/routers/idp/listIdps.ts
index 150b9f88..8ce2ab78 100644
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -10,22 +10,20 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const querySchema = z
-    .object({
+const querySchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function query(limit: number, offset: number) {
     const res = await db
diff --git a/server/routers/idp/updateIdpOrgPolicy.ts b/server/routers/idp/updateIdpOrgPolicy.ts
index ecbc6dbd..586af476 100644
--- a/server/routers/idp/updateIdpOrgPolicy.ts
+++ b/server/routers/idp/updateIdpOrgPolicy.ts
@@ -10,19 +10,15 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         idpId: z.coerce.number(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         roleMapping: z.string().optional(),
         orgMapping: z.string().optional()
-    })
-    .strict();
+    });
 
 export type UpdateIdpOrgPolicyResponse = {};
 
diff --git a/server/routers/idp/updateOidcIdp.ts b/server/routers/idp/updateOidcIdp.ts
index 53ece68e..c7ba0b0b 100644
--- a/server/routers/idp/updateOidcIdp.ts
+++ b/server/routers/idp/updateOidcIdp.ts
@@ -18,8 +18,7 @@ const paramsSchema = z
     })
     .strict();
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         name: z.string().optional(),
         clientId: z.string().optional(),
         clientSecret: z.string().optional(),
@@ -32,8 +31,7 @@ const bodySchema = z
         autoProvision: z.boolean().optional(),
         defaultRoleMapping: z.string().optional(),
         defaultOrgMapping: z.string().optional()
-    })
-    .strict();
+    });
 
 export type UpdateIdpResponse = {
     idpId: number;
diff --git a/server/routers/newt/createNewt.ts b/server/routers/newt/createNewt.ts
index 3066e4ea..930c04be 100644
--- a/server/routers/newt/createNewt.ts
+++ b/server/routers/newt/createNewt.ts
@@ -23,12 +23,10 @@ export type CreateNewtResponse = {
     secret: string;
 };
 
-const createNewtSchema = z
-    .object({
+const createNewtSchema = z.strictObject({
         newtId: z.string(),
         secret: z.string()
-    })
-    .strict();
+    });
 
 export async function createNewt(
     req: Request,
diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts
index 3eba94b9..fb40c398 100644
--- a/server/routers/newt/handleGetConfigMessage.ts
+++ b/server/routers/newt/handleGetConfigMessage.ts
@@ -18,7 +18,7 @@ import { sendToExitNode } from "#dynamic/lib/exitNodes";
 
 const inputSchema = z.object({
     publicKey: z.string(),
-    port: z.number().int().positive()
+    port: z.int().positive()
 });
 
 type Input = z.infer<typeof inputSchema>;
diff --git a/server/routers/olm/createOlm.ts b/server/routers/olm/createOlm.ts
index 3066e4ea..930c04be 100644
--- a/server/routers/olm/createOlm.ts
+++ b/server/routers/olm/createOlm.ts
@@ -23,12 +23,10 @@ export type CreateNewtResponse = {
     secret: string;
 };
 
-const createNewtSchema = z
-    .object({
+const createNewtSchema = z.strictObject({
         newtId: z.string(),
         secret: z.string()
-    })
-    .strict();
+    });
 
 export async function createNewt(
     req: Request,
diff --git a/server/routers/org/checkId.ts b/server/routers/org/checkId.ts
index c5d00002..2a898c30 100644
--- a/server/routers/org/checkId.ts
+++ b/server/routers/org/checkId.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function checkId(
     req: Request,
diff --git a/server/routers/org/createOrg.ts b/server/routers/org/createOrg.ts
index d8bcb9da..e44bf021 100644
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -27,13 +27,11 @@ import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 import { build } from "@server/build";
 
-const createOrgSchema = z
-    .object({
+const createOrgSchema = z.strictObject({
         orgId: z.string(),
         name: z.string().min(1).max(255),
         subnet: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "put",
diff --git a/server/routers/org/deleteOrg.ts b/server/routers/org/deleteOrg.ts
index 8a424e5b..0e21a8c0 100644
--- a/server/routers/org/deleteOrg.ts
+++ b/server/routers/org/deleteOrg.ts
@@ -13,11 +13,9 @@ import { sendToClient } from "#dynamic/routers/ws";
 import { deletePeer } from "../gerbil/peers";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteOrgSchema = z
-    .object({
+const deleteOrgSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export type DeleteOrgResponse = {};
 
diff --git a/server/routers/org/getOrg.ts b/server/routers/org/getOrg.ts
index 2497f9a6..38a1c6ba 100644
--- a/server/routers/org/getOrg.ts
+++ b/server/routers/org/getOrg.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getOrgSchema = z
-    .object({
+const getOrgSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export type GetOrgResponse = {
     org: Org;
diff --git a/server/routers/org/getOrgOverview.ts b/server/routers/org/getOrgOverview.ts
index 67a14464..90883fd7 100644
--- a/server/routers/org/getOrgOverview.ts
+++ b/server/routers/org/getOrgOverview.ts
@@ -18,11 +18,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromZodError } from "zod-validation-error";
 
-const getOrgParamsSchema = z
-    .object({
+const getOrgParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export type GetOrgOverviewResponse = {
     orgName: string;
diff --git a/server/routers/org/listOrgs.ts b/server/routers/org/listOrgs.ts
index 07705e48..5819dc25 100644
--- a/server/routers/org/listOrgs.ts
+++ b/server/routers/org/listOrgs.ts
@@ -16,13 +16,13 @@ const listOrgsSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 registry.registerPath({
diff --git a/server/routers/org/listUserOrgs.ts b/server/routers/org/listUserOrgs.ts
index e3c0d06f..eb500250 100644
--- a/server/routers/org/listUserOrgs.ts
+++ b/server/routers/org/listUserOrgs.ts
@@ -20,13 +20,13 @@ const listOrgsSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 // registry.registerPath({
diff --git a/server/routers/org/updateOrg.ts b/server/routers/org/updateOrg.ts
index 8ab809e4..6e7a9b35 100644
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -15,14 +15,11 @@ import { getOrgTierData } from "#dynamic/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 import { cache } from "@server/lib/cache";
 
-const updateOrgParamsSchema = z
-    .object({
+const updateOrgParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const updateOrgBodySchema = z
-    .object({
+const updateOrgBodySchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         requireTwoFactor: z.boolean().optional(),
         maxSessionLengthHours: z.number().nullable().optional(),
@@ -40,9 +37,8 @@ const updateOrgBodySchema = z
             .min(build === "saas" ? 0 : -1)
             .optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     });
 
 registry.registerPath({
diff --git a/server/routers/resource/addEmailToResourceWhitelist.ts b/server/routers/resource/addEmailToResourceWhitelist.ts
index c0d80468..f9cee838 100644
--- a/server/routers/resource/addEmailToResourceWhitelist.ts
+++ b/server/routers/resource/addEmailToResourceWhitelist.ts
@@ -10,29 +10,22 @@ import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const addEmailToResourceWhitelistBodySchema = z
-    .object({
-        email: z
-            .string()
-            .email()
+const addEmailToResourceWhitelistBodySchema = z.strictObject({
+        email: z.email()
             .or(
                 z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
-                    message:
-                        "Invalid email address. Wildcard (*) must be the entire local part."
+                    error: "Invalid email address. Wildcard (*) must be the entire local part."
                 })
             )
             .transform((v) => v.toLowerCase())
-    })
-    .strict();
+    });
 
-const addEmailToResourceWhitelistParamsSchema = z
-    .object({
+const addEmailToResourceWhitelistParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/authWithAccessToken.ts b/server/routers/resource/authWithAccessToken.ts
index bf0a9697..81ca7fbc 100644
--- a/server/routers/resource/authWithAccessToken.ts
+++ b/server/routers/resource/authWithAccessToken.ts
@@ -15,22 +15,18 @@ import config from "@server/lib/config";
 import stoi from "@server/lib/stoi";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 
-const authWithAccessTokenBodySchema = z
-    .object({
+const authWithAccessTokenBodySchema = z.strictObject({
         accessToken: z.string(),
         accessTokenId: z.string().optional()
-    })
-    .strict();
+    });
 
-const authWithAccessTokenParamsSchema = z
-    .object({
+const authWithAccessTokenParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .optional()
             .transform(stoi)
-            .pipe(z.number().int().positive().optional())
-    })
-    .strict();
+            .pipe(z.int().positive().optional())
+    });
 
 export type AuthWithAccessTokenResponse = {
     session?: string;
diff --git a/server/routers/resource/authWithPassword.ts b/server/routers/resource/authWithPassword.ts
index 97daea3b..4c1f2058 100644
--- a/server/routers/resource/authWithPassword.ts
+++ b/server/routers/resource/authWithPassword.ts
@@ -15,20 +15,16 @@ import { verifyPassword } from "@server/auth/password";
 import config from "@server/lib/config";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 
-export const authWithPasswordBodySchema = z
-    .object({
+export const authWithPasswordBodySchema = z.strictObject({
         password: z.string()
-    })
-    .strict();
+    });
 
-export const authWithPasswordParamsSchema = z
-    .object({
+export const authWithPasswordParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export type AuthWithPasswordResponse = {
     session?: string;
diff --git a/server/routers/resource/authWithPincode.ts b/server/routers/resource/authWithPincode.ts
index 8ce5c1fe..59f80ee0 100644
--- a/server/routers/resource/authWithPincode.ts
+++ b/server/routers/resource/authWithPincode.ts
@@ -14,20 +14,16 @@ import { verifyPassword } from "@server/auth/password";
 import config from "@server/lib/config";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 
-export const authWithPincodeBodySchema = z
-    .object({
+export const authWithPincodeBodySchema = z.strictObject({
         pincode: z.string()
-    })
-    .strict();
+    });
 
-export const authWithPincodeParamsSchema = z
-    .object({
+export const authWithPincodeParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export type AuthWithPincodeResponse = {
     session?: string;
diff --git a/server/routers/resource/authWithWhitelist.ts b/server/routers/resource/authWithWhitelist.ts
index 11e417b6..11f84043 100644
--- a/server/routers/resource/authWithWhitelist.ts
+++ b/server/routers/resource/authWithWhitelist.ts
@@ -14,21 +14,17 @@ import logger from "@server/logger";
 import config from "@server/lib/config";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 
-const authWithWhitelistBodySchema = z
-    .object({
-        email: z.string().toLowerCase().email(),
+const authWithWhitelistBodySchema = z.strictObject({
+        email: z.email().toLowerCase(),
         otp: z.string().optional()
-    })
-    .strict();
+    });
 
-const authWithWhitelistParamsSchema = z
-    .object({
+const authWithWhitelistParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export type AuthWithWhitelistResponse = {
     otpSent?: boolean;
diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts
index 2a4e67a7..b9ab3ce5 100644
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -25,14 +25,11 @@ import { createCertificate } from "#dynamic/routers/certificates/createCertifica
 import { getUniqueResourceName } from "@server/db/names";
 import { validateAndConstructDomain } from "@server/lib/domainUtils";
 
-const createResourceParamsSchema = z
-    .object({
+const createResourceParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const createHttpResourceSchema = z
-    .object({
+const createHttpResourceSchema = z.strictObject({
         name: z.string().min(1).max(255),
         subdomain: z.string().nullable().optional(),
         http: z.boolean(),
@@ -40,7 +37,6 @@ const createHttpResourceSchema = z
         domainId: z.string(),
         stickySession: z.boolean().optional(),
     })
-    .strict()
     .refine(
         (data) => {
             if (data.subdomain) {
@@ -48,18 +44,18 @@ const createHttpResourceSchema = z
             }
             return true;
         },
-        { message: "Invalid subdomain" }
+        {
+            error: "Invalid subdomain"
+        }
     );
 
-const createRawResourceSchema = z
-    .object({
+const createRawResourceSchema = z.strictObject({
         name: z.string().min(1).max(255),
         http: z.boolean(),
         protocol: z.enum(["tcp", "udp"]),
-        proxyPort: z.number().int().min(1).max(65535)
+        proxyPort: z.int().min(1).max(65535)
         // enableProxy: z.boolean().default(true) // always true now
     })
-    .strict()
     .refine(
         (data) => {
             if (!config.getRawConfig().flags?.allow_raw_resources) {
@@ -70,7 +66,7 @@ const createRawResourceSchema = z
             return true;
         },
         {
-            message: "Raw resources are not allowed"
+            error: "Raw resources are not allowed"
         }
     );
 
diff --git a/server/routers/resource/createResourceRule.ts b/server/routers/resource/createResourceRule.ts
index 1a5c07c2..c3e086b0 100644
--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@@ -15,24 +15,20 @@ import {
 } from "@server/lib/validators";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const createResourceRuleSchema = z
-    .object({
+const createResourceRuleSchema = z.strictObject({
         action: z.enum(["ACCEPT", "DROP", "PASS"]),
         match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]),
         value: z.string().min(1),
-        priority: z.number().int(),
+        priority: z.int(),
         enabled: z.boolean().optional()
-    })
-    .strict();
+    });
 
-const createResourceRuleParamsSchema = z
-    .object({
+const createResourceRuleParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "put",
diff --git a/server/routers/resource/deleteResource.ts b/server/routers/resource/deleteResource.ts
index 3b0e9df4..a81208a5 100644
--- a/server/routers/resource/deleteResource.ts
+++ b/server/routers/resource/deleteResource.ts
@@ -14,14 +14,12 @@ import { getAllowedIps } from "../target/helpers";
 import { OpenAPITags, registry } from "@server/openApi";
 
