diff --git a/.dockerignore b/.dockerignore
index 74bedb17..042dcf2f 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -27,3 +27,4 @@ bruno/
 LICENSE
 CONTRIBUTING.md
 dist
+.git
diff --git a/.gitignore b/.gitignore
index 04c4b7ef..167b4a91 100644
--- a/.gitignore
+++ b/.gitignore
@@ -18,6 +18,7 @@ yarn-error.log*
 next-env.d.ts
 *.db
 *.sqlite
+!Dockerfile.sqlite
 *.sqlite3
 *.log
 .machinelogs*.json
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 44acedb1..179cd86d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -6,10 +6,6 @@ Please see the contribution and local development guide on the docs page before
 
 https://docs.fossorial.io/development
 
-For ideas about what features to work on and our future plans, please see the roadmap:
-
-https://docs.fossorial.io/roadmap
-
 ### Licensing Considerations
 
 Please note that your contributions will be distributed under the AGPLv3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us.
@@ -21,4 +17,4 @@ By creating this pull request, I grant the project maintainers an unlimited,
 perpetual license to use, modify, and redistribute these contributions under any terms they
 choose, including both the AGPLv3 and the Fossorial Commercial license terms. I
 represent that I have the right to grant this license for all contributed content.
-```
+```
\ No newline at end of file
diff --git a/Dockerfile.dev b/Dockerfile.dev
new file mode 100644
index 00000000..141cfd10
--- /dev/null
+++ b/Dockerfile.dev
@@ -0,0 +1,14 @@
+FROM node:20-alpine
+
+WORKDIR /app
+
+COPY package*.json ./
+
+# Install dependencies
+RUN npm ci
+
+# Copy source code
+COPY . .
+
+# Use tsx watch for development with hot reload
+CMD ["npm", "run", "dev"]
diff --git a/Dockerfile b/Dockerfile.sqlite
similarity index 100%
rename from Dockerfile
rename to Dockerfile.sqlite
diff --git a/Makefile b/Makefile
index f074c380..0e0394b4 100644
--- a/Makefile
+++ b/Makefile
@@ -5,8 +5,8 @@ build-release:
 		echo "Error: tag is required. Usage: make build-release tag=<tag>"; \
 		exit 1; \
 	fi
-	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest -f Dockerfile --push .
-	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) -f Dockerfile --push .
+	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:latest -f Dockerfile.sqlite --push .
+	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:$(tag) -f Dockerfile.sqlite --push .
 	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg --push .
 	docker buildx build --platform linux/arm64,linux/amd64 -t fosrl/pangolin:postgresql-$(tag) -f Dockerfile.pg --push .
 
@@ -16,8 +16,8 @@ build-arm:
 build-x86:
 	docker buildx build --platform linux/amd64 -t fosrl/pangolin:latest .
 
-build:
-	docker build -t fosrl/pangolin:latest -f Dockerfile .
+build-sqlite:
+	docker build -t fosrl/pangolin:latest -f Dockerfile.sqlite .
 
 build-pg:
 	docker build -t fosrl/pangolin:postgresql-latest -f Dockerfile.pg .
diff --git a/README.md b/README.md
index 8723542c..7de13050 100644
--- a/README.md
+++ b/README.md
@@ -7,16 +7,16 @@
     </h2>
 </div>
 
-<h4 align="center">Tunneled Reverse Proxy Server with Access Control</h4>
+<h4 align="center">Secure gateway to your private networks</h4>
 <div align="center">
 
-_Your own self-hosted zero trust tunnel._
+_Pangolin tunnels your services to the internet so you can access anything from anywhere._
 
 </div>
 
 <div align="center">
   <h5>
-      <a href="https://fossorial.io">
+      <a href="https://digpangolin.com">
         Website
       </a>
       <span> | </span>
@@ -36,22 +36,32 @@ _Your own self-hosted zero trust tunnel._
 
 </div>
 
+<p align="center">
+    <strong>
+    Start testing Pangolin at <a href="https://pangolin.fossorial.io/auth/signup">pangolin.fossorial.io</a>
+    <br/>
+</strong>
+</p>
+
 Pangolin is a self-hosted tunneled reverse proxy server with identity and access control, designed to securely expose private resources on distributed networks. Acting as a central hub, it connects isolated networks — even those behind restrictive firewalls — through encrypted tunnels, enabling easy access to remote services without opening ports.
 
 <img src="public/screenshots/hero.png" alt="Preview"/>
 
-_Resources page of Pangolin dashboard (dark mode) showing multiple resources available to connect._
+![gif](public/clip.gif)
 
 ## Key Features
 
 ### Reverse Proxy Through WireGuard Tunnel
 
 - Expose private resources on your network **without opening ports** (firewall punching).
-- Secure and easy to configure site-to-site connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
+- Secure and easy to configure private connectivity via a custom **user space WireGuard client**, [Newt](https://github.com/fosrl/newt).
 - Built-in support for any WireGuard client.
 - Automated **SSL certificates** (https) via [LetsEncrypt](https://letsencrypt.org/).
 - Support for HTTP/HTTPS and **raw TCP/UDP services**.
 - Load balancing.
+- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock).
+    - **Automatically install and configure Crowdsec via Pangolin's installer script.**
+- Attach as many sites to the central server as you wish.
 
 ### Identity & Access Management
 
@@ -65,89 +75,73 @@ _Resources page of Pangolin dashboard (dark mode) showing multiple resources ava
     - **Temporary, self-destructing share links.**
     - Resource specific pin codes.
     - Resource specific passwords.
+    - Passkeys
 - External identity provider (IdP) support with OAuth2/OIDC, such as Authentik, Keycloak, Okta, and others.
     - Auto-provision users and roles from your IdP.
 
-### Simple Dashboard UI
+<img src="public/auth-diagram1.png" alt="Auth and diagram"/>
 
-- Manage sites, users, and roles with a clean and intuitive UI.
-- Monitor site usage and connectivity.
-- Light and dark mode options.
-- Mobile friendly.
+## Use Cases
 
-### Easy Deployment
+### Manage Access to Internal Apps
 
-- Run on any cloud provider or on-premises.
-- **Docker Compose based setup** for simplified deployment.
-- Future-proof installation script for streamlined setup and feature additions.
-- Use any WireGuard client to connect, or use **Newt, our custom user space client** for the best experience.
-- Use the API to create custom integrations and scripts.
-    - Fine-grained access control to the API via scoped API keys.
-    - Comprehensive Swagger documentation for the API.
+- Grant users access to your apps from anywhere using just a web browser. No client software required.
 
-### Modular Design
+### Developers and DevOps
 
-- Extend functionality with existing [Traefik](https://github.com/traefik/traefik) plugins, such as [CrowdSec](https://plugins.traefik.io/plugins/6335346ca4caa9ddeffda116/crowdsec-bouncer-traefik-plugin) and [Geoblock](https://github.com/PascalMinder/geoblock).
-    - **Automatically install and configure Crowdsec via Pangolin's installer script.**
-- Attach as many sites to the central server as you wish.
+- Expose and test internal tools and dashboards like **Grafana**. Bring localhost or private IPs online for easy access.
 
-<img src="public/screenshots/collage.png" alt="Collage"/>
+### Secure API Gateway
 
-## Deployment and Usage Example
+- One application load balancer across multiple clouds and on-premises.
 
-1. **Deploy the Central Server**:
+### IoT and Edge Devices
 
-    - Deploy the Docker Compose stack onto a VPS hosted on a cloud platform like RackNerd, Amazon EC2, DigitalOcean Droplet, or similar. There are many cheap VPS hosting options available to suit your needs.
+- Easily expose **IoT devices**, **edge servers**, or **Raspberry Pi** to the internet for field equipment monitoring.
+
+<img src="public/screenshots/sites.png" alt="Sites"/>
+
+## Deployment Options
+
+### Fully Self Hosted
+
+Host the full application on your own server or on the cloud with a VPS. Take a look at the [documentation](https://docs.fossorial.io/Getting%20Started/quick-install) to get started.
 
-> [!TIP]
 > Many of our users have had a great experience with [RackNerd](https://my.racknerd.com/aff.php?aff=13788). Depending on promotions, you can get a [**VPS with 1 vCPU, 1GB RAM, and ~20GB SSD for just around $12/year**](https://my.racknerd.com/aff.php?aff=13788&pid=912). That's a great deal!
-> We are part of the [RackNerd](https://my.racknerd.com/aff.php?aff=13788) affiliate program, so if you purchase through [our link](https://my.racknerd.com/aff.php?aff=13788), we receive a small commission which helps us maintain the project and keep it free for everyone.
 
-1. **Domain Configuration**:
+### Pangolin Cloud
 
-    - Point your domain name to the VPS and configure Pangolin with your preferred settings.
+Easy to use with simple [pay as you go pricing](https://digpangolin.io/pricing). [Check it out here](https://pangolin.fossorial.io/auth/signup). 
 
-2. **Connect Private Sites**:
+- Everything you get with self hosted Pangolin, but fully managed for you.
 
-    - Install Newt or use another WireGuard client on private sites.
-    - Automatically establish a connection from these sites to the central server.
+### Hybrid & High Availability
 
-3. **Expose Resources**:
+Managed control plane, your infrastructure
 
-    - Add resources to the central server and configure access control rules.
-    - Access these resources securely from anywhere.
+- We manage database and control plane.
+- You self-host lightweight exit-node.
+- Traffic flows through your infra.
+- We coordinate failover between your nodes or to Cloud when things go bad.
 
-**Use Case Example - Bypassing Port Restrictions in Home Lab**:  
- Imagine private sites where the ISP restricts port forwarding. By connecting these sites to Pangolin via WireGuard, you can securely expose HTTP and HTTPS resources on the private network without any networking complexity.
+If interested, [contact us](mailto:numbat@fossorial.io).
 
-**Use Case Example - Deploying Services For Your Business**:
-You can use Pangolin as an easy way to expose your business applications to your users behind a safe authentication portal you can integrate into your IdP solution. Expose resources on prem and on the cloud.
+### Full Enterprise On-Premises
 
-**Use Case Example - IoT Networks**:  
- IoT networks are often fragmented and difficult to manage. By deploying Pangolin on a central server, you can connect all your IoT sites via Newt or another WireGuard client. This creates a simple, secure, and centralized way to access IoT resources without the need for intricate networking setups.
-
-## Similar Projects and Inspirations
-
-**Cloudflare Tunnels**:  
- A similar approach to proxying private resources securely, but Pangolin is a self-hosted alternative, giving you full control over your infrastructure.
-
-**Authelia**:  
- This inspired Pangolin’s centralized authentication system for proxies, enabling robust user and role management.
+[Contact us](mailto:numbat@fossorial.io) for a full distributed and enterprise deployments on your infrastructure controlled by your team.
 
 ## Project Development / Roadmap
 
-> [!NOTE]
-> Pangolin is under heavy development. The roadmap is subject to change as we fix bugs, add new features, and make improvements.
-
-View the [project board](https://github.com/orgs/fosrl/projects/1) for more detailed info.
+We want to hear your feature requests! Add them to the [discussion board](https://github.com/orgs/fosrl/discussions/categories/feature-requests).
 
 ## Licensing
 
-Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license. Please see the [LICENSE](./LICENSE) file in the repository for details. For inquiries about commercial licensing, please contact us at [numbat@fossorial.io](mailto:numbat@fossorial.io).
+Pangolin is dual licensed under the AGPL-3 and the Fossorial Commercial license. For inquiries about commercial licensing, please contact us at [numbat@fossorial.io](mailto:numbat@fossorial.io).
 
 ## Contributions
 
+Looking for something to contribute? Take a look at issues marked with [help wanted](https://github.com/fosrl/pangolin/issues?q=is%3Aissue%20state%3Aopen%20label%3A%22help%20wanted%22).
+
 Please see [CONTRIBUTING](./CONTRIBUTING.md) in the repository for guidelines and best practices.
 
 Please post bug reports and other functional issues in the [Issues](https://github.com/fosrl/pangolin/issues) section of the repository.
-For all feature requests, or other ideas, please use the [Discussions](https://github.com/orgs/fosrl/discussions) section.
diff --git a/bruno/Clients/createClient.bru b/bruno/Clients/createClient.bru
new file mode 100644
index 00000000..7577bb28
--- /dev/null
+++ b/bruno/Clients/createClient.bru
@@ -0,0 +1,22 @@
+meta {
+  name: createClient
+  type: http
+  seq: 1
+}
+
+put {
+  url: http://localhost:3000/api/v1/site/1/client
+  body: json
+  auth: none
+}
+
+body:json {
+  {
+      "siteId": 1,
+      "name": "test",
+      "type": "olm",
+      "subnet": "100.90.129.4/30",
+      "olmId": "029yzunhx6nh3y5",
+      "secret": "l0ymp075y3d4rccb25l6sqpgar52k09etunui970qq5gj7x6"
+  }
+}
diff --git a/bruno/Clients/pickClientDefaults.bru b/bruno/Clients/pickClientDefaults.bru
new file mode 100644
index 00000000..61509c11
--- /dev/null
+++ b/bruno/Clients/pickClientDefaults.bru
@@ -0,0 +1,11 @@
+meta {
+  name: pickClientDefaults
+  type: http
+  seq: 2
+}
+
+get {
+  url: http://localhost:3000/api/v1/site/1/pick-client-defaults
+  body: none
+  auth: none
+}
diff --git a/config/config.example.yml b/config/config.example.yml
index 33ed9370..5a78ae5e 100644
--- a/config/config.example.yml
+++ b/config/config.example.yml
@@ -46,4 +46,3 @@ flags:
     disable_signup_without_invite: true
     disable_user_create_org: true
     allow_raw_resources: true
-    allow_base_domain_resources: true
diff --git a/docker-compose.pgr.yml b/docker-compose.pgr.yml
new file mode 100644
index 00000000..aeffc2cf
--- /dev/null
+++ b/docker-compose.pgr.yml
@@ -0,0 +1,12 @@
+services:
+  # PostgreSQL Service
+  db:
+    image: postgres:17 # Use the PostgreSQL 17 image
+    container_name: dev_postgres # Name your PostgreSQL container
+    environment:
+      POSTGRES_DB: postgres # Default database name
+      POSTGRES_USER: postgres # Default user
+      POSTGRES_PASSWORD: password # Default password (change for production!)
+    ports:
+      - "5432:5432" # Map host port 5432 to container port 5432
+    restart: no 
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
new file mode 100644
index 00000000..49713379
--- /dev/null
+++ b/docker-compose.yml
@@ -0,0 +1,29 @@
+services:
+  # Development application service
+  app:
+    build:
+      context: .
+      dockerfile: Dockerfile.dev
+    container_name: dev_pangolin
+    ports:
+      - "3000:3000"
+      - "3001:3001"
+      - "3002:3002"
+    environment:
+      - NODE_ENV=development
+      - ENVIRONMENT=dev
+      - DB_TYPE=pg
+    volumes:
+      # Mount source code for hot reload
+      - ./src:/app/src
+      - ./server:/app/server
+      - ./public:/app/public
+      - ./messages:/app/messages
+      - ./components.json:/app/components.json
+      - ./next.config.mjs:/app/next.config.mjs
+      - ./tsconfig.json:/app/tsconfig.json
+      - ./tailwind.config.js:/app/tailwind.config.js
+      - ./postcss.config.mjs:/app/postcss.config.mjs
+      - ./eslint.config.js:/app/eslint.config.js
+      - ./config:/app/config
+    restart: no
\ No newline at end of file
diff --git a/drizzle.pg.config.ts b/drizzle.pg.config.ts
index 14aeba5b..4d1f1e43 100644
--- a/drizzle.pg.config.ts
+++ b/drizzle.pg.config.ts
@@ -3,7 +3,7 @@ import path from "path";
 
 export default defineConfig({
     dialect: "postgresql",
-    schema: path.join("server", "db", "pg", "schema.ts"),
+    schema: [path.join("server", "db", "pg", "schema.ts")],
     out: path.join("server", "migrations"),
     verbose: true,
     dbCredentials: {
diff --git a/install/config/config.yml b/install/config/config.yml
index 92448ca9..a7c02dc9 100644
--- a/install/config/config.yml
+++ b/install/config/config.yml
@@ -22,10 +22,14 @@ gerbil:
     start_port: 51820
     base_endpoint: "{{.DashboardDomain}}"
 
