diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
index b9f1fe0e..b3e1c0a3 100644
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -339,37 +339,37 @@ jobs:
                   TAG=${{ env.TAG }}
                   MAJOR_TAG=$(echo $TAG | cut -d. -f1)
                   MINOR_TAG=$(echo $TAG | cut -d. -f1,2)
-                  
+
                   echo "Waiting for multi-arch manifests to be ready..."
                   sleep 30
-                  
+
                   # Determine if this is an RC release
                   IS_RC="false"
-                  if echo "$TAG" | grep -qE "rc[0-9]+$"; then
+                  if [[ "$TAG" == *"-rc."* ]]; then
                       IS_RC="true"
                   fi
-                  
+
                   if [ "$IS_RC" = "true" ]; then
                       echo "RC release detected - copying version-specific tags only"
-                      
+
                       # SQLite OSS
                       echo "Copying ${{ env.DOCKERHUB_IMAGE }}:${TAG} -> ${{ env.GHCR_IMAGE }}:${TAG}"
                       skopeo copy --all --retry-times 3 \
                         docker://$DOCKERHUB_IMAGE:$TAG \
                         docker://$GHCR_IMAGE:$TAG
-                      
+
                       # PostgreSQL OSS
                       echo "Copying ${{ env.DOCKERHUB_IMAGE }}:postgresql-${TAG} -> ${{ env.GHCR_IMAGE }}:postgresql-${TAG}"
                       skopeo copy --all --retry-times 3 \
                         docker://$DOCKERHUB_IMAGE:postgresql-$TAG \
                         docker://$GHCR_IMAGE:postgresql-$TAG
-                      
+
                       # SQLite Enterprise
                       echo "Copying ${{ env.DOCKERHUB_IMAGE }}:ee-${TAG} -> ${{ env.GHCR_IMAGE }}:ee-${TAG}"
                       skopeo copy --all --retry-times 3 \
                         docker://$DOCKERHUB_IMAGE:ee-$TAG \
                         docker://$GHCR_IMAGE:ee-$TAG
-                      
+
                       # PostgreSQL Enterprise
                       echo "Copying ${{ env.DOCKERHUB_IMAGE }}:ee-postgresql-${TAG} -> ${{ env.GHCR_IMAGE }}:ee-postgresql-${TAG}"
                       skopeo copy --all --retry-times 3 \
@@ -377,7 +377,7 @@ jobs:
                         docker://$GHCR_IMAGE:ee-postgresql-$TAG
                   else
                       echo "Regular release detected - copying all tags (latest, major, minor, full version)"
-                      
+
                       # SQLite OSS - all tags
                       for TAG_SUFFIX in "latest" "$MAJOR_TAG" "$MINOR_TAG" "$TAG"; do
                           echo "Copying ${{ env.DOCKERHUB_IMAGE }}:${TAG_SUFFIX} -> ${{ env.GHCR_IMAGE }}:${TAG_SUFFIX}"
@@ -385,7 +385,7 @@ jobs:
                             docker://$DOCKERHUB_IMAGE:$TAG_SUFFIX \
                             docker://$GHCR_IMAGE:$TAG_SUFFIX
                       done
-                      
+
                       # PostgreSQL OSS - all tags
                       for TAG_SUFFIX in "latest" "$MAJOR_TAG" "$MINOR_TAG" "$TAG"; do
                           echo "Copying ${{ env.DOCKERHUB_IMAGE }}:postgresql-${TAG_SUFFIX} -> ${{ env.GHCR_IMAGE }}:postgresql-${TAG_SUFFIX}"
@@ -393,7 +393,7 @@ jobs:
                             docker://$DOCKERHUB_IMAGE:postgresql-$TAG_SUFFIX \
                             docker://$GHCR_IMAGE:postgresql-$TAG_SUFFIX
                       done
-                      
+
                       # SQLite Enterprise - all tags
                       for TAG_SUFFIX in "latest" "$MAJOR_TAG" "$MINOR_TAG" "$TAG"; do
                           echo "Copying ${{ env.DOCKERHUB_IMAGE }}:ee-${TAG_SUFFIX} -> ${{ env.GHCR_IMAGE }}:ee-${TAG_SUFFIX}"
@@ -401,7 +401,7 @@ jobs:
                             docker://$DOCKERHUB_IMAGE:ee-$TAG_SUFFIX \
                             docker://$GHCR_IMAGE:ee-$TAG_SUFFIX
                       done
-                      
+
                       # PostgreSQL Enterprise - all tags
                       for TAG_SUFFIX in "latest" "$MAJOR_TAG" "$MINOR_TAG" "$TAG"; do
                           echo "Copying ${{ env.DOCKERHUB_IMAGE }}:ee-postgresql-${TAG_SUFFIX} -> ${{ env.GHCR_IMAGE }}:ee-postgresql-${TAG_SUFFIX}"
@@ -410,7 +410,7 @@ jobs:
                             docker://$GHCR_IMAGE:ee-postgresql-$TAG_SUFFIX
                       done
                   fi
-                  
+
                   echo "All images copied successfully to GHCR!"
               shell: bash
 