 // Define Zod schema for request parameters validation
-const deleteResourceSchema = z
-    .object({
+const deleteResourceSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/resource/deleteResourceRule.ts b/server/routers/resource/deleteResourceRule.ts
index 6b404651..58cb7b48 100644
--- a/server/routers/resource/deleteResourceRule.ts
+++ b/server/routers/resource/deleteResourceRule.ts
@@ -10,15 +10,13 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteResourceRuleSchema = z
-    .object({
-        ruleId: z.string().transform(Number).pipe(z.number().int().positive()),
+const deleteResourceRuleSchema = z.strictObject({
+        ruleId: z.string().transform(Number).pipe(z.int().positive()),
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/resource/getExchangeToken.ts b/server/routers/resource/getExchangeToken.ts
index 28975234..8a0276a0 100644
--- a/server/routers/resource/getExchangeToken.ts
+++ b/server/routers/resource/getExchangeToken.ts
@@ -16,14 +16,12 @@ import { response } from "@server/lib/response";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { logAccessAudit } from "#dynamic/lib/logAccessAudit";
 
-const getExchangeTokenParams = z
-    .object({
+const getExchangeTokenParams = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export type GetExchangeTokenResponse = {
     requestToken: string;
diff --git a/server/routers/resource/getResource.ts b/server/routers/resource/getResource.ts
index 0fdcdd0c..f2ce559e 100644
--- a/server/routers/resource/getResource.ts
+++ b/server/routers/resource/getResource.ts
@@ -11,18 +11,16 @@ import logger from "@server/logger";
 import stoi from "@server/lib/stoi";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getResourceSchema = z
-    .object({
+const getResourceSchema = z.strictObject({
         resourceId: z
             .string()
             .optional()
             .transform(stoi)
-            .pipe(z.number().int().positive().optional())
+            .pipe(z.int().positive().optional())
             .optional(),
         niceId: z.string().optional(),
         orgId: z.string().optional()
-    })
-    .strict();
+    });
 
 async function query(resourceId?: number, niceId?: string, orgId?: string) {
     if (resourceId) {
diff --git a/server/routers/resource/getResourceAuthInfo.ts b/server/routers/resource/getResourceAuthInfo.ts
index 834da7b3..60f8e586 100644
--- a/server/routers/resource/getResourceAuthInfo.ts
+++ b/server/routers/resource/getResourceAuthInfo.ts
@@ -15,11 +15,9 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { build } from "@server/build";
 
-const getResourceAuthInfoSchema = z
-    .object({
+const getResourceAuthInfoSchema = z.strictObject({
         resourceGuid: z.string()
-    })
-    .strict();
+    });
 
 export type GetResourceAuthInfoResponse = {
     resourceId: number;
diff --git a/server/routers/resource/getResourceWhitelist.ts b/server/routers/resource/getResourceWhitelist.ts
index 415cb714..3171352a 100644
--- a/server/routers/resource/getResourceWhitelist.ts
+++ b/server/routers/resource/getResourceWhitelist.ts
@@ -10,14 +10,12 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getResourceWhitelistSchema = z
-    .object({
+const getResourceWhitelistSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 async function queryWhitelist(resourceId: number) {
     return await db
diff --git a/server/routers/resource/listResourceRoles.ts b/server/routers/resource/listResourceRoles.ts
index 4676b01e..3dbb8c0d 100644
--- a/server/routers/resource/listResourceRoles.ts
+++ b/server/routers/resource/listResourceRoles.ts
@@ -10,14 +10,12 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listResourceRolesSchema = z
-    .object({
+const listResourceRolesSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 async function query(resourceId: number) {
     return await db
diff --git a/server/routers/resource/listResourceRules.ts b/server/routers/resource/listResourceRules.ts
index 727d50ba..bc2516a0 100644
--- a/server/routers/resource/listResourceRules.ts
+++ b/server/routers/resource/listResourceRules.ts
@@ -10,14 +10,12 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listResourceRulesParamsSchema = z
-    .object({
+const listResourceRulesParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 const listResourceRulesSchema = z.object({
     limit: z
@@ -25,13 +23,13 @@ const listResourceRulesSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function queryResourceRules(resourceId: number) {
diff --git a/server/routers/resource/listResourceUsers.ts b/server/routers/resource/listResourceUsers.ts
index 0d96ac0d..b07bcf0a 100644
--- a/server/routers/resource/listResourceUsers.ts
+++ b/server/routers/resource/listResourceUsers.ts
@@ -10,14 +10,12 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listResourceUsersSchema = z
-    .object({
+const listResourceUsersSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 async function queryUsers(resourceId: number) {
     return await db
diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts
index e612d5ec..a72dd763 100644
--- a/server/routers/resource/listResources.ts
+++ b/server/routers/resource/listResources.ts
@@ -20,11 +20,9 @@ import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { warn } from "console";
 
-const listResourcesParamsSchema = z
-    .object({
+const listResourcesParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listResourcesSchema = z.object({
     limit: z
@@ -32,14 +30,14 @@ const listResourcesSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().nonnegative()),
+        .pipe(z.int().nonnegative()),
 
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 // (resource fields + a single joined target)
diff --git a/server/routers/resource/removeEmailFromResourceWhitelist.ts b/server/routers/resource/removeEmailFromResourceWhitelist.ts
index 7667bf28..c2cac2de 100644
--- a/server/routers/resource/removeEmailFromResourceWhitelist.ts
+++ b/server/routers/resource/removeEmailFromResourceWhitelist.ts
@@ -10,29 +10,22 @@ import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const removeEmailFromResourceWhitelistBodySchema = z
-    .object({
-        email: z
-            .string()
-            .email()
+const removeEmailFromResourceWhitelistBodySchema = z.strictObject({
+        email: z.email()
             .or(
                 z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
-                    message:
-                        "Invalid email address. Wildcard (*) must be the entire local part."
+                    error: "Invalid email address. Wildcard (*) must be the entire local part."
                 })
             )
             .transform((v) => v.toLowerCase())
-    })
-    .strict();
+    });
 
-const removeEmailFromResourceWhitelistParamsSchema = z
-    .object({
+const removeEmailFromResourceWhitelistParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/setResourceHeaderAuth.ts b/server/routers/resource/setResourceHeaderAuth.ts
index dc0d417d..87ffbacd 100644
--- a/server/routers/resource/setResourceHeaderAuth.ts
+++ b/server/routers/resource/setResourceHeaderAuth.ts
@@ -11,15 +11,13 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";
 
 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive())
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
 });
 
-const setResourceAuthMethodsBodySchema = z
-    .object({
+const setResourceAuthMethodsBodySchema = z.strictObject({
         user: z.string().min(4).max(100).nullable(),
         password: z.string().min(4).max(100).nullable()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/setResourcePassword.ts b/server/routers/resource/setResourcePassword.ts
index 5ff485d2..3f9ce9f1 100644
--- a/server/routers/resource/setResourcePassword.ts
+++ b/server/routers/resource/setResourcePassword.ts
@@ -13,14 +13,12 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";
 
 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive())
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
 });
 
-const setResourceAuthMethodsBodySchema = z
-    .object({
+const setResourceAuthMethodsBodySchema = z.strictObject({
         password: z.string().min(4).max(100).nullable()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/setResourcePincode.ts b/server/routers/resource/setResourcePincode.ts
index 83af3c7a..6a88a279 100644
--- a/server/routers/resource/setResourcePincode.ts
+++ b/server/routers/resource/setResourcePincode.ts
@@ -14,17 +14,15 @@ import { hashPassword } from "@server/auth/password";
 import { OpenAPITags, registry } from "@server/openApi";
 
 const setResourceAuthMethodsParamsSchema = z.object({
-    resourceId: z.string().transform(Number).pipe(z.number().int().positive())
+    resourceId: z.string().transform(Number).pipe(z.int().positive())
 });
 
-const setResourceAuthMethodsBodySchema = z
-    .object({
+const setResourceAuthMethodsBodySchema = z.strictObject({
         pincode: z
             .string()
             .regex(/^\d{6}$/)
             .or(z.null())
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/setResourceRoles.ts b/server/routers/resource/setResourceRoles.ts
index 7ea76d21..19b7b601 100644
--- a/server/routers/resource/setResourceRoles.ts
+++ b/server/routers/resource/setResourceRoles.ts
@@ -10,20 +10,16 @@ import { fromError } from "zod-validation-error";
 import { eq, and, ne } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const setResourceRolesBodySchema = z
-    .object({
-        roleIds: z.array(z.number().int().positive())
-    })
-    .strict();
+const setResourceRolesBodySchema = z.strictObject({
+        roleIds: z.array(z.int().positive())
+    });
 
-const setResourceRolesParamsSchema = z
-    .object({
+const setResourceRolesParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/setResourceUsers.ts b/server/routers/resource/setResourceUsers.ts
index 152c0f88..b5eca17c 100644
--- a/server/routers/resource/setResourceUsers.ts
+++ b/server/routers/resource/setResourceUsers.ts
@@ -10,20 +10,16 @@ import { fromError } from "zod-validation-error";
 import { eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const setUserResourcesBodySchema = z
-    .object({
+const setUserResourcesBodySchema = z.strictObject({
         userIds: z.array(z.string())
-    })
-    .strict();
+    });
 
-const setUserResourcesParamsSchema = z
-    .object({
+const setUserResourcesParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/setResourceWhitelist.ts b/server/routers/resource/setResourceWhitelist.ts
index 16c9150b..417ef6d9 100644
--- a/server/routers/resource/setResourceWhitelist.ts
+++ b/server/routers/resource/setResourceWhitelist.ts
@@ -10,33 +10,26 @@ import { fromError } from "zod-validation-error";
 import { and, eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const setResourceWhitelistBodySchema = z
-    .object({
+const setResourceWhitelistBodySchema = z.strictObject({
         emails: z
             .array(
-                z
-                    .string()
-                    .email()
+                z.email()
                     .or(
                         z.string().regex(/^\*@[\w.-]+\.[a-zA-Z]{2,}$/, {
-                            message:
-                                "Invalid email address. Wildcard (*) must be the entire local part."
+                            error: "Invalid email address. Wildcard (*) must be the entire local part."
                         })
                     )
             )
             .max(50)
             .transform((v) => v.map((e) => e.toLowerCase()))
-    })
-    .strict();
+    });
 
-const setResourceWhitelistParamsSchema = z
-    .object({
+const setResourceWhitelistParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "post",
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index 04a57ec1..1008bac9 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -25,17 +25,14 @@ import { validateAndConstructDomain } from "@server/lib/domainUtils";
 import { validateHeaders } from "@server/lib/validators";
 import { build } from "@server/build";
 
-const updateResourceParamsSchema = z
-    .object({
+const updateResourceParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
-const updateHttpResourceBodySchema = z
-    .object({
+const updateHttpResourceBodySchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         niceId: z.string().min(1).max(255).optional(),
         subdomain: subdomainSchema.nullable().optional(),
@@ -49,15 +46,14 @@ const updateHttpResourceBodySchema = z
         stickySession: z.boolean().optional(),
         tlsServerName: z.string().nullable().optional(),
         setHostHeader: z.string().nullable().optional(),
-        skipToIdpId: z.number().int().positive().nullable().optional(),
+        skipToIdpId: z.int().positive().nullable().optional(),
         headers: z
-            .array(z.object({ name: z.string(), value: z.string() }))
+            .array(z.strictObject({ name: z.string(), value: z.string() }))
             .nullable()
             .optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     })
     .refine(
         (data) => {
@@ -66,7 +62,9 @@ const updateHttpResourceBodySchema = z
             }
             return true;
         },
-        { message: "Invalid subdomain" }
+        {
+            error: "Invalid subdomain"
+        }
     )
     .refine(
         (data) => {
@@ -76,8 +74,7 @@ const updateHttpResourceBodySchema = z
             return true;
         },
         {
-            message:
-                "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name."
+            error: "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name."
         }
     )
     .refine(
@@ -88,26 +85,23 @@ const updateHttpResourceBodySchema = z
             return true;
         },
         {
-            message:
-                "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
+            error: "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header."
         }
     );
 
 export type UpdateResourceResponse = Resource;
 
-const updateRawResourceBodySchema = z
-    .object({
+const updateRawResourceBodySchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         niceId: z.string().min(1).max(255).optional(),
-        proxyPort: z.number().int().min(1).max(65535).optional(),
+        proxyPort: z.int().min(1).max(65535).optional(),
         stickySession: z.boolean().optional(),
         enabled: z.boolean().optional(),
         proxyProtocol: z.boolean().optional(),
-        proxyProtocolVersion: z.number().int().min(1).optional()
+        proxyProtocolVersion: z.int().min(1).optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     })
     .refine(
         (data) => {
@@ -118,7 +112,9 @@ const updateRawResourceBodySchema = z
             }
             return true;
         },
-        { message: "Cannot update proxyPort" }
+        {
+            error: "Cannot update proxyPort"
+        }
     );
 
 registry.registerPath({
diff --git a/server/routers/resource/updateResourceRule.ts b/server/routers/resource/updateResourceRule.ts
index 8df70c0f..b92c3d07 100644
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@@ -16,28 +16,24 @@ import {
 import { OpenAPITags, registry } from "@server/openApi";
 