+orgs:
+    block_size: 24
+    subnet_group: 100.89.138.0/20
+
 {{if .EnableEmail}}
 email:
     smtp_host: "{{.EmailSMTPHost}}"
-    smtp_port: {{.EmailSMTPPort}}
+    smtp_port: "{{.EmailSMTPPort}}"
     smtp_user: "{{.EmailSMTPUser}}"
     smtp_pass: "{{.EmailSMTPPass}}"
     no_reply: "{{.EmailNoReply}}"
@@ -36,4 +40,4 @@ flags:
     disable_signup_without_invite: true
     disable_user_create_org: false
     allow_raw_resources: true
-    allow_base_domain_resources: true
\ No newline at end of file
+    allow_base_domain_resources: true
diff --git a/install/config/crowdsec/profiles.yaml b/install/config/crowdsec/profiles.yaml
index 3796b47f..0632f51d 100644
--- a/install/config/crowdsec/profiles.yaml
+++ b/install/config/crowdsec/profiles.yaml
@@ -1,4 +1,4 @@
-name: captcha_remediation
+iame: captcha_remediation
 filters:
   - Alert.Remediation == true && Alert.GetScope() == "Ip" && Alert.GetScenario() contains "http"
 decisions:
diff --git a/messages/cs-CZ.json b/messages/cs-CZ.json
new file mode 100644
index 00000000..1416cede
--- /dev/null
+++ b/messages/cs-CZ.json
@@ -0,0 +1,1277 @@
+{
+    "setupCreate": "Vytvořte si organizaci, lokalitu a služby",
+    "setupNewOrg": "Nová organizace",
+    "setupCreateOrg": "Vytvořit organizaci",
+    "setupCreateResources": "Vytvořit zdroje",
+    "setupOrgName": "Název organizace",
+    "orgDisplayName": "Toto je zobrazovaný název vaší organizace.",
+    "orgId": "ID organizace",
+    "setupIdentifierMessage": "Toto je jedinečný identifikátor vaší organizace. Nemusí odpovídat názvu organizace.",
+    "setupErrorIdentifier": "ID organizace je již použito. Zvolte prosím jiné.",
+    "componentsErrorNoMemberCreate": "Zatím nejste členem žádné organizace. Abyste mohli začít, vytvořte si organizaci.",
+    "componentsErrorNoMember": "Zatím nejste členem žádných organizací.",
+    "welcome": "Welcome!",
+    "welcomeTo": "Welcome to",
+    "componentsCreateOrg": "Vytvořte organizaci",
+    "componentsMember": "Jste členem {count, plural, =0 {0 organizací} one {1 organizace} other {# organizací}}.",
+    "componentsInvalidKey": "Byly nalezeny neplatné nebo propadlé licenční klíče. Pokud chcete nadále používat všechny funkce, postupujte podle licenčních podmínek.",
+    "dismiss": "Zavřít",
+    "componentsLicenseViolation": "Porušení licenčních podmínek: Tento server používá {usedSites} stránek, což překračuje limit {maxSites} licencovaných stránek. Pokud chcete nadále používat všechny funkce, postupujte podle licenčních podmínek.",
+    "componentsSupporterMessage": "Děkujeme, že podporujete Pangolin jako {tier}!",
+    "inviteErrorNotValid": "Je nám líto, ale vypadá to, že pozvánka, ke které se snažíte získat přístup, nebyla přijata nebo již není platná.",
+    "inviteErrorUser": "Je nám líto, ale vypadá to, že pozvánka, ke které se snažíte získat přístup, není pro tohoto uživatele.",
+    "inviteLoginUser": "Prosím ujistěte se, že jste přihlášeni jako správný uživatel.",
+    "inviteErrorNoUser": "Je nám líto, ale vypadá to, že pozvánka, ke které se snažíte získat přístup, není pro existujícího uživatele.",
+    "inviteCreateUser": "Nejprve si prosím vytvořte účet.",
+    "goHome": "Přejít na hlavní stránku",
+    "inviteLogInOtherUser": "Přihlásit se jako jiný uživatel",
+    "createAnAccount": "Vytvořit účet",
+    "inviteNotAccepted": "Pozvánka nebyla přijata",
+    "authCreateAccount": "Vytvořte si účet, abyste mohli začít",
+    "authNoAccount": "Nemáte účet?",
+    "email": "Email",
+    "password": "Heslo",
+    "confirmPassword": "Potvrďte heslo",
+    "createAccount": "Vytvořit účet",
+    "viewSettings": "Zobrazit nastavení",
+    "delete": "Odstranit",
+    "name": "Jméno",
+    "online": "Online",
+    "offline": "Offline",
+    "site": "Lokalita",
+    "dataIn": "Přijatá data",
+    "dataOut": "Odeslaná data",
+    "connectionType": "Typ připojení",
+    "tunnelType": "Typ tunelu",
+    "local": "Místní",
+    "edit": "Upravit",
+    "siteConfirmDelete": "Potvrdit odstranění lokality",
+    "siteDelete": "Odstranění lokality",
+    "siteMessageRemove": "Jakmile lokalitu odstraníte, nebude dostupná. Všechny související služby a cíle budou také odstraněny.",
+    "siteMessageConfirm": "Pro potvrzení zadejte prosím název lokality.",
+    "siteQuestionRemove": "Opravdu chcete odstranit lokalitu {selectedSite} z organizace?",
+    "siteManageSites": "Správa lokalit",
+    "siteDescription": "Umožní připojení k vaší síti prostřednictvím zabezpečených tunelů",
+    "siteCreate": "Vytvořit lokalitu",
+    "siteCreateDescription2": "Postupujte podle níže uvedených kroků, abyste vytvořili a připojili novou lokalitu",
+    "siteCreateDescription": "Vytvořte novou lokalitu, abyste mohli začít připojovat služby",
+    "close": "Zavřít",
+    "siteErrorCreate": "Chyba při vytváření lokality",
+    "siteErrorCreateKeyPair": "Nebyly nalezeny klíče nebo výchozí nastavení lokality",
+    "siteErrorCreateDefaults": "Výchozí nastavení lokality nenalezeno",
+    "siteNameDescription": "Toto je zobrazovaný název lokality.",
+    "method": "Způsob",
+    "siteMethodDescription": "Tímto způsobem budete vystavovat spojení.",
+    "siteLearnNewt": "Naučte se, jak nainstalovat Newt na svůj systém",
+    "siteSeeConfigOnce": "You will only be able to see the configuration once.",
+    "siteLoadWGConfig": "Loading WireGuard configuration...",
+    "siteDocker": "Expand for Docker Deployment Details",
+    "toggle": "Toggle",
+    "dockerCompose": "Docker Compose",
+    "dockerRun": "Docker Run",
+    "siteLearnLocal": "Local sites do not tunnel, learn more",
+    "siteConfirmCopy": "I have copied the config",
+    "searchSitesProgress": "Search sites...",
+    "siteAdd": "Add Site",
+    "siteInstallNewt": "Install Newt",
+    "siteInstallNewtDescription": "Get Newt running on your system",
+    "WgConfiguration": "WireGuard Configuration",
+    "WgConfigurationDescription": "Use the following configuration to connect to your network",
+    "operatingSystem": "Operating System",
+    "commands": "Commands",
+    "recommended": "Recommended",
+    "siteNewtDescription": "For the best user experience, use Newt. It uses WireGuard under the hood and allows you to address your private resources by their LAN address on your private network from within the Pangolin dashboard.",
+    "siteRunsInDocker": "Runs in Docker",
+    "siteRunsInShell": "Runs in shell on macOS, Linux, and Windows",
+    "siteErrorDelete": "Error deleting site",
+    "siteErrorUpdate": "Failed to update site",
+    "siteErrorUpdateDescription": "An error occurred while updating the site.",
+    "siteUpdated": "Site updated",
+    "siteUpdatedDescription": "The site has been updated.",
+    "siteGeneralDescription": "Configure the general settings for this site",
+    "siteSettingDescription": "Configure the settings on your site",
+    "siteSetting": "{siteName} Settings",
+    "siteNewtTunnel": "Newt Tunnel (Recommended)",
+    "siteNewtTunnelDescription": "Easiest way to create an entrypoint into your network. No extra setup.",
+    "siteWg": "Basic WireGuard",
+    "siteWgDescription": "Use any WireGuard client to establish a tunnel. Manual NAT setup required.",
+    "siteLocalDescription": "Local resources only. No tunneling.",
+    "siteSeeAll": "See All Sites",
+    "siteTunnelDescription": "Determine how you want to connect to your site",
+    "siteNewtCredentials": "Newt Credentials",
+    "siteNewtCredentialsDescription": "This is how Newt will authenticate with the server",
+    "siteCredentialsSave": "Save Your Credentials",
+    "siteCredentialsSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
+    "siteInfo": "Site Information",
+    "status": "Status",
+    "shareTitle": "Manage Share Links",
+    "shareDescription": "Create shareable links to grant temporary or permanent access to your resources",
+    "shareSearch": "Search share links...",
+    "shareCreate": "Create Share Link",
+    "shareErrorDelete": "Failed to delete link",
+    "shareErrorDeleteMessage": "An error occurred deleting link",
+    "shareDeleted": "Link deleted",
+    "shareDeletedDescription": "The link has been deleted",
+    "shareTokenDescription": "Your access token can be passed in two ways: as a query parameter or in the request headers. These must be passed from the client on every request for authenticated access.",
+    "accessToken": "Access Token",
+    "usageExamples": "Usage Examples",
+    "tokenId": "Token ID",
+    "requestHeades": "Request Headers",
+    "queryParameter": "Query Parameter",
+    "importantNote": "Important Note",
+    "shareImportantDescription": "For security reasons, using headers is recommended over query parameters when possible, as query parameters may be logged in server logs or browser history.",
+    "token": "Token",
+    "shareTokenSecurety": "Keep your access token secure. Do not share it in publicly accessible areas or client-side code.",
+    "shareErrorFetchResource": "Failed to fetch resources",
+    "shareErrorFetchResourceDescription": "An error occurred while fetching the resources",
+    "shareErrorCreate": "Failed to create share link",
+    "shareErrorCreateDescription": "An error occurred while creating the share link",
+    "shareCreateDescription": "Anyone with this link can access the resource",
+    "shareTitleOptional": "Title (optional)",
+    "expireIn": "Expire In",
+    "neverExpire": "Never expire",
+    "shareExpireDescription": "Expiration time is how long the link will be usable and provide access to the resource. After this time, the link will no longer work, and users who used this link will lose access to the resource.",
+    "shareSeeOnce": "You will only be able to see this linkonce. Make sure to copy it.",
+    "shareAccessHint": "Anyone with this link can access the resource. Share it with care.",
+    "shareTokenUsage": "See Access Token Usage",
+    "createLink": "Create Link",
+    "resourcesNotFound": "No resources found",
+    "resourceSearch": "Search resources",
+    "openMenu": "Open menu",
+    "resource": "Resource",
+    "title": "Title",
+    "created": "Created",
+    "expires": "Expires",
+    "never": "Never",
+    "shareErrorSelectResource": "Please select a resource",
+    "resourceTitle": "Manage Resources",
+    "resourceDescription": "Create secure proxies to your private applications",
+    "resourcesSearch": "Search resources...",
+    "resourceAdd": "Add Resource",
+    "resourceErrorDelte": "Error deleting resource",
+    "authentication": "Authentication",
+    "protected": "Protected",
+    "notProtected": "Not Protected",
+    "resourceMessageRemove": "Once removed, the resource will no longer be accessible. All targets associated with the resource will also be removed.",
+    "resourceMessageConfirm": "To confirm, please type the name of the resource below.",
+    "resourceQuestionRemove": "Are you sure you want to remove the resource {selectedResource} from the organization?",
+    "resourceHTTP": "HTTPS Resource",
+    "resourceHTTPDescription": "Proxy requests to your app over HTTPS using a subdomain or base domain.",
+    "resourceRaw": "Raw TCP/UDP Resource",
+    "resourceRawDescription": "Proxy requests to your app over TCP/UDP using a port number.",
+    "resourceCreate": "Create Resource",
+    "resourceCreateDescription": "Follow the steps below to create a new resource",
+    "resourceSeeAll": "See All Resources",
+    "resourceInfo": "Resource Information",
+    "resourceNameDescription": "This is the display name for the resource.",
+    "siteSelect": "Select site",
+    "siteSearch": "Search site",
+    "siteNotFound": "No site found.",
+    "siteSelectionDescription": "This site will provide connectivity to the resource.",
+    "resourceType": "Resource Type",
+    "resourceTypeDescription": "Determine how you want to access your resource",
+    "resourceHTTPSSettings": "HTTPS Settings",
+    "resourceHTTPSSettingsDescription": "Configure how your resource will be accessed over HTTPS",
+    "domainType": "Domain Type",
+    "subdomain": "Subdomain",
+    "baseDomain": "Base Domain",
+    "subdomnainDescription": "The subdomain where your resource will be accessible.",
+    "resourceRawSettings": "TCP/UDP Settings",
+    "resourceRawSettingsDescription": "Configure how your resource will be accessed over TCP/UDP",
+    "protocol": "Protocol",
+    "protocolSelect": "Select a protocol",
+    "resourcePortNumber": "Port Number",
+    "resourcePortNumberDescription": "The external port number to proxy requests.",
+    "cancel": "Cancel",
+    "resourceConfig": "Configuration Snippets",
+    "resourceConfigDescription": "Copy and paste these configuration snippets to set up your TCP/UDP resource",
+    "resourceAddEntrypoints": "Traefik: Add Entrypoints",
+    "resourceExposePorts": "Gerbil: Expose Ports in Docker Compose",
+    "resourceLearnRaw": "Learn how to configure TCP/UDP resources",
+    "resourceBack": "Back to Resources",
+    "resourceGoTo": "Go to Resource",
+    "resourceDelete": "Delete Resource",
+    "resourceDeleteConfirm": "Confirm Delete Resource",
+    "visibility": "Visibility",
+    "enabled": "Enabled",
+    "disabled": "Disabled",
+    "general": "General",
+    "generalSettings": "General Settings",
+    "proxy": "Proxy",
+    "rules": "Rules",
+    "resourceSettingDescription": "Configure the settings on your resource",
+    "resourceSetting": "{resourceName} Settings",
+    "alwaysAllow": "Always Allow",
+    "alwaysDeny": "Always Deny",
+    "orgSettingsDescription": "Configure your organization's general settings",
+    "orgGeneralSettings": "Organization Settings",
+    "orgGeneralSettingsDescription": "Manage your organization details and configuration",
+    "saveGeneralSettings": "Save General Settings",
+    "saveSettings": "Save Settings",
+    "orgDangerZone": "Danger Zone",
+    "orgDangerZoneDescription": "Once you delete this org, there is no going back. Please be certain.",
+    "orgDelete": "Delete Organization",
+    "orgDeleteConfirm": "Confirm Delete Organization",
+    "orgMessageRemove": "This action is irreversible and will delete all associated data.",
+    "orgMessageConfirm": "To confirm, please type the name of the organization below.",
+    "orgQuestionRemove": "Are you sure you want to remove the organization {selectedOrg}?",
+    "orgUpdated": "Organization updated",
+    "orgUpdatedDescription": "The organization has been updated.",
+    "orgErrorUpdate": "Failed to update organization",
+    "orgErrorUpdateMessage": "An error occurred while updating the organization.",
+    "orgErrorFetch": "Failed to fetch organizations",
+    "orgErrorFetchMessage": "An error occurred while listing your organizations",
+    "orgErrorDelete": "Failed to delete organization",
+    "orgErrorDeleteMessage": "An error occurred while deleting the organization.",
+    "orgDeleted": "Organization deleted",
+    "orgDeletedMessage": "The organization and its data has been deleted.",
+    "orgMissing": "Organization ID Missing",
+    "orgMissingMessage": "Unable to regenerate invitation without an organization ID.",
+    "accessUsersManage": "Manage Users",
+    "accessUsersDescription": "Invite users and add them to roles to manage access to your organization",
+    "accessUsersSearch": "Search users...",
+    "accessUserCreate": "Create User",
+    "accessUserRemove": "Remove User",
+    "username": "Username",
+    "identityProvider": "Identity Provider",
+    "role": "Role",
+    "nameRequired": "Name is required",
+    "accessRolesManage": "Manage Roles",
+    "accessRolesDescription": "Configure roles to manage access to your organization",
+    "accessRolesSearch": "Search roles...",
+    "accessRolesAdd": "Add Role",
+    "accessRoleDelete": "Delete Role",
+    "description": "Description",
+    "inviteTitle": "Open Invitations",
+    "inviteDescription": "Manage your invitations to other users",
+    "inviteSearch": "Search invitations...",
+    "minutes": "Minutes",
+    "hours": "Hours",
+    "days": "Days",
+    "weeks": "Weeks",
+    "months": "Months",
+    "years": "Years",
+    "day": "{count, plural, one {# day} other {# days}}",
+    "apiKeysTitle": "API Key Information",
+    "apiKeysConfirmCopy2": "You must confirm that you have copied the API key.",
+    "apiKeysErrorCreate": "Error creating API key",
+    "apiKeysErrorSetPermission": "Error setting permissions",
+    "apiKeysCreate": "Generate API Key",
+    "apiKeysCreateDescription": "Generate a new API key for your organization",
+    "apiKeysGeneralSettings": "Permissions",
+    "apiKeysGeneralSettingsDescription": "Determine what this API key can do",
+    "apiKeysList": "Your API Key",
+    "apiKeysSave": "Save Your API Key",
+    "apiKeysSaveDescription": "You will only be able to see this once. Make sure to copy it to a secure place.",
+    "apiKeysInfo": "Your API key is:",
+    "apiKeysConfirmCopy": "I have copied the API key",
+    "generate": "Generate",
+    "done": "Done",
+    "apiKeysSeeAll": "See All API Keys",
+    "apiKeysPermissionsErrorLoadingActions": "Error loading API key actions",
+    "apiKeysPermissionsErrorUpdate": "Error setting permissions",
+    "apiKeysPermissionsUpdated": "Permissions updated",
+    "apiKeysPermissionsUpdatedDescription": "The permissions have been updated.",
+    "apiKeysPermissionsGeneralSettings": "Permissions",
+    "apiKeysPermissionsGeneralSettingsDescription": "Determine what this API key can do",
+    "apiKeysPermissionsSave": "Save Permissions",
+    "apiKeysPermissionsTitle": "Permissions",
+    "apiKeys": "API Keys",
+    "searchApiKeys": "Search API keys...",
+    "apiKeysAdd": "Generate API Key",
+    "apiKeysErrorDelete": "Error deleting API key",
+    "apiKeysErrorDeleteMessage": "Error deleting API key",
+    "apiKeysQuestionRemove": "Are you sure you want to remove the API key {selectedApiKey} from the organization?",
+    "apiKeysMessageRemove": "Once removed, the API key will no longer be able to be used.",
+    "apiKeysMessageConfirm": "To confirm, please type the name of the API key below.",
+    "apiKeysDeleteConfirm": "Confirm Delete API Key",
+    "apiKeysDelete": "Delete API Key",
+    "apiKeysManage": "Manage API Keys",
+    "apiKeysDescription": "API keys are used to authenticate with the integration API",
+    "apiKeysSettings": "{apiKeyName} Settings",
+    "userTitle": "Manage All Users",
+    "userDescription": "View and manage all users in the system",
+    "userAbount": "About User Management",
+    "userAbountDescription": "This table displays all root user objects in the system. Each user may belong to multiple organizations. Removing a user from an organization does not delete their root user object - they will remain in the system. To completely remove a user from the system, you must delete their root user object using the delete action in this table.",
+    "userServer": "Server Users",
+    "userSearch": "Search server users...",
+    "userErrorDelete": "Error deleting user",
+    "userDeleteConfirm": "Confirm Delete User",
+    "userDeleteServer": "Delete User from Server",
+    "userMessageRemove": "The user will be removed from all organizations and be completely removed from the server.",
+    "userMessageConfirm": "To confirm, please type the name of the user below.",
+    "userQuestionRemove": "Are you sure you want to permanently delete {selectedUser} from the server?",
+    "licenseKey": "License Key",
+    "valid": "Valid",
+    "numberOfSites": "Number of Sites",
+    "licenseKeySearch": "Search license keys...",
+    "licenseKeyAdd": "Add License Key",
+    "type": "Type",
+    "licenseKeyRequired": "License key is required",
+    "licenseTermsAgree": "You must agree to the license terms",
+    "licenseErrorKeyLoad": "Failed to load license keys",
+    "licenseErrorKeyLoadDescription": "An error occurred loading license keys.",
+    "licenseErrorKeyDelete": "Failed to delete license key",
+    "licenseErrorKeyDeleteDescription": "An error occurred deleting license key.",
+    "licenseKeyDeleted": "License key deleted",
+    "licenseKeyDeletedDescription": "The license key has been deleted.",
+    "licenseErrorKeyActivate": "Failed to activate license key",
+    "licenseErrorKeyActivateDescription": "An error occurred while activating the license key.",
+    "licenseAbout": "About Licensing",
+    "communityEdition": "Community Edition",
+    "licenseAboutDescription": "This is for business and enterprise users who are using Pangolin in a commercial environment. If you are using Pangolin for personal use, you can ignore this section.",
+    "licenseKeyActivated": "License key activated",
+    "licenseKeyActivatedDescription": "The license key has been successfully activated.",
+    "licenseErrorKeyRecheck": "Failed to recheck license keys",
+    "licenseErrorKeyRecheckDescription": "An error occurred rechecking license keys.",
+    "licenseErrorKeyRechecked": "License keys rechecked",
+    "licenseErrorKeyRecheckedDescription": "All license keys have been rechecked",
+    "licenseActivateKey": "Activate License Key",
+    "licenseActivateKeyDescription": "Enter a license key to activate it.",
+    "licenseActivate": "Activate License",
+    "licenseAgreement": "By checking this box, you confirm that you have read and agree to the license terms corresponding to the tier associated with your license key.",
+    "fossorialLicense": "View Fossorial Commercial License & Subscription Terms",
+    "licenseMessageRemove": "This will remove the license key and all associated permissions granted by it.",
+    "licenseMessageConfirm": "To confirm, please type the license key below.",
+    "licenseQuestionRemove": "Are you sure you want to delete the license key {selectedKey} ?",
+    "licenseKeyDelete": "Delete License Key",
+    "licenseKeyDeleteConfirm": "Confirm Delete License Key",
+    "licenseTitle": "Manage License Status",
+    "licenseTitleDescription": "View and manage license keys in the system",
+    "licenseHost": "Host License",
+    "licenseHostDescription": "Manage the main license key for the host.",
+    "licensedNot": "Not Licensed",
+    "hostId": "Host ID",
+    "licenseReckeckAll": "Recheck All Keys",
+    "licenseSiteUsage": "Sites Usage",
+    "licenseSiteUsageDecsription": "View the number of sites using this license.",
+    "licenseNoSiteLimit": "There is no limit on the number of sites using an unlicensed host.",
+    "licensePurchase": "Purchase License",
+    "licensePurchaseSites": "Purchase Additional Sites",
+    "licenseSitesUsedMax": "{usedSites} of {maxSites} sites used",
+    "licenseSitesUsed": "{count, plural, =0 {# sites} one {# site} other {# sites}} in system.",
+    "licensePurchaseDescription": "Choose how many sites you want to {selectedMode, select, license {purchase a license for. You can always add more sites later.} other {add to your existing license.}}",
+    "licenseFee": "License fee",
+    "licensePriceSite": "Price per site",
+    "total": "Total",
+    "licenseContinuePayment": "Continue to Payment",
+    "pricingPage": "pricing page",
+    "pricingPortal": "See Purchase Portal",
+    "licensePricingPage": "For the most up-to-date pricing and discounts, please visit the ",
+    "invite": "Invitations",
+    "inviteRegenerate": "Regenerate Invitation",
+    "inviteRegenerateDescription": "Revoke previous invitation and create a new one",
+    "inviteRemove": "Remove Invitation",
+    "inviteRemoveError": "Failed to remove invitation",
+    "inviteRemoveErrorDescription": "An error occurred while removing the invitation.",
+    "inviteRemoved": "Invitation removed",
+    "inviteRemovedDescription": "The invitation for {email} has been removed.",
+    "inviteQuestionRemove": "Are you sure you want to remove the invitation {email}?",
+    "inviteMessageRemove": "Once removed, this invitation will no longer be valid. You can always re-invite the user later.",
+    "inviteMessageConfirm": "To confirm, please type the email address of the invitation below.",
+    "inviteQuestionRegenerate": "Are you sure you want to regenerate the invitation for {email}? This will revoke the previous invitation.",
+    "inviteRemoveConfirm": "Confirm Remove Invitation",
+    "inviteRegenerated": "Invitation Regenerated",
+    "inviteSent": "A new invitation has been sent to {email}.",
+    "inviteSentEmail": "Send email notification to the user",
+    "inviteGenerate": "A new invitation has been generated for {email}.",
+    "inviteDuplicateError": "Duplicate Invite",
+    "inviteDuplicateErrorDescription": "An invitation for this user already exists.",
+    "inviteRateLimitError": "Rate Limit Exceeded",
+    "inviteRateLimitErrorDescription": "You have exceeded the limit of 3 regenerations per hour. Please try again later.",
+    "inviteRegenerateError": "Failed to Regenerate Invitation",
+    "inviteRegenerateErrorDescription": "An error occurred while regenerating the invitation.",
+    "inviteValidityPeriod": "Validity Period",
+    "inviteValidityPeriodSelect": "Select validity period",
+    "inviteRegenerateMessage": "The invitation has been regenerated. The user must access the link below to accept the invitation.",
+    "inviteRegenerateButton": "Regenerate",
+    "expiresAt": "Expires At",
+    "accessRoleUnknown": "Unknown Role",
+    "placeholder": "Placeholder",
+    "userErrorOrgRemove": "Failed to remove user",
+    "userErrorOrgRemoveDescription": "An error occurred while removing the user.",
+    "userOrgRemoved": "User removed",
+    "userOrgRemovedDescription": "The user {email} has been removed from the organization.",
+    "userQuestionOrgRemove": "Are you sure you want to remove {email} from the organization?",
+    "userMessageOrgRemove": "Once removed, this user will no longer have access to the organization. You can always re-invite them later, but they will need to accept the invitation again.",
+    "userMessageOrgConfirm": "To confirm, please type the name of the of the user below.",
+    "userRemoveOrgConfirm": "Confirm Remove User",
+    "userRemoveOrg": "Remove User from Organization",
+    "users": "Users",
+    "accessRoleMember": "Member",
+    "accessRoleOwner": "Owner",
+    "userConfirmed": "Confirmed",
+    "idpNameInternal": "Internal",
+    "emailInvalid": "Invalid email address",
+    "inviteValidityDuration": "Please select a duration",
+    "accessRoleSelectPlease": "Please select a role",
+    "usernameRequired": "Username is required",
+    "idpSelectPlease": "Please select an identity provider",
+    "idpGenericOidc": "Generic OAuth2/OIDC provider.",
+    "accessRoleErrorFetch": "Failed to fetch roles",
+    "accessRoleErrorFetchDescription": "An error occurred while fetching the roles",
+    "idpErrorFetch": "Failed to fetch identity providers",
+    "idpErrorFetchDescription": "An error occurred while fetching identity providers",
+    "userErrorExists": "User Already Exists",
+    "userErrorExistsDescription": "This user is already a member of the organization.",
+    "inviteError": "Failed to invite user",
+    "inviteErrorDescription": "An error occurred while inviting the user",
+    "userInvited": "User invited",
+    "userInvitedDescription": "The user has been successfully invited.",
+    "userErrorCreate": "Failed to create user",
+    "userErrorCreateDescription": "An error occurred while creating the user",
+    "userCreated": "User created",
+    "userCreatedDescription": "The user has been successfully created.",
+    "userTypeInternal": "Internal User",
+    "userTypeInternalDescription": "Invite a user to join your organization directly.",
+    "userTypeExternal": "External User",
+    "userTypeExternalDescription": "Create a user with an external identity provider.",
+    "accessUserCreateDescription": "Follow the steps below to create a new user",
+    "userSeeAll": "See All Users",
+    "userTypeTitle": "User Type",
+    "userTypeDescription": "Determine how you want to create the user",
+    "userSettings": "User Information",
+    "userSettingsDescription": "Enter the details for the new user",
+    "inviteEmailSent": "Send invite email to user",
+    "inviteValid": "Valid For",
+    "selectDuration": "Select duration",
+    "accessRoleSelect": "Select role",
+    "inviteEmailSentDescription": "An email has been sent to the user with the access link below. They must access the link to accept the invitation.",
+    "inviteSentDescription": "The user has been invited. They must access the link below to accept the invitation.",
+    "inviteExpiresIn": "The invite will expire in {days, plural, one {# day} other {# days}}.",
+    "idpTitle": "Identity Provider",
+    "idpSelect": "Select the identity provider for the external user",
+    "idpNotConfigured": "No identity providers are configured. Please configure an identity provider before creating external users.",
+    "usernameUniq": "This must match the unique username that exists in the selected identity provider.",
+    "emailOptional": "Email (Optional)",
+    "nameOptional": "Name (Optional)",
+    "accessControls": "Access Controls",
+    "userDescription2": "Manage the settings on this user",
+    "accessRoleErrorAdd": "Failed to add user to role",
+    "accessRoleErrorAddDescription": "An error occurred while adding user to the role.",
+    "userSaved": "User saved",
+    "userSavedDescription": "The user has been updated.",
+    "accessControlsDescription": "Manage what this user can access and do in the organization",
+    "accessControlsSubmit": "Save Access Controls",
+    "roles": "Roles",
+    "accessUsersRoles": "Manage Users & Roles",
+    "accessUsersRolesDescription": "Invite users and add them to roles to manage access to your organization",
+    "key": "Key",
+    "createdAt": "Created At",
+    "proxyErrorInvalidHeader": "Invalid custom Host Header value. Use domain name format, or save empty to unset custom Host Header.",
+    "proxyErrorTls": "Invalid TLS Server Name. Use domain name format, or save empty to remove the TLS Server Name.",
+    "proxyEnableSSL": "Enable SSL (https)",
+    "targetErrorFetch": "Failed to fetch targets",
+    "targetErrorFetchDescription": "An error occurred while fetching targets",
+    "siteErrorFetch": "Failed to fetch resource",
+    "siteErrorFetchDescription": "An error occurred while fetching resource",
+    "targetErrorDuplicate": "Duplicate target",
+    "targetErrorDuplicateDescription": "A target with these settings already exists",
+    "targetWireGuardErrorInvalidIp": "Invalid target IP",
+    "targetWireGuardErrorInvalidIpDescription": "Target IP must be within the site subnet",
+    "targetsUpdated": "Targets updated",
+    "targetsUpdatedDescription": "Targets and settings updated successfully",
+    "targetsErrorUpdate": "Failed to update targets",
+    "targetsErrorUpdateDescription": "An error occurred while updating targets",
+    "targetTlsUpdate": "TLS settings updated",
+    "targetTlsUpdateDescription": "Your TLS settings have been updated successfully",
+    "targetErrorTlsUpdate": "Failed to update TLS settings",
+    "targetErrorTlsUpdateDescription": "An error occurred while updating TLS settings",
+    "proxyUpdated": "Proxy settings updated",
+    "proxyUpdatedDescription": "Your proxy settings have been updated successfully",
+    "proxyErrorUpdate": "Failed to update proxy settings",
+    "proxyErrorUpdateDescription": "An error occurred while updating proxy settings",
+    "targetAddr": "IP / Hostname",
+    "targetPort": "Port",
+    "targetProtocol": "Protocol",
+    "targetTlsSettings": "Secure Connection Configuration",
+    "targetTlsSettingsDescription": "Configure SSL/TLS settings for your resource",
+    "targetTlsSettingsAdvanced": "Advanced TLS Settings",
+    "targetTlsSni": "TLS Server Name (SNI)",
+    "targetTlsSniDescription": "The TLS Server Name to use for SNI. Leave empty to use the default.",
+    "targetTlsSubmit": "Save Settings",
+    "targets": "Targets Configuration",
+    "targetsDescription": "Set up targets to route traffic to your services",
+    "targetStickySessions": "Enable Sticky Sessions",
+    "targetStickySessionsDescription": "Keep connections on the same backend target for their entire session.",
+    "methodSelect": "Select method",
+    "targetSubmit": "Add Target",
+    "targetNoOne": "No targets. Add a target using the form.",
+    "targetNoOneDescription": "Adding more than one target above will enable load balancing.",
+    "targetsSubmit": "Save Targets",
+    "proxyAdditional": "Additional Proxy Settings",
+    "proxyAdditionalDescription": "Configure how your resource handles proxy settings",
+    "proxyCustomHeader": "Custom Host Header",
+    "proxyCustomHeaderDescription": "The host header to set when proxying requests. Leave empty to use the default.",
+    "proxyAdditionalSubmit": "Save Proxy Settings",
+    "subnetMaskErrorInvalid": "Invalid subnet mask. Must be between 0 and 32.",
+    "ipAddressErrorInvalidFormat": "Invalid IP address format",
+    "ipAddressErrorInvalidOctet": "Invalid IP address octet",
+    "path": "Path",
+    "ipAddressRange": "IP Range",
+    "rulesErrorFetch": "Failed to fetch rules",
+    "rulesErrorFetchDescription": "An error occurred while fetching rules",
+    "rulesErrorDuplicate": "Duplicate rule",
+    "rulesErrorDuplicateDescription": "A rule with these settings already exists",
+    "rulesErrorInvalidIpAddressRange": "Invalid CIDR",
+    "rulesErrorInvalidIpAddressRangeDescription": "Please enter a valid CIDR value",
+    "rulesErrorInvalidUrl": "Invalid URL path",
+    "rulesErrorInvalidUrlDescription": "Please enter a valid URL path value",
+    "rulesErrorInvalidIpAddress": "Invalid IP",
+    "rulesErrorInvalidIpAddressDescription": "Please enter a valid IP address",
+    "rulesErrorUpdate": "Failed to update rules",
+    "rulesErrorUpdateDescription": "An error occurred while updating rules",
+    "rulesUpdated": "Enable Rules",
+    "rulesUpdatedDescription": "Rule evaluation has been updated",
+    "rulesMatchIpAddressRangeDescription": "Enter an address in CIDR format (e.g., 103.21.244.0/22)",
+    "rulesMatchIpAddress": "Enter an IP address (e.g., 103.21.244.12)",
+    "rulesMatchUrl": "Enter a URL path or pattern (e.g., /api/v1/todos or /api/v1/*)",
+    "rulesErrorInvalidPriority": "Invalid Priority",
+    "rulesErrorInvalidPriorityDescription": "Please enter a valid priority",
+    "rulesErrorDuplicatePriority": "Duplicate Priorities",
+    "rulesErrorDuplicatePriorityDescription": "Please enter unique priorities",
+    "ruleUpdated": "Rules updated",
+    "ruleUpdatedDescription": "Rules updated successfully",
+    "ruleErrorUpdate": "Operation failed",
+    "ruleErrorUpdateDescription": "An error occurred during the save operation",
+    "rulesPriority": "Priority",
+    "rulesAction": "Action",
+    "rulesMatchType": "Match Type",
+    "value": "Value",
+    "rulesAbout": "About Rules",
+    "rulesAboutDescription": "Rules allow you to control access to your resource based on a set of criteria. You can create rules to allow or deny access based on IP address or URL path.",
+    "rulesActions": "Actions",
+    "rulesActionAlwaysAllow": "Always Allow: Bypass all authentication methods",
+    "rulesActionAlwaysDeny": "Always Deny: Block all requests; no authentication can be attempted",
+    "rulesMatchCriteria": "Matching Criteria",
+    "rulesMatchCriteriaIpAddress": "Match a specific IP address",
+    "rulesMatchCriteriaIpAddressRange": "Match a range of IP addresses in CIDR notation",
+    "rulesMatchCriteriaUrl": "Match a URL path or pattern",
+    "rulesEnable": "Enable Rules",
+    "rulesEnableDescription": "Enable or disable rule evaluation for this resource",
+    "rulesResource": "Resource Rules Configuration",
+    "rulesResourceDescription": "Configure rules to control access to your resource",
+    "ruleSubmit": "Add Rule",
+    "rulesNoOne": "No rules. Add a rule using the form.",
+    "rulesOrder": "Rules are evaluated by priority in ascending order.",
+    "rulesSubmit": "Save Rules",
+    "resourceErrorCreate": "Error creating resource",
+    "resourceErrorCreateDescription": "An error occurred when creating the resource",
+    "resourceErrorCreateMessage": "Error creating resource:",
+    "resourceErrorCreateMessageDescription": "An unexpected error occurred",
+    "sitesErrorFetch": "Error fetching sites",
+    "sitesErrorFetchDescription": "An error occurred when fetching the sites",
+    "domainsErrorFetch": "Error fetching domains",
+    "domainsErrorFetchDescription": "An error occurred when fetching the domains",
+    "none": "None",
+    "unknown": "Unknown",
+    "resources": "Resources",
+    "resourcesDescription": "Resources are proxies to applications running on your private network. Create a resource for any HTTP/HTTPS or raw TCP/UDP service on your private network. Each resource must be connected to a site to enable private, secure connectivity through an encrypted WireGuard tunnel.",
+    "resourcesWireGuardConnect": "Secure connectivity with WireGuard encryption",
+    "resourcesMultipleAuthenticationMethods": "Configure multiple authentication methods",
+    "resourcesUsersRolesAccess": "User and role-based access control",
+    "resourcesErrorUpdate": "Failed to toggle resource",
+    "resourcesErrorUpdateDescription": "An error occurred while updating the resource",
+    "access": "Access",
+    "shareLink": "{resource} Share Link",
+    "resourceSelect": "Select resource",
+    "shareLinks": "Share Links",
+    "share": "Shareable Links",
+    "shareDescription2": "Create shareable links to your resources. Links provide temporary or unlimited access to your resource. You can configure the expiration duration of the link when you create one.",
+    "shareEasyCreate": "Easy to create and share",
+    "shareConfigurableExpirationDuration": "Configurable expiration duration",
+    "shareSecureAndRevocable": "Secure and revocable",
+    "nameMin": "Name must be at least {len} characters.",
+    "nameMax": "Name must not be longer than {len} characters.",
+    "sitesConfirmCopy": "Please confirm that you have copied the config.",
+    "unknownCommand": "Unknown command",
+    "newtErrorFetchReleases": "Failed to fetch release info: {err}",
+    "newtErrorFetchLatest": "Error fetching latest release: {err}",
+    "newtEndpoint": "Newt Endpoint",
+    "newtId": "Newt ID",
+    "newtSecretKey": "Newt Secret Key",
+    "architecture": "Architecture",
+    "sites": "Sites",
+    "siteWgAnyClients": "Use any WireGuard client to connect. You will have to address your internal resources using the peer IP.",
+    "siteWgCompatibleAllClients": "Compatible with all WireGuard clients",
+    "siteWgManualConfigurationRequired": "Manual configuration required",
+    "userErrorNotAdminOrOwner": "User is not an admin or owner",
+    "pangolinSettings": "Settings - Pangolin",
+    "accessRoleYour": "Your role:",
+    "accessRoleSelect2": "Select a role",
+    "accessUserSelect": "Select a user",
+    "otpEmailEnter": "Enter an email",
+    "otpEmailEnterDescription": "Press enter to add an email after typing it in the input field.",
+    "otpEmailErrorInvalid": "Invalid email address. Wildcard (*) must be the entire local part.",
+    "otpEmailSmtpRequired": "SMTP Required",
+    "otpEmailSmtpRequiredDescription": "SMTP must be enabled on the server to use one-time password authentication.",
+    "otpEmailTitle": "One-time Passwords",
+    "otpEmailTitleDescription": "Require email-based authentication for resource access",
+    "otpEmailWhitelist": "Email Whitelist",
+    "otpEmailWhitelistList": "Whitelisted Emails",
+    "otpEmailWhitelistListDescription": "Only users with these email addresses will be able to access this resource. They will be prompted to enter a one-time password sent to their email. Wildcards (*@example.com) can be used to allow any email address from a domain.",
+    "otpEmailWhitelistSave": "Save Whitelist",
+    "passwordAdd": "Add Password",
+    "passwordRemove": "Remove Password",
+    "pincodeAdd": "Add PIN Code",
+    "pincodeRemove": "Remove PIN Code",
+    "resourceAuthMethods": "Authentication Methods",
+    "resourceAuthMethodsDescriptions": "Allow access to the resource via additional auth methods",
+    "resourceAuthSettingsSave": "Saved successfully",
+    "resourceAuthSettingsSaveDescription": "Authentication settings have been saved",
+    "resourceErrorAuthFetch": "Failed to fetch data",
+    "resourceErrorAuthFetchDescription": "An error occurred while fetching the data",
+    "resourceErrorPasswordRemove": "Error removing resource password",
+    "resourceErrorPasswordRemoveDescription": "An error occurred while removing the resource password",
+    "resourceErrorPasswordSetup": "Error setting resource password",
+    "resourceErrorPasswordSetupDescription": "An error occurred while setting the resource password",
+    "resourceErrorPincodeRemove": "Error removing resource pincode",
+    "resourceErrorPincodeRemoveDescription": "An error occurred while removing the resource pincode",
+    "resourceErrorPincodeSetup": "Error setting resource PIN code",
+    "resourceErrorPincodeSetupDescription": "An error occurred while setting the resource PIN code",
+    "resourceErrorUsersRolesSave": "Failed to set roles",
+    "resourceErrorUsersRolesSaveDescription": "An error occurred while setting the roles",
+    "resourceErrorWhitelistSave": "Failed to save whitelist",
+    "resourceErrorWhitelistSaveDescription": "An error occurred while saving the whitelist",
+    "resourcePasswordSubmit": "Enable Password Protection",
+    "resourcePasswordProtection": "Password Protection {status}",
+    "resourcePasswordRemove": "Resource password removed",
+    "resourcePasswordRemoveDescription": "The resource password has been removed successfully",
+    "resourcePasswordSetup": "Resource password set",
+    "resourcePasswordSetupDescription": "The resource password has been set successfully",
+    "resourcePasswordSetupTitle": "Set Password",
+    "resourcePasswordSetupTitleDescription": "Set a password to protect this resource",
+    "resourcePincode": "PIN Code",
+    "resourcePincodeSubmit": "Enable PIN Code Protection",
+    "resourcePincodeProtection": "PIN Code Protection {status}",
+    "resourcePincodeRemove": "Resource pincode removed",
+    "resourcePincodeRemoveDescription": "The resource password has been removed successfully",
+    "resourcePincodeSetup": "Resource PIN code set",
+    "resourcePincodeSetupDescription": "The resource pincode has been set successfully",
+    "resourcePincodeSetupTitle": "Set Pincode",
+    "resourcePincodeSetupTitleDescription": "Set a pincode to protect this resource",
+    "resourceRoleDescription": "Admins can always access this resource.",
+    "resourceUsersRoles": "Users & Roles",
+    "resourceUsersRolesDescription": "Configure which users and roles can visit this resource",
+    "resourceUsersRolesSubmit": "Save Users & Roles",
+    "resourceWhitelistSave": "Saved successfully",
+    "resourceWhitelistSaveDescription": "Whitelist settings have been saved",
+    "ssoUse": "Use Platform SSO",
+    "ssoUseDescription": "Existing users will only have to log in once for all resources that have this enabled.",
+    "proxyErrorInvalidPort": "Invalid port number",
+    "subdomainErrorInvalid": "Invalid subdomain",
+    "domainErrorFetch": "Error fetching domains",
+    "domainErrorFetchDescription": "An error occurred when fetching the domains",
+    "resourceErrorUpdate": "Failed to update resource",
+    "resourceErrorUpdateDescription": "An error occurred while updating the resource",
+    "resourceUpdated": "Resource updated",
+    "resourceUpdatedDescription": "The resource has been updated successfully",
+    "resourceErrorTransfer": "Failed to transfer resource",
+    "resourceErrorTransferDescription": "An error occurred while transferring the resource",
+    "resourceTransferred": "Resource transferred",
+    "resourceTransferredDescription": "The resource has been transferred successfully",
+    "resourceErrorToggle": "Failed to toggle resource",
+    "resourceErrorToggleDescription": "An error occurred while updating the resource",
+    "resourceVisibilityTitle": "Visibility",
+    "resourceVisibilityTitleDescription": "Completely enable or disable resource visibility",
+    "resourceGeneral": "General Settings",
+    "resourceGeneralDescription": "Configure the general settings for this resource",
+    "resourceEnable": "Enable Resource",
+    "resourceTransfer": "Transfer Resource",
+    "resourceTransferDescription": "Transfer this resource to a different site",
+    "resourceTransferSubmit": "Transfer Resource",
+    "siteDestination": "Destination Site",