@@ -442,7 +442,7 @@ jobs:
 
                   # Determine if this is an RC release
                   IS_RC="false"
-                  if echo "$TAG" | grep -qE "rc[0-9]+$"; then
+                  if [[ "$TAG" == *"-rc."* ]]; then
                       IS_RC="true"
                   fi
 
@@ -490,11 +490,11 @@ jobs:
                         --certificate-oidc-issuer "${issuer}" \
                         --certificate-identity-regexp "${id_regex}" \
                         "${REF}" -o text
-                      
+
                       echo "✓ Successfully signed and verified ${BASE_IMAGE}:${IMAGE_TAG}"
                     done
                   done
-                  
+
                   echo "All images signed and verified successfully!"
               shell: bash
 
diff --git a/server/private/routers/approvals/listApprovals.ts b/server/private/routers/approvals/listApprovals.ts
index 739238c8..600eec87 100644
--- a/server/private/routers/approvals/listApprovals.ts
+++ b/server/private/routers/approvals/listApprovals.ts
@@ -19,7 +19,7 @@ import { fromError } from "zod-validation-error";
 
 import type { Request, Response, NextFunction } from "express";
 import { build } from "@server/build";
-import { getOrgTierData } from "@server/lib/billing";
+import { getOrgTierData } from "#private/lib/billing";
 import { TierId } from "@server/lib/billing/tiers";
 import {
     approvals,
diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts
index b8d4dc01..db156c2c 100644
--- a/server/routers/olm/handleOlmRegisterMessage.ts
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -149,7 +149,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             return;
         }
 
-        if (!policyCheck.policies?.passwordAge?.compliant === false) {
+        if (policyCheck.policies?.passwordAge?.compliant === false) {
             logger.warn(
                 `Olm user ${olm.userId} has non-compliant password age for org ${orgId}`
             );
@@ -159,7 +159,7 @@ export const handleOlmRegisterMessage: MessageHandler = async (context) => {
             );
             return;
         } else if (
-            !policyCheck.policies?.maxSessionLength?.compliant === false
+            policyCheck.policies?.maxSessionLength?.compliant === false
         ) {
             logger.warn(
                 `Olm user ${olm.userId} has non-compliant session length for org ${orgId}`
diff --git a/src/app/[orgId]/settings/(private)/access/approvals/page.tsx b/src/app/[orgId]/settings/(private)/access/approvals/page.tsx
index ad6e717b..5e45be8e 100644
--- a/src/app/[orgId]/settings/(private)/access/approvals/page.tsx
+++ b/src/app/[orgId]/settings/(private)/access/approvals/page.tsx
@@ -19,17 +19,6 @@ export interface ApprovalFeedPageProps {
 export default async function ApprovalFeedPage(props: ApprovalFeedPageProps) {
     const params = await props.params;
 
-    let approvals: ApprovalItem[] = [];
-    const res = await internal
-        .get<
-            AxiosResponse<{ approvals: ApprovalItem[] }>
-        >(`/org/${params.orgId}/approvals`, await authCookieHeader())
-        .catch((e) => {});
-
-    if (res && res.status === 200) {
-        approvals = res.data.data.approvals;
-    }
-
     let org: GetOrgResponse | null = null;
     const orgRes = await getCachedOrg(params.orgId);
 
diff --git a/src/components/LoginOrgSelector.tsx b/src/components/LoginOrgSelector.tsx
index a7b52414..4e9dcd83 100644
--- a/src/components/LoginOrgSelector.tsx
+++ b/src/components/LoginOrgSelector.tsx
@@ -143,7 +143,6 @@ export default function LoginOrgSelector({
                                 <IdpLoginButtons
                                     idps={idps}
                                     redirect={redirect}
-                                    orgId={org.orgId}
                                 />
                             </div>
                         </div>