 // Define Zod schema for request parameters validation
-const updateResourceRuleParamsSchema = z
-    .object({
-        ruleId: z.string().transform(Number).pipe(z.number().int().positive()),
+const updateResourceRuleParamsSchema = z.strictObject({
+        ruleId: z.string().transform(Number).pipe(z.int().positive()),
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 // Define Zod schema for request body validation
-const updateResourceRuleSchema = z
-    .object({
+const updateResourceRuleSchema = z.strictObject({
         action: z.enum(["ACCEPT", "DROP", "PASS"]).optional(),
         match: z.enum(["CIDR", "IP", "PATH", "COUNTRY"]).optional(),
         value: z.string().min(1).optional(),
-        priority: z.number().int(),
+        priority: z.int(),
         enabled: z.boolean().optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     });
 
 registry.registerPath({
diff --git a/server/routers/role/addRoleAction.ts b/server/routers/role/addRoleAction.ts
index 62ab87b5..74540b78 100644
--- a/server/routers/role/addRoleAction.ts
+++ b/server/routers/role/addRoleAction.ts
@@ -9,17 +9,13 @@ import logger from "@server/logger";
 import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 
-const addRoleActionParamSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const addRoleActionParamSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const addRoleActionSchema = z
-    .object({
+const addRoleActionSchema = z.strictObject({
         actionId: z.string()
-    })
-    .strict();
+    });
 
 export async function addRoleAction(
     req: Request,
diff --git a/server/routers/role/addRoleSite.ts b/server/routers/role/addRoleSite.ts
index d268eed4..d33c733d 100644
--- a/server/routers/role/addRoleSite.ts
+++ b/server/routers/role/addRoleSite.ts
@@ -9,17 +9,13 @@ import logger from "@server/logger";
 import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 
-const addRoleSiteParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const addRoleSiteParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const addRoleSiteSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const addRoleSiteSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function addRoleSite(
     req: Request,
diff --git a/server/routers/role/createRole.ts b/server/routers/role/createRole.ts
index f66c95e2..26573c6c 100644
--- a/server/routers/role/createRole.ts
+++ b/server/routers/role/createRole.ts
@@ -11,18 +11,14 @@ import { ActionsEnum } from "@server/auth/actions";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const createRoleParamsSchema = z
-    .object({
+const createRoleParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const createRoleSchema = z
-    .object({
+const createRoleSchema = z.strictObject({
         name: z.string().min(1).max(255),
         description: z.string().optional()
-    })
-    .strict();
+    });
 
 export const defaultRoleAllowedActions: ActionsEnum[] = [
     ActionsEnum.getOrg,
diff --git a/server/routers/role/deleteRole.ts b/server/routers/role/deleteRole.ts
index 6806386e..e4d89b2f 100644
--- a/server/routers/role/deleteRole.ts
+++ b/server/routers/role/deleteRole.ts
@@ -10,17 +10,13 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteRoleSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deleteRoleSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const deelteRoleBodySchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deelteRoleBodySchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/role/getRole.ts b/server/routers/role/getRole.ts
index 66dbb68f..afd6e83a 100644
--- a/server/routers/role/getRole.ts
+++ b/server/routers/role/getRole.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getRoleSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const getRoleSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/routers/role/listRoleActions.ts b/server/routers/role/listRoleActions.ts
index cdf1391b..8392c296 100644
--- a/server/routers/role/listRoleActions.ts
+++ b/server/routers/role/listRoleActions.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const listRoleActionsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listRoleActionsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function listRoleActions(
     req: Request,
diff --git a/server/routers/role/listRoleResources.ts b/server/routers/role/listRoleResources.ts
index ba254f1d..57a84c5c 100644
--- a/server/routers/role/listRoleResources.ts
+++ b/server/routers/role/listRoleResources.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const listRoleResourcesSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listRoleResourcesSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function listRoleResources(
     req: Request,
diff --git a/server/routers/role/listRoleSites.ts b/server/routers/role/listRoleSites.ts
index 72f49e3a..f35e367c 100644
--- a/server/routers/role/listRoleSites.ts
+++ b/server/routers/role/listRoleSites.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const listRoleSitesSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listRoleSitesSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function listRoleSites(
     req: Request,
diff --git a/server/routers/role/listRoles.ts b/server/routers/role/listRoles.ts
index 56ae8a3a..14a5c2d1 100644
--- a/server/routers/role/listRoles.ts
+++ b/server/routers/role/listRoles.ts
@@ -11,11 +11,9 @@ import { fromError } from "zod-validation-error";
 import stoi from "@server/lib/stoi";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listRolesParamsSchema = z
-    .object({
+const listRolesParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listRolesSchema = z.object({
     limit: z
@@ -23,13 +21,13 @@ const listRolesSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().nonnegative()),
+        .pipe(z.int().nonnegative()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 async function queryRoles(orgId: string, limit: number, offset: number) {
diff --git a/server/routers/role/removeRoleAction.ts b/server/routers/role/removeRoleAction.ts
index e643ae04..25fbaa29 100644
--- a/server/routers/role/removeRoleAction.ts
+++ b/server/routers/role/removeRoleAction.ts
@@ -9,17 +9,13 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeRoleActionParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleActionParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const removeRoleActionSchema = z
-    .object({
+const removeRoleActionSchema = z.strictObject({
         actionId: z.string()
-    })
-    .strict();
+    });
 
 export async function removeRoleAction(
     req: Request,
diff --git a/server/routers/role/removeRoleResource.ts b/server/routers/role/removeRoleResource.ts
index 4068b0bd..d2c7cae9 100644
--- a/server/routers/role/removeRoleResource.ts
+++ b/server/routers/role/removeRoleResource.ts
@@ -9,20 +9,16 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeRoleResourceParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleResourceParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const removeRoleResourceSchema = z
-    .object({
+const removeRoleResourceSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export async function removeRoleResource(
     req: Request,
diff --git a/server/routers/role/removeRoleSite.ts b/server/routers/role/removeRoleSite.ts
index 2670272d..8092eed1 100644
--- a/server/routers/role/removeRoleSite.ts
+++ b/server/routers/role/removeRoleSite.ts
@@ -9,17 +9,13 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeRoleSiteParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleSiteParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const removeRoleSiteSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const removeRoleSiteSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function removeRoleSite(
     req: Request,
diff --git a/server/routers/role/updateRole.ts b/server/routers/role/updateRole.ts
index 793be6eb..136ca389 100644
--- a/server/routers/role/updateRole.ts
+++ b/server/routers/role/updateRole.ts
@@ -9,20 +9,16 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const updateRoleParamsSchema = z
-    .object({
-        roleId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const updateRoleParamsSchema = z.strictObject({
+        roleId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const updateRoleBodySchema = z
-    .object({
+const updateRoleBodySchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         description: z.string().optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     });
 
 export async function updateRole(
diff --git a/server/routers/site/createSite.ts b/server/routers/site/createSite.ts
index f98a01dc..81a35451 100644
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -19,16 +19,13 @@ import { isIpInCidr } from "@server/lib/ip";
 import { verifyExitNodeOrgAccess } from "#dynamic/lib/exitNodes";
 import { build } from "@server/build";
 
-const createSiteParamsSchema = z
-    .object({
+const createSiteParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const createSiteSchema = z
-    .object({
+const createSiteSchema = z.strictObject({
         name: z.string().min(1).max(255),
-        exitNodeId: z.number().int().positive().optional(),
+        exitNodeId: z.int().positive().optional(),
         // subdomain: z
         //     .string()
         //     .min(1)
@@ -41,8 +38,7 @@ const createSiteSchema = z
         secret: z.string().optional(),
         address: z.string().optional(),
         type: z.enum(["newt", "wireguard", "local"])
-    })
-    .strict();
+    });
 // .refine((data) => {
 //     if (data.type === "local") {
 //         return !config.getRawConfig().flags?.disable_local_sites;
diff --git a/server/routers/site/deleteSite.ts b/server/routers/site/deleteSite.ts
index 7a12e24a..a086e143 100644
--- a/server/routers/site/deleteSite.ts
+++ b/server/routers/site/deleteSite.ts
@@ -12,11 +12,9 @@ import { fromError } from "zod-validation-error";
 import { sendToClient } from "#dynamic/routers/ws";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteSiteSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deleteSiteSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/site/getSite.ts b/server/routers/site/getSite.ts
index a9785fa4..b6ce346a 100644
--- a/server/routers/site/getSite.ts
+++ b/server/routers/site/getSite.ts
@@ -11,18 +11,16 @@ import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getSiteSchema = z
-    .object({
+const getSiteSchema = z.strictObject({
         siteId: z
             .string()
             .optional()
             .transform(stoi)
-            .pipe(z.number().int().positive().optional())
+            .pipe(z.int().positive().optional())
             .optional(),
         niceId: z.string().optional(),
         orgId: z.string().optional()
-    })
-    .strict();
+    });
 
 async function query(siteId?: number, niceId?: string, orgId?: string) {
     if (siteId) {
diff --git a/server/routers/site/listSiteRoles.ts b/server/routers/site/listSiteRoles.ts
index 009e0907..ec66d3c5 100644
--- a/server/routers/site/listSiteRoles.ts
+++ b/server/routers/site/listSiteRoles.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const listSiteRolesSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const listSiteRolesSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function listSiteRoles(
     req: Request,
diff --git a/server/routers/site/listSites.ts b/server/routers/site/listSites.ts
index cddf8c4b..f0854764 100644
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -68,11 +68,9 @@ async function getLatestNewtVersion(): Promise<string | null> {
     }
 }
 
-const listSitesParamsSchema = z
-    .object({
+const listSitesParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listSitesSchema = z.object({
     limit: z
@@ -80,13 +78,13 @@ const listSitesSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function querySites(orgId: string, accessibleSiteIds: number[]) {
diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts
index c4b3a087..029ae322 100644
--- a/server/routers/site/pickSiteDefaults.ts
+++ b/server/routers/site/pickSiteDefaults.ts
@@ -44,11 +44,9 @@ registry.registerPath({
     responses: {}
 });
 
-const pickSiteDefaultsSchema = z
-    .object({
+const pickSiteDefaultsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function pickSiteDefaults(
     req: Request,
diff --git a/server/routers/site/socketIntegration.ts b/server/routers/site/socketIntegration.ts
index 3a52dcd2..33893000 100644
--- a/server/routers/site/socketIntegration.ts
+++ b/server/routers/site/socketIntegration.ts
@@ -46,18 +46,14 @@ export interface Container {
     networks: Record<string, ContainerNetwork>;
 }
 
-const siteIdParamsSchema = z
-    .object({
-        siteId: z.string().transform(stoi).pipe(z.number().int().positive())
-    })
-    .strict();
+const siteIdParamsSchema = z.strictObject({
+        siteId: z.string().transform(stoi).pipe(z.int().positive())
+    });
 
-const DockerStatusSchema = z
-    .object({
+const DockerStatusSchema = z.strictObject({
         isAvailable: z.boolean(),
         socketPath: z.string().optional()
-    })
-    .strict();
+    });
 
 function validateSiteIdParams(params: any) {
     const parsedParams = siteIdParamsSchema.safeParse(params);
diff --git a/server/routers/site/updateSite.ts b/server/routers/site/updateSite.ts
index 2041420c..4c25d4c5 100644
--- a/server/routers/site/updateSite.ts
+++ b/server/routers/site/updateSite.ts
@@ -11,14 +11,11 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { isValidCIDR } from "@server/lib/validators";
 
-const updateSiteParamsSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const updateSiteParamsSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const updateSiteBodySchema = z
-    .object({
+const updateSiteBodySchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         niceId: z.string().min(1).max(255).optional(),
         dockerSocketEnabled: z.boolean().optional(),
@@ -37,9 +34,8 @@ const updateSiteBodySchema = z
         // megabytesIn: z.number().int().nonnegative().optional(),
         // megabytesOut: z.number().int().nonnegative().optional(),
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     });
 
 registry.registerPath({
diff --git a/server/routers/siteResource/createSiteResource.ts b/server/routers/siteResource/createSiteResource.ts
index ca223b04..b77b52e4 100644
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -12,23 +12,19 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { addTargets } from "../client/targets";
 import { getUniqueSiteResourceName } from "@server/db/names";
 
-const createSiteResourceParamsSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive()),
+const createSiteResourceParamsSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive()),
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const createSiteResourceSchema = z
-    .object({
+const createSiteResourceSchema = z.strictObject({
         name: z.string().min(1).max(255),
         protocol: z.enum(["tcp", "udp"]),
-        proxyPort: z.number().int().positive(),
-        destinationPort: z.number().int().positive(),
+        proxyPort: z.int().positive(),
+        destinationPort: z.int().positive(),
         destinationIp: z.string(),
         enabled: z.boolean().default(true)
-    })
-    .strict();
+    });
 
 export type CreateSiteResourceBody = z.infer<typeof createSiteResourceSchema>;
 export type CreateSiteResourceResponse = SiteResource;
diff --git a/server/routers/siteResource/deleteSiteResource.ts b/server/routers/siteResource/deleteSiteResource.ts
index 347d4b53..02bc2c72 100644
--- a/server/routers/siteResource/deleteSiteResource.ts
+++ b/server/routers/siteResource/deleteSiteResource.ts
@@ -11,13 +11,11 @@ import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 import { removeTargets } from "../client/targets";
 