+    "searchSites": "Search sites",
+    "accessRoleCreate": "Create Role",
+    "accessRoleCreateDescription": "Create a new role to group users and manage their permissions.",
+    "accessRoleCreateSubmit": "Create Role",
+    "accessRoleCreated": "Role created",
+    "accessRoleCreatedDescription": "The role has been successfully created.",
+    "accessRoleErrorCreate": "Failed to create role",
+    "accessRoleErrorCreateDescription": "An error occurred while creating the role.",
+    "accessRoleErrorNewRequired": "New role is required",
+    "accessRoleErrorRemove": "Failed to remove role",
+    "accessRoleErrorRemoveDescription": "An error occurred while removing the role.",
+    "accessRoleName": "Role Name",
+    "accessRoleQuestionRemove": "You're about to delete the {name} role. You cannot undo this action.",
+    "accessRoleRemove": "Remove Role",
+    "accessRoleRemoveDescription": "Remove a role from the organization",
+    "accessRoleRemoveSubmit": "Remove Role",
+    "accessRoleRemoved": "Role removed",
+    "accessRoleRemovedDescription": "The role has been successfully removed.",
+    "accessRoleRequiredRemove": "Before deleting this role, please select a new role to transfer existing members to.",
+    "manage": "Manage",
+    "sitesNotFound": "No sites found.",
+    "pangolinServerAdmin": "Server Admin - Pangolin",
+    "licenseTierProfessional": "Professional License",
+    "licenseTierEnterprise": "Enterprise License",
+    "licenseTierCommercial": "Commercial License",
+    "licensed": "Licensed",
+    "yes": "Yes",
+    "no": "No",
+    "sitesAdditional": "Additional Sites",
+    "licenseKeys": "License Keys",
+    "sitestCountDecrease": "Decrease site count",
+    "sitestCountIncrease": "Increase site count",
+    "idpManage": "Manage Identity Providers",
+    "idpManageDescription": "View and manage identity providers in the system",
+    "idpDeletedDescription": "Identity provider deleted successfully",
+    "idpOidc": "OAuth2/OIDC",
+    "idpQuestionRemove": "Are you sure you want to permanently delete the identity provider {name}?",
+    "idpMessageRemove": "This will remove the identity provider and all associated configurations. Users who authenticate through this provider will no longer be able to log in.",
+    "idpMessageConfirm": "To confirm, please type the name of the identity provider below.",
+    "idpConfirmDelete": "Confirm Delete Identity Provider",
+    "idpDelete": "Delete Identity Provider",
+    "idp": "Identity Providers",
+    "idpSearch": "Search identity providers...",
+    "idpAdd": "Add Identity Provider",
+    "idpClientIdRequired": "Client ID is required.",
+    "idpClientSecretRequired": "Client Secret is required.",
+    "idpErrorAuthUrlInvalid": "Auth URL must be a valid URL.",
+    "idpErrorTokenUrlInvalid": "Token URL must be a valid URL.",
+    "idpPathRequired": "Identifier Path is required.",
+    "idpScopeRequired": "Scopes are required.",
+    "idpOidcDescription": "Configure an OpenID Connect identity provider",
+    "idpCreatedDescription": "Identity provider created successfully",
+    "idpCreate": "Create Identity Provider",
+    "idpCreateDescription": "Configure a new identity provider for user authentication",
+    "idpSeeAll": "See All Identity Providers",
+    "idpSettingsDescription": "Configure the basic information for your identity provider",
+    "idpDisplayName": "A display name for this identity provider",
+    "idpAutoProvisionUsers": "Auto Provision Users",
+    "idpAutoProvisionUsersDescription": "When enabled, users will be automatically created in the system upon first login with the ability to map users to roles and organizations.",
+    "licenseBadge": "Professional",
+    "idpType": "Provider Type",
+    "idpTypeDescription": "Select the type of identity provider you want to configure",
+    "idpOidcConfigure": "OAuth2/OIDC Configuration",
+    "idpOidcConfigureDescription": "Configure the OAuth2/OIDC provider endpoints and credentials",
+    "idpClientId": "Client ID",
+    "idpClientIdDescription": "The OAuth2 client ID from your identity provider",
+    "idpClientSecret": "Client Secret",
+    "idpClientSecretDescription": "The OAuth2 client secret from your identity provider",
+    "idpAuthUrl": "Authorization URL",
+    "idpAuthUrlDescription": "The OAuth2 authorization endpoint URL",
+    "idpTokenUrl": "Token URL",
+    "idpTokenUrlDescription": "The OAuth2 token endpoint URL",
+    "idpOidcConfigureAlert": "Important Information",
+    "idpOidcConfigureAlertDescription": "After creating the identity provider, you will need to configure the callback URL in your identity provider's settings. The callback URL will be provided after successful creation.",
+    "idpToken": "Token Configuration",
+    "idpTokenDescription": "Configure how to extract user information from the ID token",
+    "idpJmespathAbout": "About JMESPath",
+    "idpJmespathAboutDescription": "The paths below use JMESPath syntax to extract values from the ID token.",
+    "idpJmespathAboutDescriptionLink": "Learn more about JMESPath",
+    "idpJmespathLabel": "Identifier Path",
+    "idpJmespathLabelDescription": "The path to the user identifier in the ID token",
+    "idpJmespathEmailPathOptional": "Email Path (Optional)",
+    "idpJmespathEmailPathOptionalDescription": "The path to the user's email in the ID token",
+    "idpJmespathNamePathOptional": "Name Path (Optional)",
+    "idpJmespathNamePathOptionalDescription": "The path to the user's name in the ID token",
+    "idpOidcConfigureScopes": "Scopes",
+    "idpOidcConfigureScopesDescription": "Space-separated list of OAuth2 scopes to request",
+    "idpSubmit": "Create Identity Provider",
+    "orgPolicies": "Organization Policies",
+    "idpSettings": "{idpName} Settings",
+    "idpCreateSettingsDescription": "Configure the settings for your identity provider",
+    "roleMapping": "Role Mapping",
+    "orgMapping": "Organization Mapping",
+    "orgPoliciesSearch": "Search organization policies...",
+    "orgPoliciesAdd": "Add Organization Policy",
+    "orgRequired": "Organization is required",
+    "error": "Error",
+    "success": "Success",
+    "orgPolicyAddedDescription": "Policy added successfully",
+    "orgPolicyUpdatedDescription": "Policy updated successfully",
+    "orgPolicyDeletedDescription": "Policy deleted successfully",
+    "defaultMappingsUpdatedDescription": "Default mappings updated successfully",
+    "orgPoliciesAbout": "About Organization Policies",
+    "orgPoliciesAboutDescription": "Organization policies are used to control access to organizations based on the user's ID token. You can specify JMESPath expressions to extract role and organization information from the ID token.",
+    "orgPoliciesAboutDescriptionLink": "See documentation, for more information.",
+    "defaultMappingsOptional": "Default Mappings (Optional)",
+    "defaultMappingsOptionalDescription": "The default mappings are used when when there is not an organization policy defined for an organization. You can specify the default role and organization mappings to fall back to here.",
+    "defaultMappingsRole": "Default Role Mapping",
+    "defaultMappingsRoleDescription": "The result of this expression must return the role name as defined in the organization as a string.",
+    "defaultMappingsOrg": "Default Organization Mapping",
+    "defaultMappingsOrgDescription": "This expression must return the org ID or true for the user to be allowed to access the organization.",
+    "defaultMappingsSubmit": "Save Default Mappings",
+    "orgPoliciesEdit": "Edit Organization Policy",
+    "org": "Organization",
+    "orgSelect": "Select organization",
+    "orgSearch": "Search org",
+    "orgNotFound": "No org found.",
+    "roleMappingPathOptional": "Role Mapping Path (Optional)",
+    "orgMappingPathOptional": "Organization Mapping Path (Optional)",
+    "orgPolicyUpdate": "Update Policy",
+    "orgPolicyAdd": "Add Policy",
+    "orgPolicyConfig": "Configure access for an organization",
+    "idpUpdatedDescription": "Identity provider updated successfully",
+    "redirectUrl": "Redirect URL",
+    "redirectUrlAbout": "About Redirect URL",
+    "redirectUrlAboutDescription": "This is the URL to which users will be redirected after authentication. You need to configure this URL in your identity provider settings.",
+    "pangolinAuth": "Auth - Pangolin",
+    "verificationCodeLengthRequirements": "Your verification code must be 8 characters.",
+    "errorOccurred": "An error occurred",
+    "emailErrorVerify": "Failed to verify email:",
+    "emailVerified": "Email successfully verified! Redirecting you...",
+    "verificationCodeErrorResend": "Failed to resend verification code:",
+    "verificationCodeResend": "Verification code resent",
+    "verificationCodeResendDescription": "We've resent a verification code to your email address. Please check your inbox.",
+    "emailVerify": "Verify Email",
+    "emailVerifyDescription": "Enter the verification code sent to your email address.",
+    "verificationCode": "Verification Code",
+    "verificationCodeEmailSent": "We sent a verification code to your email address.",
+    "submit": "Submit",
+    "emailVerifyResendProgress": "Resending...",
+    "emailVerifyResend": "Didn't receive a code? Click here to resend",
+    "passwordNotMatch": "Passwords do not match",
+    "signupError": "An error occurred while signing up",
+    "pangolinLogoAlt": "Pangolin Logo",
+    "inviteAlready": "Looks like you've been invited!",
+    "inviteAlreadyDescription": "To accept the invite, you must log in or create an account.",
+    "signupQuestion": "Already have an account?",
+    "login": "Log in",
+    "resourceNotFound": "Resource Not Found",
+    "resourceNotFoundDescription": "The resource you're trying to access does not exist.",
+    "pincodeRequirementsLength": "PIN must be exactly 6 digits",
+    "pincodeRequirementsChars": "PIN must only contain numbers",
+    "passwordRequirementsLength": "Password must be at least 1 character long",
+    "otpEmailRequirementsLength": "OTP must be at least 1 character long",
+    "otpEmailSent": "OTP Sent",
+    "otpEmailSentDescription": "An OTP has been sent to your email",
+    "otpEmailErrorAuthenticate": "Failed to authenticate with email",
+    "pincodeErrorAuthenticate": "Failed to authenticate with pincode",
+    "passwordErrorAuthenticate": "Failed to authenticate with password",
+    "poweredBy": "Powered by",
+    "authenticationRequired": "Authentication Required",
+    "authenticationMethodChoose": "Choose your preferred method to access {name}",
+    "authenticationRequest": "You must authenticate to access {name}",
+    "user": "User",
+    "pincodeInput": "6-digit PIN Code",
+    "pincodeSubmit": "Log in with PIN",
+    "passwordSubmit": "Log In with Password",
+    "otpEmailDescription": "A one-time code will be sent to this email.",
+    "otpEmailSend": "Send One-time Code",
+    "otpEmail": "One-Time Password (OTP)",
+    "otpEmailSubmit": "Submit OTP",
+    "backToEmail": "Back to Email",
+    "noSupportKey": "Server is running without a supporter key. Consider supporting the project!",
+    "accessDenied": "Access Denied",
+    "accessDeniedDescription": "You're not allowed to access this resource. If this is a mistake, please contact the administrator.",
+    "accessTokenError": "Error checking access token",
+    "accessGranted": "Access Granted",
+    "accessUrlInvalid": "Access URL Invalid",
+    "accessGrantedDescription": "You have been granted access to this resource. Redirecting you...",
+    "accessUrlInvalidDescription": "This shared access URL is invalid. Please contact the resource owner for a new URL.",
+    "tokenInvalid": "Invalid token",
+    "pincodeInvalid": "Invalid code",
+    "passwordErrorRequestReset": "Failed to request reset:",
+    "passwordErrorReset": "Failed to reset password:",
+    "passwordResetSuccess": "Password reset successfully! Back to log in...",
+    "passwordReset": "Reset Password",
+    "passwordResetDescription": "Follow the steps to reset your password",
+    "passwordResetSent": "We'll send a password reset code to this email address.",
+    "passwordResetCode": "Reset Code",
+    "passwordResetCodeDescription": "Check your email for the reset code.",
+    "passwordNew": "New Password",
+    "passwordNewConfirm": "Confirm New Password",
+    "pincodeAuth": "Authenticator Code",
+    "pincodeSubmit2": "Submit Code",
+    "passwordResetSubmit": "Request Reset",
+    "passwordBack": "Back to Password",
+    "loginBack": "Go back to log in",
+    "signup": "Sign up",
+    "loginStart": "Log in to get started",
+    "idpOidcTokenValidating": "Validating OIDC token",
+    "idpOidcTokenResponse": "Validate OIDC token response",
+    "idpErrorOidcTokenValidating": "Error validating OIDC token",
+    "idpConnectingTo": "Connecting to {name}",
+    "idpConnectingToDescription": "Validating your identity",
+    "idpConnectingToProcess": "Connecting...",
+    "idpConnectingToFinished": "Connected",
+    "idpErrorConnectingTo": "There was a problem connecting to {name}. Please contact your administrator.",
+    "idpErrorNotFound": "IdP not found",
+    "inviteInvalid": "Invalid Invite",
+    "inviteInvalidDescription": "The invite link is invalid.",
+    "inviteErrorWrongUser": "Invite is not for this user",
+    "inviteErrorUserNotExists": "User does not exist. Please create an account first.",
+    "inviteErrorLoginRequired": "You must be logged in to accept an invite",
+    "inviteErrorExpired": "The invite may have expired",
+    "inviteErrorRevoked": "The invite might have been revoked",
+    "inviteErrorTypo": "There could be a typo in the invite link",
+    "pangolinSetup": "Setup - Pangolin",
+    "orgNameRequired": "Organization name is required",
+    "orgIdRequired": "Organization ID is required",
+    "orgErrorCreate": "An error occurred while creating org",
+    "pageNotFound": "Page Not Found",
+    "pageNotFoundDescription": "Oops! The page you're looking for doesn't exist.",
+    "overview": "Overview",
+    "home": "Home",
+    "accessControl": "Access Control",
+    "settings": "Settings",
+    "usersAll": "All Users",
+    "license": "License",
+    "pangolinDashboard": "Dashboard - Pangolin",
+    "noResults": "No results found.",
+    "terabytes": "{count} TB",
+    "gigabytes": "{count} GB",
+    "megabytes": "{count} MB",
+    "tagsEntered": "Entered Tags",
+    "tagsEnteredDescription": "These are the tags you`ve entered.",
+    "tagsWarnCannotBeLessThanZero": "maxTags and minTags cannot be less than 0",
+    "tagsWarnNotAllowedAutocompleteOptions": "Tag not allowed as per autocomplete options",
+    "tagsWarnInvalid": "Invalid tag as per validateTag",
+    "tagWarnTooShort": "Tag {tagText} is too short",
+    "tagWarnTooLong": "Tag {tagText} is too long",
+    "tagsWarnReachedMaxNumber": "Reached the maximum number of tags allowed",
+    "tagWarnDuplicate": "Duplicate tag {tagText} not added",
+    "supportKeyInvalid": "Invalid Key",
+    "supportKeyInvalidDescription": "Your supporter key is invalid.",
+    "supportKeyValid": "Valid Key",
+    "supportKeyValidDescription": "Your supporter key has been validated. Thank you for your support!",
+    "supportKeyErrorValidationDescription": "Failed to validate supporter key.",
+    "supportKey": "Support Development and Adopt a Pangolin!",
+    "supportKeyDescription": "Purchase a supporter key to help us continue developing Pangolin for the community. Your contribution allows us to commit more time to maintain and add new features to the application for everyone. We will never use this to paywall features. This is separate from any Commercial Edition.",
+    "supportKeyPet": "You will also get to adopt and meet your very own pet Pangolin!",
+    "supportKeyPurchase": "Payments are processed via GitHub. Afterward, you can retrieve your key on",
+    "supportKeyPurchaseLink": "our website",
+    "supportKeyPurchase2": "and redeem it here.",
+    "supportKeyLearnMore": "Learn more.",
+    "supportKeyOptions": "Please select the option that best suits you.",
+    "supportKetOptionFull": "Full Supporter",
+    "forWholeServer": "For the whole server",
+    "lifetimePurchase": "Lifetime purchase",
+    "supporterStatus": "Supporter status",
+    "buy": "Buy",
+    "supportKeyOptionLimited": "Limited Supporter",
+    "forFiveUsers": "For 5 or less users",
+    "supportKeyRedeem": "Redeem Supporter Key",
+    "supportKeyHideSevenDays": "Hide for 7 days",
+    "supportKeyEnter": "Enter Supporter Key",
+    "supportKeyEnterDescription": "Meet your very own pet Pangolin!",
+    "githubUsername": "GitHub Username",
+    "supportKeyInput": "Supporter Key",
+    "supportKeyBuy": "Buy Supporter Key",
+    "logoutError": "Error logging out",
+    "signingAs": "Signed in as",
+    "serverAdmin": "Server Admin",
+    "otpEnable": "Enable Two-factor",
+    "otpDisable": "Disable Two-factor",
+    "logout": "Log Out",
+    "licenseTierProfessionalRequired": "Professional Edition Required",
+    "licenseTierProfessionalRequiredDescription": "This feature is only available in the Professional Edition.",
+    "actionGetOrg": "Get Organization",
+    "actionUpdateOrg": "Update Organization",
+    "actionUpdateUser": "Update User",
+    "actionGetUser": "Get User",
+    "actionGetOrgUser": "Get Organization User",
+    "actionListOrgDomains": "List Organization Domains",
+    "actionCreateSite": "Create Site",
+    "actionDeleteSite": "Delete Site",
+    "actionGetSite": "Get Site",
+    "actionListSites": "List Sites",
+    "actionUpdateSite": "Update Site",
+    "actionListSiteRoles": "List Allowed Site Roles",
+    "actionCreateResource": "Create Resource",
+    "actionDeleteResource": "Delete Resource",
+    "actionGetResource": "Get Resource",
+    "actionListResource": "List Resources",
+    "actionUpdateResource": "Update Resource",
+    "actionListResourceUsers": "List Resource Users",
+    "actionSetResourceUsers": "Set Resource Users",
+    "actionSetAllowedResourceRoles": "Set Allowed Resource Roles",
+    "actionListAllowedResourceRoles": "List Allowed Resource Roles",
+    "actionSetResourcePassword": "Set Resource Password",
+    "actionSetResourcePincode": "Set Resource Pincode",
+    "actionSetResourceEmailWhitelist": "Set Resource Email Whitelist",
+    "actionGetResourceEmailWhitelist": "Get Resource Email Whitelist",
+    "actionCreateTarget": "Create Target",
+    "actionDeleteTarget": "Delete Target",
+    "actionGetTarget": "Get Target",
+    "actionListTargets": "List Targets",
+    "actionUpdateTarget": "Update Target",
+    "actionCreateRole": "Create Role",
+    "actionDeleteRole": "Delete Role",
+    "actionGetRole": "Get Role",
+    "actionListRole": "List Roles",
+    "actionUpdateRole": "Update Role",
+    "actionListAllowedRoleResources": "List Allowed Role Resources",
+    "actionInviteUser": "Invite User",
+    "actionRemoveUser": "Remove User",
+    "actionListUsers": "List Users",
+    "actionAddUserRole": "Add User Role",
+    "actionGenerateAccessToken": "Generate Access Token",
+    "actionDeleteAccessToken": "Delete Access Token",
+    "actionListAccessTokens": "List Access Tokens",
+    "actionCreateResourceRule": "Create Resource Rule",
+    "actionDeleteResourceRule": "Delete Resource Rule",
+    "actionListResourceRules": "List Resource Rules",
+    "actionUpdateResourceRule": "Update Resource Rule",
+    "actionListOrgs": "List Organizations",
+    "actionCheckOrgId": "Check ID",
+    "actionCreateOrg": "Create Organization",
+    "actionDeleteOrg": "Delete Organization",
+    "actionListApiKeys": "List API Keys",
+    "actionListApiKeyActions": "List API Key Actions",
+    "actionSetApiKeyActions": "Set API Key Allowed Actions",
+    "actionCreateApiKey": "Create API Key",
+    "actionDeleteApiKey": "Delete API Key",
+    "actionCreateIdp": "Create IDP",
+    "actionUpdateIdp": "Update IDP",
+    "actionDeleteIdp": "Delete IDP",
+    "actionListIdps": "List IDP",
+    "actionGetIdp": "Get IDP",
+    "actionCreateIdpOrg": "Create IDP Org Policy",
+    "actionDeleteIdpOrg": "Delete IDP Org Policy",
+    "actionListIdpOrgs": "List IDP Orgs",
+    "actionUpdateIdpOrg": "Update IDP Org",
+    "noneSelected": "None selected",
+    "orgNotFound2": "No organizations found.",
+    "searchProgress": "Search...",
+    "create": "Create",
+    "orgs": "Organizations",
+    "loginError": "An error occurred while logging in",
+    "passwordForgot": "Forgot your password?",
+    "otpAuth": "Two-Factor Authentication",
+    "otpAuthDescription": "Enter the code from your authenticator app or one of your single-use backup codes.",
+    "otpAuthSubmit": "Submit Code",
+    "idpContinue": "Or continue with",
+    "otpAuthBack": "Back to Log In",
+    "navbar": "Navigation Menu",
+    "navbarDescription": "Main navigation menu for the application",
+    "navbarDocsLink": "Documentation",
+    "commercialEdition": "Commercial Edition",
+    "otpErrorEnable": "Unable to enable 2FA",
+    "otpErrorEnableDescription": "An error occurred while enabling 2FA",
+    "otpSetupCheckCode": "Please enter a 6-digit code",
+    "otpSetupCheckCodeRetry": "Invalid code. Please try again.",
+    "otpSetup": "Enable Two-factor Authentication",
+    "otpSetupDescription": "Secure your account with an extra layer of protection",
+    "otpSetupScanQr": "Scan this QR code with your authenticator app or enter the secret key manually:",
+    "otpSetupSecretCode": "Authenticator Code",
+    "otpSetupSuccess": "Two-Factor Authentication Enabled",
+    "otpSetupSuccessStoreBackupCodes": "Your account is now more secure. Don't forget to save your backup codes.",
+    "otpErrorDisable": "Unable to disable 2FA",
+    "otpErrorDisableDescription": "An error occurred while disabling 2FA",
+    "otpRemove": "Disable Two-factor Authentication",
+    "otpRemoveDescription": "Disable two-factor authentication for your account",
+    "otpRemoveSuccess": "Two-Factor Authentication Disabled",
+    "otpRemoveSuccessMessage": "Two-factor authentication has been disabled for your account. You can enable it again at any time.",
+    "otpRemoveSubmit": "Disable 2FA",
+    "paginator": "Page {current} of {last}",
+    "paginatorToFirst": "Go to first page",
+    "paginatorToPrevious": "Go to previous page",
+    "paginatorToNext": "Go to next page",
+    "paginatorToLast": "Go to last page",
+    "copyText": "Copy text",
+    "copyTextFailed": "Failed to copy text: ",
+    "copyTextClipboard": "Copy to clipboard",
+    "inviteErrorInvalidConfirmation": "Invalid confirmation",
+    "passwordRequired": "Password is required",
+    "allowAll": "Allow All",
+    "permissionsAllowAll": "Allow All Permissions",
+    "githubUsernameRequired": "GitHub username is required",
+    "supportKeyRequired": "Supporter key is required",
+    "passwordRequirementsChars": "Password must be at least 8 characters",
+    "language": "Language",
+    "verificationCodeRequired": "Code is required",
+    "userErrorNoUpdate": "No user to update",
+    "siteErrorNoUpdate": "No site to update",
+    "resourceErrorNoUpdate": "No resource to update",
+    "authErrorNoUpdate": "No auth info to update",
+    "orgErrorNoUpdate": "No org to update",
+    "orgErrorNoProvided": "No org provided",
+    "apiKeysErrorNoUpdate": "No API key to update",
+    "sidebarOverview": "Overview",
+    "sidebarHome": "Home",
+    "sidebarSites": "Sites",
+    "sidebarResources": "Resources",
+    "sidebarAccessControl": "Access Control",
+    "sidebarUsers": "Users",
+    "sidebarInvitations": "Invitations",
+    "sidebarRoles": "Roles",
+    "sidebarShareableLinks": "Shareable Links",
+    "sidebarApiKeys": "API Keys",
+    "sidebarSettings": "Settings",
+    "sidebarAllUsers": "All Users",
+    "sidebarIdentityProviders": "Identity Providers",
+    "sidebarLicense": "License",
+    "sidebarClients": "Clients",
+    "sidebarDomains": "Domains",
+    "enableDockerSocket": "Enable Docker Socket",
+    "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.",
+    "enableDockerSocketLink": "Learn More",
+    "viewDockerContainers": "View Docker Containers",
+    "containersIn": "Containers in {siteName}",
+    "selectContainerDescription": "Select any container to use as a hostname for this target. Click a port to use a port.",
+    "containerName": "Name",
+    "containerImage": "Image",
+    "containerState": "State",
+    "containerNetworks": "Networks",
+    "containerHostnameIp": "Hostname/IP",
+    "containerLabels": "Labels",
+    "containerLabelsCount": "{count, plural, one {# label} other {# labels}}",
+    "containerLabelsTitle": "Container Labels",
+    "containerLabelEmpty": "<empty>",
+    "containerPorts": "Ports",
+    "containerPortsMore": "+{count} more",
+    "containerActions": "Actions",
+    "select": "Select",
+    "noContainersMatchingFilters": "No containers found matching the current filters.",
+    "showContainersWithoutPorts": "Show containers without ports",
+    "showStoppedContainers": "Show stopped containers",
+    "noContainersFound": "No containers found. Make sure Docker containers are running.",
+    "searchContainersPlaceholder": "Search across {count} containers...",
+    "searchResultsCount": "{count, plural, one {# result} other {# results}}",
+    "filters": "Filters",
+    "filterOptions": "Filter Options",
+    "filterPorts": "Ports",
+    "filterStopped": "Stopped",
+    "clearAllFilters": "Clear all filters",
+    "columns": "Columns",
+    "toggleColumns": "Toggle Columns",
+    "refreshContainersList": "Refresh containers list",
+    "searching": "Searching...",
+    "noContainersFoundMatching": "No containers found matching \"{filter}\".",
+    "light": "light",
+    "dark": "dark",
+    "system": "system",
+    "theme": "Theme",
+    "subnetRequired": "Subnet is required",
+    "initialSetupTitle": "Initial Server Setup",
+    "initialSetupDescription": "Create the intial server admin account. Only one server admin can exist. You can always change these credentials later.",
+    "createAdminAccount": "Create Admin Account",
+    "setupErrorCreateAdmin": "An error occurred while creating the server admin account.",
+    "certificateStatus": "Certificate Status",
+    "loading": "Loading",
+    "restart": "Restart",
+    "domains": "Domains",
+    "domainsDescription": "Manage domains for your organization",
+    "domainsSearch": "Search domains...",
+    "domainAdd": "Add Domain",
+    "domainAddDescription": "Register a new domain with your organization",
+    "domainCreate": "Create Domain",
+    "domainCreatedDescription": "Domain created successfully",
+    "domainDeletedDescription": "Domain deleted successfully",
+    "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?",
+    "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.",
+    "domainMessageConfirm": "To confirm, please type the domain name below.",
+    "domainConfirmDelete": "Confirm Delete Domain",
+    "domainDelete": "Delete Domain",
+    "domain": "Domain",
+    "selectDomainTypeNsName": "Domain Delegation (NS)",
+    "selectDomainTypeNsDescription": "This domain and all its subdomains. Use this when you want to control an entire domain zone.",
+    "selectDomainTypeCnameName": "Single Domain (CNAME)",
+    "selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.",
+    "selectDomainTypeWildcardName": "Wildcard Domain",
+    "selectDomainTypeWildcardDescription": "This domain and its first level of subdomains.",
+    "domainDelegation": "Single Domain",
+    "selectType": "Select a type",
+    "actions": "Actions",
+    "refresh": "Refresh",
+    "refreshError": "Failed to refresh data",
+    "verified": "Verified",
+    "pending": "Pending",
+    "sidebarBilling": "Billing",
+    "billing": "Billing",
+    "orgBillingDescription": "Manage your billing information and subscriptions",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hosted",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Complete Account Setup",
+    "completeAccountSetupDescription": "Set your password to get started",
+    "accountSetupSent": "We'll send an account setup code to this email address.",
+    "accountSetupCode": "Setup Code",
+    "accountSetupCodeDescription": "Check your email for the setup code.",
+    "passwordCreate": "Create Password",
+    "passwordCreateConfirm": "Confirm Password",
+    "accountSetupSubmit": "Send Setup Code",
+    "completeSetup": "Complete Setup",
+    "accountSetupSuccess": "Account setup completed! Welcome to Pangolin!",
+    "documentation": "Documentation",
+    "saveAllSettings": "Save All Settings",
+    "settingsUpdated": "Settings updated",
+    "settingsUpdatedDescription": "All settings have been updated successfully",
+    "settingsErrorUpdate": "Failed to update settings",
+    "settingsErrorUpdateDescription": "An error occurred while updating settings",
+    "sidebarCollapse": "Collapse",
+    "sidebarExpand": "Expand",
+    "newtUpdateAvailable": "Update Available",
+    "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
+    "domainPickerEnterDomain": "Enter your domain",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerDescription": "Enter the full domain of the resource to see available options.",
+    "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
+    "domainPickerTabAll": "All",
+    "domainPickerTabOrganization": "Organization",
+    "domainPickerTabProvided": "Provided",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Checking availability...",
+    "domainPickerNoMatchingDomains": "No matching domains found for \"{userInput}\". Try a different domain or check your organization's domain settings.",
+    "domainPickerOrganizationDomains": "Organization Domains",
+    "domainPickerProvidedDomains": "Provided Domains",
+    "domainPickerSubdomain": "Subdomain: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Show More",
+    "domainNotFound": "Domain Not Found",
+    "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.",
+    "failed": "Failed",
+    "createNewOrgDescription": "Create a new organization",
+    "organization": "Organization",
+    "port": "Port",
+    "securityKeyManage": "Manage Security Keys",
+    "securityKeyDescription": "Add or remove security keys for passwordless authentication",
+    "securityKeyRegister": "Register New Security Key",
+    "securityKeyList": "Your Security Keys",
+    "securityKeyNone": "No security keys registered yet",
+    "securityKeyNameRequired": "Name is required",
+    "securityKeyRemove": "Remove",
+    "securityKeyLastUsed": "Last used: {date}",
+    "securityKeyNameLabel": "Security Key Name",
+    "securityKeyRegisterSuccess": "Security key registered successfully",
+    "securityKeyRegisterError": "Failed to register security key",
+    "securityKeyRemoveSuccess": "Security key removed successfully",
+    "securityKeyRemoveError": "Failed to remove security key",
+    "securityKeyLoadError": "Failed to load security keys",
+    "securityKeyLogin": "Continue with security key",
+    "securityKeyAuthError": "Failed to authenticate with security key",
+    "securityKeyRecommendation": "Register a backup security key on another device to ensure you always have access to your account.",
+    "registering": "Registering...",
+    "securityKeyPrompt": "Please verify your identity using your security key. Make sure your security key is connected and ready.",
+    "securityKeyBrowserNotSupported": "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari.",
+    "securityKeyPermissionDenied": "Please allow access to your security key to continue signing in.",
+    "securityKeyRemovedTooQuickly": "Please keep your security key connected until the sign-in process completes.",
+    "securityKeyNotSupported": "Your security key may not be compatible. Please try a different security key.",
+    "securityKeyUnknownError": "There was a problem using your security key. Please try again.",
+    "twoFactorRequired": "Two-factor authentication is required to register a security key.",
+    "twoFactor": "Two-Factor Authentication",
+    "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.",
+    "continueToApplication": "Continue to Application",
+    "securityKeyAdd": "Add Security Key",
+    "securityKeyRegisterTitle": "Register New Security Key",
+    "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it",
+    "securityKeyTwoFactorRequired": "Two-Factor Authentication Required",
+    "securityKeyTwoFactorDescription": "Please enter your two-factor authentication code to register the security key",
+    "securityKeyTwoFactorRemoveDescription": "Please enter your two-factor authentication code to remove the security key",
+    "securityKeyTwoFactorCode": "Two-Factor Code",
+    "securityKeyRemoveTitle": "Remove Security Key",
+    "securityKeyRemoveDescription": "Enter your password to remove the security key \"{name}\"",
+    "securityKeyNoKeysRegistered": "No security keys registered",
+    "securityKeyNoKeysDescription": "Add a security key to enhance your account security",
+    "createDomainRequired": "Domain is required",
+    "createDomainAddDnsRecords": "Add DNS Records",
+    "createDomainAddDnsRecordsDescription": "Add the following DNS records to your domain provider to complete the setup.",
+    "createDomainNsRecords": "NS Records",
+    "createDomainRecord": "Record",
+    "createDomainType": "Type:",
+    "createDomainName": "Name:",
+    "createDomainValue": "Value:",
+    "createDomainCnameRecords": "CNAME Records",
+    "createDomainRecordNumber": "Record {number}",
+    "createDomainTxtRecords": "TXT Records",
+    "createDomainSaveTheseRecords": "Save These Records",
+    "createDomainSaveTheseRecordsDescription": "Make sure to save these DNS records as you will not see them again.",
+    "createDomainDnsPropagation": "DNS Propagation",
+    "createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.",
+    "resourcePortRequired": "Port number is required for non-HTTP resources",
+    "resourcePortNotAllowed": "Port number should not be set for HTTP resources"
+}
diff --git a/messages/de-DE.json b/messages/de-DE.json
index 377ec94b..d139b61d 100644
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Du bist derzeit kein Mitglied einer Organisation. Erstelle eine Organisation, um zu starten.",
     "componentsErrorNoMember": "Du bist aktuell kein Mitglied einer Organisation.",
     "welcome": "Willkommen zu Pangolin",
+    "welcomeTo": "Willkommen bei",
     "componentsCreateOrg": "Erstelle eine Organisation",
-    "componentsMember": "Du bist Mitglied von {count, plural, =0 {keiner Organisation} =1 {einer Organisation} other {# Organisationen}}.",
+    "componentsMember": "Du bist Mitglied von {count, plural, =0 {keiner Organisation} one {einer Organisation} other {# Organisationen}}.",
     "componentsInvalidKey": "Ungültige oder abgelaufene Lizenzschlüssel erkannt. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
     "dismiss": "Verwerfen",
     "componentsLicenseViolation": "Lizenzverstoß: Dieser Server benutzt {usedSites} Sites, die das Lizenzlimit der {maxSites} Sites überschreiten. Beachte die Lizenzbedingungen, um alle Funktionen weiterhin zu nutzen.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Organisations-Einstellungen",
     "orgGeneralSettingsDescription": "Organisationsdetails und Konfiguration verwalten",
     "saveGeneralSettings": "Allgemeine Einstellungen speichern",
+    "saveSettings": "Einstellungen speichern",
     "orgDangerZone": "Gefahrenzone",
     "orgDangerZoneDescription": "Sobald Sie diesen Org löschen, gibt es kein Zurück mehr. Bitte seien Sie vorsichtig.",
     "orgDelete": "Organisation löschen",
@@ -249,7 +251,7 @@
     "weeks": "Wochen",
     "months": "Monate",
     "years": "Jahre",
-    "day": "{count, plural, =1 {# Tag} other {# Tage}}",
+    "day": "{count, plural, one {# Tag} other {# Tage}}",
     "apiKeysTitle": "API-Schlüssel Information",
     "apiKeysConfirmCopy2": "Sie müssen bestätigen, dass Sie den API-Schlüssel kopiert haben.",
     "apiKeysErrorCreate": "Fehler beim Erstellen des API-Schlüssels",
@@ -347,7 +349,7 @@
     "licensePurchase": "Lizenz kaufen",
     "licensePurchaseSites": "Zusätzliche Seiten kaufen",
     "licenseSitesUsedMax": "{usedSites} der {maxSites} Seiten verwendet",
-    "licenseSitesUsed": "{count, plural, =0 {# Seiten} =1 {# Seite} other {# Seiten}} im System.",
+    "licenseSitesUsed": "{count, plural, =0 {# Seiten} one {# Seite} other {# Seiten}} im System.",
     "licensePurchaseDescription": "Wähle aus, für wieviele Seiten du möchtest {selectedMode, select, license {kaufe eine Lizenz. Du kannst später immer weitere Seiten hinzufügen.} other {Füge zu deiner bestehenden Lizenz hinzu.}}",
     "licenseFee": "Lizenzgebühr",
     "licensePriceSite": "Preis pro Seite",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Rolle auswählen",
     "inviteEmailSentDescription": "Eine E-Mail mit dem Zugangslink wurde an den Benutzer gesendet. Er muss den Link aufrufen, um die Einladung anzunehmen.",
     "inviteSentDescription": "Der Benutzer wurde eingeladen. Er muss den unten stehenden Link aufrufen, um die Einladung anzunehmen.",
-    "inviteExpiresIn": "Die Einladung läuft in {days, plural, =1 {einem Tag} other {# Tagen}} ab.",
+    "inviteExpiresIn": "Die Einladung läuft in {days, plural, one {einem Tag} other {# Tagen}} ab.",
     "idpTitle": "Allgemeine Informationen",
     "idpSelect": "Wählen Sie den Identitätsanbieter für den externen Benutzer",
     "idpNotConfigured": "Es sind keine Identitätsanbieter konfiguriert. Bitte konfigurieren Sie einen Identitätsanbieter, bevor Sie externe Benutzer erstellen.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Diese Funktion ist nur in der Professional Edition verfügbar.",
     "actionGetOrg": "Organisation abrufen",
     "actionUpdateOrg": "Organisation aktualisieren",
+    "actionUpdateUser": "Benutzer aktualisieren",
+    "actionGetUser": "Benutzer abrufen",
     "actionGetOrgUser": "Organisationsbenutzer abrufen",
     "actionListOrgDomains": "Organisationsdomänen auflisten",
     "actionCreateSite": "Site erstellen",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Alle Benutzer",
     "sidebarIdentityProviders": "Identitätsanbieter",
     "sidebarLicense": "Lizenz",
+    "sidebarClients": "Kunden",
+    "sidebarDomains": "Domains",
     "enableDockerSocket": "Docker Socket aktivieren",
     "enableDockerSocketDescription": "Docker Socket-Erkennung aktivieren, um Container-Informationen zu befüllen. Socket-Pfad muss Newt bereitgestellt werden.",
     "enableDockerSocketLink": "Mehr erfahren",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Netzwerke",
     "containerHostnameIp": "Hostname/IP",
     "containerLabels": "Etiketten",
-    "containerLabelsCount": "{count} Label{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# Etikett} other {# Etiketten}}",
     "containerLabelsTitle": "Container-Labels",
     "containerLabelEmpty": "<leer>",
     "containerPorts": "Häfen",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Stoppte Container anzeigen",
     "noContainersFound": "Keine Container gefunden. Stellen Sie sicher, dass Docker Container laufen.",
     "searchContainersPlaceholder": "Durchsuche {count} Container...",
-    "searchResultsCount": "{count} Ergebnis{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# Ergebnis} other {# Ergebnisse}}",
     "filters": "Filter",
     "filterOptions": "Filteroptionen",
     "filterPorts": "Häfen",
@@ -1129,10 +1135,89 @@
     "dark": "dunkel",
     "system": "System",
     "theme": "Design",
+    "subnetRequired": "Subnetz ist erforderlich",
     "initialSetupTitle": "Initial Einrichtung des Servers",
     "initialSetupDescription": "Erstellen Sie das initiale Server-Admin-Konto. Es kann nur einen Server-Admin geben. Sie können diese Anmeldedaten später immer ändern.",
     "createAdminAccount": "Admin-Konto erstellen",
     "setupErrorCreateAdmin": "Beim Erstellen des Server-Admin-Kontos ist ein Fehler aufgetreten.",
+    "certificateStatus": "Zertifikatsstatus",
+    "loading": "Laden",
+    "restart": "Neustart",
+    "domains": "Domains",
+    "domainsDescription": "Domains für Ihre Organisation verwalten",
+    "domainsSearch": "Domains durchsuchen...",
+    "domainAdd": "Domain hinzufügen",
+    "domainAddDescription": "Eine neue Domain in Ihrer Organisation registrieren",
+    "domainCreate": "Domain erstellen",
+    "domainCreatedDescription": "Domain erfolgreich erstellt",
+    "domainDeletedDescription": "Domain erfolgreich gelöscht",
+    "domainQuestionRemove": "Möchten Sie die Domain {domain} wirklich aus Ihrem Konto entfernen?",
+    "domainMessageRemove": "Nach dem Entfernen wird die Domain nicht mehr mit Ihrem Konto verknüpft.",
+    "domainMessageConfirm": "Um zu bestätigen, geben Sie bitte den Domainnamen unten ein.",
+    "domainConfirmDelete": "Domain-Löschung bestätigen",
+    "domainDelete": "Domain löschen",
+    "domain": "Domain",
+    "selectDomainTypeNsName": "Domain-Delegation (NS)",
+    "selectDomainTypeNsDescription": "Diese Domain und alle ihre Subdomains. Verwenden Sie dies, wenn Sie eine gesamte Domainzone kontrollieren möchten.",
+    "selectDomainTypeCnameName": "Einzelne Domain (CNAME)",
+    "selectDomainTypeCnameDescription": "Nur diese spezifische Domain. Verwenden Sie dies für einzelne Subdomains oder spezifische Domaineinträge.",
+    "selectDomainTypeWildcardName": "Wildcard-Domain",
+    "selectDomainTypeWildcardDescription": "Diese Domain und ihre erste Ebene der Subdomains.",
+    "domainDelegation": "Einzelne Domain",
+    "selectType": "Typ auswählen",
+    "actions": "Aktionen",
+    "refresh": "Aktualisieren",
+    "refreshError": "Datenaktualisierung fehlgeschlagen",
+    "verified": "Verifiziert",
+    "pending": "Ausstehend",
+    "sidebarBilling": "Abrechnung",
+    "billing": "Abrechnung",
+    "orgBillingDescription": "Verwalten Sie Ihre Rechnungsinformationen und Abonnements",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hosted",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Kontoeinrichtung abschließen",
+    "completeAccountSetupDescription": "Legen Sie Ihr Passwort fest, um zu beginnen",
+    "accountSetupSent": "Wir senden einen Code für die Kontoeinrichtung an diese E-Mail-Adresse.",
+    "accountSetupCode": "Einrichtungscode",
+    "accountSetupCodeDescription": "Prüfen Sie Ihre E-Mail auf den Einrichtungscode.",
+    "passwordCreate": "Passwort erstellen",
+    "passwordCreateConfirm": "Passwort bestätigen",
+    "accountSetupSubmit": "Einrichtungscode senden",
+    "completeSetup": "Einrichtung abschließen",
+    "accountSetupSuccess": "Kontoeinrichtung abgeschlossen! Willkommen bei Pangolin!",
+    "documentation": "Dokumentation",
+    "saveAllSettings": "Alle Einstellungen speichern",
+    "settingsUpdated": "Einstellungen aktualisiert",
+    "settingsUpdatedDescription": "Alle Einstellungen wurden erfolgreich aktualisiert",
+    "settingsErrorUpdate": "Einstellungen konnten nicht aktualisiert werden",
+    "settingsErrorUpdateDescription": "Beim Aktualisieren der Einstellungen ist ein Fehler aufgetreten",
+    "sidebarCollapse": "Zusammenklappen",
+    "sidebarExpand": "Erweitern",
+    "newtUpdateAvailable": "Update verfügbar",
+    "newtUpdateAvailableInfo": "Eine neue Version von Newt ist verfügbar. Bitte aktualisieren Sie auf die neueste Version für das beste Erlebnis.",
+    "domainPickerEnterDomain": "Geben Sie Ihre Domain ein",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, oder einfach myapp",
+    "domainPickerDescription": "Geben Sie die vollständige Domäne der Ressource ein, um verfügbare Optionen zu sehen.",
+    "domainPickerDescriptionSaas": "Geben Sie eine vollständige Domäne, Subdomäne oder einfach einen Namen ein, um verfügbare Optionen zu sehen",
+    "domainPickerTabAll": "Alle",
+    "domainPickerTabOrganization": "Organisation",
+    "domainPickerTabProvided": "Bereitgestellt",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Verfügbarkeit prüfen...",
+    "domainPickerNoMatchingDomains": "Keine passenden Domains für \"{userInput}\" gefunden. Versuchen Sie es mit einer anderen Domain oder überprüfen Sie die Domain-Einstellungen Ihrer Organisation.",
+    "domainPickerOrganizationDomains": "Organisations-Domains",
+    "domainPickerProvidedDomains": "Bereitgestellte Domains",
+    "domainPickerSubdomain": "Subdomain: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Mehr anzeigen",
+    "domainNotFound": "Domain nicht gefunden",
+    "domainNotFoundDescription": "Diese Ressource ist deaktiviert, weil die Domain nicht mehr in unserem System existiert. Bitte setzen Sie eine neue Domain für diese Ressource.",