-const deleteSiteResourceParamsSchema = z
-    .object({
-        siteResourceId: z.string().transform(Number).pipe(z.number().int().positive()),
-        siteId: z.string().transform(Number).pipe(z.number().int().positive()),
+const deleteSiteResourceParamsSchema = z.strictObject({
+        siteResourceId: z.string().transform(Number).pipe(z.int().positive()),
+        siteId: z.string().transform(Number).pipe(z.int().positive()),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export type DeleteSiteResourceResponse = {
     message: string;
diff --git a/server/routers/siteResource/getSiteResource.ts b/server/routers/siteResource/getSiteResource.ts
index 09c01eb0..48f10b8b 100644
--- a/server/routers/siteResource/getSiteResource.ts
+++ b/server/routers/siteResource/getSiteResource.ts
@@ -10,19 +10,17 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getSiteResourceParamsSchema = z
-    .object({
+const getSiteResourceParamsSchema = z.strictObject({
         siteResourceId: z
             .string()
             .optional()
             .transform((val) => val ? Number(val) : undefined)
-            .pipe(z.number().int().positive().optional())
+            .pipe(z.int().positive().optional())
             .optional(),
-        siteId: z.string().transform(Number).pipe(z.number().int().positive()),
+        siteId: z.string().transform(Number).pipe(z.int().positive()),
         niceId: z.string().optional(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 async function query(siteResourceId?: number, siteId?: number, niceId?: string, orgId?: string) {
     if (siteResourceId && siteId && orgId) {
diff --git a/server/routers/siteResource/listAllSiteResourcesByOrg.ts b/server/routers/siteResource/listAllSiteResourcesByOrg.ts
index 948fc2c2..96b9a668 100644
--- a/server/routers/siteResource/listAllSiteResourcesByOrg.ts
+++ b/server/routers/siteResource/listAllSiteResourcesByOrg.ts
@@ -10,11 +10,9 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listAllSiteResourcesByOrgParamsSchema = z
-    .object({
+const listAllSiteResourcesByOrgParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listAllSiteResourcesByOrgQuerySchema = z.object({
     limit: z
@@ -22,13 +20,13 @@ const listAllSiteResourcesByOrgQuerySchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 export type ListAllSiteResourcesByOrgResponse = {
diff --git a/server/routers/siteResource/listSiteResources.ts b/server/routers/siteResource/listSiteResources.ts
index 7fdb7a85..e530952d 100644
--- a/server/routers/siteResource/listSiteResources.ts
+++ b/server/routers/siteResource/listSiteResources.ts
@@ -10,12 +10,10 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listSiteResourcesParamsSchema = z
-    .object({
-        siteId: z.string().transform(Number).pipe(z.number().int().positive()),
+const listSiteResourcesParamsSchema = z.strictObject({
+        siteId: z.string().transform(Number).pipe(z.int().positive()),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 const listSiteResourcesQuerySchema = z.object({
     limit: z
@@ -23,13 +21,13 @@ const listSiteResourcesQuerySchema = z.object({
         .optional()
         .default("100")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 export type ListSiteResourcesResponse = {
diff --git a/server/routers/siteResource/updateSiteResource.ts b/server/routers/siteResource/updateSiteResource.ts
index f6f71124..fd316e74 100644
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -11,27 +11,23 @@ import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 import { addTargets } from "../client/targets";
 
-const updateSiteResourceParamsSchema = z
-    .object({
+const updateSiteResourceParamsSchema = z.strictObject({
         siteResourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive()),
-        siteId: z.string().transform(Number).pipe(z.number().int().positive()),
+            .pipe(z.int().positive()),
+        siteId: z.string().transform(Number).pipe(z.int().positive()),
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const updateSiteResourceSchema = z
-    .object({
+const updateSiteResourceSchema = z.strictObject({
         name: z.string().min(1).max(255).optional(),
         protocol: z.enum(["tcp", "udp"]).optional(),
-        proxyPort: z.number().int().positive().optional(),
-        destinationPort: z.number().int().positive().optional(),
+        proxyPort: z.int().positive().optional(),
+        destinationPort: z.int().positive().optional(),
         destinationIp: z.string().optional(),
         enabled: z.boolean().optional()
-    })
-    .strict();
+    });
 
 export type UpdateSiteResourceBody = z.infer<typeof updateSiteResourceSchema>;
 export type UpdateSiteResourceResponse = SiteResource;
diff --git a/server/routers/supporterKey/validateSupporterKey.ts b/server/routers/supporterKey/validateSupporterKey.ts
index 338c920e..d8b16421 100644
--- a/server/routers/supporterKey/validateSupporterKey.ts
+++ b/server/routers/supporterKey/validateSupporterKey.ts
@@ -9,12 +9,10 @@ import { supporterKey } from "@server/db";
 import { db } from "@server/db";
 import config from "@server/lib/config";
 
-const validateSupporterKeySchema = z
-    .object({
+const validateSupporterKeySchema = z.strictObject({
         githubUsername: z.string().nonempty(),
         key: z.string().nonempty()
-    })
-    .strict();
+    });
 
 export type ValidateSupporterKeyResponse = {
     valid: boolean;
diff --git a/server/routers/target/createTarget.ts b/server/routers/target/createTarget.ts
index b35d8d2a..6cf29da3 100644
--- a/server/routers/target/createTarget.ts
+++ b/server/routers/target/createTarget.ts
@@ -15,44 +15,39 @@ import { pickPort } from "./helpers";
 import { isTargetValid } from "@server/lib/validators";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const createTargetParamsSchema = z
-    .object({
+const createTargetParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
-const createTargetSchema = z
-    .object({
-        siteId: z.number().int().positive(),
+const createTargetSchema = z.strictObject({
+        siteId: z.int().positive(),
         ip: z.string().refine(isTargetValid),
         method: z.string().optional().nullable(),
-        port: z.number().int().min(1).max(65535),
+        port: z.int().min(1).max(65535),
         enabled: z.boolean().default(true),
         hcEnabled: z.boolean().optional(),
         hcPath: z.string().min(1).optional().nullable(),
         hcScheme: z.string().optional().nullable(),
         hcMode: z.string().optional().nullable(),
         hcHostname: z.string().optional().nullable(),
-        hcPort: z.number().int().positive().optional().nullable(),
-        hcInterval: z.number().int().positive().min(5).optional().nullable(),
-        hcUnhealthyInterval: z
-            .number()
-            .int()
+        hcPort: z.int().positive().optional().nullable(),
+        hcInterval: z.int().positive().min(5).optional().nullable(),
+        hcUnhealthyInterval: z.int()
             .positive()
             .min(5)
             .optional()
             .nullable(),
-        hcTimeout: z.number().int().positive().min(1).optional().nullable(),
+        hcTimeout: z.int().positive().min(1).optional().nullable(),
         hcHeaders: z
-            .array(z.object({ name: z.string(), value: z.string() }))
+            .array(z.strictObject({ name: z.string(), value: z.string() }))
             .nullable()
             .optional(),
         hcFollowRedirects: z.boolean().optional().nullable(),
         hcMethod: z.string().min(1).optional().nullable(),
-        hcStatus: z.number().int().optional().nullable(),
+        hcStatus: z.int().optional().nullable(),
         path: z.string().optional().nullable(),
         pathMatchType: z
             .enum(["exact", "prefix", "regex"])
@@ -63,9 +58,8 @@ const createTargetSchema = z
             .enum(["exact", "prefix", "regex", "stripPrefix"])
             .optional()
             .nullable(),
-        priority: z.number().int().min(1).max(1000).optional().nullable()
-    })
-    .strict();
+        priority: z.int().min(1).max(1000).optional().nullable()
+    });
 
 export type CreateTargetResponse = Target & TargetHealthCheck;
 
diff --git a/server/routers/target/deleteTarget.ts b/server/routers/target/deleteTarget.ts
index 596691e4..a70b2a1e 100644
--- a/server/routers/target/deleteTarget.ts
+++ b/server/routers/target/deleteTarget.ts
@@ -13,11 +13,9 @@ import { removeTargets } from "../newt/targets";
 import { getAllowedIps } from "./helpers";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const deleteTargetSchema = z
-    .object({
-        targetId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const deleteTargetSchema = z.strictObject({
+        targetId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/target/getTarget.ts b/server/routers/target/getTarget.ts
index 864c02eb..7fe2e062 100644
--- a/server/routers/target/getTarget.ts
+++ b/server/routers/target/getTarget.ts
@@ -10,11 +10,9 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const getTargetSchema = z
-    .object({
-        targetId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const getTargetSchema = z.strictObject({
+        targetId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 type GetTargetResponse = Target & Omit<TargetHealthCheck, 'hcHeaders'> & {
     hcHeaders: { name: string; value: string; }[] | null;
diff --git a/server/routers/target/listTargets.ts b/server/routers/target/listTargets.ts
index 04966f6e..e97d577d 100644
--- a/server/routers/target/listTargets.ts
+++ b/server/routers/target/listTargets.ts
@@ -10,14 +10,12 @@ import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listTargetsParamsSchema = z
-    .object({
+const listTargetsParamsSchema = z.strictObject({
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 const listTargetsSchema = z.object({
     limit: z
@@ -25,13 +23,13 @@ const listTargetsSchema = z.object({
         .optional()
         .default("1000")
         .transform(Number)
-        .pipe(z.number().int().positive()),
+        .pipe(z.int().positive()),
     offset: z
         .string()
         .optional()
         .default("0")
         .transform(Number)
-        .pipe(z.number().int().nonnegative())
+        .pipe(z.int().nonnegative())
 });
 
 function queryTargets(resourceId: number) {
diff --git a/server/routers/target/updateTarget.ts b/server/routers/target/updateTarget.ts
index 6e9a8fc9..1889154c 100644
--- a/server/routers/target/updateTarget.ts
+++ b/server/routers/target/updateTarget.ts
@@ -15,47 +15,41 @@ import { isTargetValid } from "@server/lib/validators";
 import { OpenAPITags, registry } from "@server/openApi";
 import { vs } from "@react-email/components";
 
-const updateTargetParamsSchema = z
-    .object({
-        targetId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+const updateTargetParamsSchema = z.strictObject({
+        targetId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
-const updateTargetBodySchema = z
-    .object({
-        siteId: z.number().int().positive(),
+const updateTargetBodySchema = z.strictObject({
+        siteId: z.int().positive(),
         ip: z.string().refine(isTargetValid),
         method: z.string().min(1).max(10).optional().nullable(),
-        port: z.number().int().min(1).max(65535).optional(),
+        port: z.int().min(1).max(65535).optional(),
         enabled: z.boolean().optional(),
         hcEnabled: z.boolean().optional().nullable(),
         hcPath: z.string().min(1).optional().nullable(),
         hcScheme: z.string().optional().nullable(),
         hcMode: z.string().optional().nullable(),
         hcHostname: z.string().optional().nullable(),
-        hcPort: z.number().int().positive().optional().nullable(),
-        hcInterval: z.number().int().positive().min(5).optional().nullable(),
-        hcUnhealthyInterval: z
-            .number()
-            .int()
+        hcPort: z.int().positive().optional().nullable(),
+        hcInterval: z.int().positive().min(5).optional().nullable(),
+        hcUnhealthyInterval: z.int()
             .positive()
             .min(5)
             .optional()
             .nullable(),
-        hcTimeout: z.number().int().positive().min(1).optional().nullable(),
-        hcHeaders: z.array(z.object({ name: z.string(), value: z.string() })).nullable().optional(),
+        hcTimeout: z.int().positive().min(1).optional().nullable(),
+        hcHeaders: z.array(z.strictObject({ name: z.string(), value: z.string() })).nullable().optional(),
         hcFollowRedirects: z.boolean().optional().nullable(),
         hcMethod: z.string().min(1).optional().nullable(),
-        hcStatus: z.number().int().optional().nullable(),
+        hcStatus: z.int().optional().nullable(),
         path: z.string().optional().nullable(),
         pathMatchType: z.enum(["exact", "prefix", "regex"]).optional().nullable(),
         rewritePath: z.string().optional().nullable(),
         rewritePathType: z.enum(["exact", "prefix", "regex", "stripPrefix"]).optional().nullable(),
-        priority: z.number().int().min(1).max(1000).optional(),
+        priority: z.int().min(1).max(1000).optional(),
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     });
 
 registry.registerPath({
diff --git a/server/routers/user/acceptInvite.ts b/server/routers/user/acceptInvite.ts
index 5e4264f9..30f61134 100644
--- a/server/routers/user/acceptInvite.ts
+++ b/server/routers/user/acceptInvite.ts
@@ -13,12 +13,10 @@ import { verifySession } from "@server/auth/sessions/verifySession";
 import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 
-const acceptInviteBodySchema = z
-    .object({
+const acceptInviteBodySchema = z.strictObject({
         token: z.string(),
         inviteId: z.string()
-    })
-    .strict();
+    });
 
 export type AcceptInviteResponse = {
     accepted: boolean;
diff --git a/server/routers/user/addUserAction.ts b/server/routers/user/addUserAction.ts
index 074ebe9b..f75d5005 100644
--- a/server/routers/user/addUserAction.ts
+++ b/server/routers/user/addUserAction.ts
@@ -9,13 +9,11 @@ import logger from "@server/logger";
 import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 
-const addUserActionSchema = z
-    .object({
+const addUserActionSchema = z.strictObject({
         userId: z.string(),
         actionId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function addUserAction(
     req: Request,
diff --git a/server/routers/user/addUserRole.ts b/server/routers/user/addUserRole.ts
index 27f5e612..915ea64a 100644
--- a/server/routers/user/addUserRole.ts
+++ b/server/routers/user/addUserRole.ts
@@ -11,12 +11,10 @@ import { fromError } from "zod-validation-error";
 import stoi from "@server/lib/stoi";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const addUserRoleParamsSchema = z
-    .object({
+const addUserRoleParamsSchema = z.strictObject({
         userId: z.string(),
         roleId: z.string().transform(stoi).pipe(z.number())
-    })
-    .strict();
+    });
 
 export type AddUserRoleResponse = z.infer<typeof addUserRoleParamsSchema>;
 
diff --git a/server/routers/user/addUserSite.ts b/server/routers/user/addUserSite.ts
index f094e20e..38ef264c 100644
--- a/server/routers/user/addUserSite.ts
+++ b/server/routers/user/addUserSite.ts
@@ -9,12 +9,10 @@ import logger from "@server/logger";
 import { eq } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 
-const addUserSiteSchema = z
-    .object({
+const addUserSiteSchema = z.strictObject({
         userId: z.string(),
-        siteId: z.string().transform(Number).pipe(z.number().int().positive())
-    })
-    .strict();
+        siteId: z.string().transform(Number).pipe(z.int().positive())
+    });
 
 export async function addUserSite(
     req: Request,
diff --git a/server/routers/user/adminGetUser.ts b/server/routers/user/adminGetUser.ts
index 0a961bec..bda14476 100644
--- a/server/routers/user/adminGetUser.ts
+++ b/server/routers/user/adminGetUser.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const adminGetUserSchema = z
-    .object({
+const adminGetUserSchema = z.strictObject({
         userId: z.string().min(1)
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/routers/user/adminListUsers.ts b/server/routers/user/adminListUsers.ts
index 308b9def..a3ad9cdd 100644
--- a/server/routers/user/adminListUsers.ts
+++ b/server/routers/user/adminListUsers.ts
@@ -9,22 +9,20 @@ import logger from "@server/logger";
 import { idp, users } from "@server/db";
 import { fromZodError } from "zod-validation-error";
 
-const listUsersSchema = z
-    .object({
+const listUsersSchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function queryUsers(limit: number, offset: number) {
     return await db
diff --git a/server/routers/user/adminRemoveUser.ts b/server/routers/user/adminRemoveUser.ts
index 14916ab9..02ad56d6 100644
--- a/server/routers/user/adminRemoveUser.ts
+++ b/server/routers/user/adminRemoveUser.ts
@@ -9,11 +9,9 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeUserSchema = z
-    .object({
+const removeUserSchema = z.strictObject({
         userId: z.string()
-    })
-    .strict();
+    });
 
 export async function adminRemoveUser(
     req: Request,
diff --git a/server/routers/user/adminUpdateUser2FA.ts b/server/routers/user/adminUpdateUser2FA.ts
index becd2091..4bb2486a 100644
--- a/server/routers/user/adminUpdateUser2FA.ts
+++ b/server/routers/user/adminUpdateUser2FA.ts
@@ -10,17 +10,13 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const updateUser2FAParamsSchema = z
-    .object({
+const updateUser2FAParamsSchema = z.strictObject({
         userId: z.string()
-    })
-    .strict();
+    });
 
-const updateUser2FABodySchema = z
-    .object({
+const updateUser2FABodySchema = z.strictObject({
         twoFactorSetupRequested: z.boolean()
-    })
-    .strict();
+    });
 
 export type UpdateUser2FAResponse = {
     userId: string;
diff --git a/server/routers/user/createOrgUser.ts b/server/routers/user/createOrgUser.ts
index 29f94641..dccd0d65 100644
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -16,21 +16,17 @@ import { build } from "@server/build";
 import { getOrgTierData } from "#dynamic/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         orgId: z.string().nonempty()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
-        email: z
-            .string()
+const bodySchema = z.strictObject({
+        email: z.email()
             .toLowerCase()
             .optional()
             .refine((data) => {
                 if (data) {
-                    return z.string().email().safeParse(data).success;
+                    return z.email().safeParse(data).success;
                 }
                 return true;
             }),
@@ -39,8 +35,7 @@ const bodySchema = z
         type: z.enum(["internal", "oidc"]).optional(),
         idpId: z.number().optional(),
         roleId: z.number()
-    })
-    .strict();
+    });
 
 export type CreateOrgUserResponse = {};
 
diff --git a/server/routers/user/getOrgUser.ts b/server/routers/user/getOrgUser.ts
index 02ffd92c..4e09afd6 100644
--- a/server/routers/user/getOrgUser.ts
+++ b/server/routers/user/getOrgUser.ts
@@ -46,12 +46,10 @@ export type GetOrgUserResponse = NonNullable<
     Awaited<ReturnType<typeof queryUser>>
 >;
 
-const getOrgUserParamsSchema = z
-    .object({
+const getOrgUserParamsSchema = z.strictObject({
         userId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "get",
diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts
index 1cae46c9..f43ebeb8 100644
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -21,21 +21,17 @@ import { FeatureId } from "@server/lib/billing";
 import { build } from "@server/build";
 import cache from "@server/lib/cache";
 
-const inviteUserParamsSchema = z
-    .object({
+const inviteUserParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const inviteUserBodySchema = z
-    .object({
-        email: z.string().toLowerCase().email(),
+const inviteUserBodySchema = z.strictObject({
+        email: z.email().toLowerCase(),
         roleId: z.number(),
         validHours: z.number().gt(0).lte(168),
         sendEmail: z.boolean().optional(),
         regenerate: z.boolean().optional()
-    })
-    .strict();
+    });
 
 export type InviteUserBody = z.infer<typeof inviteUserBodySchema>;
 
diff --git a/server/routers/user/listInvitations.ts b/server/routers/user/listInvitations.ts
index c91a136d..a61e2372 100644
--- a/server/routers/user/listInvitations.ts
+++ b/server/routers/user/listInvitations.ts
@@ -10,28 +10,24 @@ import logger from "@server/logger";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const listInvitationsParamsSchema = z
-    .object({
+const listInvitationsParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const listInvitationsQuerySchema = z
-    .object({
+const listInvitationsQuerySchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function queryInvitations(orgId: string, limit: number, offset: number) {
     return await db
diff --git a/server/routers/user/listUsers.ts b/server/routers/user/listUsers.ts
index a35da862..aa70874e 100644
--- a/server/routers/user/listUsers.ts
+++ b/server/routers/user/listUsers.ts
@@ -11,28 +11,24 @@ import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { eq } from "drizzle-orm";
 
-const listUsersParamsSchema = z
-    .object({
+const listUsersParamsSchema = z.strictObject({
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const listUsersSchema = z
-    .object({
+const listUsersSchema = z.strictObject({
         limit: z
             .string()
             .optional()
             .default("1000")
             .transform(Number)
-            .pipe(z.number().int().nonnegative()),
+            .pipe(z.int().nonnegative()),
         offset: z
             .string()
             .optional()
             .default("0")
             .transform(Number)
-            .pipe(z.number().int().nonnegative())
-    })
-    .strict();
+            .pipe(z.int().nonnegative())
+    });
 
 async function queryUsers(orgId: string, limit: number, offset: number) {
     return await db
diff --git a/server/routers/user/removeInvitation.ts b/server/routers/user/removeInvitation.ts
index e3ee40d0..44ec8c23 100644
--- a/server/routers/user/removeInvitation.ts
+++ b/server/routers/user/removeInvitation.ts
@@ -9,12 +9,10 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeInvitationParamsSchema = z
-    .object({
+const removeInvitationParamsSchema = z.strictObject({
         orgId: z.string(),
         inviteId: z.string()
-    })
-    .strict();
+    });
 
 export async function removeInvitation(
     req: Request,
diff --git a/server/routers/user/removeUserAction.ts b/server/routers/user/removeUserAction.ts
index f0bd7d92..6e4c1a66 100644
--- a/server/routers/user/removeUserAction.ts
+++ b/server/routers/user/removeUserAction.ts
@@ -9,18 +9,14 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeUserActionParamsSchema = z
-    .object({
+const removeUserActionParamsSchema = z.strictObject({
         userId: z.string()
-    })
-    .strict();
+    });
 
-const removeUserActionSchema = z
-    .object({
+const removeUserActionSchema = z.strictObject({
         actionId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 export async function removeUserAction(
     req: Request,
diff --git a/server/routers/user/removeUserOrg.ts b/server/routers/user/removeUserOrg.ts
index babccdd0..83ff6802 100644
--- a/server/routers/user/removeUserOrg.ts
+++ b/server/routers/user/removeUserOrg.ts
@@ -14,12 +14,10 @@ import { FeatureId } from "@server/lib/billing";
 import { build } from "@server/build";
 import { UserType } from "@server/types/UserTypes";
 
-const removeUserSchema = z
-    .object({
+const removeUserSchema = z.strictObject({
         userId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
 registry.registerPath({
     method: "delete",
diff --git a/server/routers/user/removeUserResource.ts b/server/routers/user/removeUserResource.ts
index 186e8032..14dbb540 100644
--- a/server/routers/user/removeUserResource.ts
+++ b/server/routers/user/removeUserResource.ts
@@ -9,15 +9,13 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeUserResourceSchema = z
-    .object({
+const removeUserResourceSchema = z.strictObject({
         userId: z.string(),
         resourceId: z
             .string()
             .transform(Number)
-            .pipe(z.number().int().positive())
-    })
-    .strict();
+            .pipe(z.int().positive())
+    });
 
 export async function removeUserResource(
     req: Request,
diff --git a/server/routers/user/removeUserSite.ts b/server/routers/user/removeUserSite.ts
index 7dbb4a15..6ed2288a 100644
--- a/server/routers/user/removeUserSite.ts
+++ b/server/routers/user/removeUserSite.ts
@@ -9,17 +9,13 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 
-const removeUserSiteParamsSchema = z
-    .object({
+const removeUserSiteParamsSchema = z.strictObject({
         userId: z.string()
-    })
-    .strict();
+    });
 
-const removeUserSiteSchema = z
-    .object({
-        siteId: z.number().int().positive()
-    })
-    .strict();
+const removeUserSiteSchema = z.strictObject({
+        siteId: z.int().positive()
+    });
 
 export async function removeUserSite(
     req: Request,
diff --git a/server/routers/user/updateOrgUser.ts b/server/routers/user/updateOrgUser.ts
index fb00b59f..e1000063 100644
--- a/server/routers/user/updateOrgUser.ts
+++ b/server/routers/user/updateOrgUser.ts
@@ -9,20 +9,16 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
-const paramsSchema = z
-    .object({
+const paramsSchema = z.strictObject({
         userId: z.string(),
         orgId: z.string()
-    })
-    .strict();
+    });
 
-const bodySchema = z
-    .object({
+const bodySchema = z.strictObject({
         autoProvisioned: z.boolean().optional()
     })
-    .strict()
     .refine((data) => Object.keys(data).length > 0, {
-        message: "At least one field must be provided for update"
+        error: "At least one field must be provided for update"
     });
 
 registry.registerPath({
diff --git a/src/app/[orgId]/settings/(private)/idp/[idpId]/general/page.tsx b/src/app/[orgId]/settings/(private)/idp/[idpId]/general/page.tsx
index 1d0a682f..73c6a3cf 100644
--- a/src/app/[orgId]/settings/(private)/idp/[idpId]/general/page.tsx
+++ b/src/app/[orgId]/settings/(private)/idp/[idpId]/general/page.tsx
@@ -76,8 +76,8 @@ export default function GeneralPage() {
             .min(1, { message: t("idpClientSecretRequired") }),
         roleMapping: z.string().nullable().optional(),
         roleId: z.number().nullable().optional(),
-        authUrl: z.string().url({ message: t("idpErrorAuthUrlInvalid") }),
-        tokenUrl: z.string().url({ message: t("idpErrorTokenUrlInvalid") }),
+        authUrl: z.url({ message: t("idpErrorAuthUrlInvalid") }),
+        tokenUrl: z.url({ message: t("idpErrorTokenUrlInvalid") }),
         identifierPath: z.string().min(1, { message: t("idpPathRequired") }),
         emailPath: z.string().nullable().optional(),
         namePath: z.string().nullable().optional(),
diff --git a/src/app/[orgId]/settings/(private)/idp/create/page.tsx b/src/app/[orgId]/settings/(private)/idp/create/page.tsx
index ba580ca0..8667abda 100644
--- a/src/app/[orgId]/settings/(private)/idp/create/page.tsx
+++ b/src/app/[orgId]/settings/(private)/idp/create/page.tsx
@@ -64,13 +64,9 @@ export default function Page() {
         clientSecret: z
             .string()
             .min(1, { message: t("idpClientSecretRequired") }),
-        authUrl: z
-            .string()
-            .url({ message: t("idpErrorAuthUrlInvalid") })
+        authUrl: z.url({ message: t("idpErrorAuthUrlInvalid") })
             .optional(),
-        tokenUrl: z
-            .string()
-            .url({ message: t("idpErrorTokenUrlInvalid") })
+        tokenUrl: z.url({ message: t("idpErrorTokenUrlInvalid") })
             .optional(),
         identifierPath: z
             .string()
diff --git a/src/app/[orgId]/settings/access/users/create/page.tsx b/src/app/[orgId]/settings/access/users/create/page.tsx
index d789b2e2..9417282d 100644
--- a/src/app/[orgId]/settings/access/users/create/page.tsx
+++ b/src/app/[orgId]/settings/access/users/create/page.tsx
@@ -91,7 +91,7 @@ export default function Page() {
     const [dataLoaded, setDataLoaded] = useState(false);
 