+    "failed": "Fehlgeschlagen",
+    "createNewOrgDescription": "Eine neue Organisation erstellen",
+    "organization": "Organisation",
+    "port": "Port",
     "securityKeyManage": "Sicherheitsschlüssel verwalten",
     "securityKeyDescription": "Sicherheitsschlüssel für passwortlose Authentifizierung hinzufügen oder entfernen",
     "securityKeyRegister": "Neuen Sicherheitsschlüssel registrieren",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Entfernen",
     "securityKeyLastUsed": "Zuletzt verwendet: {date}",
     "securityKeyNameLabel": "Name",
-    "securityKeyNamePlaceholder": "Geben Sie einen Namen für diesen Sicherheitsschlüssel ein",
     "securityKeyRegisterSuccess": "Sicherheitsschlüssel erfolgreich registriert",
     "securityKeyRegisterError": "Fehler beim Registrieren des Sicherheitsschlüssels",
     "securityKeyRemoveSuccess": "Sicherheitsschlüssel erfolgreich entfernt",
     "securityKeyRemoveError": "Fehler beim Entfernen des Sicherheitsschlüssels",
     "securityKeyLoadError": "Fehler beim Laden der Sicherheitsschlüssel",
-    "securityKeyLogin": "Mit Sicherheitsschlüssel anmelden",
+    "securityKeyLogin": "Mit dem Sicherheitsschlüssel fortfahren",
     "securityKeyAuthError": "Fehler bei der Authentifizierung mit Sicherheitsschlüssel",
-    "securityKeyRecommendation": "Erwägen Sie die Registrierung eines weiteren Sicherheitsschlüssels auf einem anderen Gerät, um sicherzustellen, dass Sie sich nicht aus Ihrem Konto aussperren."
+    "securityKeyRecommendation": "Erwägen Sie die Registrierung eines weiteren Sicherheitsschlüssels auf einem anderen Gerät, um sicherzustellen, dass Sie sich nicht aus Ihrem Konto aussperren.",
+    "registering": "Registrierung...",
+    "securityKeyPrompt": "Bitte bestätigen Sie Ihre Identität mit Ihrem Sicherheitsschlüssel. Stellen Sie sicher, dass Ihr Sicherheitsschlüssel verbunden und einsatzbereit ist.",
+    "securityKeyBrowserNotSupported": "Ihr Browser unterstützt Sicherheitsschlüssel nicht. Bitte verwenden Sie einen modernen Browser wie Chrome, Firefox oder Safari.",
+    "securityKeyPermissionDenied": "Bitte erlauben Sie den Zugriff auf Ihren Sicherheitsschlüssel, um sich weiter anzumelden.",
+    "securityKeyRemovedTooQuickly": "Lassen Sie Ihren Sicherheitsschlüssel verbunden, bis der Anmeldeprozess abgeschlossen ist.",
+    "securityKeyNotSupported": "Ihr Sicherheitsschlüssel ist möglicherweise nicht kompatibel. Bitte versuchen Sie einen anderen Sicherheitsschlüssel.",
+    "securityKeyUnknownError": "Es gab ein Problem mit Ihrem Sicherheitsschlüssel. Bitte versuchen Sie es erneut.",
+    "twoFactorRequired": "Zur Registrierung eines Sicherheitsschlüssels ist eine Zwei-Faktor-Authentifizierung erforderlich.",
+    "twoFactor": "Zwei-Faktor-Authentifizierung",
+    "adminEnabled2FaOnYourAccount": "Ihr Administrator hat die Zwei-Faktor-Authentifizierung für {email} aktiviert. Bitte schließen Sie den Einrichtungsprozess ab, um fortzufahren.",
+    "continueToApplication": "Weiter zur Anwendung",
+    "securityKeyAdd": "Sicherheitsschlüssel hinzufügen",
+    "securityKeyRegisterTitle": "Neuen Sicherheitsschlüssel registrieren",
+    "securityKeyRegisterDescription": "Verbinden Sie Ihren Sicherheitsschlüssel und geben Sie einen Namen ein, um ihn zu identifizieren",
+    "securityKeyTwoFactorRequired": "Zwei-Faktor-Authentifizierung erforderlich",
+    "securityKeyTwoFactorDescription": "Bitte geben Sie Ihren Zwei-Faktor-Authentifizierungscode ein, um den Sicherheitsschlüssel zu registrieren",
+    "securityKeyTwoFactorRemoveDescription": "Bitte geben Sie Ihren Zwei-Faktor-Authentifizierungscode ein, um den Sicherheitsschlüssel zu entfernen",
+    "securityKeyTwoFactorCode": "Zwei-Faktor-Code",
+    "securityKeyRemoveTitle": "Sicherheitsschlüssel entfernen",
+    "securityKeyRemoveDescription": "Geben Sie Ihr Passwort ein, um den Sicherheitsschlüssel \"{name}\" zu entfernen",
+    "securityKeyNoKeysRegistered": "Keine Sicherheitsschlüssel registriert",
+    "securityKeyNoKeysDescription": "Fügen Sie einen Sicherheitsschlüssel hinzu, um die Sicherheit Ihres Kontos zu erhöhen",
+    "createDomainRequired": "Domain ist erforderlich",
+    "createDomainAddDnsRecords": "DNS-Einträge hinzufügen",
+    "createDomainAddDnsRecordsDescription": "Fügen Sie die folgenden DNS-Einträge zu Ihrem Domain-Provider hinzu, um die Einrichtung abzuschließen.",
+    "createDomainNsRecords": "NS-Einträge",
+    "createDomainRecord": "Eintrag",
+    "createDomainType": "Typ:",
+    "createDomainName": "Name:",
+    "createDomainValue": "Wert:",
+    "createDomainCnameRecords": "CNAME-Einträge",
+    "createDomainRecordNumber": "Eintrag {number}",
+    "createDomainTxtRecords": "TXT-Einträge",
+    "createDomainSaveTheseRecords": "Diese Einträge speichern",
+    "createDomainSaveTheseRecordsDescription": "Achten Sie darauf, diese DNS-Einträge zu speichern, da Sie sie nicht erneut sehen werden.",
+    "createDomainDnsPropagation": "DNS-Verbreitung",
+    "createDomainDnsPropagationDescription": "Es kann einige Zeit dauern, bis DNS-Änderungen im Internet verbreitet werden. Dies kann je nach Ihrem DNS-Provider und den TTL-Einstellungen von einigen Minuten bis zu 48 Stunden dauern.",
+    "resourcePortRequired": "Portnummer ist für nicht-HTTP-Ressourcen erforderlich",
+    "resourcePortNotAllowed": "Portnummer sollte für HTTP-Ressourcen nicht gesetzt werden"
 }
diff --git a/messages/en-US.json b/messages/en-US.json
index 2c81f4fd..75760164 100644
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -10,7 +10,8 @@
     "setupErrorIdentifier": "Organization ID is already taken. Please choose a different one.",
     "componentsErrorNoMemberCreate": "You are not currently a member of any organizations. Create an organization to get started.",
     "componentsErrorNoMember": "You are not currently a member of any organizations.",
-    "welcome": "Welcome to Pangolin",
+    "welcome": "Welcome!",
+    "welcomeTo": "Welcome to",
     "componentsCreateOrg": "Create an Organization",
     "componentsMember": "You're a member of {count, plural, =0 {no organization} one {one organization} other {# organizations}}.",
     "componentsInvalidKey": "Invalid or expired license keys detected. Follow license terms to continue using all features.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Organization Settings",
     "orgGeneralSettingsDescription": "Manage your organization details and configuration",
     "saveGeneralSettings": "Save General Settings",
+    "saveSettings": "Save Settings",
     "orgDangerZone": "Danger Zone",
     "orgDangerZoneDescription": "Once you delete this org, there is no going back. Please be certain.",
     "orgDelete": "Delete Organization",
@@ -1107,6 +1109,8 @@
     "sidebarAllUsers": "All Users",
     "sidebarIdentityProviders": "Identity Providers",
     "sidebarLicense": "License",
+    "sidebarClients": "Clients",
+    "sidebarDomains": "Domains",
     "enableDockerSocket": "Enable Docker Socket",
     "enableDockerSocketDescription": "Enable Docker Socket discovery for populating container information. Socket path must be provided to Newt.",
     "enableDockerSocketLink": "Learn More",
@@ -1146,11 +1150,12 @@
     "dark": "dark",
     "system": "system",
     "theme": "Theme",
+    "subnetRequired": "Subnet is required",
     "initialSetupTitle": "Initial Server Setup",
     "initialSetupDescription": "Create the intial server admin account. Only one server admin can exist. You can always change these credentials later.",
     "createAdminAccount": "Create Admin Account",
     "setupErrorCreateAdmin": "An error occurred while creating the server admin account.",
-    "passwordReset": "Password Reset",
+"passwordReset": "Password Reset",
     "passwordResetAdminInstructions": "Clicking the button below will send a password reset email to the user. They will be able to set a new password using the link provided.",
     "passwordResetSent": "Password Reset Sent",
     "passwordResetSentDescription": "A password reset email has been sent to {email}.",
@@ -1177,6 +1182,84 @@
     "sendEmailNotification": "Send Email Notification",
     "linkCopied": "Link Copied",
     "linkCopiedDescription": "The reset link has been copied to your clipboard",
+    "certificateStatus": "Certificate Status",
+    "loading": "Loading",
+    "restart": "Restart",
+    "domains": "Domains",
+    "domainsDescription": "Manage domains for your organization",
+    "domainsSearch": "Search domains...",
+    "domainAdd": "Add Domain",
+    "domainAddDescription": "Register a new domain with your organization",
+    "domainCreate": "Create Domain",
+    "domainCreatedDescription": "Domain created successfully",
+    "domainDeletedDescription": "Domain deleted successfully",
+    "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?",
+    "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.",
+    "domainMessageConfirm": "To confirm, please type the domain name below.",
+    "domainConfirmDelete": "Confirm Delete Domain",
+    "domainDelete": "Delete Domain",
+    "domain": "Domain",
+    "selectDomainTypeNsName": "Domain Delegation (NS)",
+    "selectDomainTypeNsDescription": "This domain and all its subdomains. Use this when you want to control an entire domain zone.",
+    "selectDomainTypeCnameName": "Single Domain (CNAME)",
+    "selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.",
+    "selectDomainTypeWildcardName": "Wildcard Domain",
+    "selectDomainTypeWildcardDescription": "This domain and its first level of subdomains.",
+    "domainDelegation": "Single Domain",
+    "selectType": "Select a type",
+    "actions": "Actions",
+    "refresh": "Refresh",
+    "refreshError": "Failed to refresh data",
+    "verified": "Verified",
+    "pending": "Pending",
+    "sidebarBilling": "Billing",
+    "billing": "Billing",
+    "orgBillingDescription": "Manage your billing information and subscriptions",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hosted",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Complete Account Setup",
+    "completeAccountSetupDescription": "Set your password to get started",
+    "accountSetupSent": "We'll send an account setup code to this email address.",
+    "accountSetupCode": "Setup Code",
+    "accountSetupCodeDescription": "Check your email for the setup code.",
+    "passwordCreate": "Create Password",
+    "passwordCreateConfirm": "Confirm Password",
+    "accountSetupSubmit": "Send Setup Code",
+    "completeSetup": "Complete Setup",
+    "accountSetupSuccess": "Account setup completed! Welcome to Pangolin!",
+    "documentation": "Documentation",
+    "saveAllSettings": "Save All Settings",
+    "settingsUpdated": "Settings updated",
+    "settingsUpdatedDescription": "All settings have been updated successfully",
+    "settingsErrorUpdate": "Failed to update settings",
+    "settingsErrorUpdateDescription": "An error occurred while updating settings",
+    "sidebarCollapse": "Collapse",
+    "sidebarExpand": "Expand",
+    "newtUpdateAvailable": "Update Available",
+    "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
+    "domainPickerEnterDomain": "Enter your domain",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerDescription": "Enter the full domain of the resource to see available options.",
+    "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
+    "domainPickerTabAll": "All",
+    "domainPickerTabOrganization": "Organization",
+    "domainPickerTabProvided": "Provided",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Checking availability...",
+    "domainPickerNoMatchingDomains": "No matching domains found for \"{userInput}\". Try a different domain or check your organization's domain settings.",
+    "domainPickerOrganizationDomains": "Organization Domains",
+    "domainPickerProvidedDomains": "Provided Domains",
+    "domainPickerSubdomain": "Subdomain: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Show More",
+    "domainNotFound": "Domain Not Found",
+    "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.",
+    "failed": "Failed",
+    "createNewOrgDescription": "Create a new organization",
+    "organization": "Organization",
+    "port": "Port",
     "securityKeyManage": "Manage Security Keys",
     "securityKeyDescription": "Add or remove security keys for passwordless authentication",
     "securityKeyRegister": "Register New Security Key",
@@ -1185,16 +1268,15 @@
     "securityKeyNameRequired": "Name is required",
     "securityKeyRemove": "Remove",
     "securityKeyLastUsed": "Last used: {date}",
-    "securityKeyNameLabel": "Name",
-    "securityKeyNamePlaceholder": "Enter a name for this security key",
+    "securityKeyNameLabel": "Security Key Name",
     "securityKeyRegisterSuccess": "Security key registered successfully",
     "securityKeyRegisterError": "Failed to register security key",
     "securityKeyRemoveSuccess": "Security key removed successfully",
     "securityKeyRemoveError": "Failed to remove security key",
     "securityKeyLoadError": "Failed to load security keys",
-    "securityKeyLogin": "Sign in with security key",
+    "securityKeyLogin": "Continue with security key",
     "securityKeyAuthError": "Failed to authenticate with security key",
-    "securityKeyRecommendation": "Tip: Register a backup security key on another device to ensure you always have access to your account.",
+    "securityKeyRecommendation": "Register a backup security key on another device to ensure you always have access to your account.",
     "registering": "Registering...",
     "securityKeyPrompt": "Please verify your identity using your security key. Make sure your security key is connected and ready.",
     "securityKeyBrowserNotSupported": "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari.",
@@ -1205,5 +1287,34 @@
     "twoFactorRequired": "Two-factor authentication is required to register a security key.",
     "twoFactor": "Two-Factor Authentication",
     "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.",
-    "continueToApplication": "Continue to Application"
+    "continueToApplication": "Continue to Application",
+    "securityKeyAdd": "Add Security Key",
+    "securityKeyRegisterTitle": "Register New Security Key",
+    "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it",
+    "securityKeyTwoFactorRequired": "Two-Factor Authentication Required",
+    "securityKeyTwoFactorDescription": "Please enter your two-factor authentication code to register the security key",
+    "securityKeyTwoFactorRemoveDescription": "Please enter your two-factor authentication code to remove the security key",
+    "securityKeyTwoFactorCode": "Two-Factor Code",
+    "securityKeyRemoveTitle": "Remove Security Key",
+    "securityKeyRemoveDescription": "Enter your password to remove the security key \"{name}\"",
+    "securityKeyNoKeysRegistered": "No security keys registered",
+    "securityKeyNoKeysDescription": "Add a security key to enhance your account security",
+    "createDomainRequired": "Domain is required",
+    "createDomainAddDnsRecords": "Add DNS Records",
+    "createDomainAddDnsRecordsDescription": "Add the following DNS records to your domain provider to complete the setup.",
+    "createDomainNsRecords": "NS Records",
+    "createDomainRecord": "Record",
+    "createDomainType": "Type:",
+    "createDomainName": "Name:",
+    "createDomainValue": "Value:",
+    "createDomainCnameRecords": "CNAME Records",
+    "createDomainARecords": "A Records",
+    "createDomainRecordNumber": "Record {number}",
+    "createDomainTxtRecords": "TXT Records",
+    "createDomainSaveTheseRecords": "Save These Records",
+    "createDomainSaveTheseRecordsDescription": "Make sure to save these DNS records as you will not see them again.",
+    "createDomainDnsPropagation": "DNS Propagation",
+    "createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.",
+    "resourcePortRequired": "Port number is required for non-HTTP resources",
+    "resourcePortNotAllowed": "Port number should not be set for HTTP resources"
 }
diff --git a/messages/es-ES.json b/messages/es-ES.json
index 226c02b6..f7c208bb 100644
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Actualmente no eres miembro de ninguna organización. Crea una organización para empezar.",
     "componentsErrorNoMember": "Actualmente no eres miembro de ninguna organización.",
     "welcome": "Bienvenido a Pangolin",
+    "welcomeTo": "Bienvenido a",
     "componentsCreateOrg": "Crear una organización",
-    "componentsMember": "¡Eres un miembro de {count, plural, =0 {¡Ninguna organización} =1 {¡una organización} other {# organizaciones}}.",
+    "componentsMember": "Eres un miembro de {count, plural, =0 {ninguna organización} one {una organización} other {# organizaciones}}.",
     "componentsInvalidKey": "Se han detectado claves de licencia inválidas o caducadas. Siga los términos de licencia para seguir usando todas las características.",
     "dismiss": "Descartar",
     "componentsLicenseViolation": "Violación de la Licencia: Este servidor está usando sitios {usedSites} que exceden su límite de licencias de sitios {maxSites} . Siga los términos de licencia para seguir usando todas las características.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Configuración de la organización",
     "orgGeneralSettingsDescription": "Administra los detalles y la configuración de tu organización",
     "saveGeneralSettings": "Guardar ajustes generales",
+    "saveSettings": "Guardar ajustes",
     "orgDangerZone": "Zona de peligro",
     "orgDangerZoneDescription": "Una vez que elimines este órgano, no hay vuelta atrás. Por favor, asegúrate de ello.",
     "orgDelete": "Eliminar organización",
@@ -249,7 +251,7 @@
     "weeks": "Semanas",
     "months": "Meses",
     "years": "Años",
-    "day": "{count, plural, =1 {# día} other {# días}}",
+    "day": "{count, plural, one {# día} other {# días}}",
     "apiKeysTitle": "Información de Clave API",
     "apiKeysConfirmCopy2": "Debes confirmar que has copiado la clave API.",
     "apiKeysErrorCreate": "Error al crear la clave API",
@@ -347,7 +349,7 @@
     "licensePurchase": "Comprar Licencia",
     "licensePurchaseSites": "Comprar sitios adicionales",
     "licenseSitesUsedMax": "{usedSites} de {maxSites} sitios usados",
-    "licenseSitesUsed": "{count, plural, =0 {# sitios} =1 {# sitio} other {# sitios}} en el sistema.",
+    "licenseSitesUsed": "{count, plural, =0 {# sitios} one {# sitio} other {# sitios}} en el sistema.",
     "licensePurchaseDescription": "Elige cuántos sitios quieres {selectedMode, select, license {compra una licencia para. Siempre puedes añadir más sitios más tarde.} other {añadir a tu licencia existente.}}",
     "licenseFee": "Tarifa de licencia",
     "licensePriceSite": "Precio por sitio",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Seleccionar rol",
     "inviteEmailSentDescription": "Se ha enviado un correo electrónico al usuario con el siguiente enlace de acceso. Debe acceder al enlace para aceptar la invitación.",
     "inviteSentDescription": "El usuario ha sido invitado. Debe acceder al enlace de abajo para aceptar la invitación.",
-    "inviteExpiresIn": "La invitación expirará en {days, plural, =1 {# día} other {# días}}.",
+    "inviteExpiresIn": "La invitación expirará en {days, plural, one {# día} other {# días}}.",
     "idpTitle": "Proveedor de identidad",
     "idpSelect": "Seleccione el proveedor de identidad para el usuario externo",
     "idpNotConfigured": "No hay proveedores de identidad configurados. Por favor, configure un proveedor de identidad antes de crear usuarios externos.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Esta característica sólo está disponible en la Edición Profesional.",
     "actionGetOrg": "Obtener organización",
     "actionUpdateOrg": "Actualizar organización",
+    "actionUpdateUser": "Actualizar usuario",
+    "actionGetUser": "Obtener usuario",
     "actionGetOrgUser": "Obtener usuario de la organización",
     "actionListOrgDomains": "Listar dominios de la organización",
     "actionCreateSite": "Crear sitio",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Todos los usuarios",
     "sidebarIdentityProviders": "Proveedores de identidad",
     "sidebarLicense": "Licencia",
+    "sidebarClients": "Clientes",
+    "sidebarDomains": "Dominios",
     "enableDockerSocket": "Habilitar conector Docker",
     "enableDockerSocketDescription": "Habilitar el descubrimiento de Docker Socket para completar la información del contenedor. La ruta del socket debe proporcionarse a Newt.",
     "enableDockerSocketLink": "Saber más",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Redes",
     "containerHostnameIp": "Nombre del host/IP",
     "containerLabels": "Etiquetas",
-    "containerLabelsCount": "{count} etiqueta{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# etiqueta} other {# etiquetas}}",
     "containerLabelsTitle": "Etiquetas de contenedor",
     "containerLabelEmpty": "<vacío>",
     "containerPorts": "Puertos",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Mostrar contenedores parados",
     "noContainersFound": "No se han encontrado contenedores. Asegúrate de que los contenedores Docker se estén ejecutando.",
     "searchContainersPlaceholder": "Buscar a través de contenedores {count}...",
-    "searchResultsCount": "{count} resultado{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# resultado} other {# resultados}}",
     "filters": "Filtros",
     "filterOptions": "Opciones de filtro",
     "filterPorts": "Puertos",
@@ -1129,10 +1135,89 @@
     "dark": "oscuro",
     "system": "sistema",
     "theme": "Tema",
+    "subnetRequired": "Se requiere subred",
     "initialSetupTitle": "Configuración inicial del servidor",
     "initialSetupDescription": "Cree la cuenta de administrador del servidor inicial. Solo puede existir un administrador del servidor. Siempre puede cambiar estas credenciales más tarde.",
     "createAdminAccount": "Crear cuenta de administrador",
     "setupErrorCreateAdmin": "Se produjo un error al crear la cuenta de administrador del servidor.",
+    "certificateStatus": "Estado del certificado",
+    "loading": "Cargando",
+    "restart": "Reiniciar",
+    "domains": "Dominios",
+    "domainsDescription": "Administrar dominios de tu organización",
+    "domainsSearch": "Buscar dominios...",
+    "domainAdd": "Agregar dominio",
+    "domainAddDescription": "Registrar un nuevo dominio con tu organización",
+    "domainCreate": "Crear dominio",
+    "domainCreatedDescription": "Dominio creado con éxito",
+    "domainDeletedDescription": "Dominio eliminado exitosamente",
+    "domainQuestionRemove": "¿Está seguro de que desea eliminar el dominio {domain} de su cuenta?",
+    "domainMessageRemove": "Una vez eliminado, el dominio ya no estará asociado con su cuenta.",
+    "domainMessageConfirm": "Para confirmar, por favor escriba el nombre del dominio abajo.",
+    "domainConfirmDelete": "Confirmar eliminación del dominio",
+    "domainDelete": "Eliminar dominio",
+    "domain": "Dominio",
+    "selectDomainTypeNsName": "Delegación de dominio (NS)",
+    "selectDomainTypeNsDescription": "Este dominio y todos sus subdominios. Usa esto cuando quieras controlar una zona de dominio completa.",
+    "selectDomainTypeCnameName": "Dominio único (CNAME)",
+    "selectDomainTypeCnameDescription": "Solo este dominio específico. Úsalo para subdominios individuales o entradas específicas de dominio.",
+    "selectDomainTypeWildcardName": "Dominio comodín",
+    "selectDomainTypeWildcardDescription": "Este dominio y su primer nivel de subdominios.",
+    "domainDelegation": "Dominio único",
+    "selectType": "Selecciona un tipo",
+    "actions": "Acciones",
+    "refresh": "Actualizar",
+    "refreshError": "Error al actualizar datos",
+    "verified": "Verificado",
+    "pending": "Pendiente",
+    "sidebarBilling": "Facturación",
+    "billing": "Facturación",
+    "orgBillingDescription": "Gestiona tu información de facturación y suscripciones",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hosted",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Completar configuración de cuenta",
+    "completeAccountSetupDescription": "Establece tu contraseña para comenzar",
+    "accountSetupSent": "Enviaremos un código de configuración de cuenta a esta dirección de correo electrónico.",
+    "accountSetupCode": "Código de configuración",
+    "accountSetupCodeDescription": "Revisa tu correo para el código de configuración.",
+    "passwordCreate": "Crear contraseña",
+    "passwordCreateConfirm": "Confirmar contraseña",
+    "accountSetupSubmit": "Enviar código de configuración",
+    "completeSetup": "Completar configuración",
+    "accountSetupSuccess": "¡Configuración de cuenta completada! ¡Bienvenido a Pangolin!",
+    "documentation": "Documentación",
+    "saveAllSettings": "Guardar todos los ajustes",
+    "settingsUpdated": "Ajustes actualizados",
+    "settingsUpdatedDescription": "Todos los ajustes han sido actualizados exitosamente",
+    "settingsErrorUpdate": "Error al actualizar ajustes",
+    "settingsErrorUpdateDescription": "Ocurrió un error al actualizar ajustes",
+    "sidebarCollapse": "Colapsar",
+    "sidebarExpand": "Expandir",
+    "newtUpdateAvailable": "Nueva actualización disponible",
+    "newtUpdateAvailableInfo": "Hay una nueva versión de Newt disponible. Actualice a la última versión para la mejor experiencia.",
+    "domainPickerEnterDomain": "Ingresa tu dominio",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.miDominio.com, o solo myapp",
+    "domainPickerDescription": "Ingresa el dominio completo del recurso para ver las opciones disponibles.",
+    "domainPickerDescriptionSaas": "Ingresa un dominio completo, subdominio o simplemente un nombre para ver las opciones disponibles",
+    "domainPickerTabAll": "Todo",
+    "domainPickerTabOrganization": "Organización",
+    "domainPickerTabProvided": "Proporcionado",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Comprobando disponibilidad...",
+    "domainPickerNoMatchingDomains": "No se encontraron dominios coincidentes para \"{userInput}\". Prueba con un dominio diferente o revisa la configuración de dominio de tu organización.",
+    "domainPickerOrganizationDomains": "Dominios de la organización",
+    "domainPickerProvidedDomains": "Dominios proporcionados",
+    "domainPickerSubdomain": "Subdominio: {subdomain}",
+    "domainPickerNamespace": "Espacio de nombres: {namespace}",
+    "domainPickerShowMore": "Mostrar más",
+    "domainNotFound": "Dominio no encontrado",
+    "domainNotFoundDescription": "Este recurso está deshabilitado porque el dominio ya no existe en nuestro sistema. Por favor, establece un nuevo dominio para este recurso.",
+    "failed": "Fallido",
+    "createNewOrgDescription": "Crear una nueva organización",
+    "organization": "Organización",
+    "port": "Puerto",
     "securityKeyManage": "Gestionar llaves de seguridad",
     "securityKeyDescription": "Agregar o eliminar llaves de seguridad para autenticación sin contraseña",
     "securityKeyRegister": "Registrar nueva llave de seguridad",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Eliminar",
     "securityKeyLastUsed": "Último uso: {date}",
     "securityKeyNameLabel": "Nombre",
-    "securityKeyNamePlaceholder": "Ingrese un nombre para esta llave de seguridad",
     "securityKeyRegisterSuccess": "Llave de seguridad registrada exitosamente",
     "securityKeyRegisterError": "Error al registrar la llave de seguridad",
     "securityKeyRemoveSuccess": "Llave de seguridad eliminada exitosamente",
     "securityKeyRemoveError": "Error al eliminar la llave de seguridad",
     "securityKeyLoadError": "Error al cargar las llaves de seguridad",
-    "securityKeyLogin": "Iniciar sesión con llave de seguridad",
+    "securityKeyLogin": "Continuar con clave de seguridad",
     "securityKeyAuthError": "Error al autenticar con llave de seguridad",
-    "securityKeyRecommendation": "Considere registrar otra llave de seguridad en un dispositivo diferente para asegurarse de no quedar bloqueado de su cuenta."
+    "securityKeyRecommendation": "Considere registrar otra llave de seguridad en un dispositivo diferente para asegurarse de no quedar bloqueado de su cuenta.",
+    "registering": "Registrando...",
+    "securityKeyPrompt": "Por favor, verifica tu identidad usando tu llave de seguridad. Asegúrate de que tu llave de seguridad esté conectada y lista.",
+    "securityKeyBrowserNotSupported": "Tu navegador no admite llaves de seguridad. Por favor, usa un navegador moderno como Chrome, Firefox o Safari.",
+    "securityKeyPermissionDenied": "Por favor, permite el acceso a tu llave de seguridad para continuar iniciando sesión.",
+    "securityKeyRemovedTooQuickly": "Por favor, mantén tu llave de seguridad conectada hasta que el proceso de inicio de sesión se complete.",
+    "securityKeyNotSupported": "Tu llave de seguridad puede no ser compatible. Por favor, prueba con una llave de seguridad diferente.",
+    "securityKeyUnknownError": "Hubo un problema al usar tu llave de seguridad. Por favor, inténtalo de nuevo.",
+    "twoFactorRequired": "Se requiere autenticación de dos factores para registrar una llave de seguridad.",
+    "twoFactor": "Autenticación de dos factores",
+    "adminEnabled2FaOnYourAccount": "Su administrador ha habilitado la autenticación de dos factores para {email}. Por favor, complete el proceso de configuración para continuar.",
+    "continueToApplication": "Continuar a la aplicación",
+    "securityKeyAdd": "Agregar llave de seguridad",
+    "securityKeyRegisterTitle": "Registrar nueva llave de seguridad",
+    "securityKeyRegisterDescription": "Conecta tu llave de seguridad y escribe un nombre para identificarla",
+    "securityKeyTwoFactorRequired": "Se requiere autenticación de dos factores",
+    "securityKeyTwoFactorDescription": "Por favor, ingresa tu código de autenticación de dos factores para registrar la llave de seguridad",
+    "securityKeyTwoFactorRemoveDescription": "Por favor, ingresa tu código de autenticación de dos factores para eliminar la llave de seguridad",
+    "securityKeyTwoFactorCode": "Código de autenticación de dos factores",
+    "securityKeyRemoveTitle": "Eliminar llave de seguridad",
+    "securityKeyRemoveDescription": "Ingresa tu contraseña para eliminar la llave de seguridad \"{name}\"",
+    "securityKeyNoKeysRegistered": "No hay llaves de seguridad registradas",
+    "securityKeyNoKeysDescription": "Agrega una llave de seguridad para mejorar la seguridad de tu cuenta",
+    "createDomainRequired": "Se requiere dominio",
+    "createDomainAddDnsRecords": "Agregar registros DNS",
+    "createDomainAddDnsRecordsDescription": "Agrega los siguientes registros DNS a tu proveedor de dominios para completar la configuración.",
+    "createDomainNsRecords": "Registros NS",
+    "createDomainRecord": "Registro",
+    "createDomainType": "Tipo:",
+    "createDomainName": "Nombre:",
+    "createDomainValue": "Valor:",
+    "createDomainCnameRecords": "Registros CNAME",
+    "createDomainRecordNumber": "Registro {number}",
+    "createDomainTxtRecords": "Registros TXT",
+    "createDomainSaveTheseRecords": "Guardar estos registros",
+    "createDomainSaveTheseRecordsDescription": "Asegúrate de guardar estos registros DNS ya que no los verás de nuevo.",
+    "createDomainDnsPropagation": "Propagación DNS",
+    "createDomainDnsPropagationDescription": "Los cambios de DNS pueden tardar un tiempo en propagarse a través de internet. Esto puede tardar desde unos pocos minutos hasta 48 horas, dependiendo de tu proveedor de DNS y la configuración de TTL.",
+    "resourcePortRequired": "Se requiere número de puerto para recursos no HTTP",
+    "resourcePortNotAllowed": "El número de puerto no debe establecerse para recursos HTTP"
 }
diff --git a/messages/fr-FR.json b/messages/fr-FR.json
index 4681f0cc..235c6a7c 100644
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Vous n'êtes actuellement membre d'aucune organisation. Créez une organisation pour commencer.",
     "componentsErrorNoMember": "Vous n'êtes actuellement membre d'aucune organisation.",
     "welcome": "Bienvenue à Pangolin",
+    "welcomeTo": "Bienvenue chez",
     "componentsCreateOrg": "Créer une organisation",
-    "componentsMember": "Vous êtes membre de {count, plural, =0 {aucune organisation} =1 {Une organisation} other {# organisations}}.",
+    "componentsMember": "Vous êtes membre de {count, plural, =0 {aucune organisation} one {une organisation} other {# organisations}}.",
     "componentsInvalidKey": "Clés de licence invalides ou expirées détectées. Suivez les conditions de licence pour continuer à utiliser toutes les fonctionnalités.",
     "dismiss": "Refuser",
     "componentsLicenseViolation": "Violation de licence : Ce serveur utilise des sites {usedSites} qui dépassent la limite autorisée des sites {maxSites} . Suivez les conditions de licence pour continuer à utiliser toutes les fonctionnalités.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Paramètres de l'organisation",
     "orgGeneralSettingsDescription": "Gérer les détails et la configuration de votre organisation",
     "saveGeneralSettings": "Enregistrer les paramètres généraux",
+    "saveSettings": "Enregistrer les paramètres",
     "orgDangerZone": "Zone de danger",
     "orgDangerZoneDescription": "Une fois que vous supprimez cette organisation, il n'y a pas de retour en arrière. Soyez certain.",
     "orgDelete": "Supprimer l'organisation",
@@ -249,7 +251,7 @@
     "weeks": "Semaines",
     "months": "Mois",
     "years": "Années",
-    "day": "{count, plural, =1 {# jour} other {# jours}}",
+    "day": "{count, plural, one {# jour} other {# jours}}",
     "apiKeysTitle": "Informations sur la clé API",
     "apiKeysConfirmCopy2": "Vous devez confirmer que vous avez copié la clé API.",
     "apiKeysErrorCreate": "Erreur lors de la création de la clé API",
@@ -347,7 +349,7 @@
     "licensePurchase": "Acheter une licence",
     "licensePurchaseSites": "Acheter des sites supplémentaires",
     "licenseSitesUsedMax": "{usedSites} des sites {maxSites} utilisés",
-    "licenseSitesUsed": "{count, plural, =0 {# sites} =1 {# site} other {# sites}} dans le système.",
+    "licenseSitesUsed": "{count, plural, =0 {# sites} one {# site} other {# sites}} dans le système.",
     "licensePurchaseDescription": "Choisissez le nombre de sites que vous voulez {selectedMode, select, license {achetez une licence. Vous pouvez toujours ajouter plus de sites plus tard.} other {ajouter à votre licence existante.}}",
     "licenseFee": "Frais de licence",
     "licensePriceSite": "Prix par site",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Sélectionner un rôle",
     "inviteEmailSentDescription": "Un e-mail a été envoyé à l'utilisateur avec le lien d'accès ci-dessous. Ils doivent accéder au lien pour accepter l'invitation.",
     "inviteSentDescription": "L'utilisateur a été invité. Ils doivent accéder au lien ci-dessous pour accepter l'invitation.",
-    "inviteExpiresIn": "L'invitation expirera dans {days, plural, =1 {# jour} other {# jours}}.",
+    "inviteExpiresIn": "L'invitation expirera dans {days, plural, one {# jour} other {# jours}}.",
     "idpTitle": "Informations générales",
     "idpSelect": "Sélectionnez le fournisseur d'identité pour l'utilisateur externe",
     "idpNotConfigured": "Aucun fournisseur d'identité n'est configuré. Veuillez configurer un fournisseur d'identité avant de créer des utilisateurs externes.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Cette fonctionnalité n'est disponible que dans l'Édition Professionnelle.",
     "actionGetOrg": "Obtenir l'organisation",
     "actionUpdateOrg": "Mettre à jour l'organisation",
+    "actionUpdateUser": "Mettre à jour l'utilisateur",
+    "actionGetUser": "Obtenir l'utilisateur",
     "actionGetOrgUser": "Obtenir l'utilisateur de l'organisation",
     "actionListOrgDomains": "Lister les domaines de l'organisation",
     "actionCreateSite": "Créer un site",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Tous les utilisateurs",
     "sidebarIdentityProviders": "Fournisseurs d'identité",
     "sidebarLicense": "Licence",
+    "sidebarClients": "Clients",
+    "sidebarDomains": "Domaines",
     "enableDockerSocket": "Activer Docker Socket",
     "enableDockerSocketDescription": "Activer la découverte Docker Socket pour remplir les informations du conteneur. Le chemin du socket doit être fourni à Newt.",
     "enableDockerSocketLink": "En savoir plus",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Réseaux",
     "containerHostnameIp": "Nom d'hôte/IP",
     "containerLabels": "Étiquettes",
-    "containerLabelsCount": "{count} étiquette{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# étiquette} other {# étiquettes}}",
     "containerLabelsTitle": "Étiquettes de conteneur",
     "containerLabelEmpty": "<vide>",
     "containerPorts": "Ports",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Afficher les conteneurs arrêtés",
     "noContainersFound": "Aucun conteneur trouvé. Assurez-vous que les conteneurs Docker sont en cours d'exécution.",
     "searchContainersPlaceholder": "Rechercher dans les conteneurs {count}...",
-    "searchResultsCount": "{count} résultat{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# résultat} other {# résultats}}",
     "filters": "Filtres",
     "filterOptions": "Options de filtre",
     "filterPorts": "Ports",
@@ -1129,10 +1135,89 @@
     "dark": "sombre",
     "system": "système",
     "theme": "Thème",
+    "subnetRequired": "Le sous-réseau est requis",
     "initialSetupTitle": "Configuration initiale du serveur",
     "initialSetupDescription": "Créer le compte administrateur du serveur initial. Un seul administrateur serveur peut exister. Vous pouvez toujours changer ces informations d'identification plus tard.",
     "createAdminAccount": "Créer un compte administrateur",
     "setupErrorCreateAdmin": "Une erreur s'est produite lors de la création du compte administrateur du serveur.",
+    "certificateStatus": "Statut du certificat",
+    "loading": "Chargement",
+    "restart": "Redémarrer",
+    "domains": "Domaines",
+    "domainsDescription": "Gérer les domaines de votre organisation",
+    "domainsSearch": "Rechercher des domaines...",
+    "domainAdd": "Ajouter un domaine",
+    "domainAddDescription": "Enregistrez un nouveau domaine avec votre organisation",
+    "domainCreate": "Créer un domaine",
+    "domainCreatedDescription": "Domaine créé avec succès",
+    "domainDeletedDescription": "Domaine supprimé avec succès",
+    "domainQuestionRemove": "Êtes-vous sûr de vouloir supprimer le domaine {domain} de votre compte ?",
+    "domainMessageRemove": "Une fois supprimé, le domaine ne sera plus associé à votre compte.",
+    "domainMessageConfirm": "Pour confirmer, veuillez taper le nom du domaine ci-dessous.",
+    "domainConfirmDelete": "Confirmer la suppression du domaine",
+    "domainDelete": "Supprimer le domaine",
+    "domain": "Domaine",
+    "selectDomainTypeNsName": "Délégation de domaine (NS)",
+    "selectDomainTypeNsDescription": "Ce domaine et tous ses sous-domaines. Utilisez cela lorsque vous souhaitez contrôler une zone de domaine entière.",
+    "selectDomainTypeCnameName": "Domaine unique (CNAME)",
+    "selectDomainTypeCnameDescription": "Juste ce domaine spécifique. Utilisez ce paramètre pour des sous-domaines individuels ou des entrées de domaine spécifiques.",
+    "selectDomainTypeWildcardName": "Domaine Générique",
+    "selectDomainTypeWildcardDescription": "Ce domaine et son premier niveau de sous-domaines.",
+    "domainDelegation": "Domaine Unique",
+    "selectType": "Sélectionnez un type",
+    "actions": "Actions",
+    "refresh": "Actualiser",
+    "refreshError": "Échec de l'actualisation des données",
+    "verified": "Vérifié",
+    "pending": "En attente",
+    "sidebarBilling": "Facturation",
+    "billing": "Facturation",
+    "orgBillingDescription": "Gérez vos informations de facturation et vos abonnements",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hébergement",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Complétez la configuration du compte",
+    "completeAccountSetupDescription": "Définissez votre mot de passe pour commencer",
+    "accountSetupSent": "Nous enverrons un code de configuration de compte à cette adresse e-mail.",
+    "accountSetupCode": "Code de configuration",
+    "accountSetupCodeDescription": "Vérifiez votre e-mail pour le code de configuration.",
+    "passwordCreate": "Créer un mot de passe",
+    "passwordCreateConfirm": "Confirmer le mot de passe",
+    "accountSetupSubmit": "Envoyer le code de configuration",
+    "completeSetup": "Configuration complète",
+    "accountSetupSuccess": "Configuration du compte terminée! Bienvenue chez Pangolin !",
+    "documentation": "Documentation",
+    "saveAllSettings": "Enregistrer tous les paramètres",
+    "settingsUpdated": "Paramètres mis à jour",
+    "settingsUpdatedDescription": "Tous les paramètres ont été mis à jour avec succès",
+    "settingsErrorUpdate": "Échec de la mise à jour des paramètres",
+    "settingsErrorUpdateDescription": "Une erreur s'est produite lors de la mise à jour des paramètres",
+    "sidebarCollapse": "Réduire",
+    "sidebarExpand": "Développer",
+    "newtUpdateAvailable": "Mise à jour disponible",
+    "newtUpdateAvailableInfo": "Une nouvelle version de Newt est disponible. Veuillez mettre à jour vers la dernière version pour une meilleure expérience.",
+    "domainPickerEnterDomain": "Entrez votre domaine",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, ou simplement myapp",
+    "domainPickerDescription": "Entrez le domaine complet de la ressource pour voir les options disponibles.",
+    "domainPickerDescriptionSaas": "Entrez un domaine complet, un sous-domaine ou juste un nom pour voir les options disponibles",
+    "domainPickerTabAll": "Tous",
+    "domainPickerTabOrganization": "Organisation",
+    "domainPickerTabProvided": "Fournis",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Vérification de la disponibilité...",
+    "domainPickerNoMatchingDomains": "Aucun domaine correspondant trouvé pour \"{userInput}\". Essayez un autre domaine ou vérifiez les paramètres de domaine de votre organisation.",
+    "domainPickerOrganizationDomains": "Domaines de l'organisation",
+    "domainPickerProvidedDomains": "Domaines fournis",
+    "domainPickerSubdomain": "Sous-domaine : {subdomain}",
+    "domainPickerNamespace": "Espace de noms : {namespace}",
+    "domainPickerShowMore": "Afficher plus",
+    "domainNotFound": "Domaine introuvable",
+    "domainNotFoundDescription": "Cette ressource est désactivée car le domaine n'existe plus dans notre système. Veuillez définir un nouveau domaine pour cette ressource.",
+    "failed": "Échec",
+    "createNewOrgDescription": "Créer une nouvelle organisation",
+    "organization": "Organisation",
+    "port": "Port",
     "securityKeyManage": "Gérer les clés de sécurité",
     "securityKeyDescription": "Ajouter ou supprimer des clés de sécurité pour l'authentification sans mot de passe",
     "securityKeyRegister": "Enregistrer une nouvelle clé de sécurité",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Supprimer",
     "securityKeyLastUsed": "Dernière utilisation : {date}",
     "securityKeyNameLabel": "Nom",
-    "securityKeyNamePlaceholder": "Entrez un nom pour cette clé de sécurité",
     "securityKeyRegisterSuccess": "Clé de sécurité enregistrée avec succès",
     "securityKeyRegisterError": "Échec de l'enregistrement de la clé de sécurité",
     "securityKeyRemoveSuccess": "Clé de sécurité supprimée avec succès",
     "securityKeyRemoveError": "Échec de la suppression de la clé de sécurité",
     "securityKeyLoadError": "Échec du chargement des clés de sécurité",
-    "securityKeyLogin": "Se connecter avec une clé de sécurité",
+    "securityKeyLogin": "Continuer avec une clé de sécurité",
     "securityKeyAuthError": "Échec de l'authentification avec la clé de sécurité",
-    "securityKeyRecommendation": "Envisagez d'enregistrer une autre clé de sécurité sur un appareil différent pour vous assurer de ne pas être bloqué de votre compte."
+    "securityKeyRecommendation": "Envisagez d'enregistrer une autre clé de sécurité sur un appareil différent pour vous assurer de ne pas être bloqué de votre compte.",
+    "registering": "Enregistrement...",
+    "securityKeyPrompt": "Veuillez vérifier votre identité à l'aide de votre clé de sécurité. Assurez-vous que votre clé de sécurité est connectée et prête.",
+    "securityKeyBrowserNotSupported": "Votre navigateur ne prend pas en charge les clés de sécurité. Veuillez utiliser un navigateur moderne comme Chrome, Firefox ou Safari.",
+    "securityKeyPermissionDenied": "Veuillez autoriser l'accès à votre clé de sécurité pour continuer la connexion.",
+    "securityKeyRemovedTooQuickly": "Veuillez garder votre clé de sécurité connectée jusqu'à ce que le processus de connexion soit terminé.",
+    "securityKeyNotSupported": "Votre clé de sécurité peut ne pas être compatible. Veuillez essayer une clé de sécurité différente.",
+    "securityKeyUnknownError": "Un problème est survenu avec votre clé de sécurité. Veuillez réessayer.",
+    "twoFactorRequired": "L'authentification à deux facteurs est requise pour enregistrer une clé de sécurité.",
+    "twoFactor": "Authentification à deux facteurs",
+    "adminEnabled2FaOnYourAccount": "Votre administrateur a activé l'authentification à deux facteurs pour {email}. Veuillez terminer le processus d'installation pour continuer.",
+    "continueToApplication": "Continuer vers l'application",
+    "securityKeyAdd": "Ajouter une clé de sécurité",
+    "securityKeyRegisterTitle": "Enregistrer une nouvelle clé de sécurité",
+    "securityKeyRegisterDescription": "Connectez votre clé de sécurité et saisissez un nom pour l'identifier",
+    "securityKeyTwoFactorRequired": "Authentification à deux facteurs requise",
+    "securityKeyTwoFactorDescription": "Veuillez entrer votre code d'authentification à deux facteurs pour enregistrer la clé de sécurité",
+    "securityKeyTwoFactorRemoveDescription": "Veuillez entrer votre code d'authentification à deux facteurs pour supprimer la clé de sécurité",
+    "securityKeyTwoFactorCode": "Code à deux facteurs",
+    "securityKeyRemoveTitle": "Supprimer la clé de sécurité",
+    "securityKeyRemoveDescription": "Saisissez votre mot de passe pour supprimer la clé de sécurité \"{name}\"",
+    "securityKeyNoKeysRegistered": "Aucune clé de sécurité enregistrée",
+    "securityKeyNoKeysDescription": "Ajoutez une clé de sécurité pour améliorer la sécurité de votre compte",
+    "createDomainRequired": "Le domaine est requis",
+    "createDomainAddDnsRecords": "Ajouter des enregistrements DNS",
+    "createDomainAddDnsRecordsDescription": "Ajouter les enregistrements DNS suivants à votre fournisseur de domaine pour compléter la configuration.",
+    "createDomainNsRecords": "Enregistrements NS",
+    "createDomainRecord": "Enregistrement",
+    "createDomainType": "Type :",
+    "createDomainName": "Nom :",
+    "createDomainValue": "Valeur :",
+    "createDomainCnameRecords": "Enregistrements CNAME",
+    "createDomainRecordNumber": "Enregistrement {number}",
+    "createDomainTxtRecords": "Enregistrements TXT",
+    "createDomainSaveTheseRecords": "Enregistrez ces enregistrements",
+    "createDomainSaveTheseRecordsDescription": "Assurez-vous de sauvegarder ces enregistrements DNS car vous ne les reverrez pas.",
+    "createDomainDnsPropagation": "Propagation DNS",
+    "createDomainDnsPropagationDescription": "Les modifications DNS peuvent mettre du temps à se propager sur internet. Cela peut prendre de quelques minutes à 48 heures selon votre fournisseur DNS et les réglages TTL.",
+    "resourcePortRequired": "Le numéro de port est requis pour les ressources non-HTTP",
+    "resourcePortNotAllowed": "Le numéro de port ne doit pas être défini pour les ressources HTTP"
 }
diff --git a/messages/it-IT.json b/messages/it-IT.json
index 0af5e8e4..ce13ab23 100644
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Al momento non sei un membro di nessuna organizzazione. Crea un'organizzazione per iniziare.",
     "componentsErrorNoMember": "Attualmente non sei membro di nessuna organizzazione.",
     "welcome": "Benvenuti a Pangolin",
+    "welcomeTo": "Benvenuto a",
     "componentsCreateOrg": "Crea un'organizzazione",
-    "componentsMember": "Sei un membro di {count, plural, =0 {nessuna organizzazione} =1 {una organizzazione} other {# organizzazioni}}.",
+    "componentsMember": "Sei un membro di {count, plural, =0 {nessuna organizzazione} one {un'organizzazione} other {# organizzazioni}}.",
     "componentsInvalidKey": "Rilevata chiave di licenza non valida o scaduta. Segui i termini di licenza per continuare a utilizzare tutte le funzionalità.",
     "dismiss": "Ignora",
     "componentsLicenseViolation": "Violazione della licenza: Questo server sta usando i siti {usedSites} che superano il suo limite concesso in licenza per i siti {maxSites} . Segui i termini di licenza per continuare a usare tutte le funzionalità.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Impostazioni Organizzazione",
     "orgGeneralSettingsDescription": "Gestisci i dettagli dell'organizzazione e la configurazione",
     "saveGeneralSettings": "Salva Impostazioni Generali",
+    "saveSettings": "Salva Impostazioni",
     "orgDangerZone": "Zona Pericolosa",
     "orgDangerZoneDescription": "Una volta che si elimina questo org, non c'è ritorno. Si prega di essere certi.",
     "orgDelete": "Elimina Organizzazione",
@@ -249,7 +251,7 @@
     "weeks": "Settimane",
     "months": "Mesi",
     "years": "Anni",
-    "day": "{count, plural, =1 {# giorno} other {# giorni}}",
+    "day": "{count, plural, one {# giorno} other {# giorni}}",
     "apiKeysTitle": "Informazioni Chiave API",
     "apiKeysConfirmCopy2": "Devi confermare di aver copiato la chiave API.",
     "apiKeysErrorCreate": "Errore nella creazione della chiave API",
@@ -347,7 +349,7 @@
     "licensePurchase": "Acquista Licenza",
     "licensePurchaseSites": "Acquista Siti Aggiuntivi",
     "licenseSitesUsedMax": "{usedSites} di {maxSites} siti utilizzati",
-    "licenseSitesUsed": "{count, plural, =0 {# siti} =1 {# sito} other {# siti}} nel sistema.",
+    "licenseSitesUsed": "{count, plural, =0 {# siti} one {# sito} other {# siti}} nel sistema.",
     "licensePurchaseDescription": "Scegli quanti siti vuoi {selectedMode, select, license {acquista una licenza. Puoi sempre aggiungere altri siti più tardi.} other {aggiungi alla tua licenza esistente.}}",
     "licenseFee": "Costo della licenza",
     "licensePriceSite": "Prezzo per sito",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Seleziona ruolo",
     "inviteEmailSentDescription": "È stata inviata un'email all'utente con il link di accesso qui sotto. Devono accedere al link per accettare l'invito.",
     "inviteSentDescription": "L'utente è stato invitato. Deve accedere al link qui sotto per accettare l'invito.",
-    "inviteExpiresIn": "L'invito scadrà tra {days, plural, =1 {# giorno} other {# giorni}}.",
+    "inviteExpiresIn": "L'invito scadrà tra {days, plural, one {# giorno} other {# giorni}}.",
     "idpTitle": "Informazioni Generali",
     "idpSelect": "Seleziona il provider di identità per l'utente esterno",
     "idpNotConfigured": "Nessun provider di identità configurato. Configura un provider di identità prima di creare utenti esterni.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Questa funzionalità è disponibile solo nell'Edizione Professional.",
     "actionGetOrg": "Ottieni Organizzazione",
     "actionUpdateOrg": "Aggiorna Organizzazione",
+    "actionUpdateUser": "Aggiorna Utente",
+    "actionGetUser": "Ottieni Utente",
     "actionGetOrgUser": "Ottieni Utente Organizzazione",
     "actionListOrgDomains": "Elenca Domini Organizzazione",
     "actionCreateSite": "Crea Sito",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Tutti Gli Utenti",
     "sidebarIdentityProviders": "Fornitori Di Identità",
     "sidebarLicense": "Licenza",
+    "sidebarClients": "Clienti",
+    "sidebarDomains": "Domini",
     "enableDockerSocket": "Abilita Docker Socket",
     "enableDockerSocketDescription": "Abilita il rilevamento Docker Socket per popolare le informazioni del contenitore. Il percorso del socket deve essere fornito a Newt.",
     "enableDockerSocketLink": "Scopri di più",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Reti",
     "containerHostnameIp": "Hostname/IP",
     "containerLabels": "Etichette",
-    "containerLabelsCount": "{count} etichetta{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# etichetta} other {# etichette}}",
     "containerLabelsTitle": "Etichette Del Contenitore",
     "containerLabelEmpty": "<vuoto>",
     "containerPorts": "Porte",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Mostra contenitori fermati",
     "noContainersFound": "Nessun contenitore trovato. Assicurarsi che i contenitori Docker siano in esecuzione.",
     "searchContainersPlaceholder": "Cerca tra i contenitori {count}...",
-    "searchResultsCount": "{count} risultato{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# risultato} other {# risultati}}",
     "filters": "Filtri",
     "filterOptions": "Opzioni Filtro",
     "filterPorts": "Porte",
@@ -1129,10 +1135,89 @@
     "dark": "scuro",
     "system": "sistema",
     "theme": "Tema",
+    "subnetRequired": "Sottorete richiesta",
     "initialSetupTitle": "Impostazione Iniziale del Server",
     "initialSetupDescription": "Crea l'account amministratore del server iniziale. Può esistere solo un amministratore del server. È sempre possibile modificare queste credenziali in seguito.",
     "createAdminAccount": "Crea Account Admin",
     "setupErrorCreateAdmin": "Si è verificato un errore durante la creazione dell'account amministratore del server.",
+    "certificateStatus": "Stato del Certificato",
+    "loading": "Caricamento",
+    "restart": "Riavvia",
+    "domains": "Domini",
+    "domainsDescription": "Gestisci domini per la tua organizzazione",
+    "domainsSearch": "Cerca domini...",
+    "domainAdd": "Aggiungi Dominio",
+    "domainAddDescription": "Registra un nuovo dominio con la tua organizzazione",
+    "domainCreate": "Crea Dominio",
+    "domainCreatedDescription": "Dominio creato con successo",
+    "domainDeletedDescription": "Dominio eliminato con successo",
+    "domainQuestionRemove": "Sei sicuro di voler rimuovere il dominio {domain} dal tuo account?",
+    "domainMessageRemove": "Una volta rimosso, il dominio non sarà più associato al tuo account.",
+    "domainMessageConfirm": "Per confermare, digita il nome del dominio qui sotto.",
+    "domainConfirmDelete": "Conferma Eliminazione Dominio",
+    "domainDelete": "Elimina Dominio",
+    "domain": "Dominio",
+    "selectDomainTypeNsName": "Delega Dominio (NS)",
+    "selectDomainTypeNsDescription": "Questo dominio e tutti i suoi sottodomini. Usa questo quando desideri controllare un'intera zona di dominio.",
+    "selectDomainTypeCnameName": "Dominio Singolo (CNAME)",
+    "selectDomainTypeCnameDescription": "Solo questo dominio specifico. Usa questo per sottodomini individuali o specifiche voci di dominio.",
+    "selectDomainTypeWildcardName": "Dominio Jolly",
+    "selectDomainTypeWildcardDescription": "Questo dominio e il suo primo livello di sottodomini.",
+    "domainDelegation": "Dominio Singolo",
+    "selectType": "Seleziona un tipo",
+    "actions": "Azioni",
+    "refresh": "Aggiorna",
+    "refreshError": "Impossibile aggiornare i dati",
+    "verified": "Verificato",
+    "pending": "In attesa",
+    "sidebarBilling": "Fatturazione",
+    "billing": "Fatturazione",
+    "orgBillingDescription": "Gestisci le tue informazioni di fatturazione e abbonamenti",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hosted",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Completa la Configurazione dell'Account",
+    "completeAccountSetupDescription": "Imposta la tua password per iniziare",
+    "accountSetupSent": "Invieremo un codice di configurazione dell'account a questo indirizzo email.",
+    "accountSetupCode": "Codice di Configurazione",
+    "accountSetupCodeDescription": "Controlla la tua email per il codice di configurazione.",
+    "passwordCreate": "Crea Password",
+    "passwordCreateConfirm": "Conferma Password",
+    "accountSetupSubmit": "Invia Codice di Configurazione",
+    "completeSetup": "Completa la Configurazione",
+    "accountSetupSuccess": "Configurazione dell'account completata! Benvenuto su Pangolin!",
+    "documentation": "Documentazione",
+    "saveAllSettings": "Salva Tutte le Impostazioni",
+    "settingsUpdated": "Impostazioni aggiornate",
+    "settingsUpdatedDescription": "Tutte le impostazioni sono state aggiornate con successo",
+    "settingsErrorUpdate": "Impossibile aggiornare le impostazioni",
+    "settingsErrorUpdateDescription": "Si è verificato un errore durante l'aggiornamento delle impostazioni",
+    "sidebarCollapse": "Comprimi",
+    "sidebarExpand": "Espandi",
+    "newtUpdateAvailable": "Aggiornamento Disponibile",
+    "newtUpdateAvailableInfo": "È disponibile una nuova versione di Newt. Si prega di aggiornare all'ultima versione per la migliore esperienza.",
+    "domainPickerEnterDomain": "Inserisci il tuo dominio",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, o semplicemente myapp",
+    "domainPickerDescription": "Inserisci il dominio completo della risorsa per vedere le opzioni disponibili.",
+    "domainPickerDescriptionSaas": "Inserisci un dominio completo, un sottodominio o semplicemente un nome per vedere le opzioni disponibili",
+    "domainPickerTabAll": "Tutti",
+    "domainPickerTabOrganization": "Organizzazione",
+    "domainPickerTabProvided": "Fornito",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Controllando la disponibilità...",
+    "domainPickerNoMatchingDomains": "Nessun dominio corrispondente trovato per \"{userInput}\". Prova un altro dominio o controlla le impostazioni del dominio della tua organizzazione.",
+    "domainPickerOrganizationDomains": "Domini dell'Organizzazione",
+    "domainPickerProvidedDomains": "Domini Forniti",
+    "domainPickerSubdomain": "Sottodominio: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Mostra Altro",
+    "domainNotFound": "Domini Non Trovati",
+    "domainNotFoundDescription": "Questa risorsa è disabilitata perché il dominio non esiste più nel nostro sistema. Si prega di impostare un nuovo dominio per questa risorsa.",
+    "failed": "Fallito",
+    "createNewOrgDescription": "Crea una nuova organizzazione",
+    "organization": "Organizzazione",
+    "port": "Porta",
     "securityKeyManage": "Gestisci chiavi di sicurezza",
     "securityKeyDescription": "Aggiungi o rimuovi chiavi di sicurezza per l'autenticazione senza password",
     "securityKeyRegister": "Registra nuova chiave di sicurezza",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Rimuovi",
     "securityKeyLastUsed": "Ultimo utilizzo: {date}",
     "securityKeyNameLabel": "Nome",
-    "securityKeyNamePlaceholder": "Inserisci un nome per questa chiave di sicurezza",
     "securityKeyRegisterSuccess": "Chiave di sicurezza registrata con successo",
     "securityKeyRegisterError": "Errore durante la registrazione della chiave di sicurezza",
     "securityKeyRemoveSuccess": "Chiave di sicurezza rimossa con successo",
     "securityKeyRemoveError": "Errore durante la rimozione della chiave di sicurezza",
     "securityKeyLoadError": "Errore durante il caricamento delle chiavi di sicurezza",
-    "securityKeyLogin": "Accedi con chiave di sicurezza",
+    "securityKeyLogin": "Continua con la chiave di sicurezza",
     "securityKeyAuthError": "Errore durante l'autenticazione con chiave di sicurezza",
-    "securityKeyRecommendation": "Considera di registrare un'altra chiave di sicurezza su un dispositivo diverso per assicurarti di non rimanere bloccato fuori dal tuo account."
+    "securityKeyRecommendation": "Considera di registrare un'altra chiave di sicurezza su un dispositivo diverso per assicurarti di non rimanere bloccato fuori dal tuo account.",
+    "registering": "Registrazione in corso...",
+    "securityKeyPrompt": "Verifica la tua identità usando la chiave di sicurezza. Assicurati che sia connessa e pronta.",
+    "securityKeyBrowserNotSupported": "Il tuo browser non supporta le chiavi di sicurezza. Per favore, usa un browser moderno come Chrome, Firefox o Safari.",
+    "securityKeyPermissionDenied": "Consenti accesso alla tua chiave di sicurezza per continuare ad accedere.",
+    "securityKeyRemovedTooQuickly": "Mantieni la chiave di sicurezza connessa fino a quando il processo di accesso non è completato.",
+    "securityKeyNotSupported": "La tua chiave di sicurezza potrebbe non essere compatibile. Prova un'altra chiave di sicurezza.",
+    "securityKeyUnknownError": "Si è verificato un problema con la tua chiave di sicurezza. Riprova.",
+    "twoFactorRequired": "È richiesta l'autenticazione a due fattori per registrare una chiave di sicurezza.",
+    "twoFactor": "Autenticazione a Due Fattori",
+    "adminEnabled2FaOnYourAccount": "Il tuo amministratore ha abilitato l'autenticazione a due fattori per {email}. Completa il processo di configurazione per continuare.",
+    "continueToApplication": "Continua all'Applicazione",
+    "securityKeyAdd": "Aggiungi Chiave di Sicurezza",
+    "securityKeyRegisterTitle": "Registra Nuova Chiave di Sicurezza",
+    "securityKeyRegisterDescription": "Collega la tua chiave di sicurezza e inserisci un nome per identificarla",
+    "securityKeyTwoFactorRequired": "Autenticazione a Due Fattori Richiesta",
+    "securityKeyTwoFactorDescription": "Inserisci il codice di autenticazione a due fattori per registrare la chiave di sicurezza",
+    "securityKeyTwoFactorRemoveDescription": "Inserisci il codice di autenticazione a due fattori per rimuovere la chiave di sicurezza",
+    "securityKeyTwoFactorCode": "Codice a Due Fattori",
+    "securityKeyRemoveTitle": "Rimuovi Chiave di Sicurezza",
+    "securityKeyRemoveDescription": "Inserisci la tua password per rimuovere la chiave di sicurezza \"{name}\"",
+    "securityKeyNoKeysRegistered": "Nessuna chiave di sicurezza registrata",
+    "securityKeyNoKeysDescription": "Aggiungi una chiave di sicurezza per migliorare la sicurezza del tuo account",
+    "createDomainRequired": "Dominio richiesto",
+    "createDomainAddDnsRecords": "Aggiungi Record DNS",
+    "createDomainAddDnsRecordsDescription": "Aggiungi i seguenti record DNS al tuo provider di domini per completare la configurazione.",
+    "createDomainNsRecords": "Record NS",
+    "createDomainRecord": "Record",
+    "createDomainType": "Tipo:",
+    "createDomainName": "Nome:",
+    "createDomainValue": "Valore:",
+    "createDomainCnameRecords": "Record CNAME",
+    "createDomainRecordNumber": "Record {number}",
+    "createDomainTxtRecords": "Record TXT",
+    "createDomainSaveTheseRecords": "Salva Questi Record",
+    "createDomainSaveTheseRecordsDescription": "Assicurati di salvare questi record DNS poiché non li vedrai più.",
+    "createDomainDnsPropagation": "Propagazione DNS",
+    "createDomainDnsPropagationDescription": "Le modifiche DNS possono richiedere del tempo per propagarsi in Internet. Questo può richiedere da pochi minuti a 48 ore, a seconda del tuo provider DNS e delle impostazioni TTL.",
+    "resourcePortRequired": "Numero di porta richiesto per risorse non-HTTP",
+    "resourcePortNotAllowed": "Il numero di porta non deve essere impostato per risorse HTTP"
 }
diff --git a/messages/ko-KR.json b/messages/ko-KR.json
index 62b1dfc1..1406a624 100644
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -1,19 +1,34 @@
 {
     "setupCreate": "조직, 사이트 및 리소스를 생성하십시오.",
+    "setupNewOrg": "새 조직",
+    "setupCreateOrg": "조직 생성",
+    "setupCreateResources": "리소스 생성",
+    "setupOrgName": "조직 이름",
     "orgDisplayName": "이것은 귀하의 조직의 표시 이름입니다.",
-    "setupIdentifierMessage": "이것은 귀하의 조직에 대한 고유 식별자입니다. 표시 이름과는 별개입니다.",
-    "componentsErrorNoMemberCreate": "현재 어떤 조직의 구성원도 아닙니다. 시작하려면 조직을 생성하세요.",
-    "componentsInvalidKey": "유효하지 않거나 만료된 라이센스 키가 감지되었습니다. 모든 기능을 계속 사용하려면 라이센스 조건을 따르십시오.",
     "orgId": "조직 ID",
-    "siteQuestionRemove": "조직에서 사이트 {selectedSite}를 제거하시겠습니까?",
-    "siteCreateDescription2": "아래 단계를 따라 새 사이트를 생성하고 연결하십시오",
+    "setupIdentifierMessage": "이것은 귀하의 조직에 대한 고유 식별자입니다. 표시 이름과는 별개입니다.",
+    "setupErrorIdentifier": "조직 ID가 이미 사용 중입니다. 다른 것을 선택해 주세요.",
+    "componentsErrorNoMemberCreate": "현재 어떤 조직의 구성원도 아닙니다. 시작하려면 조직을 생성하세요.",
+    "componentsErrorNoMember": "현재 어떤 조직의 구성원도 아닙니다.",
+    "welcome": "판골린에 오신 것을 환영합니다.",
+    "welcomeTo": "환영합니다",
+    "componentsCreateOrg": "조직 생성",
+    "componentsMember": "당신은 {count, plural, =0 {조직이 없습니다} one {하나의 조직} other {# 개의 조직}}의 구성원입니다.",
+    "componentsInvalidKey": "유효하지 않거나 만료된 라이센스 키가 감지되었습니다. 모든 기능을 계속 사용하려면 라이센스 조건을 따르십시오.",
+    "dismiss": "해제",
     "componentsLicenseViolation": "라이센스 위반: 이 서버는 {usedSites} 사이트를 사용하고 있으며, 이는 {maxSites} 사이트의 라이센스 한도를 초과합니다. 모든 기능을 계속 사용하려면 라이센스 조건을 따르십시오.",
-    "years": "연도",
-    "hours": "시간",
-    "days": "일",
-    "weeks": "주",
-    "months": "개월",
+    "componentsSupporterMessage": "{tier}로 판골린을 지원해 주셔서 감사합니다!",
+    "inviteErrorNotValid": "죄송하지만, 접근하려는 초대가 수락되지 않았거나 더 이상 유효하지 않은 것 같습니다.",
+    "inviteErrorUser": "죄송하지만, 접근하려는 초대가 이 사용자에게 해당되지 않는 것 같습니다.",
+    "inviteLoginUser": "올바른 사용자로 로그인했는지 확인하십시오.",
+    "inviteErrorNoUser": "죄송하지만, 접근하려는 초대가 존재하지 않는 사용자에 대한 것인 것 같습니다.",
+    "inviteCreateUser": "먼저 계정을 생성해 주세요.",
+    "goHome": "홈으로 가기",
+    "inviteLogInOtherUser": "다른 사용자로 로그인",
+    "createAnAccount": "계정 만들기",
+    "inviteNotAccepted": "초대가 수락되지 않음",
     "authCreateAccount": "시작하려면 계정을 생성하세요.",
+    "authNoAccount": "계정이 없으신가요?",
     "email": "이메일",
     "password": "비밀번호",
     "confirmPassword": "비밀번호 확인",
@@ -34,31 +49,12 @@
     "siteDelete": "사이트 삭제",
     "siteMessageRemove": "제거되면 사이트에 더 이상 접근할 수 없습니다. 사이트와 관련된 모든 리소스와 대상도 제거됩니다.",
     "siteMessageConfirm": "확인을 위해 아래에 사이트 이름을 입력해 주세요.",
-    "setupNewOrg": "새 조직",
-    "setupCreateOrg": "조직 생성",
-    "setupCreateResources": "리소스 생성",
-    "setupOrgName": "조직 이름",
-    "setupErrorIdentifier": "조직 ID가 이미 사용 중입니다. 다른 것을 선택해 주세요.",
-    "componentsErrorNoMember": "현재 어떤 조직의 구성원도 아닙니다.",
-    "welcome": "판골린에 오신 것을 환영합니다.",
-    "componentsCreateOrg": "조직 생성",
-    "componentsMember": "당신은 {count, plural, =0 {조직이 없습니다} one {하나의 조직} other {# 개의 조직}}의 구성원입니다.",
-    "componentsSupporterMessage": "{tier}로 판골린을 지원해 주셔서 감사합니다!",
-    "inviteErrorNotValid": "죄송하지만, 접근하려는 초대가 수락되지 않았거나 더 이상 유효하지 않은 것 같습니다.",
-    "inviteErrorUser": "죄송하지만, 접근하려는 초대가 이 사용자에게 해당되지 않는 것 같습니다.",
-    "inviteLoginUser": "올바른 사용자로 로그인했는지 확인하십시오.",
-    "inviteErrorNoUser": "죄송하지만, 접근하려는 초대가 존재하지 않는 사용자에 대한 것인 것 같습니다.",
-    "inviteCreateUser": "먼저 계정을 생성해 주세요.",
-    "goHome": "홈으로 가기",
-    "inviteLogInOtherUser": "다른 사용자로 로그인",
-    "createAnAccount": "계정 만들기",
+    "siteQuestionRemove": "조직에서 사이트 {selectedSite}를 제거하시겠습니까?",
     "siteManageSites": "사이트 관리",
     "siteDescription": "안전한 터널을 통해 네트워크에 연결할 수 있도록 허용",
     "siteCreate": "사이트 생성",
-    "inviteNotAccepted": "초대가 수락되지 않음",
-    "authNoAccount": "계정이 없으신가요?",
+    "siteCreateDescription2": "아래 단계를 따라 새 사이트를 생성하고 연결하십시오",
     "siteCreateDescription": "리소스를 연결하기 위해 새 사이트를 생성하십시오.",
-    "dismiss": "해제",
     "close": "닫기",
     "siteErrorCreate": "사이트 생성 오류",
     "siteErrorCreateKeyPair": "키 쌍 또는 사이트 기본값을 찾을 수 없습니다",
@@ -104,15 +100,6 @@
     "siteTunnelDescription": "사이트에 연결하는 방법을 결정하세요",
     "siteNewtCredentials": "Newt 자격 증명",
     "siteNewtCredentialsDescription": "이것이 Newt가 서버와 인증하는 방법입니다",
-    "orgPolicyDeletedDescription": "정책이 성공적으로 삭제되었습니다",
-    "actionCreateResourceRule": "리소스 규칙 생성",
-    "defaultMappingsUpdatedDescription": "기본 매핑이 성공적으로 업데이트되었습니다.",
-    "orgPoliciesAbout": "조직 정책에 대하여",
-    "orgPoliciesAboutDescription": "조직 정책은 사용자의 ID 토큰에 따라 조직에 대한 액세스를 제어하는 데 사용됩니다. ID 토큰에서 역할 및 조직 정보를 추출하기 위해 JMESPath 표현식을 지정할 수 있습니다.",
-    "orgPoliciesAboutDescriptionLink": "자세한 내용은 문서를 참조하십시오.",
-    "actionDeleteResourceRule": "리소스 규칙 삭제",
-    "defaultMappingsOptional": "기본 매핑(선택 사항)",
-    "signupError": "가입하는 동안 오류가 발생했습니다.",
     "siteCredentialsSave": "자격 증명 저장",
     "siteCredentialsSaveDescription": "이것은 한 번만 볼 수 있습니다. 안전한 장소에 복사해 두세요.",
     "siteInfo": "사이트 정보",
@@ -144,7 +131,6 @@
     "expireIn": "만료됨",
     "neverExpire": "만료되지 않음",
     "shareExpireDescription": "만료 시간은 링크가 사용 가능하고 리소스에 접근할 수 있는 기간입니다. 이 시간이 지나면 링크는 더 이상 작동하지 않으며, 이 링크를 사용한 사용자는 리소스에 대한 접근 권한을 잃게 됩니다.",
-    "pangolinLogoAlt": "판골린 로고",
     "shareSeeOnce": "이 링크는 한 번만 볼 수 있습니다. 반드시 복사해 두세요.",
     "shareAccessHint": "이 링크가 있는 누구나 리소스에 접근할 수 있습니다. 주의해서 공유하세요.",
     "shareTokenUsage": "액세스 토큰 사용 보기",
@@ -166,10 +152,8 @@
     "authentication": "인증",
     "protected": "보호됨",
     "notProtected": "보호되지 않음",
-    "inviteAlready": "초대받은 것 같습니다!",
     "resourceMessageRemove": "제거되면 리소스에 더 이상 접근할 수 없습니다. 리소스와 연결된 모든 대상도 제거됩니다.",
     "resourceMessageConfirm": "확인을 위해 아래에 리소스의 이름을 입력하세요.",
-    "tagsEnteredDescription": "입력한 태그는 다음과 같습니다.",
     "resourceQuestionRemove": "조직에서 리소스 {selectedResource}를 제거하시겠습니까?",
     "resourceHTTP": "HTTPS 리소스",
     "resourceHTTPDescription": "서브도메인 또는 기본 도메인을 사용하여 HTTPS를 통해 앱에 대한 요청을 프록시합니다.",
@@ -183,7 +167,6 @@
     "siteSelect": "사이트 선택",
     "siteSearch": "사이트 검색",
     "siteNotFound": "사이트를 찾을 수 없습니다.",
-    "otpEnable": "이중 인증 활성화",
     "siteSelectionDescription": "이 사이트는 리소스에 대한 연결을 제공합니다.",
     "resourceType": "리소스 유형",
     "resourceTypeDescription": "리소스에 접근하는 방법을 결정하세요",
@@ -194,16 +177,13 @@
     "baseDomain": "기본 도메인",
     "subdomnainDescription": "리소스에 접근할 수 있는 하위 도메인입니다.",
     "resourceRawSettings": "TCP/UDP 설정",
-    "otpDisable": "이중 인증 비활성화",
     "resourceRawSettingsDescription": "TCP/UDP를 통해 리소스에 접근하는 방법을 구성하세요.",
     "protocol": "프로토콜",
     "protocolSelect": "프로토콜 선택",
     "resourcePortNumber": "포트 번호",
-    "logout": "로그 아웃",
     "resourcePortNumberDescription": "요청을 프록시하기 위한 외부 포트 번호입니다.",
     "cancel": "취소",
     "resourceConfig": "구성 스니펫",
-    "inviteAlreadyDescription": "초대를 수락하려면 로그인하거나 계정을 생성해야 합니다.",
     "resourceConfigDescription": "TCP/UDP 리소스를 설정하기 위해 이 구성 스니펫을 복사하여 붙여넣으십시오.",
     "resourceAddEntrypoints": "Traefik: 엔트리포인트 추가",
     "resourceExposePorts": "Gerbil: Docker Compose에서 포트 노출",
@@ -220,7 +200,6 @@
     "proxy": "프록시",
     "rules": "규칙",
     "resourceSettingDescription": "리소스의 설정을 구성하세요.",
-    "sidebarApiKeys": "API 키",
     "resourceSetting": "{resourceName} 설정",
     "alwaysAllow": "항상 허용",
     "alwaysDeny": "항상 거부",
@@ -228,6 +207,7 @@
     "orgGeneralSettings": "조직 설정",
     "orgGeneralSettingsDescription": "조직 세부정보 및 구성을 관리하세요.",
     "saveGeneralSettings": "일반 설정 저장",
+    "saveSettings": "설정 저장",
     "orgDangerZone": "위험 구역",
     "orgDangerZoneDescription": "이 조직을 삭제하면 되돌릴 수 없습니다. 확실히 하세요.",
     "orgDelete": "조직 삭제",
@@ -239,7 +219,6 @@
     "orgUpdatedDescription": "조직이 업데이트되었습니다.",
     "orgErrorUpdate": "조직 업데이트에 실패했습니다.",
     "orgErrorUpdateMessage": "조직을 업데이트하는 동안 오류가 발생했습니다.",
-    "sidebarSettings": "설정",
     "orgErrorFetch": "조직을 가져오는 데 실패했습니다.",
     "orgErrorFetchMessage": "조직을 나열하는 동안 오류가 발생했습니다",
     "orgErrorDelete": "조직 삭제에 실패했습니다.",
@@ -267,9 +246,13 @@
     "inviteDescription": "다른 사용자에 대한 초대를 관리하세요",
     "inviteSearch": "초대 검색...",
     "minutes": "분",
+    "hours": "시간",
+    "days": "일",
+    "weeks": "주",
+    "months": "개월",
+    "years": "연도",
     "day": "{count, plural, one {#일} other {#일}}",
     "apiKeysTitle": "API 키 정보",
-    "signupQuestion": "이미 계정이 있습니까?",
     "apiKeysConfirmCopy2": "API 키를 복사했음을 확인해야 합니다.",
     "apiKeysErrorCreate": "API 키 생성 오류",
     "apiKeysErrorSetPermission": "권한 설정 오류",
@@ -288,7 +271,6 @@
     "apiKeysPermissionsErrorLoadingActions": "API 키 작업 로드 오류",
     "apiKeysPermissionsErrorUpdate": "권한 설정 오류",
     "apiKeysPermissionsUpdated": "권한이 업데이트되었습니다",
-    "login": "로그인",
     "apiKeysPermissionsUpdatedDescription": "권한이 업데이트되었습니다.",
     "apiKeysPermissionsGeneralSettings": "권한",
     "apiKeysPermissionsGeneralSettingsDescription": "이 API 키가 수행할 수 있는 작업 결정",
@@ -330,7 +312,6 @@
     "licenseErrorKeyLoad": "라이센스 키를 로드하는 데 실패했습니다.",
     "licenseErrorKeyLoadDescription": "라이센스 키 로드 중 오류가 발생했습니다.",
     "licenseErrorKeyDelete": "라이센스 키 삭제에 실패했습니다.",
-    "resourceNotFound": "리소스를 찾을 수 없습니다",
     "licenseErrorKeyDeleteDescription": "라이센스 키 삭제 중 오류가 발생했습니다.",
     "licenseKeyDeleted": "라이센스 키가 삭제되었습니다.",
     "licenseKeyDeletedDescription": "라이센스 키가 삭제되었습니다.",
@@ -351,7 +332,6 @@
     "licenseAgreement": "이 상자를 체크함으로써, 귀하는 귀하의 라이선스 키와 관련된 계층에 해당하는 라이선스 조건을 읽고 동의했음을 확인합니다.",
     "fossorialLicense": "Fossorial 상업 라이선스 및 구독 약관 보기",
     "licenseMessageRemove": "이 작업은 라이센스 키와 그에 의해 부여된 모든 관련 권한을 제거합니다.",
-    "sidebarAllUsers": "모든 사용자",
     "licenseMessageConfirm": "확인을 위해 아래에 라이센스 키를 입력하세요.",
     "licenseQuestionRemove": "라이센스 키 {selectedKey}를 삭제하시겠습니까?",
     "licenseKeyDelete": "라이센스 키 삭제",
@@ -365,7 +345,6 @@
     "licenseReckeckAll": "모든 키 재확인",
     "licenseSiteUsage": "사이트 사용량",
     "licenseSiteUsageDecsription": "이 라이센스를 사용하는 사이트 수를 확인하세요.",
-    "noResults": "결과를 찾을 수 없습니다.",
     "licenseNoSiteLimit": "라이선스가 없는 호스트를 사용하는 사이트 수에 제한이 없습니다.",
     "licensePurchase": "라이센스 구매",
     "licensePurchaseSites": "추가 사이트 구매",
@@ -434,7 +413,6 @@
     "idpErrorFetch": "신원 제공자를 가져오는 데 실패했습니다",
     "idpErrorFetchDescription": "신원 공급자를 가져오는 중 오류가 발생했습니다.",
     "userErrorExists": "사용자가 이미 존재합니다.",
-    "terabytes": "{count} TB",
     "userErrorExistsDescription": "이 사용자는 이미 조직의 구성원입니다.",
     "inviteError": "사용자 초대에 실패했습니다",
     "inviteErrorDescription": "사용자를 초대하는 동안 오류가 발생했습니다.",
@@ -692,7 +670,6 @@
     "resourceErrorTransferDescription": "리소스를 전송하는 동안 오류가 발생했습니다",
     "resourceTransferred": "리소스가 전송되었습니다.",
     "resourceTransferredDescription": "리소스가 성공적으로 전송되었습니다.",
-    "gigabytes": "{count} GB",
     "resourceErrorToggle": "리소스를 전환하는 데 실패했습니다.",
     "resourceErrorToggleDescription": "리소스를 업데이트하는 동안 오류가 발생했습니다.",
     "resourceVisibilityTitle": "가시성",
@@ -794,8 +771,6 @@
     "idpSubmit": "아이덴티티 공급자 생성",
     "orgPolicies": "조직 정책",
     "idpSettings": "{idpName} 설정",
-    "megabytes": "{count} MB",
-    "actionCheckOrgId": "ID 확인",
     "idpCreateSettingsDescription": "아이덴티티 공급자의 설정을 구성하십시오",
     "roleMapping": "역할 매핑",
     "orgMapping": "조직 매핑",
@@ -806,7 +781,12 @@
     "success": "성공",
     "orgPolicyAddedDescription": "정책이 성공적으로 추가되었습니다",
     "orgPolicyUpdatedDescription": "정책이 성공적으로 업데이트되었습니다.",
-    "tagsEntered": "입력된 태그",
+    "orgPolicyDeletedDescription": "정책이 성공적으로 삭제되었습니다",
+    "defaultMappingsUpdatedDescription": "기본 매핑이 성공적으로 업데이트되었습니다.",
+    "orgPoliciesAbout": "조직 정책에 대하여",
+    "orgPoliciesAboutDescription": "조직 정책은 사용자의 ID 토큰에 따라 조직에 대한 액세스를 제어하는 데 사용됩니다. ID 토큰에서 역할 및 조직 정보를 추출하기 위해 JMESPath 표현식을 지정할 수 있습니다.",
+    "orgPoliciesAboutDescriptionLink": "자세한 내용은 문서를 참조하십시오.",
+    "defaultMappingsOptional": "기본 매핑(선택 사항)",
     "defaultMappingsOptionalDescription": "조직에 대해 정의된 정책이 없을 때 기본 매핑이 사용됩니다. 여기에서 기본 역할 및 조직 매핑을 지정하여 대체할 수 있습니다.",
     "defaultMappingsRole": "기본 역할 매핑",
     "defaultMappingsRoleDescription": "이 표현식의 결과는 조직에서 정의된 역할 이름을 문자열로 반환해야 합니다.",
@@ -843,6 +823,13 @@
     "emailVerifyResendProgress": "재전송 중...",
     "emailVerifyResend": "코드를 받지 못하셨나요? 여기 클릭하여 재전송하세요",
     "passwordNotMatch": "비밀번호가 일치하지 않습니다.",
+    "signupError": "가입하는 동안 오류가 발생했습니다.",
+    "pangolinLogoAlt": "판골린 로고",
+    "inviteAlready": "초대받은 것 같습니다!",
+    "inviteAlreadyDescription": "초대를 수락하려면 로그인하거나 계정을 생성해야 합니다.",
+    "signupQuestion": "이미 계정이 있습니까?",
+    "login": "로그인",
+    "resourceNotFound": "리소스를 찾을 수 없습니다",
     "resourceNotFoundDescription": "접근하려는 리소스가 존재하지 않습니다.",
     "pincodeRequirementsLength": "PIN은 정확히 6자리여야 합니다",
     "pincodeRequirementsChars": "PIN은 숫자만 포함해야 합니다.",
@@ -923,6 +910,12 @@
     "usersAll": "모든 사용자",
     "license": "라이선스",
     "pangolinDashboard": "대시보드 - 판골린",
+    "noResults": "결과를 찾을 수 없습니다.",
+    "terabytes": "{count} TB",
+    "gigabytes": "{count} GB",
+    "megabytes": "{count} MB",
+    "tagsEntered": "입력된 태그",
+    "tagsEnteredDescription": "입력한 태그는 다음과 같습니다.",
     "tagsWarnCannotBeLessThanZero": "maxTags와 minTags는 0보다 작을 수 없습니다",
     "tagsWarnNotAllowedAutocompleteOptions": "자동 완성 옵션에 따라 태그가 허용되지 않습니다",
     "tagsWarnInvalid": "validateTag에 따라 유효하지 않은 태그입니다",
@@ -960,10 +953,15 @@
     "logoutError": "로그아웃 중 오류 발생",
     "signingAs": "로그인한 사용자",
     "serverAdmin": "서버 관리자",
+    "otpEnable": "이중 인증 활성화",
+    "otpDisable": "이중 인증 비활성화",
+    "logout": "로그 아웃",
     "licenseTierProfessionalRequired": "전문 에디션이 필요합니다.",
     "licenseTierProfessionalRequiredDescription": "이 기능은 Professional Edition에서만 사용할 수 있습니다.",
     "actionGetOrg": "조직 가져오기",
     "actionUpdateOrg": "조직 업데이트",
+    "actionUpdateUser": "사용자 업데이트",
+    "actionGetUser": "사용자 조회",
     "actionGetOrgUser": "조직 사용자 가져오기",
     "actionListOrgDomains": "조직 도메인 목록",
     "actionCreateSite": "사이트 생성",
@@ -1000,13 +998,15 @@
     "actionRemoveUser": "사용자 제거",
     "actionListUsers": "사용자 목록",
     "actionAddUserRole": "사용자 역할 추가",
-    "containersIn": "{siteName}의 컨테이너",
     "actionGenerateAccessToken": "액세스 토큰 생성",
     "actionDeleteAccessToken": "액세스 토큰 삭제",
     "actionListAccessTokens": "액세스 토큰 목록",
+    "actionCreateResourceRule": "리소스 규칙 생성",
+    "actionDeleteResourceRule": "리소스 규칙 삭제",
     "actionListResourceRules": "리소스 규칙 목록",
     "actionUpdateResourceRule": "리소스 규칙 업데이트",
     "actionListOrgs": "조직 목록",
+    "actionCheckOrgId": "ID 확인",
     "actionCreateOrg": "조직 생성",
     "actionDeleteOrg": "조직 삭제",
     "actionListApiKeys": "API 키 목록",
@@ -1089,12 +1089,18 @@
     "sidebarInvitations": "초대",
     "sidebarRoles": "역할",
     "sidebarShareableLinks": "공유 가능한 링크",
+    "sidebarApiKeys": "API 키",
+    "sidebarSettings": "설정",
+    "sidebarAllUsers": "모든 사용자",
     "sidebarIdentityProviders": "신원 공급자",
     "sidebarLicense": "라이선스",
+    "sidebarClients": "클라이언트",
+    "sidebarDomains": "도메인",
     "enableDockerSocket": "Docker 소켓 활성화",
     "enableDockerSocketDescription": "컨테이너 정보를 채우기 위해 Docker 소켓 검색을 활성화합니다. 소켓 경로는 Newt에 제공되어야 합니다.",
     "enableDockerSocketLink": "자세히 알아보기",
     "viewDockerContainers": "도커 컨테이너 보기",
+    "containersIn": "{siteName}의 컨테이너",
     "selectContainerDescription": "이 대상을 위한 호스트 이름으로 사용할 컨테이너를 선택하세요. 포트를 사용하려면 포트를 클릭하세요.",
     "containerName": "이름",
     "containerImage": "이미지",
@@ -1129,8 +1135,143 @@
     "dark": "어두운",
     "system": "시스템",
     "theme": "테마",
+    "subnetRequired": "서브넷은 필수입니다",
     "initialSetupTitle": "초기 서버 설정",
     "initialSetupDescription": "초기 서버 관리자 계정을 생성하세요. 서버 관리자 계정은 하나만 존재할 수 있습니다. 이러한 자격 증명은 나중에 언제든지 변경할 수 있습니다.",
     "createAdminAccount": "관리자 계정 생성",
-    "setupErrorCreateAdmin": "서버 관리자 계정을 생성하는 동안 오류가 발생했습니다."
+    "setupErrorCreateAdmin": "서버 관리자 계정을 생성하는 동안 오류가 발생했습니다.",
+    "certificateStatus": "인증서 상태",
+    "loading": "로딩 중",
+    "restart": "재시작",
+    "domains": "도메인",
+    "domainsDescription": "조직의 도메인을 관리합니다",
+    "domainsSearch": "도메인 검색...",
+    "domainAdd": "도메인 추가",
+    "domainAddDescription": "조직에 새로운 도메인을 등록하세요",
+    "domainCreate": "도메인 생성",
+    "domainCreatedDescription": "도메인이 성공적으로 생성되었습니다",
+    "domainDeletedDescription": "도메인이 성공적으로 삭제되었습니다",
+    "domainQuestionRemove": "도메인 {domain}을(를) 계정에서 제거하시겠습니까?",
+    "domainMessageRemove": "제거되면 도메인이 더 이상 계정과 연관되지 않습니다.",
+    "domainMessageConfirm": "확인하려면 아래에 도메인명을 입력하세요.",
+    "domainConfirmDelete": "도메인 삭제 확인",
+    "domainDelete": "도메인 삭제",
+    "domain": "도메인",
+    "selectDomainTypeNsName": "도메인 위임 (NS)",
+    "selectDomainTypeNsDescription": "이 도메인과 모든 하위 도메인입니다. 전체 도메인 영역을 제어하려면 이를 사용하세요.",
+    "selectDomainTypeCnameName": "단일 도메인 (CNAME)",
+    "selectDomainTypeCnameDescription": "단일 하위 도메인 또는 특정 도메인 항목에 사용됩니다.",
+    "selectDomainTypeWildcardName": "와일드카드 도메인",
+    "selectDomainTypeWildcardDescription": "이 도메인과 그 첫 번째 레벨의 하위 도메인입니다.",
+    "domainDelegation": "단일 도메인",
+    "selectType": "유형 선택",
+    "actions": "작업",
+    "refresh": "새로 고침",
+    "refreshError": "데이터 새로고침 실패",
+    "verified": "검증됨",
+    "pending": "대기 중",
+    "sidebarBilling": "청구",
+    "billing": "청구",
+    "orgBillingDescription": "청구 정보 및 구독을 관리하세요",
+    "github": "GitHub",
+    "pangolinHosted": "판골린 호스팅",
+    "fossorial": "지하 서식",
+    "completeAccountSetup": "계정 설정 완료",
+    "completeAccountSetupDescription": "시작하려면 비밀번호를 설정하세요",
+    "accountSetupSent": "이 이메일 주소로 계정 설정 코드를 보내드리겠습니다.",
+    "accountSetupCode": "설정 코드",
+    "accountSetupCodeDescription": "설정 코드를 확인하기 위해 이메일을 확인하세요.",
+    "passwordCreate": "비밀번호 생성",
+    "passwordCreateConfirm": "비밀번호 확인",
+    "accountSetupSubmit": "설정 코드 전송",
+    "completeSetup": "설정 완료",
+    "accountSetupSuccess": "계정 설정이 완료되었습니다! 판골린에 오신 것을 환영합니다!",
+    "documentation": "문서",
+    "saveAllSettings": "모든 설정 저장",
+    "settingsUpdated": "설정이 업데이트되었습니다",
+    "settingsUpdatedDescription": "모든 설정이 성공적으로 업데이트되었습니다",
+    "settingsErrorUpdate": "설정 업데이트 실패",
+    "settingsErrorUpdateDescription": "설정을 업데이트하는 동안 오류가 발생했습니다",
+    "sidebarCollapse": "줄이기",
+    "sidebarExpand": "확장하기",
+    "newtUpdateAvailable": "업데이트 가능",
+    "newtUpdateAvailableInfo": "뉴트의 새 버전이 출시되었습니다. 최상의 경험을 위해 최신 버전으로 업데이트하세요.",
+    "domainPickerEnterDomain": "도메인 입력",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, 또는 그냥 myapp",
+    "domainPickerDescription": "Enter the full domain of the resource to see available options.",
+    "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
+    "domainPickerTabAll": "모두",
+    "domainPickerTabOrganization": "조직",
+    "domainPickerTabProvided": "제공 됨",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "가용성을 확인 중...",
+    "domainPickerNoMatchingDomains": "\"{userInput}\"에 해당하는 도메인을 찾을 수 없습니다. 다른 도메인을 시도하거나 조직의 도메인 설정을 확인하세요.",
+    "domainPickerOrganizationDomains": "조직 도메인",
+    "domainPickerProvidedDomains": "제공된 도메인",
+    "domainPickerSubdomain": "서브도메인: {subdomain}",
+    "domainPickerNamespace": "이름 공간: {namespace}",
+    "domainPickerShowMore": "더보기",
+    "domainNotFound": "도메인을 찾을 수 없습니다",
+    "domainNotFoundDescription": "이 리소스는 도메인이 더 이상 시스템에 존재하지 않아 비활성화되었습니다. 이 리소스에 대한 새 도메인을 설정하세요.",
+    "failed": "실패",
+    "createNewOrgDescription": "새 조직 생성",
+    "organization": "조직",
+    "port": "포트",
+    "securityKeyManage": "보안 키 관리",
+    "securityKeyDescription": "비밀번호 없는 인증을 위해 보안 키를 추가하거나 제거합니다.",
+    "securityKeyRegister": "새 보안 키 등록",
+    "securityKeyList": "귀하의 보안 키",
+    "securityKeyNone": "등록된 보안 키가 아직 없습니다",
+    "securityKeyNameRequired": "이름은 필수입니다",
+    "securityKeyRemove": "제거",
+    "securityKeyLastUsed": "마지막 사용: {date}",
+    "securityKeyNameLabel": "보안 키 이름",
+    "securityKeyRegisterSuccess": "보안 키가 성공적으로 등록되었습니다",
+    "securityKeyRegisterError": "보안 키 등록 실패",
+    "securityKeyRemoveSuccess": "보안 키가 성공적으로 제거되었습니다",
+    "securityKeyRemoveError": "보안 키 제거 실패",
+    "securityKeyLoadError": "보안 키를 불러오는 데 실패했습니다",
+    "securityKeyLogin": "Continue with security key",
+    "securityKeyAuthError": "보안 키를 사용한 인증 실패",
+    "securityKeyRecommendation": "항상 계정에 액세스할 수 있도록 다른 장치에 백업 보안 키를 등록하세요.",
+    "registering": "등록 중...",
+    "securityKeyPrompt": "보안 키를 사용하여 본인 확인을 진행하세요. 보안 키가 연결되어 사용 준비가 되었는지 확인하세요.",
+    "securityKeyBrowserNotSupported": "귀하의 브라우저는 보안 키를 지원하지 않습니다. Chrome, Firefox, 또는 Safari와 같은 최신 브라우저를 사용하세요.",
+    "securityKeyPermissionDenied": "로그인을 계속하려면 보안 키에 대한 액세스를 허용하세요.",
+    "securityKeyRemovedTooQuickly": "로그인 프로세스가 완료될 때까지 보안 키를 연결 상태로 유지하세요.",
+    "securityKeyNotSupported": "보안 키가 호환되지 않을 수 있습니다. 다른 보안 키를 사용해보세요.",
+    "securityKeyUnknownError": "보안 키를 사용하는 데 문제가 발생했습니다. 다시 시도하세요.",
+    "twoFactorRequired": "보안 키를 등록하려면 이중 인증이 필요합니다.",
+    "twoFactor": "이중 인증",
+    "adminEnabled2FaOnYourAccount": "관리자가 {email}에 대한 이중 인증을 활성화했습니다. 계속하려면 설정을 완료하세요.",
+    "continueToApplication": "응용 프로그램으로 계속",
+    "securityKeyAdd": "보안 키 추가",
+    "securityKeyRegisterTitle": "새 보안 키 등록",
+    "securityKeyRegisterDescription": "보안 키를 연결하고 식별할 이름을 입력하세요.",
+    "securityKeyTwoFactorRequired": "이중 인증 필요",
+    "securityKeyTwoFactorDescription": "보안 키를 등록하려면 이중 인증 코드를 입력하세요.",
+    "securityKeyTwoFactorRemoveDescription": "보안 키를 제거하려면 이중 인증 코드를 입력하세요.",
+    "securityKeyTwoFactorCode": "이중 인증 코드",
+    "securityKeyRemoveTitle": "보안 키 삭제",
+    "securityKeyRemoveDescription": "보안 키 \"{name}\"를 제거하려면 비밀번호를 입력하세요",
+    "securityKeyNoKeysRegistered": "등록된 보안 키가 없습니다",
+    "securityKeyNoKeysDescription": "계정 보안을 강화하려면 보안 키를 추가하세요.",
+    "createDomainRequired": "도메인은 필수입니다",
+    "createDomainAddDnsRecords": "DNS 레코드 추가",
+    "createDomainAddDnsRecordsDescription": "설정을 완료하려면 도메인 제공자에게 다음 DNS 레코드를 추가하세요.",
+    "createDomainNsRecords": "NS 레코드",
+    "createDomainRecord": "레코드",
+    "createDomainType": "유형:",
+    "createDomainName": "이름:",
+    "createDomainValue": "값:",
+    "createDomainCnameRecords": "CNAME 레코드",
+    "createDomainRecordNumber": "레코드 {number}",
+    "createDomainTxtRecords": "TXT 레코드",
+    "createDomainSaveTheseRecords": "이 레코드 저장",
+    "createDomainSaveTheseRecordsDescription": "이 DNS 레코드를 저장하여 이후에 다시 볼 수 없습니다.",
+    "createDomainDnsPropagation": "DNS 전파",
+    "createDomainDnsPropagationDescription": "DNS 변경 사항은 인터넷 전체에 전파되는 데 시간이 걸립니다. DNS 제공자와 TTL 설정에 따라 몇 분에서 48시간까지 걸릴 수 있습니다.",
+    "resourcePortRequired": "HTTP 리소스가 아닌 경우 포트 번호가 필요합니다",
+    "resourcePortNotAllowed": "HTTP 리소스에 대해 포트 번호를 설정하지 마세요"
 }
diff --git a/messages/nl-NL.json b/messages/nl-NL.json
index 39aaa9b6..e756e281 100644
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "U bent momenteel geen lid van een organisatie. Maak een organisatie aan om aan de slag te gaan.",
     "componentsErrorNoMember": "U bent momenteel geen lid van een organisatie.",
     "welcome": "Welkom bij Pangolin",
+    "welcomeTo": "Welkom bij",
     "componentsCreateOrg": "Maak een Organisatie",
-    "componentsMember": "Je bent lid van {count, plural, =0 {geen organisatie} =1 {één organisatie} other {# organisaties}}.",
+    "componentsMember": "Je bent lid van {count, plural, =0 {geen organisatie} one {één organisatie} other {# organisaties}}.",
     "componentsInvalidKey": "Ongeldige of verlopen licentiesleutels gedetecteerd. Volg de licentievoorwaarden om alle functies te blijven gebruiken.",
     "dismiss": "Uitschakelen",
     "componentsLicenseViolation": "Licentie overtreding: Deze server gebruikt {usedSites} sites die de gelicentieerde limiet van {maxSites} sites overschrijden. Volg de licentievoorwaarden om door te gaan met het gebruik van alle functies.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Organisatie Instellingen",
     "orgGeneralSettingsDescription": "Beheer de details en configuratie van uw organisatie",
     "saveGeneralSettings": "Algemene instellingen opslaan",
+    "saveSettings": "Instellingen opslaan",
     "orgDangerZone": "Gevaarlijke zone",
     "orgDangerZoneDescription": "Als u deze instantie verwijdert, is er geen weg terug. Wees het alstublieft zeker.",
     "orgDelete": "Verwijder organisatie",
@@ -249,7 +251,7 @@
     "weeks": "Weken",
     "months": "maanden",
     "years": "Jaar",
-    "day": "{count, plural, =1 {# dag} other {# dagen}}",
+    "day": "{count, plural, one {# dag} other {# dagen}}",
     "apiKeysTitle": "API Key Informatie",
     "apiKeysConfirmCopy2": "Bevestig dat u de API-sleutel hebt gekopieerd.",
     "apiKeysErrorCreate": "Fout bij maken API-sleutel",
@@ -347,7 +349,7 @@
     "licensePurchase": "Licentie kopen",
     "licensePurchaseSites": "Extra sites kopen",
     "licenseSitesUsedMax": "{usedSites} van {maxSites} sites gebruikt",
-    "licenseSitesUsed": "{count, plural, =0 {# sites} =1 {# site} other {# sites}} in het systeem.",
+    "licenseSitesUsed": "{count, plural, =0 {# locaties} one {# locatie} other {# locaties}} in het systeem.",
     "licensePurchaseDescription": "Kies hoeveel sites je wilt {selectedMode, select, license {Koop een licentie. Je kunt later altijd meer sites toevoegen.} other {Voeg je bestaande licentie toe}}",
     "licenseFee": "Licentie vergoeding",
     "licensePriceSite": "Prijs per site",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Selecteer rol",
     "inviteEmailSentDescription": "Een e-mail is verstuurd naar de gebruiker met de link hieronder. Ze moeten toegang krijgen tot de link om de uitnodiging te accepteren.",
     "inviteSentDescription": "De gebruiker is uitgenodigd. Ze moeten toegang krijgen tot de link hieronder om de uitnodiging te accepteren.",
-    "inviteExpiresIn": "De uitnodiging vervalt in {days, plural, =1 {# dag} other {# dagen}}.",
+    "inviteExpiresIn": "De uitnodiging vervalt over {days, plural, one {# dag} other {# dagen}}.",
     "idpTitle": "Identiteit Provider",
     "idpSelect": "Identiteitsprovider voor de externe gebruiker selecteren",
     "idpNotConfigured": "Er zijn geen identiteitsproviders geconfigureerd. Configureer een identiteitsprovider voordat u externe gebruikers aanmaakt.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Deze functie is alleen beschikbaar in de Professional Edition.",
     "actionGetOrg": "Krijg Organisatie",
     "actionUpdateOrg": "Organisatie bijwerken",
+    "actionUpdateUser": "Gebruiker bijwerken",
+    "actionGetUser": "Gebruiker ophalen",