     const internalFormSchema = z.object({
-        email: z.string().email({ message: t("emailInvalid") }),
+        email: z.email({ message: t("emailInvalid") }),
         validForHours: z
             .string()
             .min(1, { message: t("inviteValidityDuration") }),
@@ -99,16 +99,14 @@ export default function Page() {
     });
 
     const googleAzureFormSchema = z.object({
-        email: z.string().email({ message: t("emailInvalid") }),
+        email: z.email({ message: t("emailInvalid") }),
         name: z.string().optional(),
         roleId: z.string().min(1, { message: t("accessRoleSelectPlease") })
     });
 
     const genericOidcFormSchema = z.object({
         username: z.string().min(1, { message: t("usernameRequired") }),
-        email: z
-            .string()
-            .email({ message: t("emailInvalid") })
+        email: z.email({ message: t("emailInvalid") })
             .optional()
             .or(z.literal("")),
         name: z.string().optional(),
diff --git a/src/app/[orgId]/settings/clients/create/page.tsx b/src/app/[orgId]/settings/clients/create/page.tsx
index b7194526..0f44d79c 100644
--- a/src/app/[orgId]/settings/clients/create/page.tsx
+++ b/src/app/[orgId]/settings/clients/create/page.tsx
@@ -103,7 +103,7 @@ export default function Page() {
             .refine((val) => val.length > 0, {
                 message: t("siteRequired")
             }),
-        subnet: z.string().ip().min(1, {
+        subnet: z.union([z.ipv4(), z.ipv6()]).min(1, {
             message: t("subnetRequired")
         })
     });
diff --git a/src/app/[orgId]/settings/resources/[niceId]/authentication/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/authentication/page.tsx
index 56c989c3..fe5f0ca2 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/authentication/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/authentication/page.tsx
@@ -921,9 +921,7 @@ export default function ResourceAuthenticationPage() {
                                                             validateTag={(
                                                                 tag
                                                             ) => {
-                                                                return z
-                                                                    .string()
-                                                                    .email()
+                                                                return z.email()
                                                                     .or(
                                                                         z
                                                                             .string()
diff --git a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
index 50155b3e..1e1ff56b 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/general/page.tsx
@@ -104,7 +104,7 @@ export default function GeneralForm() {
             name: z.string().min(1).max(255),
             niceId: z.string().min(1).max(255).optional(),
             domainId: z.string().optional(),
-            proxyPort: z.number().int().min(1).max(65535).optional(),
+            proxyPort: z.int().min(1).max(65535).optional(),
             // enableProxy: z.boolean().optional()
         })
         .refine(
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 461d3f1c..2e409cf0 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -123,10 +123,10 @@ const addTargetSchema = z
         ip: z.string().refine(isTargetValid),
         method: z.string().nullable(),
         port: z.coerce.number().int().positive(),
-        siteId: z
-            .number()
-            .int()
-            .positive({ message: "You must select a site for a target." }),
+        siteId: z.int()
+            .positive({
+                error: "You must select a site for a target."
+            }),
         path: z.string().optional().nullable(),
         pathMatchType: z
             .enum(["exact", "prefix", "regex"])
@@ -137,7 +137,7 @@ const addTargetSchema = z
             .enum(["exact", "prefix", "regex", "stripPrefix"])
             .optional()
             .nullable(),
-        priority: z.number().int().min(1).max(1000).optional()
+        priority: z.int().min(1).max(1000).optional()
     })
     .refine(
         (data) => {
@@ -169,7 +169,7 @@ const addTargetSchema = z
             return true;
         },
         {
-            message: "Invalid path configuration"
+            error: "Invalid path configuration"
         }
     )
     .refine(
@@ -185,7 +185,7 @@ const addTargetSchema = z
             return true;
         },
         {
-            message: "Invalid rewrite path configuration"
+            error: "Invalid rewrite path configuration"
         }
     );
 
@@ -292,7 +292,7 @@ export default function ReverseProxyTargets(props: {
             .array(z.object({ name: z.string(), value: z.string() }))
             .nullable(),
         proxyProtocol: z.boolean().optional(),
-        proxyProtocolVersion: z.number().int().min(1).max(2).optional()
+        proxyProtocolVersion: z.int().min(1).max(2).optional()
     });
 
     const tlsSettingsSchema = z.object({
diff --git a/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
index dada372f..0c011d94 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
@@ -440,9 +440,7 @@ export default function ResourceRules(props: {
                     type="number"
                     onClick={(e) => e.currentTarget.focus()}
                     onBlur={(e) => {
-                        const parsed = z.coerce
-                            .number()
-                            .int()
+                        const parsed = z.int()
                             .optional()
                             .safeParse(e.target.value);
 
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index ae5e452d..a4269a9f 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -128,7 +128,7 @@ const httpResourceFormSchema = z.object({
 
 const tcpUdpResourceFormSchema = z.object({
     protocol: z.string(),
-    proxyPort: z.number().int().min(1).max(65535)
+    proxyPort: z.int().min(1).max(65535)
     // enableProxy: z.boolean().default(false)
 });
 
@@ -137,7 +137,7 @@ const addTargetSchema = z
         ip: z.string().refine(isTargetValid),
         method: z.string().nullable(),
         port: z.coerce.number().int().positive(),
-        siteId: z.number().int().positive(),
+        siteId: z.int().positive(),
         path: z.string().optional().nullable(),
         pathMatchType: z
             .enum(["exact", "prefix", "regex"])
@@ -148,7 +148,7 @@ const addTargetSchema = z
             .enum(["exact", "prefix", "regex", "stripPrefix"])
             .optional()
             .nullable(),
-        priority: z.number().int().min(1).max(1000).optional()
+        priority: z.int().min(1).max(1000).optional()
     })
     .refine(
         (data) => {
@@ -180,7 +180,7 @@ const addTargetSchema = z
             return true;
         },
         {
-            message: "Invalid path configuration"
+            error: "Invalid path configuration"
         }
     )
     .refine(
@@ -196,7 +196,7 @@ const addTargetSchema = z
             return true;
         },
         {
-            message: "Invalid rewrite path configuration"
+            error: "Invalid rewrite path configuration"
         }
     );
 
diff --git a/src/app/admin/idp/[idpId]/general/page.tsx b/src/app/admin/idp/[idpId]/general/page.tsx
index 6274cda5..7eae6950 100644
--- a/src/app/admin/idp/[idpId]/general/page.tsx
+++ b/src/app/admin/idp/[idpId]/general/page.tsx
@@ -61,8 +61,8 @@ export default function GeneralPage() {
         name: z.string().min(2, { message: t('nameMin', {len: 2}) }),
         clientId: z.string().min(1, { message: t('idpClientIdRequired') }),
         clientSecret: z.string().min(1, { message: t('idpClientSecretRequired') }),
-        authUrl: z.string().url({ message: t('idpErrorAuthUrlInvalid') }),
-        tokenUrl: z.string().url({ message: t('idpErrorTokenUrlInvalid') }),
+        authUrl: z.url({ message: t('idpErrorAuthUrlInvalid') }),
+        tokenUrl: z.url({ message: t('idpErrorTokenUrlInvalid') }),
         identifierPath: z
             .string()
             .min(1, { message: t('idpPathRequired') }),
diff --git a/src/app/admin/idp/create/page.tsx b/src/app/admin/idp/create/page.tsx
index cd3682de..73d605a1 100644
--- a/src/app/admin/idp/create/page.tsx
+++ b/src/app/admin/idp/create/page.tsx
@@ -52,8 +52,8 @@ export default function Page() {
         type: z.enum(["oidc"]),
         clientId: z.string().min(1, { message: t('idpClientIdRequired') }),
         clientSecret: z.string().min(1, { message: t('idpClientSecretRequired') }),
-        authUrl: z.string().url({ message: t('idpErrorAuthUrlInvalid') }),
-        tokenUrl: z.string().url({ message: t('idpErrorTokenUrlInvalid') }),
+        authUrl: z.url({ message: t('idpErrorAuthUrlInvalid') }),
+        tokenUrl: z.url({ message: t('idpErrorTokenUrlInvalid') }),
         identifierPath: z
             .string()
             .min(1, { message: t('idpPathRequired') }),
diff --git a/src/app/auth/reset-password/ResetPasswordForm.tsx b/src/app/auth/reset-password/ResetPasswordForm.tsx
index 14199493..986c52e4 100644
--- a/src/app/auth/reset-password/ResetPasswordForm.tsx
+++ b/src/app/auth/reset-password/ResetPasswordForm.tsx
@@ -47,7 +47,7 @@ import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { useTranslations } from "next-intl";
 
 const requestSchema = z.object({
-    email: z.string().email()
+    email: z.email()
 });
 
 export type ResetPasswordFormProps = {
@@ -88,7 +88,7 @@ export default function ResetPasswordForm({
 
     const formSchema = z
         .object({
-            email: z.string().email({ message: t('emailInvalid') }),
+            email: z.email({ message: t('emailInvalid') }),
             token: z.string().min(8, { message: t('tokenInvalid') }),
             password: passwordSchema,
             confirmPassword: passwordSchema
diff --git a/src/components/CreateInternalResourceDialog.tsx b/src/components/CreateInternalResourceDialog.tsx
index 63dfc11d..68c62ff7 100644
--- a/src/components/CreateInternalResourceDialog.tsx
+++ b/src/components/CreateInternalResourceDialog.tsx
@@ -79,18 +79,14 @@ export default function CreateInternalResourceDialog({
             .string()
             .min(1, t("createInternalResourceDialogNameRequired"))
             .max(255, t("createInternalResourceDialogNameMaxLength")),
-        siteId: z.number().int().positive(t("createInternalResourceDialogPleaseSelectSite")),
+        siteId: z.int().positive(t("createInternalResourceDialogPleaseSelectSite")),
         protocol: z.enum(["tcp", "udp"]),
-        proxyPort: z
-            .number()
-            .int()
+        proxyPort: z.int()
             .positive()
             .min(1, t("createInternalResourceDialogProxyPortMin"))
             .max(65535, t("createInternalResourceDialogProxyPortMax")),
         destinationIp: z.string(),
-        destinationPort: z
-            .number()
-            .int()
+        destinationPort: z.int()
             .positive()
             .min(1, t("createInternalResourceDialogDestinationPortMin"))
             .max(65535, t("createInternalResourceDialogDestinationPortMax"))
diff --git a/src/components/EditInternalResourceDialog.tsx b/src/components/EditInternalResourceDialog.tsx
index d09f0b6c..629da6a8 100644
--- a/src/components/EditInternalResourceDialog.tsx
+++ b/src/components/EditInternalResourceDialog.tsx
@@ -72,9 +72,9 @@ export default function EditInternalResourceDialog({
     const formSchema = z.object({
         name: z.string().min(1, t("editInternalResourceDialogNameRequired")).max(255, t("editInternalResourceDialogNameMaxLength")),
         protocol: z.enum(["tcp", "udp"]),
-        proxyPort: z.number().int().positive().min(1, t("editInternalResourceDialogProxyPortMin")).max(65535, t("editInternalResourceDialogProxyPortMax")),
+        proxyPort: z.int().positive().min(1, t("editInternalResourceDialogProxyPortMin")).max(65535, t("editInternalResourceDialogProxyPortMax")),
         destinationIp: z.string(),
-        destinationPort: z.number().int().positive().min(1, t("editInternalResourceDialogDestinationPortMin")).max(65535, t("editInternalResourceDialogDestinationPortMax"))
+        destinationPort: z.int().positive().min(1, t("editInternalResourceDialogDestinationPortMin")).max(65535, t("editInternalResourceDialogDestinationPortMax"))
     });
 
     type FormData = z.infer<typeof formSchema>;
diff --git a/src/components/GenerateLicenseKeyForm.tsx b/src/components/GenerateLicenseKeyForm.tsx
index 7dfd34ee..6a8d402f 100644
--- a/src/components/GenerateLicenseKeyForm.tsx
+++ b/src/components/GenerateLicenseKeyForm.tsx
@@ -63,7 +63,7 @@ export default function GenerateLicenseKeyForm({
 
     // Personal form schema
     const personalFormSchema = z.object({
-        email: z.string().email(),
+        email: z.email(),
         firstName: z.string().min(1),
         lastName: z.string().min(1),
         primaryUse: z.string().min(1),
@@ -75,7 +75,7 @@ export default function GenerateLicenseKeyForm({
 