     "actionGetOrgUser": "Krijg organisatie-gebruiker",
     "actionListOrgDomains": "Lijst organisatie domeinen",
     "actionCreateSite": "Site maken",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Alle gebruikers",
     "sidebarIdentityProviders": "Identiteit aanbieders",
     "sidebarLicense": "Licentie",
+    "sidebarClients": "Cliënten",
+    "sidebarDomains": "Domeinen",
     "enableDockerSocket": "Docker Socket inschakelen",
     "enableDockerSocketDescription": "Docker Socket-ontdekking inschakelen voor het invullen van containerinformatie. Socket-pad moet aan Newt worden verstrekt.",
     "enableDockerSocketLink": "Meer informatie",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Netwerken",
     "containerHostnameIp": "Hostnaam/IP",
     "containerLabels": "Labels",
-    "containerLabelsCount": "{count} label{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# label} other {# labels}}",
     "containerLabelsTitle": "Container labels",
     "containerLabelEmpty": "<leeg>",
     "containerPorts": "Poorten",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Toon gestopte containers",
     "noContainersFound": "Geen containers gevonden. Zorg ervoor dat Docker containers draaien.",
     "searchContainersPlaceholder": "Zoek tussen {count} containers...",
-    "searchResultsCount": "{count} resultaat{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# resultaat} other {# resultaten}}",
     "filters": "Filters",
     "filterOptions": "Filter opties",
     "filterPorts": "Poorten",
@@ -1129,10 +1135,89 @@
     "dark": "donker",
     "system": "systeem",
     "theme": "Thema",
+    "subnetRequired": "Subnet is vereist",
     "initialSetupTitle": "Initiële serverconfiguratie",
     "initialSetupDescription": "Maak het eerste serverbeheeraccount aan. Er kan slechts één serverbeheerder bestaan. U kunt deze inloggegevens later altijd wijzigen.",
     "createAdminAccount": "Maak een beheeraccount aan",
     "setupErrorCreateAdmin": "Er is een fout opgetreden bij het maken van het serverbeheerdersaccount.",
+    "certificateStatus": "Certificaatstatus",
+    "loading": "Bezig met laden",
+    "restart": "Herstarten",
+    "domains": "Domeinen",
+    "domainsDescription": "Beheer domeinen voor je organisatie",
+    "domainsSearch": "Zoek domeinen...",
+    "domainAdd": "Domein toevoegen",
+    "domainAddDescription": "Registreer een nieuw domein bij je organisatie",
+    "domainCreate": "Domein aanmaken",
+    "domainCreatedDescription": "Domein succesvol aangemaakt",
+    "domainDeletedDescription": "Domein succesvol verwijderd",
+    "domainQuestionRemove": "Weet je zeker dat je het domein {domain} uit je account wilt verwijderen?",
+    "domainMessageRemove": "Na verwijdering zal het domein niet langer aan je account gekoppeld zijn.",
+    "domainMessageConfirm": "Om te bevestigen, typ hieronder de domeinnaam.",
+    "domainConfirmDelete": "Bevestig verwijdering van domein",
+    "domainDelete": "Domein verwijderen",
+    "domain": "Domein",
+    "selectDomainTypeNsName": "Domeindelegatie (NS)",
+    "selectDomainTypeNsDescription": "Dit domein en al zijn subdomeinen. Gebruik dit wanneer je een volledige domeinzone wilt beheersen.",
+    "selectDomainTypeCnameName": "Enkel domein (CNAME)",
+    "selectDomainTypeCnameDescription": "Alleen dit specifieke domein. Gebruik dit voor individuele subdomeinen of specifieke domeinvermeldingen.",
+    "selectDomainTypeWildcardName": "Wildcard Domein",
+    "selectDomainTypeWildcardDescription": "Dit domein en zijn eerste niveau van subdomeinen.",
+    "domainDelegation": "Enkel domein",
+    "selectType": "Selecteer een type",
+    "actions": "acties",
+    "refresh": "Vernieuwen",
+    "refreshError": "Het vernieuwen van gegevens is mislukt",
+    "verified": "Gecontroleerd",
+    "pending": "In afwachting",
+    "sidebarBilling": "Facturering",
+    "billing": "Facturering",
+    "orgBillingDescription": "Beheer je factureringsgegevens en abonnementen",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin gehost",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Voltooi accountinstelling",
+    "completeAccountSetupDescription": "Stel je wachtwoord in om te beginnen",
+    "accountSetupSent": "We sturen een accountinstellingscode naar dit e-mailadres.",
+    "accountSetupCode": "Instellingscode",
+    "accountSetupCodeDescription": "Controleer je e-mail voor de instellingscode.",
+    "passwordCreate": "Wachtwoord aanmaken",
+    "passwordCreateConfirm": "Bevestig wachtwoord",
+    "accountSetupSubmit": "Instellingscode verzenden",
+    "completeSetup": "Voltooi instellen",
+    "accountSetupSuccess": "Accountinstelling voltooid! Welkom bij Pangolin!",
+    "documentation": "Documentatie",
+    "saveAllSettings": "Alle instellingen opslaan",
+    "settingsUpdated": "Instellingen bijgewerkt",
+    "settingsUpdatedDescription": "Alle instellingen zijn succesvol bijgewerkt",
+    "settingsErrorUpdate": "Bijwerken van instellingen mislukt",
+    "settingsErrorUpdateDescription": "Er is een fout opgetreden bij het bijwerken van instellingen",
+    "sidebarCollapse": "Inklappen",
+    "sidebarExpand": "Uitklappen",
+    "newtUpdateAvailable": "Update beschikbaar",
+    "newtUpdateAvailableInfo": "Er is een nieuwe versie van Newt beschikbaar. Update naar de nieuwste versie voor de beste ervaring.",
+    "domainPickerEnterDomain": "Voer je domein in",
+    "domainPickerPlaceholder": "mijnapp.voorbeeld.com, api.v1.mijndomein.com, of gewoon mijnapp",
+    "domainPickerDescription": "Voer de volledige domein van de bron in om beschikbare opties te zien.",
+    "domainPickerDescriptionSaas": "Voer een volledig domein, subdomein of gewoon een naam in om beschikbare opties te zien",
+    "domainPickerTabAll": "Alles",
+    "domainPickerTabOrganization": "Organisatie",
+    "domainPickerTabProvided": "Aangeboden",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Beschikbaarheid controleren...",
+    "domainPickerNoMatchingDomains": "Geen overeenkomende domeinen gevonden voor \"{userInput}\". Probeer een ander domein of controleer de domeininstellingen van je organisatie.",
+    "domainPickerOrganizationDomains": "Organisatiedomeinen",
+    "domainPickerProvidedDomains": "Aangeboden domeinen",
+    "domainPickerSubdomain": "Subdomein: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Meer weergeven",
+    "domainNotFound": "Domein niet gevonden",
+    "domainNotFoundDescription": "Deze bron is uitgeschakeld omdat het domein niet langer in ons systeem bestaat. Stel een nieuw domein in voor deze bron.",
+    "failed": "Mislukt",
+    "createNewOrgDescription": "Maak een nieuwe organisatie",
+    "organization": "Organisatie",
+    "port": "Poort",
     "securityKeyManage": "Beveiligingssleutels beheren",
     "securityKeyDescription": "Voeg beveiligingssleutels toe of verwijder ze voor wachtwoordloze authenticatie",
     "securityKeyRegister": "Nieuwe beveiligingssleutel registreren",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Verwijderen",
     "securityKeyLastUsed": "Laatst gebruikt: {date}",
     "securityKeyNameLabel": "Naam",
-    "securityKeyNamePlaceholder": "Voer een naam in voor deze beveiligingssleutel",
     "securityKeyRegisterSuccess": "Beveiligingssleutel succesvol geregistreerd",
     "securityKeyRegisterError": "Fout bij registreren van beveiligingssleutel",
     "securityKeyRemoveSuccess": "Beveiligingssleutel succesvol verwijderd",
     "securityKeyRemoveError": "Fout bij verwijderen van beveiligingssleutel",
     "securityKeyLoadError": "Fout bij laden van beveiligingssleutels",
-    "securityKeyLogin": "Inloggen met beveiligingssleutel",
+    "securityKeyLogin": "Doorgaan met beveiligingssleutel",
     "securityKeyAuthError": "Fout bij authenticatie met beveiligingssleutel",
-    "securityKeyRecommendation": "Overweeg om een andere beveiligingssleutel te registreren op een ander apparaat om ervoor te zorgen dat u niet buitengesloten raakt van uw account."
+    "securityKeyRecommendation": "Overweeg om een andere beveiligingssleutel te registreren op een ander apparaat om ervoor te zorgen dat u niet buitengesloten raakt van uw account.",
+    "registering": "Registreren...",
+    "securityKeyPrompt": "Verifieer je identiteit met je beveiligingssleutel. Zorg ervoor dat je beveiligingssleutel verbonden en klaar is.",
+    "securityKeyBrowserNotSupported": "Je browser ondersteunt geen beveiligingssleutels. Gebruik een moderne browser zoals Chrome, Firefox of Safari.",
+    "securityKeyPermissionDenied": "Verleen toegang tot je beveiligingssleutel om door te gaan met inloggen.",
+    "securityKeyRemovedTooQuickly": "Houd je beveiligingssleutel verbonden totdat het inlogproces is voltooid.",
+    "securityKeyNotSupported": "Je beveiligingssleutel is mogelijk niet compatibel. Probeer een andere beveiligingssleutel.",
+    "securityKeyUnknownError": "Er was een probleem met het gebruik van je beveiligingssleutel. Probeer het opnieuw.",
+    "twoFactorRequired": "Tweestapsverificatie is vereist om een beveiligingssleutel te registreren.",
+    "twoFactor": "Tweestapsverificatie",
+    "adminEnabled2FaOnYourAccount": "Je beheerder heeft tweestapsverificatie voor {email} ingeschakeld. Voltooi het instellingsproces om verder te gaan.",
+    "continueToApplication": "Doorgaan naar de applicatie",
+    "securityKeyAdd": "Beveiligingssleutel toevoegen",
+    "securityKeyRegisterTitle": "Nieuwe beveiligingssleutel registreren",
+    "securityKeyRegisterDescription": "Verbind je beveiligingssleutel en voer een naam in om deze te identificeren",
+    "securityKeyTwoFactorRequired": "Tweestapsverificatie vereist",
+    "securityKeyTwoFactorDescription": "Voer je tweestapsverificatiecode in om de beveiligingssleutel te registreren",
+    "securityKeyTwoFactorRemoveDescription": "Voer je tweestapsverificatiecode in om de beveiligingssleutel te verwijderen",
+    "securityKeyTwoFactorCode": "Tweestapsverificatiecode",
+    "securityKeyRemoveTitle": "Beveiligingssleutel verwijderen",
+    "securityKeyRemoveDescription": "Voer je wachtwoord in om de beveiligingssleutel \"{name}\" te verwijderen",
+    "securityKeyNoKeysRegistered": "Geen beveiligingssleutels geregistreerd",
+    "securityKeyNoKeysDescription": "Voeg een beveiligingssleutel toe om je accountbeveiliging te verbeteren",
+    "createDomainRequired": "Domein is vereist",
+    "createDomainAddDnsRecords": "DNS-records toevoegen",
+    "createDomainAddDnsRecordsDescription": "Voeg de volgende DNS-records toe aan je domeinprovider om het instellen te voltooien.",
+    "createDomainNsRecords": "NS-records",
+    "createDomainRecord": "Record",
+    "createDomainType": "Type:",
+    "createDomainName": "Naam:",
+    "createDomainValue": "Waarde:",
+    "createDomainCnameRecords": "CNAME-records",
+    "createDomainRecordNumber": "Record {number}",
+    "createDomainTxtRecords": "TXT-records",
+    "createDomainSaveTheseRecords": "Deze records opslaan",
+    "createDomainSaveTheseRecordsDescription": "Zorg ervoor dat je deze DNS-records opslaat, want je zult ze niet opnieuw zien.",
+    "createDomainDnsPropagation": "DNS-propagatie",
+    "createDomainDnsPropagationDescription": "DNS-wijzigingen kunnen enige tijd duren om over het internet te worden verspreid. Dit kan enkele minuten tot 48 uur duren, afhankelijk van je DNS-provider en TTL-instellingen.",
+    "resourcePortRequired": "Poortnummer is vereist voor niet-HTTP-bronnen",
+    "resourcePortNotAllowed": "Poortnummer mag niet worden ingesteld voor HTTP-bronnen"
 }
diff --git a/messages/pl-PL.json b/messages/pl-PL.json
index e21902ea..966dea6a 100644
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Nie jesteś obecnie członkiem żadnej organizacji. Aby rozpocząć, utwórz organizację.",
     "componentsErrorNoMember": "Nie jesteś obecnie członkiem żadnej organizacji.",
     "welcome": "Witaj w Pangolinie",
+    "welcomeTo": "Witaj w",
     "componentsCreateOrg": "Utwórz organizację",
-    "componentsMember": "Jesteś członkiem {count, plural, =0 {Żadna organizacja} =1 {Jedna organizacja} other {# organizacji}}.",
+    "componentsMember": "Jesteś członkiem {count, plural, =0 {żadna organizacja} one {jedna organizacja} few {# organizacje} many {# organizacji} other {# organizacji}}.",
     "componentsInvalidKey": "Wykryto nieprawidłowe lub wygasłe klucze licencyjne. Postępuj zgodnie z warunkami licencji, aby kontynuować korzystanie ze wszystkich funkcji.",
     "dismiss": "Odrzuć",
     "componentsLicenseViolation": "Naruszenie licencji: Ten serwer używa stron {usedSites} , które przekraczają limit licencyjny stron {maxSites} . Postępuj zgodnie z warunkami licencji, aby kontynuować korzystanie ze wszystkich funkcji.",
@@ -34,7 +35,7 @@
     "createAccount": "Utwórz konto",
     "viewSettings": "Pokaż ustawienia",
     "delete": "Usuń",
-    "name": "Nazwisko",
+    "name": "Nazwa",
     "online": "Dostępny",
     "offline": "Offline",
     "site": "Witryna",
@@ -138,7 +139,7 @@
     "resourceSearch": "Szukaj zasobów",
     "openMenu": "Otwórz menu",
     "resource": "Zasoby",
-    "title": "Rozporządzenie Rady (EWG) nr 2658/87 z dnia 23 lipca 1987 r. w sprawie nomenklatury taryfowej i statystycznej oraz w sprawie Wspólnej Taryfy Celnej (Dz.U. L 256 z 7.9.1987, s. 1).",
+    "title": "Tytuł",
     "created": "Utworzono",
     "expires": "Wygasa",
     "never": "Nigdy",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Ustawienia organizacji",
     "orgGeneralSettingsDescription": "Zarządzaj szczegółami swojej organizacji i konfiguracją",
     "saveGeneralSettings": "Zapisz ustawienia ogólne",
+    "saveSettings": "Zapisz ustawienia",
     "orgDangerZone": "Strefa zagrożenia",
     "orgDangerZoneDescription": "Po usunięciu tego organa nie ma odwrotu. Upewnij się.",
     "orgDelete": "Usuń organizację",
@@ -249,7 +251,7 @@
     "weeks": "Tygodnie",
     "months": "Miesiące",
     "years": "Lata",
-    "day": "{count, plural, =1 {# dzień} other {# dni}}",
+    "day": "{count, plural, one {# dzień} few {# dni} many {# dni} other {# dni}}",
     "apiKeysTitle": "Informacje o kluczu API",
     "apiKeysConfirmCopy2": "Musisz potwierdzić, że skopiowałeś klucz API.",
     "apiKeysErrorCreate": "Błąd podczas tworzenia klucza API",
@@ -347,7 +349,7 @@
     "licensePurchase": "Kup licencję",
     "licensePurchaseSites": "Kup dodatkowe witryny",
     "licenseSitesUsedMax": "Użyte strony {usedSites} z {maxSites}",
-    "licenseSitesUsed": "{count, plural, =0 {# witryn} =1 {# witryn} other {# witryn}} w systemie.",
+    "licenseSitesUsed": "{count, plural, =0 {# witryn} one {# witryna} few {# witryny} many {# witryn} other {# witryn}} w systemie.",
     "licensePurchaseDescription": "Wybierz ile witryn chcesz {selectedMode, select, license {kupić licencję. Zawsze możesz dodać więcej witryn później.} other {dodaj do swojej istniejącej licencji.}}",
     "licenseFee": "Opłata licencyjna",
     "licensePriceSite": "Cena za witrynę",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Wybierz rolę",
     "inviteEmailSentDescription": "Email został wysłany do użytkownika z linkiem dostępu poniżej. Musi on uzyskać dostęp do linku, aby zaakceptować zaproszenie.",
     "inviteSentDescription": "Użytkownik został zaproszony. Musi uzyskać dostęp do poniższego linku, aby zaakceptować zaproszenie.",
-    "inviteExpiresIn": "Zaproszenie wygaśnie za {days, plural, =1 {# dzień} other {# dni}}.",
+    "inviteExpiresIn": "Zaproszenie wygaśnie za {days, plural, one {# dzień} few {# dni} many {# dni} other {# dni}}.",
     "idpTitle": "Informacje ogólne",
     "idpSelect": "Wybierz dostawcę tożsamości dla użytkownika zewnętrznego",
     "idpNotConfigured": "Nie skonfigurowano żadnych dostawców tożsamości. Skonfiguruj dostawcę tożsamości przed utworzeniem użytkowników zewnętrznych.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Ta funkcja jest dostępna tylko w edycji Professional.",
     "actionGetOrg": "Pobierz organizację",
     "actionUpdateOrg": "Aktualizuj organizację",
+    "actionUpdateUser": "Zaktualizuj użytkownika",
+    "actionGetUser": "Pobierz użytkownika",
     "actionGetOrgUser": "Pobierz użytkownika organizacji",
     "actionListOrgDomains": "Lista domen organizacji",
     "actionCreateSite": "Utwórz witrynę",
@@ -1090,19 +1094,21 @@
     "sidebarAllUsers": "Wszyscy użytkownicy",
     "sidebarIdentityProviders": "Dostawcy tożsamości",
     "sidebarLicense": "Licencja",
+    "sidebarClients": "Klienci",
+    "sidebarDomains": "Domeny",
     "enableDockerSocket": "Włącz gniazdo dokera",
     "enableDockerSocketDescription": "Włącz wykrywanie Docker Socket w celu wypełnienia informacji o kontenerach. Ścieżka gniazda musi być dostarczona do Newt.",
     "enableDockerSocketLink": "Dowiedz się więcej",
     "viewDockerContainers": "Zobacz kontenery dokujące",
     "containersIn": "Pojemniki w {siteName}",
     "selectContainerDescription": "Wybierz dowolny kontener do użycia jako nazwa hosta dla tego celu. Kliknij port, aby użyć portu.",
-    "containerName": "Nazwisko",
+    "containerName": "Nazwa",
     "containerImage": "Obraz",
     "containerState": "Stan",
     "containerNetworks": "Sieci",
     "containerHostnameIp": "Nazwa hosta/IP",
     "containerLabels": "Etykiety",
-    "containerLabelsCount": "{count} etykieta{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# etykieta} few {# etykiety} many {# etykiet} other {# etykiet}}",
     "containerLabelsTitle": "Etykiety kontenera",
     "containerLabelEmpty": "<empty>",
     "containerPorts": "Porty",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Pokaż zatrzymane kontenery",
     "noContainersFound": "Nie znaleziono kontenerów. Upewnij się, że kontenery dokujące są uruchomione.",
     "searchContainersPlaceholder": "Szukaj w {count} kontenerach...",
-    "searchResultsCount": "{count} wynik{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# wynik} few {# wyniki} many {# wyników} other {# wyników}}",
     "filters": "Filtry",
     "filterOptions": "Opcje filtru",
     "filterPorts": "Porty",
@@ -1129,10 +1135,89 @@
     "dark": "ciemny",
     "system": "System",
     "theme": "Motyw",
+    "subnetRequired": "Podsieć jest wymagana",
     "initialSetupTitle": "Wstępna konfiguracja serwera",
     "initialSetupDescription": "Utwórz początkowe konto administratora serwera. Może istnieć tylko jeden administrator serwera. Zawsze można zmienić te dane uwierzytelniające.",
     "createAdminAccount": "Utwórz konto administratora",
     "setupErrorCreateAdmin": "Wystąpił błąd podczas tworzenia konta administratora serwera.",
+    "certificateStatus": "Status certyfikatu",
+    "loading": "Ładowanie",
+    "restart": "Uruchom ponownie",
+    "domains": "Domeny",
+    "domainsDescription": "Zarządzaj domenami swojej organizacji",
+    "domainsSearch": "Szukaj domen...",
+    "domainAdd": "Dodaj domenę",
+    "domainAddDescription": "Zarejestruj nową domenę w swojej organizacji",
+    "domainCreate": "Utwórz domenę",
+    "domainCreatedDescription": "Domena utworzona pomyślnie",
+    "domainDeletedDescription": "Domena usunięta pomyślnie",
+    "domainQuestionRemove": "Czy na pewno chcesz usunąć domenę {domain} ze swojego konta?",
+    "domainMessageRemove": "Po usunięciu domena nie będzie już powiązana z twoim kontem.",
+    "domainMessageConfirm": "Aby potwierdzić, wpisz nazwę domeny poniżej.",
+    "domainConfirmDelete": "Potwierdź usunięcie domeny",
+    "domainDelete": "Usuń domenę",
+    "domain": "Domena",
+    "selectDomainTypeNsName": "Delegacja domeny (NS)",
+    "selectDomainTypeNsDescription": "Ta domena i wszystkie jej subdomeny. Użyj tego, gdy chcesz kontrolować całą strefę domeny.",
+    "selectDomainTypeCnameName": "Pojedyncza domena (CNAME)",
+    "selectDomainTypeCnameDescription": "Tylko ta pojedyncza domena. Użyj tego dla poszczególnych subdomen lub wpisów specyficznych dla domeny.",
+    "selectDomainTypeWildcardName": "Domena wieloznaczna",
+    "selectDomainTypeWildcardDescription": "Ta domena i jej pierwsza warstwa subdomen.",
+    "domainDelegation": "Pojedyncza domena",
+    "selectType": "Wybierz typ",
+    "actions": "Akcje",
+    "refresh": "Odśwież",
+    "refreshError": "Nie udało się odświeżyć danych",
+    "verified": "Zatwierdzony",
+    "pending": "Oczekuje",
+    "sidebarBilling": "Fakturowanie",
+    "billing": "Fakturowanie",
+    "orgBillingDescription": "Zarządzaj swoimi informacjami rozliczeniowymi i subskrypcjami",
+    "github": "GitHub",
+    "pangolinHosted": "Logo Pangolin",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Zakończ konfigurację konta",
+    "completeAccountSetupDescription": "Ustaw swoje hasło, aby rozpocząć",
+    "accountSetupSent": "Wyślemy kod konfiguracji konta na ten adres e-mail.",
+    "accountSetupCode": "Kod konfiguracji",
+    "accountSetupCodeDescription": "Sprawdź swój e-mail, aby znaleźć kod konfiguracji.",
+    "passwordCreate": "Utwórz hasło",
+    "passwordCreateConfirm": "Potwierdź hasło",
+    "accountSetupSubmit": "Wyślij kod konfiguracji",
+    "completeSetup": "Zakończ konfigurację",
+    "accountSetupSuccess": "Konfiguracja konta zakończona! Witaj w Pangolin!",
+    "documentation": "Dokumentacja",
+    "saveAllSettings": "Zapisz wszystkie ustawienia",
+    "settingsUpdated": "Ustawienia zaktualizowane",
+    "settingsUpdatedDescription": "Wszystkie ustawienia zostały pomyślnie zaktualizowane",
+    "settingsErrorUpdate": "Nie udało się zaktualizować ustawień",
+    "settingsErrorUpdateDescription": "Wystąpił błąd podczas aktualizacji ustawień",
+    "sidebarCollapse": "Zwiń",
+    "sidebarExpand": "Rozwiń",
+    "newtUpdateAvailable": "Dostępna aktualizacja",
+    "newtUpdateAvailableInfo": "Nowa wersja Newt jest dostępna. Prosimy o aktualizację do najnowszej wersji dla najlepszej pracy.",
+    "domainPickerEnterDomain": "Wprowadź swoją domenę",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com lub po prostu myapp",
+    "domainPickerDescription": "Wpisz pełną domenę zasobu, aby zobaczyć dostępne opcje.",
+    "domainPickerDescriptionSaas": "Wprowadź pełną domenę, subdomenę lub po prostu nazwę, aby zobaczyć dostępne opcje",
+    "domainPickerTabAll": "Wszystko",
+    "domainPickerTabOrganization": "Organizacja",
+    "domainPickerTabProvided": "Dostarczona",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Sprawdzanie dostępności...",
+    "domainPickerNoMatchingDomains": "Nie znaleziono żadnych pasujących domen dla \"{userInput}\". Spróbuj innej domeny lub sprawdź ustawienia domeny swojej organizacji.",
+    "domainPickerOrganizationDomains": "Domeny organizacji",
+    "domainPickerProvidedDomains": "Dostarczone domeny",
+    "domainPickerSubdomain": "Subdomena: {subdomain}",
+    "domainPickerNamespace": "Przestrzeń nazw: {namespace}",
+    "domainPickerShowMore": "Pokaż więcej",
+    "domainNotFound": "Nie znaleziono domeny",
+    "domainNotFoundDescription": "Zasób jest wyłączony, ponieważ domena nie istnieje już w naszym systemie. Proszę ustawić nową domenę dla tego zasobu.",
+    "failed": "Niepowodzenie",
+    "createNewOrgDescription": "Utwórz nową organizację",
+    "organization": "Organizacja",
+    "port": "Port",
     "securityKeyManage": "Zarządzaj kluczami bezpieczeństwa",
     "securityKeyDescription": "Dodaj lub usuń klucze bezpieczeństwa do uwierzytelniania bez hasła",
     "securityKeyRegister": "Zarejestruj nowy klucz bezpieczeństwa",
@@ -1142,7 +1227,6 @@
     "securityKeyRemove": "Usuń",
     "securityKeyLastUsed": "Ostatnio używany: {date}",
     "securityKeyNameLabel": "Nazwa",
-    "securityKeyNamePlaceholder": "Wprowadź nazwę dla tego klucza bezpieczeństwa",
     "securityKeyRegisterSuccess": "Klucz bezpieczeństwa został pomyślnie zarejestrowany",
     "securityKeyRegisterError": "Błąd podczas rejestracji klucza bezpieczeństwa",
     "securityKeyRemoveSuccess": "Klucz bezpieczeństwa został pomyślnie usunięty",
@@ -1150,5 +1234,44 @@
     "securityKeyLoadError": "Błąd podczas ładowania kluczy bezpieczeństwa",
     "securityKeyLogin": "Zaloguj się kluczem bezpieczeństwa",
     "securityKeyAuthError": "Błąd podczas uwierzytelniania kluczem bezpieczeństwa",
-    "securityKeyRecommendation": "Rozważ zarejestrowanie innego klucza bezpieczeństwa na innym urządzeniu, aby upewnić się, że nie zostaniesz zablokowany z dostępu do swojego konta."
+    "securityKeyRecommendation": "Rozważ zarejestrowanie innego klucza bezpieczeństwa na innym urządzeniu, aby upewnić się, że nie zostaniesz zablokowany z dostępu do swojego konta.",
+    "registering": "Rejestracja...",
+    "securityKeyPrompt": "Proszę zweryfikować swoją tożsamość, używając klucza bezpieczeństwa. Upewnij się, że twój klucz bezpieczeństwa jest podłączony i gotowy.",
+    "securityKeyBrowserNotSupported": "Twoja przeglądarka nie obsługuje kluczy bezpieczeństwa. Proszę użyć nowoczesnej przeglądarki, takiej jak Chrome, Firefox lub Safari.",
+    "securityKeyPermissionDenied": "Proszę umożliwić dostęp do klucza bezpieczeństwa, aby kontynuować logowanie.",
+    "securityKeyRemovedTooQuickly": "Proszę utrzymać klucz bezpieczeństwa podłączony, dopóki proces logowania się nie zakończy.",
+    "securityKeyNotSupported": "Twój klucz bezpieczeństwa może być niekompatybilny. Proszę spróbować innego klucza bezpieczeństwa.",
+    "securityKeyUnknownError": "Wystąpił problem z używaniem klucza bezpieczeństwa. Proszę spróbować ponownie.",
+    "twoFactorRequired": "Uwierzytelnianie dwuskładnikowe jest wymagane do zarejestrowania klucza bezpieczeństwa.",
+    "twoFactor": "Uwierzytelnianie dwuskładnikowe",
+    "adminEnabled2FaOnYourAccount": "Twój administrator włączył uwierzytelnianie dwuskładnikowe dla {email}. Proszę ukończyć proces konfiguracji, aby kontynuować.",
+    "continueToApplication": "Kontynuuj do aplikacji",
+    "securityKeyAdd": "Dodaj klucz bezpieczeństwa",
+    "securityKeyRegisterTitle": "Zarejestruj nowy klucz bezpieczeństwa",
+    "securityKeyRegisterDescription": "Podłącz swój klucz bezpieczeństwa i wprowadź nazwę, aby go zidentyfikować",
+    "securityKeyTwoFactorRequired": "Wymagane uwierzytelnianie dwuskładnikowe",
+    "securityKeyTwoFactorDescription": "Proszę wprowadzić kod uwierzytelnienia dwuskładnikowego, aby zarejestrować klucz bezpieczeństwa",
+    "securityKeyTwoFactorRemoveDescription": "Proszę wprowadzić kod uwierzytelnienia dwuskładnikowego, aby usunąć klucz bezpieczeństwa",
+    "securityKeyTwoFactorCode": "Kod dwuskładnikowy",
+    "securityKeyRemoveTitle": "Usuń klucz bezpieczeństwa",
+    "securityKeyRemoveDescription": "Wprowadź hasło, aby usunąć klucz bezpieczeństwa \"{name}\"",
+    "securityKeyNoKeysRegistered": "Nie zarejestrowano kluczy bezpieczeństwa",
+    "securityKeyNoKeysDescription": "Dodaj klucz bezpieczeństwa, aby zwiększyć swoje zabezpieczenia konta",
+    "createDomainRequired": "Domena jest wymagana",
+    "createDomainAddDnsRecords": "Dodaj rekordy DNS",
+    "createDomainAddDnsRecordsDescription": "Dodaj poniższe rekordy DNS do swojego dostawcy domeny, aby zakończyć konfigurację.",
+    "createDomainNsRecords": "Rekordy NS",
+    "createDomainRecord": "Rekord",
+    "createDomainType": "Typ:",
+    "createDomainName": "Nazwa:",
+    "createDomainValue": "Wartość:",
+    "createDomainCnameRecords": "Rekordy CNAME",
+    "createDomainRecordNumber": "Rekord {number}",
+    "createDomainTxtRecords": "Rekordy TXT",
+    "createDomainSaveTheseRecords": "Zapisz te rekordy",
+    "createDomainSaveTheseRecordsDescription": "Upewnij się, że zapiszesz te rekordy DNS, ponieważ nie będziesz mieć ich ponownie na ekranie.",
+    "createDomainDnsPropagation": "Propagacja DNS",
+    "createDomainDnsPropagationDescription": "Zmiany DNS mogą zająć trochę czasu na rozpropagowanie się w Internecie. Może to potrwać od kilku minut do 48 godzin, w zależności od dostawcy DNS i ustawień TTL.",
+    "resourcePortRequired": "Numer portu jest wymagany dla zasobów non-HTTP",
+    "resourcePortNotAllowed": "Numer portu nie powinien być ustawiony dla zasobów HTTP"
 }
diff --git a/messages/pt-PT.json b/messages/pt-PT.json
index 1d1b9ba1..762689f9 100644
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Você não é atualmente um membro de nenhuma organização. Crie uma organização para começar.",
     "componentsErrorNoMember": "Você não é atualmente um membro de nenhuma organização.",
     "welcome": "Bem-vindo ao Pangolin",
+    "welcomeTo": "Bem-vindo ao",
     "componentsCreateOrg": "Criar uma organização",
-    "componentsMember": "Você é membro de {count, plural, =0 {Nenhuma organização} =1 {Uma organização} other {# organizações}}",
+    "componentsMember": "Você é membro de {count, plural, =0 {nenhuma organização} one {uma organização} other {# organizações}}.",
     "componentsInvalidKey": "Chaves de licença inválidas ou expiradas detectadas. Siga os termos da licença para continuar usando todos os recursos.",
     "dismiss": "Descartar",
     "componentsLicenseViolation": "Violação de Licença: Este servidor está usando sites {usedSites} que excedem o limite licenciado de sites {maxSites} . Siga os termos da licença para continuar usando todos os recursos.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Configurações da organização",
     "orgGeneralSettingsDescription": "Gerencie os detalhes e a configuração da sua organização",
     "saveGeneralSettings": "Salvar configurações gerais",
+    "saveSettings": "Salvar Configurações",
     "orgDangerZone": "Zona de Perigo",
     "orgDangerZoneDescription": "Uma vez que você exclui esta organização, não há volta. Por favor, tenha certeza.",
     "orgDelete": "Excluir Organização",
@@ -249,7 +251,7 @@
     "weeks": "semanas",
     "months": "Meses",
     "years": "anos",
-    "day": "{count, plural, =1 {# dia} other {# dias}}",
+    "day": "{count, plural, one {# dia} other {# dias}}",
     "apiKeysTitle": "Informações da Chave API",
     "apiKeysConfirmCopy2": "Você deve confirmar que copiou a chave API.",
     "apiKeysErrorCreate": "Erro ao criar chave API",
@@ -347,7 +349,7 @@
     "licensePurchase": "Comprar Licença",
     "licensePurchaseSites": "Comprar Sites Adicionais",
     "licenseSitesUsedMax": "{usedSites} de {maxSites} utilizados",
-    "licenseSitesUsed": "{count, plural, =0 {# sites} =1 {# site} other {# sites}} no sistema.",
+    "licenseSitesUsed": "{count, plural, =0 {# sites} one {# site} other {# sites}} no sistema.",
     "licensePurchaseDescription": "Escolha quantos sites você quer {selectedMode, select, license {Compre uma licença. Você sempre pode adicionar mais sites depois.} other {adicione à sua licença existente.}}",
     "licenseFee": "Taxa de licença",
     "licensePriceSite": "Preço por site",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Selecionar função",
     "inviteEmailSentDescription": "Um e-mail foi enviado ao usuário com o link de acesso abaixo. Eles devem acessar o link para aceitar o convite.",
     "inviteSentDescription": "O usuário foi convidado. Eles devem acessar o link abaixo para aceitar o convite.",
-    "inviteExpiresIn": "O convite expirará em {days, plural, =1 {# dia} other {# dias}}.",
+    "inviteExpiresIn": "O convite expirará em {days, plural, one {# dia} other {# dias}}.",
     "idpTitle": "Informações Gerais",
     "idpSelect": "Selecione o provedor de identidade para o usuário externo",
     "idpNotConfigured": "Nenhum provedor de identidade está configurado. Configure um provedor de identidade antes de criar usuários externos.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Esta funcionalidade só está disponível na Edição Profissional.",
     "actionGetOrg": "Obter Organização",
     "actionUpdateOrg": "Atualizar Organização",
+    "actionUpdateUser": "Atualizar Usuário",
+    "actionGetUser": "Obter Usuário",
     "actionGetOrgUser": "Obter Utilizador da Organização",
     "actionListOrgDomains": "Listar Domínios da Organização",
     "actionCreateSite": "Criar Site",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Todos os usuários",
     "sidebarIdentityProviders": "Provedores de identidade",
     "sidebarLicense": "Tipo:",
+    "sidebarClients": "Clientes",
+    "sidebarDomains": "Domínios",
     "enableDockerSocket": "Habilitar Docker Socket",
     "enableDockerSocketDescription": "Ativar a descoberta do Docker Socket para preencher informações do contêiner. O caminho do socket deve ser fornecido ao Newt.",
     "enableDockerSocketLink": "Saiba mais",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Redes",
     "containerHostnameIp": "Hostname/IP",
     "containerLabels": "Marcadores",
-    "containerLabelsCount": "{count} rótulo{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, one {# rótulo} other {# rótulos}}",
     "containerLabelsTitle": "Etiquetas do Contêiner",
     "containerLabelEmpty": "<vazio>",
     "containerPorts": "Portas",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Mostrar contêineres parados",
     "noContainersFound": "Nenhum contêiner encontrado. Certifique-se de que os contêineres Docker estão em execução.",
     "searchContainersPlaceholder": "Pesquisar entre os contêineres {count}...",
-    "searchResultsCount": "{count} resultado{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, one {# resultado} other {# resultados}}",
     "filters": "Filtros",
     "filterOptions": "Opções de Filtro",
     "filterPorts": "Portas",
@@ -1129,10 +1135,89 @@
     "dark": "escuro",
     "system": "sistema",
     "theme": "Tema",
+    "subnetRequired": "Sub-rede é obrigatória",
     "initialSetupTitle": "Configuração Inicial do Servidor",
     "initialSetupDescription": "Crie a conta de administrador inicial do servidor. Apenas um administrador do servidor pode existir. Você sempre pode alterar essas credenciais posteriormente.",
     "createAdminAccount": "Criar Conta de Administrador",
     "setupErrorCreateAdmin": "Ocorreu um erro ao criar a conta de administrador do servidor.",
+    "certificateStatus": "Status do Certificado",
+    "loading": "Carregando",
+    "restart": "Reiniciar",
+    "domains": "Domínios",
+    "domainsDescription": "Gerencie domínios para sua organização",
+    "domainsSearch": "Pesquisar domínios...",
+    "domainAdd": "Adicionar Domínio",
+    "domainAddDescription": "Registre um novo domínio com sua organização",
+    "domainCreate": "Criar Domínio",
+    "domainCreatedDescription": "Domínio criado com sucesso",
+    "domainDeletedDescription": "Domínio deletado com sucesso",
+    "domainQuestionRemove": "Tem certeza de que deseja remover o domínio {domain} da sua conta?",
+    "domainMessageRemove": "Uma vez removido, o domínio não estará mais associado à sua conta.",
+    "domainMessageConfirm": "Para confirmar, digite o nome do domínio abaixo.",
+    "domainConfirmDelete": "Confirmar Exclusão de Domínio",
+    "domainDelete": "Excluir Domínio",
+    "domain": "Domínio",
+    "selectDomainTypeNsName": "Delegação de Domínio (NS)",
+    "selectDomainTypeNsDescription": "Este domínio e todos os seus subdomínios. Use isso quando quiser controlar uma zona de domínio inteira.",
+    "selectDomainTypeCnameName": "Domínio Único (CNAME)",
+    "selectDomainTypeCnameDescription": "Apenas este domínio específico. Use isso para subdomínios individuais ou entradas de domínio específicas.",
+    "selectDomainTypeWildcardName": "Domínio Coringa",
+    "selectDomainTypeWildcardDescription": "Este domínio e seu primeiro nível de subdomínios.",
+    "domainDelegation": "Domínio Único",
+    "selectType": "Selecione um tipo",
+    "actions": "Ações",
+    "refresh": "Atualizar",
+    "refreshError": "Falha ao atualizar dados",
+    "verified": "Verificado",
+    "pending": "Pendente",
+    "sidebarBilling": "Faturamento",
+    "billing": "Faturamento",
+    "orgBillingDescription": "Gerencie suas informações de faturamento e assinaturas",
+    "github": "GitHub",
+    "pangolinHosted": "Hospedagem Pangolin",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Completar Configuração da Conta",
+    "completeAccountSetupDescription": "Defina sua senha para começar",
+    "accountSetupSent": "Enviaremos um código de ativação da conta para este endereço de e-mail.",
+    "accountSetupCode": "Código de Ativação",
+    "accountSetupCodeDescription": "Verifique seu e-mail para obter o código de ativação.",
+    "passwordCreate": "Criar Senha",
+    "passwordCreateConfirm": "Confirmar Senha",
+    "accountSetupSubmit": "Enviar Código de Ativação",
+    "completeSetup": "Configuração Completa",
+    "accountSetupSuccess": "Configuração da conta concluída! Bem-vindo ao Pangolin!",
+    "documentation": "Documentação",
+    "saveAllSettings": "Salvar Todas as Configurações",
+    "settingsUpdated": "Configurações atualizadas",
+    "settingsUpdatedDescription": "Todas as configurações foram atualizadas com sucesso",
+    "settingsErrorUpdate": "Falha ao atualizar configurações",
+    "settingsErrorUpdateDescription": "Ocorreu um erro ao atualizar configurações",
+    "sidebarCollapse": "Recolher",
+    "sidebarExpand": "Expandir",
+    "newtUpdateAvailable": "Nova Atualização Disponível",
+    "newtUpdateAvailableInfo": "Uma nova versão do Newt está disponível. Atualize para a versão mais recente para uma melhor experiência.",
+    "domainPickerEnterDomain": "Insira seu domínio",
+    "domainPickerPlaceholder": "meuapp.exemplo.com, api.v1.meudominio.com, ou apenas meuapp",
+    "domainPickerDescription": "Insira o domínio completo do recurso para ver as opções disponíveis.",
+    "domainPickerDescriptionSaas": "Insira um domínio completo, subdomínio ou apenas um nome para ver as opções disponíveis",
+    "domainPickerTabAll": "Todos",
+    "domainPickerTabOrganization": "Organização",
+    "domainPickerTabProvided": "Fornecido",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Verificando disponibilidade...",
+    "domainPickerNoMatchingDomains": "Nenhum domínio correspondente encontrado para \"{userInput}\". Tente um domínio diferente ou verifique as configurações de domínio da sua organização.",
+    "domainPickerOrganizationDomains": "Domínios da Organização",
+    "domainPickerProvidedDomains": "Domínios Fornecidos",
+    "domainPickerSubdomain": "Subdomínio: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Mostrar Mais",
+    "domainNotFound": "Domínio Não Encontrado",
+    "domainNotFoundDescription": "Este recurso está desativado porque o domínio não existe mais em nosso sistema. Defina um novo domínio para este recurso.",
+    "failed": "Falhou",
+    "createNewOrgDescription": "Crie uma nova organização",
+    "organization": "Organização",
+    "port": "Porta",
     "securityKeyManage": "Gerenciar chaves de segurança",
     "securityKeyDescription": "Adicionar ou remover chaves de segurança para autenticação sem senha",
     "securityKeyRegister": "Registrar nova chave de segurança",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Remover",
     "securityKeyLastUsed": "Último uso: {date}",
     "securityKeyNameLabel": "Nome",
-    "securityKeyNamePlaceholder": "Digite um nome para esta chave de segurança",
     "securityKeyRegisterSuccess": "Chave de segurança registrada com sucesso",
     "securityKeyRegisterError": "Erro ao registrar chave de segurança",
     "securityKeyRemoveSuccess": "Chave de segurança removida com sucesso",
     "securityKeyRemoveError": "Erro ao remover chave de segurança",
     "securityKeyLoadError": "Erro ao carregar chaves de segurança",
-    "securityKeyLogin": "Entrar com chave de segurança",
+    "securityKeyLogin": "Continuar com a chave de segurança",
     "securityKeyAuthError": "Erro ao autenticar com chave de segurança",
-    "securityKeyRecommendation": "Considere registrar outra chave de segurança em um dispositivo diferente para garantir que você não fique bloqueado da sua conta."
+    "securityKeyRecommendation": "Considere registrar outra chave de segurança em um dispositivo diferente para garantir que você não fique bloqueado da sua conta.",
+    "registering": "Registrando...",
+    "securityKeyPrompt": "Verifique sua identidade usando sua chave de segurança. Certifique-se de que sua chave de segurança está conectada e pronta.",
+    "securityKeyBrowserNotSupported": "Seu navegador não suporta chaves de segurança. Use um navegador moderno como Chrome, Firefox ou Safari.",
+    "securityKeyPermissionDenied": "Permita o acesso à sua chave de segurança para continuar o login.",
+    "securityKeyRemovedTooQuickly": "Mantenha sua chave de segurança conectada até que o processo de login seja concluído.",
+    "securityKeyNotSupported": "Sua chave de segurança pode não ser compatível. Tente uma chave de segurança diferente.",
+    "securityKeyUnknownError": "Houve um problema ao usar sua chave de segurança. Tente novamente.",
+    "twoFactorRequired": "A autenticação de dois fatores é necessária para registrar uma chave de segurança.",
+    "twoFactor": "Autenticação de Dois Fatores",
+    "adminEnabled2FaOnYourAccount": "Seu administrador ativou a autenticação de dois fatores para {email}. Complete o processo de configuração para continuar.",
+    "continueToApplication": "Continuar para Aplicativo",
+    "securityKeyAdd": "Adicionar Chave de Segurança",
+    "securityKeyRegisterTitle": "Registrar Nova Chave de Segurança",
+    "securityKeyRegisterDescription": "Conecte sua chave de segurança e insira um nome para identificá-la",
+    "securityKeyTwoFactorRequired": "Autenticação de Dois Fatores Obrigatória",
+    "securityKeyTwoFactorDescription": "Insira seu código de autenticação de dois fatores para registrar a chave de segurança",
+    "securityKeyTwoFactorRemoveDescription": "Insira seu código de autenticação de dois fatores para remover a chave de segurança",
+    "securityKeyTwoFactorCode": "Código de Dois Fatores",
+    "securityKeyRemoveTitle": "Remover Chave de Segurança",
+    "securityKeyRemoveDescription": "Insira sua senha para remover a chave de segurança \"{name}\"",
+    "securityKeyNoKeysRegistered": "Nenhuma chave de segurança registrada",
+    "securityKeyNoKeysDescription": "Adicione uma chave de segurança para melhorar a segurança da sua conta",
+    "createDomainRequired": "Domínio é obrigatório",
+    "createDomainAddDnsRecords": "Adicionar Registros DNS",
+    "createDomainAddDnsRecordsDescription": "Adicione os seguintes registros DNS ao seu provedor de domínio para completar a configuração.",
+    "createDomainNsRecords": "Registros NS",
+    "createDomainRecord": "Registrar",
+    "createDomainType": "Tipo:",
+    "createDomainName": "Nome:",
+    "createDomainValue": "Valor:",
+    "createDomainCnameRecords": "Registros CNAME",
+    "createDomainRecordNumber": "Registrar {number}",
+    "createDomainTxtRecords": "Registros TXT",
+    "createDomainSaveTheseRecords": "Salvar Esses Registros",
+    "createDomainSaveTheseRecordsDescription": "Certifique-se de salvar esses registros DNS, pois você não os verá novamente.",
+    "createDomainDnsPropagation": "Propagação DNS",
+    "createDomainDnsPropagationDescription": "Alterações no DNS podem levar algum tempo para se propagar pela internet. Pode levar de alguns minutos a 48 horas, dependendo do seu provedor de DNS e das configurações de TTL.",
+    "resourcePortRequired": "Número da porta é obrigatório para recursos não-HTTP",
+    "resourcePortNotAllowed": "Número da porta não deve ser definido para recursos HTTP"
 }
diff --git a/messages/ru-RU.json b/messages/ru-RU.json
new file mode 100644
index 00000000..d72ad989
--- /dev/null
+++ b/messages/ru-RU.json
@@ -0,0 +1,1277 @@
+{
+    "setupCreate": "Создайте свою организацию, сайт и ресурсы",
+    "setupNewOrg": "Новая организация",
+    "setupCreateOrg": "Создать организацию",
+    "setupCreateResources": "Создать ресурсы",
+    "setupOrgName": "Название организации",
+    "orgDisplayName": "Это отображаемое имя вашей организации.",
+    "orgId": "ID организации",
+    "setupIdentifierMessage": "Это уникальный идентификатор вашей организации. Он отличается от отображаемого имени.",
+    "setupErrorIdentifier": "ID организации уже занят. Выберите другой.",
+    "componentsErrorNoMemberCreate": "Вы пока не состоите ни в одной организации. Создайте организацию для начала работы.",
+    "componentsErrorNoMember": "Вы пока не состоите ни в одной организации.",
+    "welcome": "Welcome!",
+    "welcomeTo": "Welcome to",
+    "componentsCreateOrg": "Создать организацию",
+    "componentsMember": "Вы состоите в {count, plural, =0 {0 организациях} one {# организации} few {# организациях} many {# организациях} other {# организациях}}.",
+    "componentsInvalidKey": "Обнаружены недействительные или просроченные лицензионные ключи. Соблюдайте условия лицензии для использования всех функций.",
+    "dismiss": "Отменить",
+    "componentsLicenseViolation": "Нарушение лицензии: Сервер использует {usedSites} сайтов, что превышает лицензионный лимит в {maxSites} сайтов. Соблюдайте условия лицензии для использования всех функций.",