     // Business form schema
     const businessFormSchema = z.object({
-        email: z.string().email(),
+        email: z.email(),
         firstName: z.string().min(1),
         lastName: z.string().min(1),
         jobTitle: z.string().min(1),
diff --git a/src/components/HealthCheckDialog.tsx b/src/components/HealthCheckDialog.tsx
index 6fa36a5b..be5e5d45 100644
--- a/src/components/HealthCheckDialog.tsx
+++ b/src/components/HealthCheckDialog.tsx
@@ -80,24 +80,20 @@ export default function HealthCheckDialog({
         hcMethod: z
             .string()
             .min(1, { message: t("healthCheckMethodRequired") }),
-        hcInterval: z
-            .number()
-            .int()
+        hcInterval: z.int()
             .positive()
             .min(5, { message: t("healthCheckIntervalMin") }),
-        hcTimeout: z
-            .number()
-            .int()
+        hcTimeout: z.int()
             .positive()
             .min(1, { message: t("healthCheckTimeoutMin") }),
-        hcStatus: z.number().int().positive().min(100).optional().nullable(),
+        hcStatus: z.int().positive().min(100).optional().nullable(),
         hcHeaders: z.array(z.object({ name: z.string(), value: z.string() })).nullable().optional(),
         hcScheme: z.string().optional(),
         hcHostname: z.string(),
         hcPort: z.number().positive().gt(0).lte(65535),
         hcFollowRedirects: z.boolean(),
         hcMode: z.string(),
-        hcUnhealthyInterval: z.number().int().positive().min(5)
+        hcUnhealthyInterval: z.int().positive().min(5)
     });
 
     const form = useForm<z.infer<typeof healthCheckSchema>>({
diff --git a/src/components/IdpCreateWizard.tsx b/src/components/IdpCreateWizard.tsx
index 937bd309..58093e6c 100644
--- a/src/components/IdpCreateWizard.tsx
+++ b/src/components/IdpCreateWizard.tsx
@@ -59,8 +59,8 @@ export function IdpCreateWizard({ onSubmit, defaultValues, loading = false }: Id
         type: z.enum(["oidc"]),
         clientId: z.string().min(1, { message: t('idpClientIdRequired') }),
         clientSecret: z.string().min(1, { message: t('idpClientSecretRequired') }),
-        authUrl: z.string().url({ message: t('idpErrorAuthUrlInvalid') }),
-        tokenUrl: z.string().url({ message: t('idpErrorTokenUrlInvalid') }),
+        authUrl: z.url({ message: t('idpErrorAuthUrlInvalid') }),
+        tokenUrl: z.url({ message: t('idpErrorTokenUrlInvalid') }),
         identifierPath: z
             .string()
             .min(1, { message: t('idpPathRequired') }),
diff --git a/src/components/ResetPasswordForm.tsx b/src/components/ResetPasswordForm.tsx
index e3e677b0..570a87ec 100644
--- a/src/components/ResetPasswordForm.tsx
+++ b/src/components/ResetPasswordForm.tsx
@@ -47,7 +47,7 @@ import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { useTranslations } from "next-intl";
 
 const requestSchema = z.object({
-    email: z.string().email()
+    email: z.email()
 });
 
 export type ResetPasswordFormProps = {
@@ -88,7 +88,7 @@ export default function ResetPasswordForm({
 
     const formSchema = z
         .object({
-            email: z.string().email({ message: t('emailInvalid') }),
+            email: z.email({ message: t('emailInvalid') }),
             token: z.string().min(8, { message: t('tokenInvalid') }),
             password: passwordSchema,
             confirmPassword: passwordSchema
diff --git a/src/components/SupporterStatus.tsx b/src/components/SupporterStatus.tsx
index 5a1a10bc..baa3721c 100644
--- a/src/components/SupporterStatus.tsx
+++ b/src/components/SupporterStatus.tsx
@@ -74,8 +74,12 @@ export default function SupporterStatus({ isCollapsed = false }: SupporterStatus
     const formSchema = z.object({
         githubUsername: z
             .string()
-            .nonempty({ message: "GitHub username is required" }),
-        key: z.string().nonempty({ message: "Supporter key is required" })
+            .nonempty({
+                error: "GitHub username is required"
+            }),
+        key: z.string().nonempty({
+            error: "Supporter key is required"
+        })
     });
 
     const form = useForm({
diff --git a/src/components/VerifyEmailForm.tsx b/src/components/VerifyEmailForm.tsx
index 052ec359..39c07439 100644
--- a/src/components/VerifyEmailForm.tsx
+++ b/src/components/VerifyEmailForm.tsx
@@ -74,7 +74,7 @@ export default function VerifyEmailForm({
     }
 
     const FormSchema = z.object({
-        email: z.string().email({ message: t("emailInvalid") }),
+        email: z.email({ message: t("emailInvalid") }),
         pin: z.string().min(8, {
             message: t("verificationCodeLengthRequirements")
         })

From 58cf471bc46e4cd5cfb32d26348c2efad5613995 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Sun, 16 Nov 2025 14:29:19 +0000
Subject: [PATCH 68/70] fix z.coerce.number

---
 server/lib/validators.ts                                   | 4 ++--
 server/private/routers/loginPage/deleteLoginPage.ts        | 2 +-
 server/private/routers/loginPage/loadLoginPage.ts          | 4 ++--
 server/private/routers/loginPage/updateLoginPage.ts        | 2 +-
 server/private/routers/orgIdp/deleteOrgIdp.ts              | 2 +-
 server/private/routers/orgIdp/getOrgIdp.ts                 | 2 +-
 server/private/routers/orgIdp/updateOrgOidcIdp.ts          | 2 +-
 server/routers/idp/createIdpOrgPolicy.ts                   | 2 +-
 server/routers/idp/deleteIdp.ts                            | 2 +-
 server/routers/idp/deleteIdpOrgPolicy.ts                   | 2 +-
 server/routers/idp/generateOidcUrl.ts                      | 2 +-
 server/routers/idp/getIdp.ts                               | 2 +-
 server/routers/idp/listIdpOrgPolicies.ts                   | 2 +-
 server/routers/idp/updateIdpOrgPolicy.ts                   | 2 +-
 server/routers/idp/updateOidcIdp.ts                        | 2 +-
 server/routers/idp/validateOidcCallback.ts                 | 4 ++--
 src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx | 2 +-
 src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx | 2 +-
 src/app/[orgId]/settings/resources/create/page.tsx         | 2 +-
 src/components/CreateShareLinkForm.tsx                     | 2 +-
 src/components/GenerateLicenseKeyForm.tsx                  | 4 ++--
 21 files changed, 25 insertions(+), 25 deletions(-)

diff --git a/server/lib/validators.ts b/server/lib/validators.ts
index db6ff26b..5bdd7a14 100644
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -2,11 +2,11 @@ import z from "zod";
 import ipaddr from "ipaddr.js";
 
 export function isValidCIDR(cidr: string): boolean {
-    return z.string().cidr().safeParse(cidr).success;
+    return z.cidrv4().safeParse(cidr).success || z.cidrv6().safeParse(cidr).success;
 }
 
 export function isValidIP(ip: string): boolean {
-    return z.string().ip().safeParse(ip).success;
+    return z.ipv4().safeParse(ip).success || z.ipv6().safeParse(ip).success;
 }
 
 export function isValidUrlGlobPattern(pattern: string): boolean {
diff --git a/server/private/routers/loginPage/deleteLoginPage.ts b/server/private/routers/loginPage/deleteLoginPage.ts
index bf7941e7..5271ebd8 100644
--- a/server/private/routers/loginPage/deleteLoginPage.ts
+++ b/server/private/routers/loginPage/deleteLoginPage.ts
@@ -25,7 +25,7 @@ import { DeleteLoginPageResponse } from "@server/routers/loginPage/types";
 const paramsSchema = z
     .object({
         orgId: z.string(),
-        loginPageId: z.coerce.number()
+        loginPageId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/private/routers/loginPage/loadLoginPage.ts b/server/private/routers/loginPage/loadLoginPage.ts
index 06038201..1b10e205 100644
--- a/server/private/routers/loginPage/loadLoginPage.ts
+++ b/server/private/routers/loginPage/loadLoginPage.ts
@@ -23,8 +23,8 @@ import { fromError } from "zod-validation-error";
 import { LoadLoginPageResponse } from "@server/routers/loginPage/types";
 
 const querySchema = z.object({
-    resourceId: z.coerce.number().int().positive().optional(),
-    idpId: z.coerce.number().int().positive().optional(),
+    resourceId: z.coerce.number<number>().int().positive().optional(),
+    idpId: z.coerce.number<number>().int().positive().optional(),
     orgId: z.string().min(1).optional(),
     fullDomain: z.string().min(1)
 });
diff --git a/server/private/routers/loginPage/updateLoginPage.ts b/server/private/routers/loginPage/updateLoginPage.ts
index 8a8e8ab0..0d02b124 100644
--- a/server/private/routers/loginPage/updateLoginPage.ts
+++ b/server/private/routers/loginPage/updateLoginPage.ts
@@ -31,7 +31,7 @@ import { UpdateLoginPageResponse } from "@server/routers/loginPage/types";
 const paramsSchema = z
     .object({
         orgId: z.string(),
-        loginPageId: z.coerce.number()
+        loginPageId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/private/routers/orgIdp/deleteOrgIdp.ts b/server/private/routers/orgIdp/deleteOrgIdp.ts
index 711d1ce3..ca0112b2 100644
--- a/server/private/routers/orgIdp/deleteOrgIdp.ts
+++ b/server/private/routers/orgIdp/deleteOrgIdp.ts
@@ -26,7 +26,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 const paramsSchema = z
     .object({
         orgId: z.string().optional(), // Optional; used with org idp in saas
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/private/routers/orgIdp/getOrgIdp.ts b/server/private/routers/orgIdp/getOrgIdp.ts
index 0e6689fc..3ba85412 100644
--- a/server/private/routers/orgIdp/getOrgIdp.ts
+++ b/server/private/routers/orgIdp/getOrgIdp.ts
@@ -30,7 +30,7 @@ import { GetOrgIdpResponse } from "@server/routers/orgIdp/types";
 const paramsSchema = z
     .object({
         orgId: z.string().nonempty(),
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/private/routers/orgIdp/updateOrgOidcIdp.ts b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
index f3e76054..3826f6b3 100644
--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -31,7 +31,7 @@ import { TierId } from "@server/lib/billing/tiers";
 const paramsSchema = z
     .object({
         orgId: z.string().nonempty(),
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/routers/idp/createIdpOrgPolicy.ts b/server/routers/idp/createIdpOrgPolicy.ts
index b59d2fc7..b8c947b0 100644
--- a/server/routers/idp/createIdpOrgPolicy.ts
+++ b/server/routers/idp/createIdpOrgPolicy.ts
@@ -12,7 +12,7 @@ import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";
 
 const paramsSchema = z.strictObject({
-        idpId: z.coerce.number(),
+        idpId: z.coerce.number<number>(),
         orgId: z.string()
     });
 
diff --git a/server/routers/idp/deleteIdp.ts b/server/routers/idp/deleteIdp.ts
index 58b231b7..56c0ca98 100644
--- a/server/routers/idp/deleteIdp.ts
+++ b/server/routers/idp/deleteIdp.ts
@@ -13,7 +13,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 const paramsSchema = z
     .object({
         orgId: z.string().optional(), // Optional; used with org idp in saas
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/routers/idp/deleteIdpOrgPolicy.ts b/server/routers/idp/deleteIdpOrgPolicy.ts
index 424bae4f..c5f18282 100644
--- a/server/routers/idp/deleteIdpOrgPolicy.ts
+++ b/server/routers/idp/deleteIdpOrgPolicy.ts
@@ -11,7 +11,7 @@ import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 
 const paramsSchema = z.strictObject({
-        idpId: z.coerce.number(),
+        idpId: z.coerce.number<number>(),
         orgId: z.string()
     });
 
diff --git a/server/routers/idp/generateOidcUrl.ts b/server/routers/idp/generateOidcUrl.ts
index d99f61ba..2db8783f 100644
--- a/server/routers/idp/generateOidcUrl.ts
+++ b/server/routers/idp/generateOidcUrl.ts
@@ -19,7 +19,7 @@ import { TierId } from "@server/lib/billing/tiers";
 
 const paramsSchema = z
     .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/routers/idp/getIdp.ts b/server/routers/idp/getIdp.ts
index a202f4ea..e8651c84 100644
--- a/server/routers/idp/getIdp.ts
+++ b/server/routers/idp/getIdp.ts
@@ -14,7 +14,7 @@ import { decrypt } from "@server/lib/crypto";
 
 const paramsSchema = z
     .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/routers/idp/listIdpOrgPolicies.ts b/server/routers/idp/listIdpOrgPolicies.ts
index 481cddad..087b52f8 100644
--- a/server/routers/idp/listIdpOrgPolicies.ts
+++ b/server/routers/idp/listIdpOrgPolicies.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 
 const paramsSchema = z.object({
-    idpId: z.coerce.number()
+    idpId: z.coerce.number<number>()
 });
 
 const querySchema = z.strictObject({
diff --git a/server/routers/idp/updateIdpOrgPolicy.ts b/server/routers/idp/updateIdpOrgPolicy.ts
index 586af476..82d3b5f2 100644
--- a/server/routers/idp/updateIdpOrgPolicy.ts
+++ b/server/routers/idp/updateIdpOrgPolicy.ts
@@ -11,7 +11,7 @@ import { eq, and } from "drizzle-orm";
 import { idp, idpOrg } from "@server/db";
 
 const paramsSchema = z.strictObject({
-        idpId: z.coerce.number(),
+        idpId: z.coerce.number<number>(),
         orgId: z.string()
     });
 
diff --git a/server/routers/idp/updateOidcIdp.ts b/server/routers/idp/updateOidcIdp.ts
index c7ba0b0b..1dbdd00a 100644
--- a/server/routers/idp/updateOidcIdp.ts
+++ b/server/routers/idp/updateOidcIdp.ts
@@ -14,7 +14,7 @@ import config from "@server/lib/config";
 
 const paramsSchema = z
     .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
diff --git a/server/routers/idp/validateOidcCallback.ts b/server/routers/idp/validateOidcCallback.ts
index 7d1da1c5..e248f844 100644
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -40,7 +40,7 @@ const ensureTrailingSlash = (url: string): string => {
 
 const paramsSchema = z
     .object({
-        idpId: z.coerce.number()
+        idpId: z.coerce.number<number>()
     })
     .strict();
 
@@ -51,7 +51,7 @@ const bodySchema = z.object({
 });
 
 const querySchema = z.object({
-    loginPageId: z.coerce.number().optional()
+    loginPageId: z.coerce.number<number>().optional()
 });
 
 export type ValidateOidcUrlCallbackResponse = {
diff --git a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
index 2e409cf0..f7a5a559 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/proxy/page.tsx
@@ -122,7 +122,7 @@ const addTargetSchema = z
     .object({
         ip: z.string().refine(isTargetValid),
         method: z.string().nullable(),
-        port: z.coerce.number().int().positive(),
+        port: z.coerce.number<number>().int().positive(),
         siteId: z.int()
             .positive({
                 error: "You must select a site for a target."
diff --git a/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
index 0c011d94..9bcea073 100644
--- a/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
+++ b/src/app/[orgId]/settings/resources/[niceId]/rules/page.tsx
@@ -93,7 +93,7 @@ const addRuleSchema = z.object({
     action: z.enum(["ACCEPT", "DROP", "PASS"]),
     match: z.string(),
     value: z.string(),
-    priority: z.coerce.number().int().optional()
+    priority: z.coerce.number<number>().int().optional()
 });
 
 type LocalRule = ArrayElement<ListResourceRulesResponse["rules"]> & {
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index a4269a9f..c3655239 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -136,7 +136,7 @@ const addTargetSchema = z
     .object({
         ip: z.string().refine(isTargetValid),
         method: z.string().nullable(),
-        port: z.coerce.number().int().positive(),
+        port: z.coerce.number<number>().int().positive(),
         siteId: z.int().positive(),
         path: z.string().optional().nullable(),
         pathMatchType: z
diff --git a/src/components/CreateShareLinkForm.tsx b/src/components/CreateShareLinkForm.tsx
index 51cc52ab..3cc203f3 100644
--- a/src/components/CreateShareLinkForm.tsx
+++ b/src/components/CreateShareLinkForm.tsx
@@ -108,7 +108,7 @@ export default function CreateShareLinkForm({
         resourceName: z.string(),
         resourceUrl: z.string(),
         timeUnit: z.string(),
-        timeValue: z.coerce.number().int().positive().min(1),
+        timeValue: z.coerce.number<number>().int().positive().min(1),
         title: z.string().optional()
     });
 
diff --git a/src/components/GenerateLicenseKeyForm.tsx b/src/components/GenerateLicenseKeyForm.tsx
index 6a8d402f..6a380082 100644
--- a/src/components/GenerateLicenseKeyForm.tsx
+++ b/src/components/GenerateLicenseKeyForm.tsx
@@ -81,8 +81,8 @@ export default function GenerateLicenseKeyForm({
         jobTitle: z.string().min(1),
         primaryUse: z.string().min(1),
         industry: z.string().min(1),
-        prospectiveUsers: z.coerce.number().optional(),
-        prospectiveSites: z.coerce.number().optional(),
+        prospectiveUsers: z.coerce.number<number>().optional(),
+        prospectiveSites: z.coerce.number<number>().optional(),
         companyName: z.string().min(1),
         countryOfResidence: z.string().min(1),
         stateProvinceRegion: z.string().min(1),

From 5d2f65daa920898f38d3ffe72f32fa0a85c1b3f7 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Mon, 17 Nov 2025 13:23:30 +0000
Subject: [PATCH 69/70] fix for zod

---
 Makefile                                      |   5 +-
 server/lib/blueprints/types.ts                | 130 +++++-------------
 .../routers/auditLogs/queryAccessAuditLog.ts  |   2 +-
 .../routers/auditLogs/queryActionAuditLog.ts  |   2 +-
 .../routers/auditLogs/queryRequstAuditLog.ts  |   2 +-
 .../[orgId]/settings/clients/create/page.tsx  |   3 +-
 6 files changed, 44 insertions(+), 100 deletions(-)

diff --git a/Makefile b/Makefile
index 3d4d8ad8..8805a3b7 100644
--- a/Makefile
+++ b/Makefile
@@ -101,4 +101,7 @@ test-local:
 	- npx tsc --noEmit
 	- docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest .
 	- docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest .
-	
\ No newline at end of file
+	npm run set:saas
+	- npx tsc --noEmit
+	- docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-saas-latest .
+	- docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:saas-latest .
\ No newline at end of file
diff --git a/server/lib/blueprints/types.ts b/server/lib/blueprints/types.ts
index 490cd7f8..a5ee5700 100644
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -116,6 +116,20 @@ export const ResourceSchema = z
                     (target) => target == null || target.method !== undefined
                 );
             }
+            return true;
+        },
+        {
+            path: ["targets"],
+            error: "When protocol is 'http', all targets must have a 'method' field"
+
+        }
+    )
+    .refine(
+        (resource) => {
+            if (isTargetsOnlyResource(resource)) {
+                return true;
+            }
+
             // If protocol is tcp or udp, no target should have method field
             if (resource.protocol === "tcp" || resource.protocol === "udp") {
                 return resource.targets.every(
@@ -124,19 +138,9 @@ export const ResourceSchema = z
             }
             return true;
         },
-        (resource) => {
-            if (resource.protocol === "http") {
-                return {
-                    message:
-                        "When protocol is 'http', all targets must have a 'method' field",
-                    path: ["targets"]
-                };
-            }
-            return {
-                message:
-                    "When protocol is 'tcp' or 'udp', targets must not have a 'method' field",
-                path: ["targets"]
-            };
+        {
+            path: ["targets"],
+            error: "When protocol is 'tcp' or 'udp', targets must not have a 'method' field"
         }
     )
     .refine(
@@ -218,30 +222,6 @@ export const ConfigSchema = z
     })
     .refine(
         // Enforce the full-domain uniqueness across resources in the same stack
-        (config) => {
-            // Extract all full-domain values with their resource keys
-            const fullDomainMap = new Map<string, string[]>();
-
-            Object.entries(config["proxy-resources"]).forEach(
-                ([resourceKey, resource]) => {
-                    const fullDomain = resource["full-domain"];
-                    if (fullDomain) {
-                        // Only process if full-domain is defined
-                        if (!fullDomainMap.has(fullDomain)) {
-                            fullDomainMap.set(fullDomain, []);
-                        }
-                        fullDomainMap.get(fullDomain)!.push(resourceKey);
-                    }
-                }
-            );
-
-            // Find duplicates
-            const duplicates = Array.from(fullDomainMap.entries()).filter(
-                ([_, resourceKeys]) => resourceKeys.length > 1
-            );
-
-            return duplicates.length === 0;
-        },
         (config) => {
             // Extract duplicates for error message
             const fullDomainMap = new Map<string, string[]>();
@@ -267,38 +247,16 @@ export const ConfigSchema = z
                 )
                 .join("; ");
 
-            return {
-                message: `Duplicate 'full-domain' values found: ${duplicates}`,
-                path: ["resources"]
-            };
+            if (duplicates.length !== 0) {
+                return {
+                    path: ["resources"],
+                    error: `Duplicate 'full-domain' values found: ${duplicates}`
+                };
+            }
         }
     )
     .refine(
         // Enforce proxy-port uniqueness within proxy-resources per protocol
-        (config) => {
-            const protocolPortMap = new Map<string, string[]>();
-
-            Object.entries(config["proxy-resources"]).forEach(
-                ([resourceKey, resource]) => {
-                    const proxyPort = resource["proxy-port"];
-                    const protocol = resource.protocol;
-                    if (proxyPort !== undefined && protocol !== undefined) {
-                        const key = `${protocol}:${proxyPort}`;
-                        if (!protocolPortMap.has(key)) {
-                            protocolPortMap.set(key, []);
-                        }
-                        protocolPortMap.get(key)!.push(resourceKey);
-                    }
-                }
-            );
-
-            // Find duplicates
-            const duplicates = Array.from(protocolPortMap.entries()).filter(
-                ([_, resourceKeys]) => resourceKeys.length > 1
-            );
-
-            return duplicates.length === 0;
-        },
         (config) => {
             // Extract duplicates for error message
             const protocolPortMap = new Map<string, string[]>();
@@ -327,36 +285,16 @@ export const ConfigSchema = z
                 )
                 .join("; ");
 
-            return {
-                message: `Duplicate 'proxy-port' values found in proxy-resources: ${duplicates}`,
-                path: ["proxy-resources"]
-            };
+            if (duplicates.length !== 0) {
+                return {
+                    path: ["proxy-resources"],
+                    error: `Duplicate 'proxy-port' values found in proxy-resources: ${duplicates}`
+                };
+            }
         }
     )
     .refine(
         // Enforce proxy-port uniqueness within client-resources
-        (config) => {
-            const proxyPortMap = new Map<number, string[]>();
-
-            Object.entries(config["client-resources"]).forEach(
-                ([resourceKey, resource]) => {
-                    const proxyPort = resource["proxy-port"];
-                    if (proxyPort !== undefined) {
-                        if (!proxyPortMap.has(proxyPort)) {
-                            proxyPortMap.set(proxyPort, []);
-                        }
-                        proxyPortMap.get(proxyPort)!.push(resourceKey);
-                    }
-                }
-            );
-
-            // Find duplicates
-            const duplicates = Array.from(proxyPortMap.entries()).filter(
-                ([_, resourceKeys]) => resourceKeys.length > 1
-            );
-
-            return duplicates.length === 0;
-        },
         (config) => {
             // Extract duplicates for error message
             const proxyPortMap = new Map<number, string[]>();
@@ -381,10 +319,12 @@ export const ConfigSchema = z
                 )
                 .join("; ");
 
-            return {
-                message: `Duplicate 'proxy-port' values found in client-resources: ${duplicates}`,
-                path: ["client-resources"]
-            };
+            if (duplicates.length !== 0) {
+                return {
+                    path: ["client-resources"],
+                    error: `Duplicate 'proxy-port' values found in client-resources: ${duplicates}`
+                };
+            }
         }
     );
 
diff --git a/server/private/routers/auditLogs/queryAccessAuditLog.ts b/server/private/routers/auditLogs/queryAccessAuditLog.ts
index 6329206d..3e0b4601 100644
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -40,7 +40,7 @@ export const queryAccessAuditLogsQuery = z.object({
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
-        .default(new Date().toISOString()),
+        .prefault(new Date().toISOString()),
     action: z
         .union([z.boolean(), z.string()])
         .transform((val) => (typeof val === "string" ? val === "true" : val))
diff --git a/server/private/routers/auditLogs/queryActionAuditLog.ts b/server/private/routers/auditLogs/queryActionAuditLog.ts
index eb22cc0a..6a5bde6d 100644
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -40,7 +40,7 @@ export const queryActionAuditLogsQuery = z.object({
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
-        .default(new Date().toISOString()),
+        .prefault(new Date().toISOString()),
     action: z.string().optional(),
     actorType: z.string().optional(),
     actorId: z.string().optional(),
diff --git a/server/routers/auditLogs/queryRequstAuditLog.ts b/server/routers/auditLogs/queryRequstAuditLog.ts
index 7c412994..342b7091 100644
--- a/server/routers/auditLogs/queryRequstAuditLog.ts
+++ b/server/routers/auditLogs/queryRequstAuditLog.ts
@@ -27,7 +27,7 @@ export const queryAccessAuditLogsQuery = z.object({
         })
         .transform((val) => Math.floor(new Date(val).getTime() / 1000))
         .optional()
-        .default(new Date().toISOString()),
+        .prefault(new Date().toISOString()),
     action: z
         .union([z.boolean(), z.string()])
         .transform((val) => (typeof val === "string" ? val === "true" : val))
diff --git a/src/app/[orgId]/settings/clients/create/page.tsx b/src/app/[orgId]/settings/clients/create/page.tsx
index 0f44d79c..aaee4d31 100644
--- a/src/app/[orgId]/settings/clients/create/page.tsx
+++ b/src/app/[orgId]/settings/clients/create/page.tsx
@@ -103,7 +103,8 @@ export default function Page() {
             .refine((val) => val.length > 0, {
                 message: t("siteRequired")
             }),
-        subnet: z.union([z.ipv4(), z.ipv6()]).min(1, {
+        subnet: z.union([z.ipv4(), z.ipv6()])
+            .refine((val) => val.length > 0, {
             message: t("subnetRequired")
         })
     });

From dc87df5d3865b6c703aa75d04fd9acaa0a0c2b21 Mon Sep 17 00:00:00 2001
From: Lokowitz <marvinlokowitz@gmail.com>
Date: Mon, 17 Nov 2025 14:01:11 +0000
Subject: [PATCH 70/70] remove temp test

---
 Makefile | 14 --------------
 1 file changed, 14 deletions(-)

diff --git a/Makefile b/Makefile
index 8805a3b7..6c538a47 100644
--- a/Makefile
+++ b/Makefile
@@ -91,17 +91,3 @@ test:
 
 clean:
 	docker rmi pangolin
-
-test-local:
-	cp config/config.example.yml config/config.yml
-	npm run set:oss
-	npm run set:sqlite
-	npm run db:sqlite:generate
-	npm run db:sqlite:push
-	- npx tsc --noEmit
-	- docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-latest .
-	- docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:latest .
-	npm run set:saas
-	- npx tsc --noEmit
-	- docker build --build-arg DATABASE=pg -t fosrl/pangolin:postgresql-saas-latest .
-	- docker build --build-arg DATABASE=sqlite -t fosrl/pangolin:saas-latest .
\ No newline at end of file