+    "componentsSupporterMessage": "Спасибо за поддержку Pangolin в качестве {tier}!",
+    "inviteErrorNotValid": "Извините, но это приглашение не было принято или срок его действия истёк.",
+    "inviteErrorUser": "Извините, но приглашение, к которому вы пытаетесь получить доступ, предназначено не для этого пользователя.",
+    "inviteLoginUser": "Убедитесь, что вы вошли под правильным пользователем.",
+    "inviteErrorNoUser": "Извините, но похоже, что приглашение, к которому вы пытаетесь получить доступ, предназначено для несуществующего пользователя.",
+    "inviteCreateUser": "Сначала создайте аккаунт.",
+    "goHome": "На главную",
+    "inviteLogInOtherUser": "Войти под другим пользователем",
+    "createAnAccount": "Создать учётную запись",
+    "inviteNotAccepted": "Приглашение не принято",
+    "authCreateAccount": "Создайте учётную запись для начала работы",
+    "authNoAccount": "Нет учётной записи?",
+    "email": "Email",
+    "password": "Пароль",
+    "confirmPassword": "Подтвердите пароль",
+    "createAccount": "Создать учётную запись",
+    "viewSettings": "Посмотреть настройки",
+    "delete": "Удалить",
+    "name": "Имя",
+    "online": "Онлайн",
+    "offline": "Офлайн",
+    "site": "Сайт",
+    "dataIn": "Входящий трафик",
+    "dataOut": "Исходящий трафик",
+    "connectionType": "Тип соединения",
+    "tunnelType": "Тип туннеля",
+    "local": "Локальный",
+    "edit": "Редактировать",
+    "siteConfirmDelete": "Подтвердить удаление сайта",
+    "siteDelete": "Удалить сайт",
+    "siteMessageRemove": "После удаления сайт больше не будет доступен. Все ресурсы и целевые узлы, связанные с сайтом, также будут удалены.",
+    "siteMessageConfirm": "Для подтверждения введите название сайта ниже.",
+    "siteQuestionRemove": "Вы уверены, что хотите удалить сайт {selectedSite} из организации?",
+    "siteManageSites": "Управление сайтами",
+    "siteDescription": "Обеспечьте подключение к вашей сети через защищённые туннели",
+    "siteCreate": "Создать сайт",
+    "siteCreateDescription2": "Следуйте инструкциям ниже для создания и подключения нового сайта",
+    "siteCreateDescription": "Создайте новый сайт для подключения ваших ресурсов",
+    "close": "Закрыть",
+    "siteErrorCreate": "Ошибка при создании сайта",
+    "siteErrorCreateKeyPair": "Пара ключей или настройки сайта по умолчанию не найдены",
+    "siteErrorCreateDefaults": "Настройки сайта по умолчанию не найдены",
+    "siteNameDescription": "Отображаемое имя сайта.",
+    "method": "Метод",
+    "siteMethodDescription": "Это способ, которым вы будете открывать соединения.",
+    "siteLearnNewt": "Узнайте, как установить Newt в вашей системе",
+    "siteSeeConfigOnce": "Вы сможете увидеть конфигурацию только один раз.",
+    "siteLoadWGConfig": "Загрузка конфигурации WireGuard...",
+    "siteDocker": "Развернуть для просмотра деталей развертывания Docker",
+    "toggle": "Переключить",
+    "dockerCompose": "Docker Compose",
+    "dockerRun": "Docker Run",
+    "siteLearnLocal": "Локальные сайты не создают туннели, узнать больше",
+    "siteConfirmCopy": "Я скопировал(а) конфигурацию",
+    "searchSitesProgress": "Поиск сайтов...",
+    "siteAdd": "Добавить сайт",
+    "siteInstallNewt": "Установить Newt",
+    "siteInstallNewtDescription": "Запустите Newt в вашей системе",
+    "WgConfiguration": "Конфигурация WireGuard",
+    "WgConfigurationDescription": "Используйте следующую конфигурацию для подключения к вашей сети",
+    "operatingSystem": "Операционная система",
+    "commands": "Команды",
+    "recommended": "Рекомендуется",
+    "siteNewtDescription": "Для лучшего пользовательского опыта используйте Newt. Он использует WireGuard под капотом и позволяет обращаться к вашим приватным ресурсам по их LAN-адресу в вашей частной сети прямо из панели управления Pangolin.",
+    "siteRunsInDocker": "Работает в Docker",
+    "siteRunsInShell": "Работает в оболочке на macOS, Linux и Windows",
+    "siteErrorDelete": "Ошибка при удалении сайта",
+    "siteErrorUpdate": "Не удалось обновить сайт",
+    "siteErrorUpdateDescription": "Произошла ошибка при обновлении сайта.",
+    "siteUpdated": "Сайт обновлён",
+    "siteUpdatedDescription": "Сайт был успешно обновлён.",
+    "siteGeneralDescription": "Настройте общие параметры для этого сайта",
+    "siteSettingDescription": "Настройте параметры вашего сайта",
+    "siteSetting": "Настройки {siteName}",
+    "siteNewtTunnel": "Туннель Newt (Рекомендуется)",
+    "siteNewtTunnelDescription": "Простейший способ создать точку входа в вашу сеть. Дополнительная настройка не требуется.",
+    "siteWg": "Базовый WireGuard",
+    "siteWgDescription": "Используйте любой клиент WireGuard для открытия туннеля. Требуется ручная настройка NAT.",
+    "siteLocalDescription": "Только локальные ресурсы. Без туннелирования.",
+    "siteSeeAll": "Просмотреть все сайты",
+    "siteTunnelDescription": "Выберите способ подключения к вашему сайту",
+    "siteNewtCredentials": "Учётные данные Newt",
+    "siteNewtCredentialsDescription": "Так Newt будет выполнять аутентификацию на сервере",
+    "siteCredentialsSave": "Сохраните ваши учётные данные",
+    "siteCredentialsSaveDescription": "Вы сможете увидеть эти данные только один раз. Обязательно скопируйте их в безопасное место.",
+    "siteInfo": "Информация о сайте",
+    "status": "Статус",
+    "shareTitle": "Управление общими ссылками",
+    "shareDescription": "Создавайте общие ссылки для предоставления временного или постоянного доступа к вашим ресурсам",
+    "shareSearch": "Поиск общих ссылок...",
+    "shareCreate": "Создать общую ссылку",
+    "shareErrorDelete": "Не удалось удалить ссылку",
+    "shareErrorDeleteMessage": "Произошла ошибка при удалении ссылки",
+    "shareDeleted": "Ссылка удалена",
+    "shareDeletedDescription": "Ссылка была успешно удалена",
+    "shareTokenDescription": "Ваш токен доступа может быть передан двумя способами: как параметр запроса или в заголовках запроса. Он должен передаваться клиентом при каждом запросе для аутентификации.",
+    "accessToken": "Токен доступа",
+    "usageExamples": "Примеры использования",
+    "tokenId": "ID токена",
+    "requestHeades": "Заголовки запроса",
+    "queryParameter": "Параметр запроса",
+    "importantNote": "Важное примечание",
+    "shareImportantDescription": "Из соображений безопасности рекомендуется использовать заголовки вместо параметров запроса, когда это возможно, так как параметры запроса могут сохраняться в логах сервера или истории браузера.",
+    "token": "Токен",
+    "shareTokenSecurety": "Храните ваш токен доступа в безопасности. Не делитесь им в общедоступных местах или клиентском коде.",
+    "shareErrorFetchResource": "Не удалось получить ресурсы",
+    "shareErrorFetchResourceDescription": "Произошла ошибка при получении ресурсов",
+    "shareErrorCreate": "Не удалось создать общую ссылку",
+    "shareErrorCreateDescription": "Произошла ошибка при создании общей ссылки",
+    "shareCreateDescription": "Любой, у кого есть эта ссылка, может получить доступ к ресурсу",
+    "shareTitleOptional": "Заголовок (необязательно)",
+    "expireIn": "Срок действия",
+    "neverExpire": "Бессрочный доступ",
+    "shareExpireDescription": "Срок действия - это период, в течение которого ссылка будет работать и предоставлять доступ к ресурсу. После этого времени ссылка перестанет работать, и пользователи, использовавшие эту ссылку, потеряют доступ к ресурсу.",
+    "shareSeeOnce": "Вы сможете увидеть эту ссылку только один раз. Обязательно скопируйте её.",
+    "shareAccessHint": "Любой, у кого есть эта ссылка, может получить доступ к ресурсу. Делитесь ею с осторожностью.",
+    "shareTokenUsage": "Посмотреть использование токена доступа",
+    "createLink": "Создать ссылку",
+    "resourcesNotFound": "Ресурсы не найдены",
+    "resourceSearch": "Поиск ресурсов",
+    "openMenu": "Открыть меню",
+    "resource": "Ресурс",
+    "title": "Заголовок",
+    "created": "Создан",
+    "expires": "Истекает",
+    "never": "Никогда",
+    "shareErrorSelectResource": "Пожалуйста, выберите ресурс",
+    "resourceTitle": "Управление ресурсами",
+    "resourceDescription": "Создавайте защищённые прокси к вашим приватным приложениям",
+    "resourcesSearch": "Поиск ресурсов...",
+    "resourceAdd": "Добавить ресурс",
+    "resourceErrorDelte": "Ошибка при удалении ресурса",
+    "authentication": "Аутентификация",
+    "protected": "Защищён",
+    "notProtected": "Не защищён",
+    "resourceMessageRemove": "После удаления ресурс больше не будет доступен. Все целевые узлы, связанные с ресурсом, также будут удалены.",
+    "resourceMessageConfirm": "Для подтверждения введите название ресурса ниже.",
+    "resourceQuestionRemove": "Вы действительно хотите удалить ресурс {selectedResource} из организации?",
+    "resourceHTTP": "HTTPS-ресурс",
+    "resourceHTTPDescription": "Проксирование запросов к вашему приложению через HTTPS с использованием поддомена или базового домена.",
+    "resourceRaw": "Сырой TCP/UDP-ресурс",
+    "resourceRawDescription": "Проксирование запросов к вашему приложению через TCP/UDP с использованием по номеру порта.",
+    "resourceCreate": "Создание ресурса",
+    "resourceCreateDescription": "Следуйте инструкциям ниже для создания нового ресурса",
+    "resourceSeeAll": "Посмотреть все ресурсы",
+    "resourceInfo": "Информация о ресурсе",
+    "resourceNameDescription": "Отображаемое имя ресурса.",
+    "siteSelect": "Выберите сайт",
+    "siteSearch": "Поиск сайта",
+    "siteNotFound": "Сайт не найден.",
+    "siteSelectionDescription": "Этот сайт обеспечит подключение к ресурсу.",
+    "resourceType": "Тип ресурса",
+    "resourceTypeDescription": "Определите, как вы хотите получать доступ к вашему ресурсу",
+    "resourceHTTPSSettings": "Настройки HTTPS",
+    "resourceHTTPSSettingsDescription": "Настройте, как будет осуществляться доступ к вашему ресурсу через HTTPS",
+    "domainType": "Тип домена",
+    "subdomain": "Поддомен",
+    "baseDomain": "Базовый домен",
+    "subdomnainDescription": "Поддомен, на котором будет доступен ресурс.",
+    "resourceRawSettings": "Настройки TCP/UDP",
+    "resourceRawSettingsDescription": "Настройте, как будет осуществляться доступ к вашему ресурсу через TCP/UDP",
+    "protocol": "Протокол",
+    "protocolSelect": "Выберите протокол",
+    "resourcePortNumber": "Номер порта",
+    "resourcePortNumberDescription": "Внешний номер порта для проксирования запросов.",
+    "cancel": "Отмена",
+    "resourceConfig": "Фрагменты конфигурации",
+    "resourceConfigDescription": "Скопируйте и вставьте эти фрагменты конфигурации для настройки вашего TCP/UDP-ресурса",
+    "resourceAddEntrypoints": "Traefik: Добавить точки входа",
+    "resourceExposePorts": "Gerbil: Открыть порты в Docker Compose",
+    "resourceLearnRaw": "Узнайте, как настроить TCP/UDP-ресурсы",
+    "resourceBack": "Назад к ресурсам",
+    "resourceGoTo": "Перейти к ресурсу",
+    "resourceDelete": "Удалить ресурс",
+    "resourceDeleteConfirm": "Подтвердить удаление",
+    "visibility": "Видимость",
+    "enabled": "Включено",
+    "disabled": "Отключено",
+    "general": "Общие",
+    "generalSettings": "Общие настройки",
+    "proxy": "Прокси",
+    "rules": "Правила",
+    "resourceSettingDescription": "Настройте параметры вашего ресурса",
+    "resourceSetting": "Настройки {resourceName}",
+    "alwaysAllow": "Всегда разрешать",
+    "alwaysDeny": "Всегда запрещать",
+    "orgSettingsDescription": "Настройте общие параметры вашей организации",
+    "orgGeneralSettings": "Настройки организации",
+    "orgGeneralSettingsDescription": "Управляйте данными и конфигурацией вашей организации",
+    "saveGeneralSettings": "Сохранить общие настройки",
+    "saveSettings": "Save Settings",
+    "orgDangerZone": "Опасная зона",
+    "orgDangerZoneDescription": "Будьте осторожны: удалив организацию, вы не сможете восстановить её.",
+    "orgDelete": "Удалить организацию",
+    "orgDeleteConfirm": "Подтвердить удаление",
+    "orgMessageRemove": "Это действие необратимо и удалит все связанные данные.",
+    "orgMessageConfirm": "Для подтверждения введите название организации ниже.",
+    "orgQuestionRemove": "Вы действительно хотите удалить организацию {selectedOrg}?",
+    "orgUpdated": "Организация обновлена",
+    "orgUpdatedDescription": "Организация была успешно обновлена.",
+    "orgErrorUpdate": "Не удалось обновить организацию",
+    "orgErrorUpdateMessage": "Произошла ошибка при обновлении организации.",
+    "orgErrorFetch": "Не удалось получить организации",
+    "orgErrorFetchMessage": "Произошла ошибка при получении списка ваших организаций",
+    "orgErrorDelete": "Не удалось удалить организацию",
+    "orgErrorDeleteMessage": "Произошла ошибка при удалении организации.",
+    "orgDeleted": "Организация удалена",
+    "orgDeletedMessage": "Организация и её данные были удалены.",
+    "orgMissing": "Отсутствует ID организации",
+    "orgMissingMessage": "Невозможно восстановить приглашение без ID организации.",
+    "accessUsersManage": "Управление пользователями",
+    "accessUsersDescription": "Приглашайте пользователей и назначайте им роли для управления доступом к вашей организации",
+    "accessUsersSearch": "Поиск пользователей...",
+    "accessUserCreate": "Создать пользователя",
+    "accessUserRemove": "Удалить пользователя",
+    "username": "Имя пользователя",
+    "identityProvider": "Identity Provider",
+    "role": "Роль",
+    "nameRequired": "Имя обязательно",
+    "accessRolesManage": "Управление ролями",
+    "accessRolesDescription": "Настройте роли для управления доступом к вашей организации",
+    "accessRolesSearch": "Поиск ролей...",
+    "accessRolesAdd": "Добавить роль",
+    "accessRoleDelete": "Удалить роль",
+    "description": "Описание",
+    "inviteTitle": "Открытые приглашения",
+    "inviteDescription": "Управляйте вашими приглашениями для других пользователей",
+    "inviteSearch": "Поиск приглашений...",
+    "minutes": "мин.",
+    "hours": "ч.",
+    "days": "д.",
+    "weeks": "нед.",
+    "months": "мес.",
+    "years": "г.",
+    "day": "{count, plural, one {# день} few {# дня} many {# дней} other {# дней}}",
+    "apiKeysTitle": "Информация о ключе API",
+    "apiKeysConfirmCopy2": "Подтверидте, что вы скопировали ключ API.",
+    "apiKeysErrorCreate": "Ошибка при создании ключа API",
+    "apiKeysErrorSetPermission": "Ошибка при установке разрешений",
+    "apiKeysCreate": "Сгенерировать ключ API",
+    "apiKeysCreateDescription": "Сгенерируйте новый ключ API для вашей организации",
+    "apiKeysGeneralSettings": "Разрешения",
+    "apiKeysGeneralSettingsDescription": "Определите, что может делать этот ключ API",
+    "apiKeysList": "Ваш ключ API",
+    "apiKeysSave": "Сохраните ваш ключ API",
+    "apiKeysSaveDescription": "Вы сможете увидеть этот ключ только один раз. Обязательно скопируйте его в безопасное место.",
+    "apiKeysInfo": "Ваш ключ API:",
+    "apiKeysConfirmCopy": "Я скопировал(а) ключ API",
+    "generate": "Сгенерировать",
+    "done": "Готово",
+    "apiKeysSeeAll": "Посмотреть все ключи API",
+    "apiKeysPermissionsErrorLoadingActions": "Ошибка загрузки действий ключа API",
+    "apiKeysPermissionsErrorUpdate": "Ошибка установки разрешений",
+    "apiKeysPermissionsUpdated": "Разрешения обновлены",
+    "apiKeysPermissionsUpdatedDescription": "Разрешения были успешно обновлены.",
+    "apiKeysPermissionsGeneralSettings": "Разрешения",
+    "apiKeysPermissionsGeneralSettingsDescription": "Определите, что может делать этот ключ API",
+    "apiKeysPermissionsSave": "Сохранить разрешения",
+    "apiKeysPermissionsTitle": "Разрешения",
+    "apiKeys": "Ключи API",
+    "searchApiKeys": "Поиск ключей API...",
+    "apiKeysAdd": "Сгенерировать ключ API",
+    "apiKeysErrorDelete": "Ошибка при удалении ключа API",
+    "apiKeysErrorDeleteMessage": "Не удалось удалить ключ API",
+    "apiKeysQuestionRemove": "Вы действительно хотите удалить ключ API {selectedApiKey} из организации?",
+    "apiKeysMessageRemove": "После удаления ключ API больше сможет быть использован.",
+    "apiKeysMessageConfirm": "Для подтверждения введите название ключа API ниже.",
+    "apiKeysDeleteConfirm": "Подтвердить удаление",
+    "apiKeysDelete": "Удаление ключа API",
+    "apiKeysManage": "Управление ключами API",
+    "apiKeysDescription": "Ключи API используются для аутентификации в интеграционном API",
+    "apiKeysSettings": "Настройки {apiKeyName}",
+    "userTitle": "Управление всеми пользователями",
+    "userDescription": "Просмотр и управление всеми пользователями в системе",
+    "userAbount": "Об управлении пользователями",
+    "userAbountDescription": "В этой таблице отображаются все корневые объекты пользователей в системе. Каждый пользователь может принадлежать нескольким организациям. Удаление пользователя из организации не удаляет его корневой объект - он останется в системе. Чтобы полностью удалить пользователя из системы, вы должны удалить его корневой объект, используя действие удаления в этой таблице.",
+    "userServer": "Пользователи сервера",
+    "userSearch": "Поиск пользователей сервера...",
+    "userErrorDelete": "Ошибка при удалении пользователя",
+    "userDeleteConfirm": "Подтвердить удаление",
+    "userDeleteServer": "Удаление пользователя с сервера",
+    "userMessageRemove": "Пользователь будет удалён из всех организаций и полностью удалён с сервера.",
+    "userMessageConfirm": "Для подтверждения введите имя пользователя ниже.",
+    "userQuestionRemove": "Вы действительно хотите навсегда удалить {selectedUser} с сервера?",
+    "licenseKey": "Лицензионный ключ",
+    "valid": "Действителен",
+    "numberOfSites": "Количество сайтов",
+    "licenseKeySearch": "Поиск лицензионных ключей...",
+    "licenseKeyAdd": "Добавить лицензионный ключ",
+    "type": "Тип",
+    "licenseKeyRequired": "Лицензионный ключ обязателен",
+    "licenseTermsAgree": "Вы должны согласиться с условиями лицензии",
+    "licenseErrorKeyLoad": "Не удалось загрузить лицензионные ключи",
+    "licenseErrorKeyLoadDescription": "Произошла ошибка при загрузке лицензионных ключей.",
+    "licenseErrorKeyDelete": "Не удалось удалить лицензионный ключ",
+    "licenseErrorKeyDeleteDescription": "Произошла ошибка при удалении лицензионного ключа.",
+    "licenseKeyDeleted": "Лицензионный ключ удалён",
+    "licenseKeyDeletedDescription": "Лицензионный ключ был удалён.",
+    "licenseErrorKeyActivate": "Не удалось активировать лицензионный ключ",
+    "licenseErrorKeyActivateDescription": "Произошла ошибка при активации лицензионного ключа.",
+    "licenseAbout": "О лицензировании",
+    "communityEdition": "Community Edition",
+    "licenseAboutDescription": "Это для бизнес и корпоративных пользователей, использующих Pangolin в коммерческой среде. Если вы используете Pangolin для личного использования, вы можете игнорировать этот раздел.",
+    "licenseKeyActivated": "Лицензионный ключ активирован",
+    "licenseKeyActivatedDescription": "Лицензионный ключ был успешно активирован.",
+    "licenseErrorKeyRecheck": "Не удалось перепроверить лицензионные ключи",
+    "licenseErrorKeyRecheckDescription": "Произошла ошибка при перепроверке лицензионных ключей.",
+    "licenseErrorKeyRechecked": "Лицензионные ключи перепроверены",
+    "licenseErrorKeyRecheckedDescription": "Все лицензионные ключи были перепроверены",
+    "licenseActivateKey": "Активировать лицензионный ключ",
+    "licenseActivateKeyDescription": "Введите лицензионный ключ для его активации.",
+    "licenseActivate": "Активировать лицензию",
+    "licenseAgreement": "Установив этот флажок, вы подтверждаете, что прочитали и согласны с условиями лицензии, соответствующими уровню, связанному с вашим лицензионным ключом.",
+    "fossorialLicense": "Просмотреть коммерческую лицензию Fossorial и условия подписки",
+    "licenseMessageRemove": "Это удалит лицензионный ключ и все связанные с ним разрешения.",
+    "licenseMessageConfirm": "Для подтверждения введите лицензионный ключ ниже.",
+    "licenseQuestionRemove": "Вы уверены, что хотите удалить лицензионный ключ {selectedKey}?",
+    "licenseKeyDelete": "Удалить лицензионный ключ",
+    "licenseKeyDeleteConfirm": "Подтвердить удаление лицензионного ключа",
+    "licenseTitle": "Управление статусом лицензии",
+    "licenseTitleDescription": "Просмотр и управление лицензионными ключами в системе",
+    "licenseHost": "Лицензия хоста",
+    "licenseHostDescription": "Управление основным лицензионным ключом для хоста.",
+    "licensedNot": "Не лицензировано",
+    "hostId": "ID хоста",
+    "licenseReckeckAll": "Перепроверить все ключи",
+    "licenseSiteUsage": "Использование сайтов",
+    "licenseSiteUsageDecsription": "Просмотр количества сайтов, использующих эту лицензию.",
+    "licenseNoSiteLimit": "Нет ограничения на количество сайтов при использовании нелицензированного хоста.",
+    "licensePurchase": "Приобрести лицензию",
+    "licensePurchaseSites": "Приобрести дополнительные сайты",
+    "licenseSitesUsedMax": "Использовано сайтов: {usedSites} из {maxSites}",
+    "licenseSitesUsed": "{count, plural, =0 {0 сайтов} one {# сайт} few {# сайта} many {# сайтов} other {# сайтов}} в системе.",
+    "licensePurchaseDescription": "Выберите, для скольких сайтов вы хотите {selectedMode, select, license {приобрести лицензию. Вы всегда можете добавить больше сайтов позже.} other {добавить к существующей лицензии.}}",
+    "licenseFee": "Лицензионный сбор",
+    "licensePriceSite": "Цена за сайт",
+    "total": "Итого",
+    "licenseContinuePayment": "Перейти к оплате",
+    "pricingPage": "страница цен",
+    "pricingPortal": "Посмотреть портал покупок",
+    "licensePricingPage": "Для актуальных цен и скидок посетите ",
+    "invite": "Приглашения",
+    "inviteRegenerate": "Пересоздать приглашение",
+    "inviteRegenerateDescription": "Отозвать предыдущее приглашение и создать новое",
+    "inviteRemove": "Удалить приглашение",
+    "inviteRemoveError": "Не удалось удалить приглашение",
+    "inviteRemoveErrorDescription": "Произошла ошибка при удалении приглашения.",
+    "inviteRemoved": "Приглашение удалено",
+    "inviteRemovedDescription": "Приглашение для {email} было удалено.",
+    "inviteQuestionRemove": "Вы уверены, что хотите удалить приглашение {email}?",
+    "inviteMessageRemove": "После удаления это приглашение больше не будет действительным. Вы всегда можете пригласить пользователя заново.",
+    "inviteMessageConfirm": "Для подтверждения введите email адрес приглашения ниже.",
+    "inviteQuestionRegenerate": "Вы уверены, что хотите пересоздать приглашение для {email}? Это отзовёт предыдущее приглашение.",
+    "inviteRemoveConfirm": "Подтвердить удаление приглашения",
+    "inviteRegenerated": "Приглашение пересоздано",
+    "inviteSent": "Новое приглашение отправлено {email}.",
+    "inviteSentEmail": "Отправить email уведомление пользователю",
+    "inviteGenerate": "Новое приглашение создано для {email}.",
+    "inviteDuplicateError": "Дублирующее приглашение",
+    "inviteDuplicateErrorDescription": "Приглашение для этого пользователя уже существует.",
+    "inviteRateLimitError": "Превышен лимит запросов",
+    "inviteRateLimitErrorDescription": "Вы превысили лимит в 3 пересоздания в час. Попробуйте позже.",
+    "inviteRegenerateError": "Не удалось пересоздать приглашение",
+    "inviteRegenerateErrorDescription": "Произошла ошибка при пересоздании приглашения.",
+    "inviteValidityPeriod": "Период действия",
+    "inviteValidityPeriodSelect": "Выберите период действия",
+    "inviteRegenerateMessage": "Приглашение было пересоздано. Пользователь должен перейти по ссылке ниже для принятия приглашения.",
+    "inviteRegenerateButton": "Пересоздать",
+    "expiresAt": "Истекает",
+    "accessRoleUnknown": "Неизвестная роль",
+    "placeholder": "Заполнитель",
+    "userErrorOrgRemove": "Не удалось удалить пользователя",
+    "userErrorOrgRemoveDescription": "Произошла ошибка при удалении пользователя.",
+    "userOrgRemoved": "Пользователь удалён",
+    "userOrgRemovedDescription": "Пользователь {email} был удалён из организации.",
+    "userQuestionOrgRemove": "Вы уверены, что хотите удалить {email} из организации?",
+    "userMessageOrgRemove": "После удаления этот пользователь больше не будет иметь доступ к организации. Вы всегда можете пригласить его заново, но ему нужно будет снова принять приглашение.",
+    "userMessageOrgConfirm": "Для подтверждения введите имя пользователя ниже.",
+    "userRemoveOrgConfirm": "Подтвердить удаление пользователя",
+    "userRemoveOrg": "Удалить пользователя из организации",
+    "users": "Пользователи",
+    "accessRoleMember": "Участник",
+    "accessRoleOwner": "Владелец",
+    "userConfirmed": "Подтверждён",
+    "idpNameInternal": "Внутренний",
+    "emailInvalid": "Неверный адрес Email",
+    "inviteValidityDuration": "Пожалуйста, выберите продолжительность",
+    "accessRoleSelectPlease": "Пожалуйста, выберите роль",
+    "usernameRequired": "Имя пользователя обязательно",
+    "idpSelectPlease": "Пожалуйста, выберите Identity Provider",
+    "idpGenericOidc": "Обычный OAuth2/OIDC provider.",
+    "accessRoleErrorFetch": "Не удалось получить роли",
+    "accessRoleErrorFetchDescription": "Произошла ошибка при получении ролей",
+    "idpErrorFetch": "Не удалось получить идентификатор провайдера",
+    "idpErrorFetchDescription": "Произошла ошибка при получении поставщиков удостоверений",
+    "userErrorExists": "Пользователь уже существует",
+    "userErrorExistsDescription": "Этот пользователь уже является участником организации.",
+    "inviteError": "Не удалось пригласить пользователя",
+    "inviteErrorDescription": "Произошла ошибка при приглашении пользователя",
+    "userInvited": "Пользователь приглашён",
+    "userInvitedDescription": "Пользователь был успешно приглашён.",
+    "userErrorCreate": "Не удалось создать пользователя",
+    "userErrorCreateDescription": "Произошла ошибка при создании пользователя",
+    "userCreated": "Пользователь создан",
+    "userCreatedDescription": "Пользователь был успешно создан.",
+    "userTypeInternal": "Внутренний пользователь",
+    "userTypeInternalDescription": "Пригласите пользователя напрямую в вашу организацию.",
+    "userTypeExternal": "Внешний пользователь",
+    "userTypeExternalDescription": "Создайте пользователя через внешний Identity Provider.",
+    "accessUserCreateDescription": "Следуйте инструкциям ниже для создания нового пользователя",
+    "userSeeAll": "Просмотр всех пользователей",
+    "userTypeTitle": "Тип пользователя",
+    "userTypeDescription": "Выберите способ создание пользователя",
+    "userSettings": "Информация о пользователе",
+    "userSettingsDescription": "Введите сведения о новом пользователе",
+    "inviteEmailSent": "Отправить приглашение по Email",
+    "inviteValid": "Действительно",
+    "selectDuration": "Укажите срок действия",
+    "accessRoleSelect": "Выберите роль",
+    "inviteEmailSentDescription": "Email был отправлен пользователю со ссылкой доступа ниже. Он должен перейти по ссылке для принятия приглашения.",
+    "inviteSentDescription": "Пользователь был приглашён. Он должен перейти по ссылке ниже для принятия приглашения.",
+    "inviteExpiresIn": "Приглашение истечёт через {days, plural, one {# день} few {# дня} many {# дней} other {# дней}}.",
+    "idpTitle": "Поставщик удостоверений",
+    "idpSelect": "Выберите поставщика удостоверений для внешнего пользователя",
+    "idpNotConfigured": "Поставщики удостоверений не настроены. Пожалуйста, настройте поставщика удостоверений перед созданием внешних пользователей.",
+    "usernameUniq": "Это должно соответствовать уникальному имени пользователя, существующему в выбранном поставщике удостоверений.",
+    "emailOptional": "Email (необязательно)",
+    "nameOptional": "Имя (необязательно)",
+    "accessControls": "Контроль доступа",
+    "userDescription2": "Управление настройками этого пользователя",
+    "accessRoleErrorAdd": "Не удалось добавить пользователя в роль",
+    "accessRoleErrorAddDescription": "Произошла ошибка при добавлении пользователя в роль.",
+    "userSaved": "Пользователь сохранён",
+    "userSavedDescription": "Пользователь был обновлён.",
+    "accessControlsDescription": "Управляйте тем, к чему этот пользователь может получить доступ и что делать в организации",
+    "accessControlsSubmit": "Сохранить контроль доступа",
+    "roles": "Роли",
+    "accessUsersRoles": "Управление пользователями и ролями",
+    "accessUsersRolesDescription": "Приглашайте пользователей и добавляйте их в роли для управления доступом к вашей организации",
+    "key": "Ключ",
+    "createdAt": "Создано в",
+    "proxyErrorInvalidHeader": "Неверное значение пользовательского заголовка Host. Используйте формат доменного имени или оставьте пустым для сброса пользовательского заголовка Host.",
+    "proxyErrorTls": "Неверное имя TLS сервера. Используйте формат доменного имени или оставьте пустым для удаления имени TLS сервера.",
+    "proxyEnableSSL": "Включить SSL (https)",
+    "targetErrorFetch": "Не удалось получить цели",
+    "targetErrorFetchDescription": "Произошла ошибка при получении целей",
+    "siteErrorFetch": "Не удалось получить ресурс",
+    "siteErrorFetchDescription": "Произошла ошибка при получении ресурса",
+    "targetErrorDuplicate": "Дублирующая цель",
+    "targetErrorDuplicateDescription": "Цель с такими настройками уже существует",
+    "targetWireGuardErrorInvalidIp": "Неверный IP цели",
+    "targetWireGuardErrorInvalidIpDescription": "IP цели должен быть в пределах подсети сайта",
+    "targetsUpdated": "Цели обновлены",
+    "targetsUpdatedDescription": "Цели и настройки успешно обновлены",
+    "targetsErrorUpdate": "Не удалось обновить цели",
+    "targetsErrorUpdateDescription": "Произошла ошибка при обновлении целей",
+    "targetTlsUpdate": "Настройки TLS обновлены",
+    "targetTlsUpdateDescription": "Ваши настройки TLS были успешно обновлены",
+    "targetErrorTlsUpdate": "Не удалось обновить настройки TLS",
+    "targetErrorTlsUpdateDescription": "Произошла ошибка при обновлении настроек TLS",
+    "proxyUpdated": "Настройки прокси обновлены",
+    "proxyUpdatedDescription": "Ваши настройки прокси были успешно обновлены",
+    "proxyErrorUpdate": "Не удалось обновить настройки прокси",
+    "proxyErrorUpdateDescription": "Произошла ошибка при обновлении настроек прокси",
+    "targetAddr": "IP / Имя хоста",
+    "targetPort": "Порт",
+    "targetProtocol": "Протокол",
+    "targetTlsSettings": "Конфигурация безопасного соединения",
+    "targetTlsSettingsDescription": "Настройте параметры SSL/TLS для вашего ресурса",
+    "targetTlsSettingsAdvanced": "Расширенные настройки TLS",
+    "targetTlsSni": "Имя TLS сервера (SNI)",
+    "targetTlsSniDescription": "Имя TLS сервера для использования в SNI. Оставьте пустым для использования по умолчанию.",
+    "targetTlsSubmit": "Сохранить настройки",
+    "targets": "Конфигурация целей",
+    "targetsDescription": "Настройте цели для маршрутизации трафика к вашим сервисам",
+    "targetStickySessions": "Включить фиксированные сессии",
+    "targetStickySessionsDescription": "Сохранять соединения на одной и той же целевой точке в течение всей сессии.",
+    "methodSelect": "Выберите метод",
+    "targetSubmit": "Добавить цель",
+    "targetNoOne": "Нет целей. Добавьте цель с помощью формы.",
+    "targetNoOneDescription": "Добавление более одной цели выше включит балансировку нагрузки.",
+    "targetsSubmit": "Сохранить цели",
+    "proxyAdditional": "Дополнительные настройки прокси",
+    "proxyAdditionalDescription": "Настройте, как ваш ресурс обрабатывает настройки прокси",
+    "proxyCustomHeader": "Пользовательский заголовок Host",
+    "proxyCustomHeaderDescription": "Заголовок host для установки при проксировании запросов. Оставьте пустым для использования по умолчанию.",
+    "proxyAdditionalSubmit": "Сохранить настройки прокси",
+    "subnetMaskErrorInvalid": "Неверная маска подсети. Должна быть между 0 и 32.",
+    "ipAddressErrorInvalidFormat": "Неверный формат IP адреса",
+    "ipAddressErrorInvalidOctet": "Неверный октет IP адреса",
+    "path": "Путь",
+    "ipAddressRange": "Диапазон IP",
+    "rulesErrorFetch": "Не удалось получить правила",
+    "rulesErrorFetchDescription": "Произошла ошибка при получении правил",
+    "rulesErrorDuplicate": "Дублирующее правило",
+    "rulesErrorDuplicateDescription": "Правило с такими настройками уже существует",
+    "rulesErrorInvalidIpAddressRange": "Неверный CIDR",
+    "rulesErrorInvalidIpAddressRangeDescription": "Пожалуйста, введите корректное значение CIDR",
+    "rulesErrorInvalidUrl": "Неверный URL путь",
+    "rulesErrorInvalidUrlDescription": "Пожалуйста, введите корректное значение URL пути",
+    "rulesErrorInvalidIpAddress": "Неверный IP",
+    "rulesErrorInvalidIpAddressDescription": "Пожалуйста, введите корректный IP адрес",
+    "rulesErrorUpdate": "Не удалось обновить правила",
+    "rulesErrorUpdateDescription": "Произошла ошибка при обновлении правил",
+    "rulesUpdated": "Включить правила",
+    "rulesUpdatedDescription": "Оценка правил была обновлена",
+    "rulesMatchIpAddressRangeDescription": "Введите адрес в формате CIDR (например, 103.21.244.0/22)",
+    "rulesMatchIpAddress": "Введите IP адрес (например, 103.21.244.12)",
+    "rulesMatchUrl": "Введите URL путь или шаблон (например, /api/v1/todos или /api/v1/*)",
+    "rulesErrorInvalidPriority": "Неверный приоритет",
+    "rulesErrorInvalidPriorityDescription": "Пожалуйста, введите корректный приоритет",
+    "rulesErrorDuplicatePriority": "Дублирующие приоритеты",
+    "rulesErrorDuplicatePriorityDescription": "Пожалуйста, введите уникальные приоритеты",
+    "ruleUpdated": "Правила обновлены",
+    "ruleUpdatedDescription": "Правила успешно обновлены",
+    "ruleErrorUpdate": "Операция не удалась",
+    "ruleErrorUpdateDescription": "Произошла ошибка во время операции сохранения",
+    "rulesPriority": "Приоритет",
+    "rulesAction": "Действие",
+    "rulesMatchType": "Тип совпадения",
+    "value": "Значение",
+    "rulesAbout": "О правилах",
+    "rulesAboutDescription": "Правила позволяют контролировать доступ к вашему ресурсу на основе набора критериев. Вы можете создавать правила для разрешения или запрета доступа на основе IP адреса или URL пути.",
+    "rulesActions": "Действия",
+    "rulesActionAlwaysAllow": "Всегда разрешать: Обойти все методы аутентификации",
+    "rulesActionAlwaysDeny": "Всегда запрещать: Блокировать все запросы; аутентификация не может быть выполнена",
+    "rulesMatchCriteria": "Критерии совпадения",
+    "rulesMatchCriteriaIpAddress": "Совпадение с конкретным IP адресом",
+    "rulesMatchCriteriaIpAddressRange": "Совпадение с диапазоном IP адресов в нотации CIDR",
+    "rulesMatchCriteriaUrl": "Совпадение с URL путём или шаблоном",
+    "rulesEnable": "Включить правила",
+    "rulesEnableDescription": "Включить или отключить проверку правил для этого ресурса",
+    "rulesResource": "Конфигурация правил ресурса",
+    "rulesResourceDescription": "Настройте правила для контроля доступа к вашему ресурсу",
+    "ruleSubmit": "Добавить правило",
+    "rulesNoOne": "Нет правил. Добавьте правило с помощью формы.",
+    "rulesOrder": "Правила оцениваются по приоритету в возрастающем порядке.",
+    "rulesSubmit": "Сохранить правила",
+    "resourceErrorCreate": "Ошибка при создании ресурса",
+    "resourceErrorCreateDescription": "Произошла ошибка при создании ресурса",
+    "resourceErrorCreateMessage": "Ошибка создания ресурса:",
+    "resourceErrorCreateMessageDescription": "Произошла неизвестная ошибка.",
+    "sitesErrorFetch": "Ошибка при получении сайтов",
+    "sitesErrorFetchDescription": "Произошла ошибка при получении сайтов",
+    "domainsErrorFetch": "Ошибка при получении доменов",
+    "domainsErrorFetchDescription": "Произошла ошибка при получении доменов",
+    "none": "Нет",
+    "unknown": "Неизвестно",
+    "resources": "Ресурсы",
+    "resourcesDescription": "Ресурсы - это прокси к приложениям, работающим в вашей частной сети. Создайте ресурс для любого HTTP/HTTPS или сырого TCP/UDP сервиса в вашей частной сети. Каждый ресурс должен быть подключен к сайту для обеспечения приватного, безопасного соединения через зашифрованный туннель WireGuard.",
+    "resourcesWireGuardConnect": "Безопасное соединение с шифрованием WireGuard",
+    "resourcesMultipleAuthenticationMethods": "Настройка нескольких методов аутентификации",
+    "resourcesUsersRolesAccess": "Контроль доступа на основе пользователей и ролей",
+    "resourcesErrorUpdate": "Не удалось переключить ресурс",
+    "resourcesErrorUpdateDescription": "Произошла ошибка при обновлении ресурса",
+    "access": "Доступ",
+    "shareLink": "Общая ссылка {resource}",
+    "resourceSelect": "Выберите ресурс",
+    "shareLinks": "Общие ссылки",
+    "share": "Общие ссылки",
+    "shareDescription2": "Создавайте общие ссылки к вашим ресурсам. Ссылки предоставляют временный или неограниченный доступ к вашему ресурсу. Вы можете настроить время истечения ссылки при её создании.",
+    "shareEasyCreate": "Легко создавать и делиться",
+    "shareConfigurableExpirationDuration": "Настраиваемая продолжительность истечения",
+    "shareSecureAndRevocable": "Безопасные и отзываемые",
+    "nameMin": "Имя должно быть не менее {len} символов.",
+    "nameMax": "Имя не должно быть длиннее {len} символов.",
+    "sitesConfirmCopy": "Пожалуйста, подтвердите, что вы скопировали конфигурацию.",
+    "unknownCommand": "Неизвестная команда",
+    "newtErrorFetchReleases": "Не удалось получить информацию о релизе: {err}",
+    "newtErrorFetchLatest": "Ошибка при получении последнего релиза: {err}",
+    "newtEndpoint": "Конечная точка Newt",
+    "newtId": "Newt ID",
+    "newtSecretKey": "Секретный ключ Newt",
+    "architecture": "Архитектура",
+    "sites": "Сайты",
+    "siteWgAnyClients": "Используйте любой клиент WireGuard для подключения. Вам придётся обращаться к вашим внутренним ресурсам, используя IP узла.",
+    "siteWgCompatibleAllClients": "Совместим со всеми клиентами WireGuard",
+    "siteWgManualConfigurationRequired": "Требуется ручная настройка",
+    "userErrorNotAdminOrOwner": "Пользователь не является администратором или владельцем",
+    "pangolinSettings": "Настройки - Pangolin",
+    "accessRoleYour": "Ваша роль:",
+    "accessRoleSelect2": "Выберите роль",
+    "accessUserSelect": "Выберите пользователя",
+    "otpEmailEnter": "Введите email",
+    "otpEmailEnterDescription": "Нажмите enter для добавления email после ввода в поле.",
+    "otpEmailErrorInvalid": "Неверный email адрес. Подстановочный знак (*) должен быть всей локальной частью.",
+    "otpEmailSmtpRequired": "Требуется SMTP",
+    "otpEmailSmtpRequiredDescription": "SMTP должен быть включён на сервере для использования аутентификации с одноразовым паролем.",
+    "otpEmailTitle": "Одноразовые пароли",
+    "otpEmailTitleDescription": "Требовать аутентификацию на основе email для доступа к ресурсу",
+    "otpEmailWhitelist": "Белый список email",
+    "otpEmailWhitelistList": "Email адреса в белом списке",
+    "otpEmailWhitelistListDescription": "Только пользователи с этими email адресами смогут получить доступ к этому ресурсу. Им будет предложено ввести одноразовый пароль, отправленный на их email. Можно использовать подстановочные знаки (*@example.com) для разрешения любого email адреса с домена.",
+    "otpEmailWhitelistSave": "Сохранить белый список",
+    "passwordAdd": "Добавить пароль",
+    "passwordRemove": "Удалить пароль",
+    "pincodeAdd": "Добавить PIN-код",
+    "pincodeRemove": "Удалить PIN-код",
+    "resourceAuthMethods": "Методы аутентификации",
+    "resourceAuthMethodsDescriptions": "Разрешить доступ к ресурсу через дополнительные методы аутентификации",
+    "resourceAuthSettingsSave": "Успешно сохранено",
+    "resourceAuthSettingsSaveDescription": "Настройки аутентификации сохранены",
+    "resourceErrorAuthFetch": "Не удалось получить данные",
+    "resourceErrorAuthFetchDescription": "Произошла ошибка при получении данных",
+    "resourceErrorPasswordRemove": "Ошибка при удалении пароля ресурса",
+    "resourceErrorPasswordRemoveDescription": "Произошла ошибка при удалении пароля ресурса",
+    "resourceErrorPasswordSetup": "Ошибка при установке пароля ресурса",
+    "resourceErrorPasswordSetupDescription": "Произошла ошибка при установке пароля ресурса",
+    "resourceErrorPincodeRemove": "Ошибка при удалении PIN-кода ресурса",
+    "resourceErrorPincodeRemoveDescription": "Произошла ошибка при удалении PIN-кода ресурса",
+    "resourceErrorPincodeSetup": "Ошибка при установке PIN-кода ресурса",
+    "resourceErrorPincodeSetupDescription": "Произошла ошибка при установке PIN-кода ресурса",
+    "resourceErrorUsersRolesSave": "Не удалось установить роли",
+    "resourceErrorUsersRolesSaveDescription": "Произошла ошибка при установке ролей",
+    "resourceErrorWhitelistSave": "Не удалось сохранить белый список",
+    "resourceErrorWhitelistSaveDescription": "Произошла ошибка при сохранении белого списка",
+    "resourcePasswordSubmit": "Включить защиту паролем",
+    "resourcePasswordProtection": "Защита паролем {status}",
+    "resourcePasswordRemove": "Пароль ресурса удалён",
+    "resourcePasswordRemoveDescription": "Пароль ресурса был успешно удалён",
+    "resourcePasswordSetup": "Пароль ресурса установлен",
+    "resourcePasswordSetupDescription": "Пароль ресурса был успешно установлен",
+    "resourcePasswordSetupTitle": "Установить пароль",
+    "resourcePasswordSetupTitleDescription": "Установите пароль для защиты этого ресурса",
+    "resourcePincode": "PIN-код",
+    "resourcePincodeSubmit": "Включить защиту PIN-кодом",
+    "resourcePincodeProtection": "Защита PIN-кодом {status}",
+    "resourcePincodeRemove": "PIN-код ресурса удалён",
+    "resourcePincodeRemoveDescription": "PIN-код ресурса был успешно удалён",
+    "resourcePincodeSetup": "Resource PIN code set",
+    "resourcePincodeSetupDescription": "The resource pincode has been set successfully",
+    "resourcePincodeSetupTitle": "Set Pincode",
+    "resourcePincodeSetupTitleDescription": "Set a pincode to protect this resource",
+    "resourceRoleDescription": "Admins can always access this resource.",
+    "resourceUsersRoles": "Users & Roles",
+    "resourceUsersRolesDescription": "Configure which users and roles can visit this resource",
+    "resourceUsersRolesSubmit": "Save Users & Roles",
+    "resourceWhitelistSave": "Saved successfully",
+    "resourceWhitelistSaveDescription": "Whitelist settings have been saved",
+    "ssoUse": "Use Platform SSO",
+    "ssoUseDescription": "Существующим пользователям нужно будет войти только один раз для всех ресурсов с включенной этой опцией.",
+    "proxyErrorInvalidPort": "Invalid port number",
+    "subdomainErrorInvalid": "Invalid subdomain",
+    "domainErrorFetch": "Error fetching domains",
+    "domainErrorFetchDescription": "An error occurred when fetching the domains",
+    "resourceErrorUpdate": "Failed to update resource",
+    "resourceErrorUpdateDescription": "An error occurred while updating the resource",
+    "resourceUpdated": "Resource updated",
+    "resourceUpdatedDescription": "The resource has been updated successfully",
+    "resourceErrorTransfer": "Failed to transfer resource",
+    "resourceErrorTransferDescription": "An error occurred while transferring the resource",
+    "resourceTransferred": "Resource transferred",
+    "resourceTransferredDescription": "The resource has been transferred successfully",
+    "resourceErrorToggle": "Failed to toggle resource",
+    "resourceErrorToggleDescription": "An error occurred while updating the resource",
+    "resourceVisibilityTitle": "Visibility",
+    "resourceVisibilityTitleDescription": "Completely enable or disable resource visibility",
+    "resourceGeneral": "General Settings",
+    "resourceGeneralDescription": "Configure the general settings for this resource",
+    "resourceEnable": "Enable Resource",
+    "resourceTransfer": "Transfer Resource",
+    "resourceTransferDescription": "Transfer this resource to a different site",
+    "resourceTransferSubmit": "Transfer Resource",
+    "siteDestination": "Destination Site",
+    "searchSites": "Search sites",
+    "accessRoleCreate": "Create Role",
+    "accessRoleCreateDescription": "Create a new role to group users and manage their permissions.",
+    "accessRoleCreateSubmit": "Create Role",
+    "accessRoleCreated": "Role created",
+    "accessRoleCreatedDescription": "The role has been successfully created.",
+    "accessRoleErrorCreate": "Failed to create role",
+    "accessRoleErrorCreateDescription": "An error occurred while creating the role.",
+    "accessRoleErrorNewRequired": "New role is required",
+    "accessRoleErrorRemove": "Failed to remove role",
+    "accessRoleErrorRemoveDescription": "An error occurred while removing the role.",
+    "accessRoleName": "Role Name",
+    "accessRoleQuestionRemove": "Вы собираетесь удалить роль {name}. Это действие нельзя отменить.",
+    "accessRoleRemove": "Удалить роль",
+    "accessRoleRemoveDescription": "Удалить роль из организации",
+    "accessRoleRemoveSubmit": "Удалить роль",
+    "accessRoleRemoved": "Роль удалена",
+    "accessRoleRemovedDescription": "Роль была успешно удалена.",
+    "accessRoleRequiredRemove": "Перед удалением этой роли выберите новую роль для переноса существующих участников.",
+    "manage": "Управление",
+    "sitesNotFound": "Сайты не найдены.",
+    "pangolinServerAdmin": "Администратор сервера - Pangolin",
+    "licenseTierProfessional": "Профессиональная лицензия",
+    "licenseTierEnterprise": "Корпоративная лицензия",
+    "licenseTierCommercial": "Коммерческая лицензия",
+    "licensed": "Лицензировано",
+    "yes": "Да",
+    "no": "Нет",
+    "sitesAdditional": "Дополнительные сайты",
+    "licenseKeys": "Лицензионные ключи",
+    "sitestCountDecrease": "Уменьшить количество сайтов",
+    "sitestCountIncrease": "Увеличить количество сайтов",
+    "idpManage": "Управление поставщиками удостоверений",
+    "idpManageDescription": "Просмотр и управление поставщиками удостоверений в системе",
+    "idpDeletedDescription": "Поставщик удостоверений успешно удалён",
+    "idpOidc": "OAuth2/OIDC",
+    "idpQuestionRemove": "Вы уверены, что хотите навсегда удалить поставщика удостоверений {name}?",
+    "idpMessageRemove": "Это удалит поставщика удостоверений и все связанные конфигурации. Пользователи, которые аутентифицируются через этого поставщика, больше не смогут войти.",
+    "idpMessageConfirm": "Для подтверждения введите имя поставщика удостоверений ниже.",
+    "idpConfirmDelete": "Подтвердить удаление поставщика удостоверений",
+    "idpDelete": "Удалить поставщика удостоверений",
+    "idp": "Поставщики удостоверений",
+    "idpSearch": "Поиск поставщиков удостоверений...",
+    "idpAdd": "Добавить поставщика удостоверений",
+    "idpClientIdRequired": "ID клиента обязателен.",
+    "idpClientSecretRequired": "Client Secret is required.",
+    "idpErrorAuthUrlInvalid": "Auth URL must be a valid URL.",
+    "idpErrorTokenUrlInvalid": "Token URL must be a valid URL.",
+    "idpPathRequired": "Identifier Path is required.",
+    "idpScopeRequired": "Scopes are required.",
+    "idpOidcDescription": "Configure an OpenID Connect identity provider",
+    "idpCreatedDescription": "Identity provider created successfully",
+    "idpCreate": "Create Identity Provider",
+    "idpCreateDescription": "Configure a new identity provider for user authentication",
+    "idpSeeAll": "See All Identity Providers",
+    "idpSettingsDescription": "Configure the basic information for your identity provider",
+    "idpDisplayName": "A display name for this identity provider",
+    "idpAutoProvisionUsers": "Auto Provision Users",
+    "idpAutoProvisionUsersDescription": "При включении пользователи будут автоматически создаваться в системе при первом входе с возможностью сопоставления пользователей с ролями и организациями.",
+    "licenseBadge": "Professional",
+    "idpType": "Provider Type",
+    "idpTypeDescription": "Select the type of identity provider you want to configure",
+    "idpOidcConfigure": "OAuth2/OIDC Configuration",
+    "idpOidcConfigureDescription": "Настройте конечные точки и учётные данные поставщика OAuth2/OIDC",
+    "idpClientId": "Client ID",
+    "idpClientIdDescription": "The OAuth2 client ID from your identity provider",
+    "idpClientSecret": "Client Secret",
+    "idpClientSecretDescription": "The OAuth2 client secret from your identity provider",
+    "idpAuthUrl": "Authorization URL",
+    "idpAuthUrlDescription": "The OAuth2 authorization endpoint URL",
+    "idpTokenUrl": "Token URL",
+    "idpTokenUrlDescription": "The OAuth2 token endpoint URL",
+    "idpOidcConfigureAlert": "Important Information",
+    "idpOidcConfigureAlertDescription": "После создания поставщика удостоверений вам нужно будет настроить URL обратного вызова в настройках вашего поставщика удостоверений. URL обратного вызова будет предоставлен после успешного создания.",
+    "idpToken": "Token Configuration",
+    "idpTokenDescription": "Configure how to extract user information from the ID token",
+    "idpJmespathAbout": "About JMESPath",
+    "idpJmespathAboutDescription": "The paths below use JMESPath syntax to extract values from the ID token.",
+    "idpJmespathAboutDescriptionLink": "Learn more about JMESPath",
+    "idpJmespathLabel": "Identifier Path",
+    "idpJmespathLabelDescription": "The path to the user identifier in the ID token",
+    "idpJmespathEmailPathOptional": "Email Path (Optional)",
+    "idpJmespathEmailPathOptionalDescription": "The path to the user's email in the ID token",
+    "idpJmespathNamePathOptional": "Name Path (Optional)",
+    "idpJmespathNamePathOptionalDescription": "The path to the user's name in the ID token",
+    "idpOidcConfigureScopes": "Scopes",
+    "idpOidcConfigureScopesDescription": "Space-separated list of OAuth2 scopes to request",
+    "idpSubmit": "Create Identity Provider",
+    "orgPolicies": "Organization Policies",
+    "idpSettings": "Настройки {idpName}",
+    "idpCreateSettingsDescription": "Configure the settings for your identity provider",
+    "roleMapping": "Role Mapping",
+    "orgMapping": "Organization Mapping",
+    "orgPoliciesSearch": "Search organization policies...",
+    "orgPoliciesAdd": "Add Organization Policy",
+    "orgRequired": "Organization is required",
+    "error": "Error",
+    "success": "Success",
+    "orgPolicyAddedDescription": "Policy added successfully",
+    "orgPolicyUpdatedDescription": "Policy updated successfully",
+    "orgPolicyDeletedDescription": "Policy deleted successfully",
+    "defaultMappingsUpdatedDescription": "Default mappings updated successfully",
+    "orgPoliciesAbout": "About Organization Policies",
+    "orgPoliciesAboutDescription": "Политики организации используются для контроля доступа к организациям на основе ID токена пользователя. Вы можете указать выражения JMESPath для извлечения информации о роли и организации из ID токена.",
+    "orgPoliciesAboutDescriptionLink": "See documentation, for more information.",
+    "defaultMappingsOptional": "Default Mappings (Optional)",
+    "defaultMappingsOptionalDescription": "Сопоставления по умолчанию используются, когда для организации не определена политика организации. Здесь вы можете указать сопоставления ролей и организаций по умолчанию.",
+    "defaultMappingsRole": "Default Role Mapping",
+    "defaultMappingsRoleDescription": "Результат этого выражения должен возвращать имя роли, как определено в организации, в виде строки.",
+    "defaultMappingsOrg": "Default Organization Mapping",
+    "defaultMappingsOrgDescription": "Это выражение должно возвращать ID организации или true для разрешения доступа пользователя к организации.",
+    "defaultMappingsSubmit": "Save Default Mappings",
+    "orgPoliciesEdit": "Edit Organization Policy",
+    "org": "Organization",
+    "orgSelect": "Select organization",
+    "orgSearch": "Search org",
+    "orgNotFound": "No org found.",
+    "roleMappingPathOptional": "Role Mapping Path (Optional)",
+    "orgMappingPathOptional": "Organization Mapping Path (Optional)",
+    "orgPolicyUpdate": "Update Policy",
+    "orgPolicyAdd": "Add Policy",
+    "orgPolicyConfig": "Configure access for an organization",
+    "idpUpdatedDescription": "Identity provider updated successfully",
+    "redirectUrl": "Redirect URL",
+    "redirectUrlAbout": "About Redirect URL",
+    "redirectUrlAboutDescription": "Это URL, на который пользователи будут перенаправлены после аутентификации. Вам нужно настроить этот URL в настройках вашего поставщика удостоверений.",
+    "pangolinAuth": "Аутентификация - Pangolin",
+    "verificationCodeLengthRequirements": "Ваш код подтверждения должен состоять из 8 символов.",
+    "errorOccurred": "Произошла ошибка",
+    "emailErrorVerify": "Не удалось подтвердить email:",
+    "emailVerified": "Email успешно подтверждён! Перенаправляем вас...",
+    "verificationCodeErrorResend": "Не удалось повторно отправить код подтверждения:",
+    "verificationCodeResend": "Код подтверждения отправлен повторно",
+    "verificationCodeResendDescription": "Мы повторно отправили код подтверждения на ваш email адрес. Пожалуйста, проверьте вашу почту.",
+    "emailVerify": "Подтвердить email",
+    "emailVerifyDescription": "Введите код подтверждения, отправленный на ваш email адрес.",
+    "verificationCode": "Код подтверждения",
+    "verificationCodeEmailSent": "Мы отправили код подтверждения на ваш email адрес.",
+    "submit": "Отправить",
+    "emailVerifyResendProgress": "Отправка повторно...",
+    "emailVerifyResend": "Не получили код? Нажмите здесь для повторной отправки",
+    "passwordNotMatch": "Пароли не совпадают",
+    "signupError": "Произошла ошибка при регистрации",
+    "pangolinLogoAlt": "Логотип Pangolin",
+    "inviteAlready": "Похоже, вы были приглашены!",
+    "inviteAlreadyDescription": "Чтобы принять приглашение, вы должны войти или создать учётную запись.",
+    "signupQuestion": "Уже есть учётная запись?",
+    "login": "Войти",
+    "resourceNotFound": "Ресурс не найден",
+    "resourceNotFoundDescription": "Ресурс, к которому вы пытаетесь получить доступ, не существует.",
+    "pincodeRequirementsLength": "PIN должен состоять ровно из 6 цифр",
+    "pincodeRequirementsChars": "PIN должен содержать только цифры",
+    "passwordRequirementsLength": "Пароль должен быть не менее 1 символа",
+    "otpEmailRequirementsLength": "OTP должен быть не менее 1 символа",
+    "otpEmailSent": "OTP отправлен",
+    "otpEmailSentDescription": "OTP был отправлен на ваш email",
+    "otpEmailErrorAuthenticate": "Не удалось аутентифицироваться с email",
+    "pincodeErrorAuthenticate": "Не удалось аутентифицироваться с PIN-кодом",
+    "passwordErrorAuthenticate": "Не удалось аутентифицироваться с паролем",
+    "poweredBy": "Разработано",
+    "authenticationRequired": "Требуется аутентификация",
+    "authenticationMethodChoose": "Выберите предпочтительный метод для доступа к {name}",
+    "authenticationRequest": "Вы должны аутентифицироваться для доступа к {name}",
+    "user": "Пользователь",
+    "pincodeInput": "6-значный PIN-код",
+    "pincodeSubmit": "Войти с PIN-кодом",
+    "passwordSubmit": "Войти с паролем",
+    "otpEmailDescription": "Одноразовый код будет отправлен на этот email.",
+    "otpEmailSend": "Отправить одноразовый код",
+    "otpEmail": "Одноразовый пароль (OTP)",
+    "otpEmailSubmit": "Отправить OTP",
+    "backToEmail": "Назад к email",
+    "noSupportKey": "Сервер работает без ключа поддержки. Подумайте о поддержке проекта!",
+    "accessDenied": "Доступ запрещён",
+    "accessDeniedDescription": "Вам не разрешён доступ к этому ресурсу. Если это ошибка, пожалуйста, свяжитесь с администратором.",
+    "accessTokenError": "Ошибка проверки токена доступа",
+    "accessGranted": "Доступ предоставлен",
+    "accessUrlInvalid": "Неверный URL доступа",
+    "accessGrantedDescription": "You have been granted access to this resource. Redirecting you...",
+    "accessUrlInvalidDescription": "This shared access URL is invalid. Please contact the resource owner for a new URL.",
+    "tokenInvalid": "Invalid token",
+    "pincodeInvalid": "Invalid code",
+    "passwordErrorRequestReset": "Failed to request reset:",
+    "passwordErrorReset": "Failed to reset password:",
+    "passwordResetSuccess": "Password reset successfully! Back to log in...",
+    "passwordReset": "Reset Password",
+    "passwordResetDescription": "Follow the steps to reset your password",
+    "passwordResetSent": "We'll send a password reset code to this email address.",
+    "passwordResetCode": "Reset Code",
+    "passwordResetCodeDescription": "Check your email for the reset code.",
+    "passwordNew": "New Password",
+    "passwordNewConfirm": "Confirm New Password",
+    "pincodeAuth": "Authenticator Code",
+    "pincodeSubmit2": "Submit Code",
+    "passwordResetSubmit": "Request Reset",
+    "passwordBack": "Back to Password",
+    "loginBack": "Go back to log in",
+    "signup": "Sign up",
+    "loginStart": "Log in to get started",
+    "idpOidcTokenValidating": "Validating OIDC token",
+    "idpOidcTokenResponse": "Validate OIDC token response",
+    "idpErrorOidcTokenValidating": "Error validating OIDC token",
+    "idpConnectingTo": "Подключение к {name}",
+    "idpConnectingToDescription": "Validating your identity",
+    "idpConnectingToProcess": "Connecting...",
+    "idpConnectingToFinished": "Connected",
+    "idpErrorConnectingTo": "Возникла проблема при подключении к {name}. Пожалуйста, свяжитесь с вашим администратором.",
+    "idpErrorNotFound": "IdP not found",
+    "inviteInvalid": "Invalid Invite",
+    "inviteInvalidDescription": "The invite link is invalid.",
+    "inviteErrorWrongUser": "Invite is not for this user",
+    "inviteErrorUserNotExists": "User does not exist. Please create an account first.",
+    "inviteErrorLoginRequired": "You must be logged in to accept an invite",
+    "inviteErrorExpired": "The invite may have expired",
+    "inviteErrorRevoked": "The invite might have been revoked",
+    "inviteErrorTypo": "There could be a typo in the invite link",
+    "pangolinSetup": "Setup - Pangolin",
+    "orgNameRequired": "Organization name is required",
+    "orgIdRequired": "Organization ID is required",
+    "orgErrorCreate": "An error occurred while creating org",
+    "pageNotFound": "Page Not Found",
+    "pageNotFoundDescription": "Oops! The page you're looking for doesn't exist.",
+    "overview": "Overview",
+    "home": "Home",
+    "accessControl": "Access Control",
+    "settings": "Settings",
+    "usersAll": "All Users",
+    "license": "License",
+    "pangolinDashboard": "Dashboard - Pangolin",
+    "noResults": "No results found.",
+    "terabytes": "{count} ТБ",
+    "gigabytes": "{count} ГБ",
+    "megabytes": "{count} МБ",
+    "tagsEntered": "Entered Tags",
+    "tagsEnteredDescription": "These are the tags you`ve entered.",
+    "tagsWarnCannotBeLessThanZero": "maxTags and minTags cannot be less than 0",
+    "tagsWarnNotAllowedAutocompleteOptions": "Tag not allowed as per autocomplete options",
+    "tagsWarnInvalid": "Invalid tag as per validateTag",
+    "tagWarnTooShort": "Tag {tagText} is too short",
+    "tagWarnTooLong": "Tag {tagText} is too long",
+    "tagsWarnReachedMaxNumber": "Reached the maximum number of tags allowed",
+    "tagWarnDuplicate": "Duplicate tag {tagText} not added",
+    "supportKeyInvalid": "Invalid Key",
+    "supportKeyInvalidDescription": "Your supporter key is invalid.",
+    "supportKeyValid": "Valid Key",
+    "supportKeyValidDescription": "Your supporter key has been validated. Thank you for your support!",
+    "supportKeyErrorValidationDescription": "Failed to validate supporter key.",
+    "supportKey": "Support Development and Adopt a Pangolin!",
+    "supportKeyDescription": "Приобретите ключ поддержки, чтобы помочь нам продолжать разработку Pangolin для сообщества. Ваш вклад позволяет нам уделять больше времени поддержке и добавлению новых функций в приложение для всех. Мы никогда не будем использовать это для платного доступа к функциям. Это отдельно от любой коммерческой версии.",
+    "supportKeyPet": "You will also get to adopt and meet your very own pet Pangolin!",
+    "supportKeyPurchase": "Payments are processed via GitHub. Afterward, you can retrieve your key on",
+    "supportKeyPurchaseLink": "our website",
+    "supportKeyPurchase2": "and redeem it here.",
+    "supportKeyLearnMore": "Learn more.",
+    "supportKeyOptions": "Please select the option that best suits you.",
+    "supportKetOptionFull": "Full Supporter",
+    "forWholeServer": "For the whole server",
+    "lifetimePurchase": "Lifetime purchase",
+    "supporterStatus": "Supporter status",
+    "buy": "Buy",
+    "supportKeyOptionLimited": "Limited Supporter",
+    "forFiveUsers": "For 5 or less users",
+    "supportKeyRedeem": "Redeem Supporter Key",
+    "supportKeyHideSevenDays": "Hide for 7 days",
+    "supportKeyEnter": "Enter Supporter Key",
+    "supportKeyEnterDescription": "Meet your very own pet Pangolin!",
+    "githubUsername": "GitHub Username",
+    "supportKeyInput": "Supporter Key",
+    "supportKeyBuy": "Buy Supporter Key",
+    "logoutError": "Error logging out",
+    "signingAs": "Signed in as",
+    "serverAdmin": "Server Admin",
+    "otpEnable": "Enable Two-factor",
+    "otpDisable": "Disable Two-factor",
+    "logout": "Log Out",
+    "licenseTierProfessionalRequired": "Professional Edition Required",
+    "licenseTierProfessionalRequiredDescription": "Эта функция доступна только в профессиональной версии.",
+    "actionGetOrg": "Get Organization",
+    "actionUpdateOrg": "Update Organization",
+    "actionUpdateUser": "Update User",
+    "actionGetUser": "Get User",
+    "actionGetOrgUser": "Get Organization User",
+    "actionListOrgDomains": "List Organization Domains",
+    "actionCreateSite": "Create Site",
+    "actionDeleteSite": "Delete Site",
+    "actionGetSite": "Get Site",
+    "actionListSites": "List Sites",
+    "actionUpdateSite": "Update Site",
+    "actionListSiteRoles": "List Allowed Site Roles",
+    "actionCreateResource": "Create Resource",
+    "actionDeleteResource": "Delete Resource",
+    "actionGetResource": "Get Resource",
+    "actionListResource": "List Resources",
+    "actionUpdateResource": "Update Resource",
+    "actionListResourceUsers": "List Resource Users",
+    "actionSetResourceUsers": "Set Resource Users",
+    "actionSetAllowedResourceRoles": "Set Allowed Resource Roles",
+    "actionListAllowedResourceRoles": "List Allowed Resource Roles",
+    "actionSetResourcePassword": "Set Resource Password",
+    "actionSetResourcePincode": "Set Resource Pincode",
+    "actionSetResourceEmailWhitelist": "Set Resource Email Whitelist",
+    "actionGetResourceEmailWhitelist": "Get Resource Email Whitelist",
+    "actionCreateTarget": "Create Target",
+    "actionDeleteTarget": "Delete Target",
+    "actionGetTarget": "Get Target",
+    "actionListTargets": "List Targets",
+    "actionUpdateTarget": "Update Target",
+    "actionCreateRole": "Create Role",
+    "actionDeleteRole": "Delete Role",
+    "actionGetRole": "Get Role",
+    "actionListRole": "List Roles",
+    "actionUpdateRole": "Update Role",
+    "actionListAllowedRoleResources": "List Allowed Role Resources",
+    "actionInviteUser": "Invite User",
+    "actionRemoveUser": "Remove User",
+    "actionListUsers": "List Users",
+    "actionAddUserRole": "Add User Role",
+    "actionGenerateAccessToken": "Generate Access Token",
+    "actionDeleteAccessToken": "Delete Access Token",
+    "actionListAccessTokens": "List Access Tokens",
+    "actionCreateResourceRule": "Create Resource Rule",
+    "actionDeleteResourceRule": "Delete Resource Rule",
+    "actionListResourceRules": "List Resource Rules",
+    "actionUpdateResourceRule": "Update Resource Rule",
+    "actionListOrgs": "List Organizations",
+    "actionCheckOrgId": "Check ID",
+    "actionCreateOrg": "Create Organization",
+    "actionDeleteOrg": "Delete Organization",
+    "actionListApiKeys": "List API Keys",
+    "actionListApiKeyActions": "List API Key Actions",
+    "actionSetApiKeyActions": "Set API Key Allowed Actions",
+    "actionCreateApiKey": "Create API Key",
+    "actionDeleteApiKey": "Delete API Key",
+    "actionCreateIdp": "Create IDP",
+    "actionUpdateIdp": "Обновить IDP",
+    "actionDeleteIdp": "Удалить IDP",
+    "actionListIdps": "Список IDP",
+    "actionGetIdp": "Получить IDP",
+    "actionCreateIdpOrg": "Создать политику IDP организации",
+    "actionDeleteIdpOrg": "Удалить политику IDP организации",
+    "actionListIdpOrgs": "Список организаций IDP",
+    "actionUpdateIdpOrg": "Обновить организацию IDP",
+    "noneSelected": "Ничего не выбрано",
+    "orgNotFound2": "Организации не найдены.",
+    "searchProgress": "Поиск...",
+    "create": "Создать",
+    "orgs": "Организации",
+    "loginError": "Произошла ошибка при входе",
+    "passwordForgot": "Забыли пароль?",
+    "otpAuth": "Двухфакторная аутентификация",
+    "otpAuthDescription": "Введите код из вашего приложения-аутентификатора или один из ваших одноразовых резервных кодов.",
+    "otpAuthSubmit": "Отправить код",
+    "idpContinue": "Или продолжить с",
+    "otpAuthBack": "Вернуться к входу",
+    "navbar": "Навигационное меню",
+    "navbarDescription": "Главное навигационное меню приложения",
+    "navbarDocsLink": "Документация",
+    "commercialEdition": "Коммерческая версия",
+    "otpErrorEnable": "Невозможно включить 2FA",
+    "otpErrorEnableDescription": "Произошла ошибка при включении 2FA",
+    "otpSetupCheckCode": "Пожалуйста, введите 6-значный код",
+    "otpSetupCheckCodeRetry": "Неверный код. Попробуйте снова.",
+    "otpSetup": "Включить двухфакторную аутентификацию",
+    "otpSetupDescription": "Защитите свою учётную запись дополнительным уровнем защиты",
+    "otpSetupScanQr": "Отсканируйте этот QR-код с помощью вашего приложения-аутентификатора или введите секретный ключ вручную:",
+    "otpSetupSecretCode": "Код аутентификатора",
+    "otpSetupSuccess": "Двухфакторная аутентификация включена",
+    "otpSetupSuccessStoreBackupCodes": "Ваша учётная запись теперь более защищена. Не забудьте сохранить резервные коды.",
+    "otpErrorDisable": "Невозможно отключить 2FA",
+    "otpErrorDisableDescription": "Произошла ошибка при отключении 2FA",
+    "otpRemove": "Отключить двухфакторную аутентификацию",
+    "otpRemoveDescription": "Отключить двухфакторную аутентификацию для вашей учётной записи",
+    "otpRemoveSuccess": "Two-Factor Authentication Disabled",
+    "otpRemoveSuccessMessage": "Двухфакторная аутентификация была отключена для вашей учётной записи. Вы можете включить её снова в любое время.",
+    "otpRemoveSubmit": "Disable 2FA",
+    "paginator": "Page {current} of {last}",
+    "paginatorToFirst": "Go to first page",
+    "paginatorToPrevious": "Go to previous page",
+    "paginatorToNext": "Go to next page",
+    "paginatorToLast": "Go to last page",
+    "copyText": "Copy text",
+    "copyTextFailed": "Failed to copy text: ",
+    "copyTextClipboard": "Copy to clipboard",
+    "inviteErrorInvalidConfirmation": "Invalid confirmation",
+    "passwordRequired": "Password is required",
+    "allowAll": "Разрешить всё",
+    "permissionsAllowAll": "Разрешить все разрешения",
+    "githubUsernameRequired": "Имя пользователя GitHub обязательно",
+    "supportKeyRequired": "Ключ поддержки обязателен",
+    "passwordRequirementsChars": "Пароль должен быть не менее 8 символов",
+    "language": "Язык",
+    "verificationCodeRequired": "Код обязателен",
+    "userErrorNoUpdate": "Нет пользователя для обновления",
+    "siteErrorNoUpdate": "Нет сайта для обновления",
+    "resourceErrorNoUpdate": "Нет ресурса для обновления",
+    "authErrorNoUpdate": "Нет информации об аутентификации для обновления",
+    "orgErrorNoUpdate": "Нет организации для обновления",
+    "orgErrorNoProvided": "Организация не предоставлена",
+    "apiKeysErrorNoUpdate": "Нет API ключа для обновления",
+    "sidebarOverview": "Обзор",
+    "sidebarHome": "Главная",
+    "sidebarSites": "Сайты",
+    "sidebarResources": "Ресурсы",
+    "sidebarAccessControl": "Контроль доступа",
+    "sidebarUsers": "Пользователи",
+    "sidebarInvitations": "Приглашения",
+    "sidebarRoles": "Роли",
+    "sidebarShareableLinks": "Общие ссылки",
+    "sidebarApiKeys": "API ключи",
+    "sidebarSettings": "Настройки",
+    "sidebarAllUsers": "Все пользователи",
+    "sidebarIdentityProviders": "Поставщики удостоверений",
+    "sidebarLicense": "Лицензия",
+    "sidebarClients": "Clients",
+    "sidebarDomains": "Domains",
+    "enableDockerSocket": "Включить Docker Socket",
+    "enableDockerSocketDescription": "Включить обнаружение Docker Socket для заполнения информации о контейнерах. Путь к сокету должен быть предоставлен Newt.",
+    "enableDockerSocketLink": "Узнать больше",
+    "viewDockerContainers": "Просмотр контейнеров Docker",
+    "containersIn": "Контейнеры в {siteName}",
+    "selectContainerDescription": "Выберите любой контейнер для использования в качестве имени хоста для этой цели. Нажмите на порт, чтобы использовать порт.",
+    "containerName": "Имя",
+    "containerImage": "Образ",
+    "containerState": "Состояние",
+    "containerNetworks": "Сети",
+    "containerHostnameIp": "Имя хоста/IP",
+    "containerLabels": "Метки",
+    "containerLabelsCount": "{count, plural, one {# метка} few {# метки} many {# меток} other {# меток}}",
+    "containerLabelsTitle": "Метки контейнера",
+    "containerLabelEmpty": "<empty>",
+    "containerPorts": "Порты",
+    "containerPortsMore": "+{count} ещё",
+    "containerActions": "Действия",
+    "select": "Выбрать",
+    "noContainersMatchingFilters": "Контейнеры, соответствующие текущим фильтрам, не найдены.",
+    "showContainersWithoutPorts": "Показать контейнеры без портов",
+    "showStoppedContainers": "Показать остановленные контейнеры",
+    "noContainersFound": "Контейнеры не найдены. Убедитесь, что контейнеры Docker запущены.",
+    "searchContainersPlaceholder": "Поиск среди {count} {count, plural, one {контейнера} few {контейнеров} many {контейнеров} other {контейнеров}}...",
+    "searchResultsCount": "{count, plural, one {# результат} few {# результата} many {# результатов} other {# результатов}}",
+    "filters": "Фильтры",
+    "filterOptions": "Параметры фильтрации",
+    "filterPorts": "Порты",
+    "filterStopped": "Остановлены",
+    "clearAllFilters": "Очистить все фильтры",
+    "columns": "Колонки",
+    "toggleColumns": "Переключить колонки",
+    "refreshContainersList": "Обновить список контейнеров",
+    "searching": "Поиск...",
+    "noContainersFoundMatching": "Контейнеры, соответствующие \"{filter}\", не найдены.",
+    "light": "светлая",
+    "dark": "тёмная",
+    "system": "системная",
+    "theme": "Тема",
+    "subnetRequired": "Subnet is required",
+    "initialSetupTitle": "Начальная настройка сервера",
+    "initialSetupDescription": "Создайте первоначальную учётную запись администратора сервера. Может существовать только один администратор сервера. Вы всегда можете изменить эти учётные данные позже.",
+    "createAdminAccount": "Создать учётную запись администратора",
+    "setupErrorCreateAdmin": "Произошла ошибка при создании учётной записи администратора сервера.",
+    "certificateStatus": "Certificate Status",
+    "loading": "Loading",
+    "restart": "Restart",
+    "domains": "Domains",
+    "domainsDescription": "Manage domains for your organization",
+    "domainsSearch": "Search domains...",
+    "domainAdd": "Add Domain",
+    "domainAddDescription": "Register a new domain with your organization",
+    "domainCreate": "Create Domain",
+    "domainCreatedDescription": "Domain created successfully",
+    "domainDeletedDescription": "Domain deleted successfully",
+    "domainQuestionRemove": "Are you sure you want to remove the domain {domain} from your account?",
+    "domainMessageRemove": "Once removed, the domain will no longer be associated with your account.",
+    "domainMessageConfirm": "To confirm, please type the domain name below.",
+    "domainConfirmDelete": "Confirm Delete Domain",
+    "domainDelete": "Delete Domain",
+    "domain": "Domain",
+    "selectDomainTypeNsName": "Domain Delegation (NS)",
+    "selectDomainTypeNsDescription": "This domain and all its subdomains. Use this when you want to control an entire domain zone.",
+    "selectDomainTypeCnameName": "Single Domain (CNAME)",
+    "selectDomainTypeCnameDescription": "Just this specific domain. Use this for individual subdomains or specific domain entries.",
+    "selectDomainTypeWildcardName": "Wildcard Domain",
+    "selectDomainTypeWildcardDescription": "This domain and its first level of subdomains.",
+    "domainDelegation": "Single Domain",
+    "selectType": "Select a type",
+    "actions": "Actions",
+    "refresh": "Refresh",
+    "refreshError": "Failed to refresh data",
+    "verified": "Verified",
+    "pending": "Pending",
+    "sidebarBilling": "Billing",
+    "billing": "Billing",
+    "orgBillingDescription": "Manage your billing information and subscriptions",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Hosted",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Complete Account Setup",
+    "completeAccountSetupDescription": "Set your password to get started",
+    "accountSetupSent": "We'll send an account setup code to this email address.",
+    "accountSetupCode": "Setup Code",
+    "accountSetupCodeDescription": "Check your email for the setup code.",
+    "passwordCreate": "Create Password",
+    "passwordCreateConfirm": "Confirm Password",
+    "accountSetupSubmit": "Send Setup Code",
+    "completeSetup": "Complete Setup",
+    "accountSetupSuccess": "Account setup completed! Welcome to Pangolin!",
+    "documentation": "Documentation",
+    "saveAllSettings": "Save All Settings",
+    "settingsUpdated": "Settings updated",
+    "settingsUpdatedDescription": "All settings have been updated successfully",
+    "settingsErrorUpdate": "Failed to update settings",
+    "settingsErrorUpdateDescription": "An error occurred while updating settings",
+    "sidebarCollapse": "Collapse",
+    "sidebarExpand": "Expand",
+    "newtUpdateAvailable": "Update Available",
+    "newtUpdateAvailableInfo": "A new version of Newt is available. Please update to the latest version for the best experience.",
+    "domainPickerEnterDomain": "Enter your domain",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com, or just myapp",
+    "domainPickerDescription": "Enter the full domain of the resource to see available options.",
+    "domainPickerDescriptionSaas": "Enter a full domain, subdomain, or just a name to see available options",
+    "domainPickerTabAll": "All",
+    "domainPickerTabOrganization": "Organization",
+    "domainPickerTabProvided": "Provided",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Checking availability...",
+    "domainPickerNoMatchingDomains": "No matching domains found for \"{userInput}\". Try a different domain or check your organization's domain settings.",
+    "domainPickerOrganizationDomains": "Organization Domains",
+    "domainPickerProvidedDomains": "Provided Domains",
+    "domainPickerSubdomain": "Subdomain: {subdomain}",
+    "domainPickerNamespace": "Namespace: {namespace}",
+    "domainPickerShowMore": "Show More",
+    "domainNotFound": "Domain Not Found",
+    "domainNotFoundDescription": "This resource is disabled because the domain no longer exists our system. Please set a new domain for this resource.",
+    "failed": "Failed",
+    "createNewOrgDescription": "Create a new organization",
+    "organization": "Organization",
+    "port": "Port",
+    "securityKeyManage": "Manage Security Keys",
+    "securityKeyDescription": "Add or remove security keys for passwordless authentication",
+    "securityKeyRegister": "Register New Security Key",
+    "securityKeyList": "Your Security Keys",
+    "securityKeyNone": "No security keys registered yet",
+    "securityKeyNameRequired": "Name is required",
+    "securityKeyRemove": "Remove",
+    "securityKeyLastUsed": "Last used: {date}",
+    "securityKeyNameLabel": "Security Key Name",
+    "securityKeyRegisterSuccess": "Security key registered successfully",
+    "securityKeyRegisterError": "Failed to register security key",
+    "securityKeyRemoveSuccess": "Security key removed successfully",
+    "securityKeyRemoveError": "Failed to remove security key",
+    "securityKeyLoadError": "Failed to load security keys",
+    "securityKeyLogin": "Continue with security key",
+    "securityKeyAuthError": "Failed to authenticate with security key",
+    "securityKeyRecommendation": "Register a backup security key on another device to ensure you always have access to your account.",
+    "registering": "Registering...",
+    "securityKeyPrompt": "Please verify your identity using your security key. Make sure your security key is connected and ready.",
+    "securityKeyBrowserNotSupported": "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari.",
+    "securityKeyPermissionDenied": "Please allow access to your security key to continue signing in.",
+    "securityKeyRemovedTooQuickly": "Please keep your security key connected until the sign-in process completes.",
+    "securityKeyNotSupported": "Your security key may not be compatible. Please try a different security key.",
+    "securityKeyUnknownError": "There was a problem using your security key. Please try again.",
+    "twoFactorRequired": "Two-factor authentication is required to register a security key.",
+    "twoFactor": "Two-Factor Authentication",
+    "adminEnabled2FaOnYourAccount": "Your administrator has enabled two-factor authentication for {email}. Please complete the setup process to continue.",
+    "continueToApplication": "Continue to Application",
+    "securityKeyAdd": "Add Security Key",
+    "securityKeyRegisterTitle": "Register New Security Key",
+    "securityKeyRegisterDescription": "Connect your security key and enter a name to identify it",
+    "securityKeyTwoFactorRequired": "Two-Factor Authentication Required",
+    "securityKeyTwoFactorDescription": "Please enter your two-factor authentication code to register the security key",
+    "securityKeyTwoFactorRemoveDescription": "Please enter your two-factor authentication code to remove the security key",
+    "securityKeyTwoFactorCode": "Two-Factor Code",
+    "securityKeyRemoveTitle": "Remove Security Key",
+    "securityKeyRemoveDescription": "Enter your password to remove the security key \"{name}\"",
+    "securityKeyNoKeysRegistered": "No security keys registered",
+    "securityKeyNoKeysDescription": "Add a security key to enhance your account security",
+    "createDomainRequired": "Domain is required",
+    "createDomainAddDnsRecords": "Add DNS Records",
+    "createDomainAddDnsRecordsDescription": "Add the following DNS records to your domain provider to complete the setup.",
+    "createDomainNsRecords": "NS Records",
+    "createDomainRecord": "Record",
+    "createDomainType": "Type:",
+    "createDomainName": "Name:",
+    "createDomainValue": "Value:",
+    "createDomainCnameRecords": "CNAME Records",
+    "createDomainRecordNumber": "Record {number}",
+    "createDomainTxtRecords": "TXT Records",
+    "createDomainSaveTheseRecords": "Save These Records",
+    "createDomainSaveTheseRecordsDescription": "Make sure to save these DNS records as you will not see them again.",
+    "createDomainDnsPropagation": "DNS Propagation",
+    "createDomainDnsPropagationDescription": "DNS changes may take some time to propagate across the internet. This can take anywhere from a few minutes to 48 hours, depending on your DNS provider and TTL settings.",
+    "resourcePortRequired": "Port number is required for non-HTTP resources",
+    "resourcePortNotAllowed": "Port number should not be set for HTTP resources"
+}
diff --git a/messages/tr-TR.json b/messages/tr-TR.json
index 085505b4..a547a44b 100644
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "Şu anda herhangi bir organizasyona üye değilsiniz. Başlamak için bir organizasyon oluşturun.",
     "componentsErrorNoMember": "Şu anda herhangi bir organizasyona üye değilsiniz.",
     "welcome": "Pangolin'e hoş geldiniz",
+    "welcomeTo": "Hoş geldiniz",
     "componentsCreateOrg": "Bir Organizasyon Oluşturun",
-    "componentsMember": "You're a member of {count, plural, =0 {no organization} =1 {one organization} other {# organizations}}.",
+    "componentsMember": "{count, plural, =0 {hiçbir organizasyon} one {bir organizasyon} other {# organizasyon}} üyesisiniz.",
     "componentsInvalidKey": "Geçersiz veya süresi dolmuş lisans anahtarları tespit edildi. Tüm özellikleri kullanmaya devam etmek için lisans koşullarına uyun.",
     "dismiss": "Kapat",
     "componentsLicenseViolation": "Lisans İhlali: Bu sunucu, lisanslı sınırı olan {maxSites} sitesini aşarak {usedSites} site kullanmaktadır. Tüm özellikleri kullanmaya devam etmek için lisans koşullarına uyun.",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "Organizasyon Ayarları",
     "orgGeneralSettingsDescription": "Organizasyon detaylarınızı ve yapılandırmanızı yönetin",
     "saveGeneralSettings": "Genel Ayarları Kaydet",
+    "saveSettings": "Ayarları Kaydet",
     "orgDangerZone": "Tehlike Alanı",
     "orgDangerZoneDescription": "Bu organizasyonu sildikten sonra geri dönüş yoktur. Emin olun.",
     "orgDelete": "Organizasyonu Sil",
@@ -249,7 +251,7 @@
     "weeks": "Hafta",
     "months": "Ay",
     "years": "Yıl",
-    "day": "{count, plural, =1 {# day} other {# days}}",
+    "day": "{count, plural, one {# gün} other {# gün}}",
     "apiKeysTitle": "API Anahtar Bilgilendirmesi",
     "apiKeysConfirmCopy2": "API anahtarını kopyaladığınızı onaylamanız gerekmektedir.",
     "apiKeysErrorCreate": "API anahtarı oluşturulurken hata",
@@ -347,7 +349,7 @@
     "licensePurchase": "Lisans Satın Al",
     "licensePurchaseSites": "Ek Siteler Satın Al",
     "licenseSitesUsedMax": "{usedSites} / {maxSites} siteleri kullanıldı",
-    "licenseSitesUsed": "{count, plural, =0 {# site} =1 {# site} other {# site}} sistemde bulunmaktadır.",
+    "licenseSitesUsed": "{count, plural, =0 {# site} one {# site} other {# site}} sistemde bulunmaktadır.",
     "licensePurchaseDescription": "{selectedMode, select, license {Lisans satın almak için kaç site istediğinizi seçin. Daha sonra daha fazla site ekleyebilirsiniz.} other {mevcut lisansınıza kaç site ekleneceğini seçin.}}",
     "licenseFee": "Lisans ücreti",
     "licensePriceSite": "Site başına fiyat",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "Rol seçin",
     "inviteEmailSentDescription": "Kullanıcıya erişim bağlantısı ile bir e-posta gönderildi. Daveti kabul etmek için bağlantıya erişmelidirler.",
     "inviteSentDescription": "Kullanıcı davet edilmiştir. Daveti kabul etmek için aşağıdaki bağlantıya erişmelidirler.",
-    "inviteExpiresIn": "The invite will expire in {days, plural, =1 {# day} other {# days}}.",
+    "inviteExpiresIn": "Davetiye {days, plural, one {# gün} other {# gün}} içinde sona erecektir.",
     "idpTitle": "General Information",
     "idpSelect": "Dış kullanıcı için kimlik sağlayıcıyı seçin",
     "idpNotConfigured": "Herhangi bir kimlik sağlayıcı yapılandırılmamış. Harici kullanıcılar oluşturulmadan önce lütfen bir kimlik sağlayıcı yapılandırın.",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "Bu özellik yalnızca Professional Edition'da kullanılabilir.",
     "actionGetOrg": "Kuruluşu Al",
     "actionUpdateOrg": "Kuruluşu Güncelle",
+    "actionUpdateUser": "Kullanıcıyı Güncelle",
+    "actionGetUser": "Kullanıcıyı Getir",
     "actionGetOrgUser": "Kuruluş Kullanıcısını Al",
     "actionListOrgDomains": "Kuruluş Alan Adlarını Listele",
     "actionCreateSite": "Site Oluştur",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "Tüm Kullanıcılar",
     "sidebarIdentityProviders": "Kimlik Sağlayıcılar",
     "sidebarLicense": "Lisans",
+    "sidebarClients": "Müşteriler",
+    "sidebarDomains": "Alan Adları",
     "enableDockerSocket": "Docker Soketi Etkinleştir",
     "enableDockerSocketDescription": "Konteyner bilgilerini doldurmak için Docker Socket keşfini etkinleştirin. Socket yolu Newt'e sağlanmalıdır.",
     "enableDockerSocketLink": "Daha fazla bilgi",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "Ağlar",
     "containerHostnameIp": "Ana Makine/IP",
     "containerLabels": "Etiketler",
-    "containerLabelsCount": "{count} etiket{s,plural,one{} other{ler}}",
+    "containerLabelsCount": "{count, plural, one {# etiket} other {# etiketler}}",
     "containerLabelsTitle": "Konteyner Etiketleri",
     "containerLabelEmpty": "<boş>",
     "containerPorts": "Bağlantı Noktaları",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "Durdurulmuş konteynerleri göster",
     "noContainersFound": "Konteyner bulunamadı. Docker konteynerlerinin çalıştığından emin olun.",
     "searchContainersPlaceholder": "{count} konteyner arasında arama yapın...",
-    "searchResultsCount": "{count} sonuç{s,plural,one{} other{lar}}",
+    "searchResultsCount": "{count, plural, one {# sonuç} other {# sonuçlar}}",
     "filters": "Filtreler",
     "filterOptions": "Filtre Seçenekleri",
     "filterPorts": "Bağlantı Noktaları",
@@ -1129,10 +1135,89 @@
     "dark": "koyu",
     "system": "sistem",
     "theme": "Tema",
+    "subnetRequired": "Alt ağ gereklidir",
     "initialSetupTitle": "İlk Sunucu Kurulumu",
     "initialSetupDescription": "İlk sunucu yönetici hesabını oluşturun. Yalnızca bir sunucu yöneticisi olabilir. Bu kimlik bilgilerini daha sonra her zaman değiştirebilirsiniz.",
     "createAdminAccount": "Yönetici Hesabı Oluştur",
     "setupErrorCreateAdmin": "Sunucu yönetici hesabı oluşturulurken bir hata oluştu.",
+    "certificateStatus": "Sertifika Durumu",
+    "loading": "Yükleniyor",
+    "restart": "Yeniden Başlat",
+    "domains": "Alan Adları",
+    "domainsDescription": "Organizasyonunuz için alan adlarını yönetin",
+    "domainsSearch": "Alan adlarını ara...",
+    "domainAdd": "Alan Adı Ekle",
+    "domainAddDescription": "Organizasyonunuz için yeni bir alan adı kaydedin",
+    "domainCreate": "Alan Adı Oluştur",
+    "domainCreatedDescription": "Alan adı başarıyla oluşturuldu",
+    "domainDeletedDescription": "Alan adı başarıyla silindi",
+    "domainQuestionRemove": "{domain} alan adını hesabınızdan kaldırmak istediğinizden emin misiniz?",
+    "domainMessageRemove": "Kaldırıldığında, alan adı hesabınızla ilişkilendirilmeyecek.",
+    "domainMessageConfirm": "Onaylamak için lütfen aşağıya alan adını yazın.",
+    "domainConfirmDelete": "Alan Adı Silinmesini Onayla",
+    "domainDelete": "Alan Adını Sil",
+    "domain": "Alan Adı",
+    "selectDomainTypeNsName": "Alan Adı Delege Etme (NS)",
+    "selectDomainTypeNsDescription": "Bu alan adı ve tüm alt alan adları. Tüm bir alan adı bölgesini kontrol etmek istediğinizde bunu kullanın.",
+    "selectDomainTypeCnameName": "Tekil Alan Adı (CNAME)",
+    "selectDomainTypeCnameDescription": "Sadece bu belirli alan adı. Bireysel alt alan adları veya belirli alan adı girişleri için bunu kullanın.",
+    "selectDomainTypeWildcardName": "Wildcard Alan Adı",
+    "selectDomainTypeWildcardDescription": "Bu alan adı ve onun ilk alt alan düzeyi.",
+    "domainDelegation": "Tekil Alan Adı",
+    "selectType": "Bir tür seçin",
+    "actions": "İşlemler",
+    "refresh": "Yenile",
+    "refreshError": "Veriler yenilenemedi",
+    "verified": "Doğrulandı",
+    "pending": "Beklemede",
+    "sidebarBilling": "Faturalama",
+    "billing": "Faturalama",
+    "orgBillingDescription": "Fatura bilgilerinizi ve aboneliklerinizi yönetin",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin Barındırılan",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "Hesap Kurulumunu Tamamla",
+    "completeAccountSetupDescription": "Başlamak için şifrenizi ayarlayın",
+    "accountSetupSent": "Bu e-posta adresine bir hesap kurulum kodu göndereceğiz.",
+    "accountSetupCode": "Kurulum Kodu",
+    "accountSetupCodeDescription": "Kurulum kodu için e-posta gelen kutunuzu kontrol edin.",
+    "passwordCreate": "Parola Oluştur",
+    "passwordCreateConfirm": "Şifreyi Onayla",
+    "accountSetupSubmit": "Kurulum Kodunu Gönder",
+    "completeSetup": "Kurulumu Tamamla",
+    "accountSetupSuccess": "Hesap kurulumu tamamlandı! Pangolin'e hoş geldiniz!",
+    "documentation": "Dokümantasyon",
+    "saveAllSettings": "Tüm Ayarları Kaydet",
+    "settingsUpdated": "Ayarlar güncellendi",
+    "settingsUpdatedDescription": "Tüm ayarlar başarıyla güncellendi",
+    "settingsErrorUpdate": "Ayarlar güncellenemedi",
+    "settingsErrorUpdateDescription": "Ayarları güncellerken bir hata oluştu",
+    "sidebarCollapse": "Daralt",
+    "sidebarExpand": "Genişlet",
+    "newtUpdateAvailable": "Güncelleme Mevcut",
+    "newtUpdateAvailableInfo": "Newt'in yeni bir versiyonu mevcut. En iyi deneyim için lütfen en son sürüme güncelleyin.",
+    "domainPickerEnterDomain": "Alan adınızı girin",
+    "domainPickerPlaceholder": "myapp.example.com, api.v1.mydomain.com veya sadece myapp",
+    "domainPickerDescription": "Mevcut seçenekleri görmek için kaynağın tam etki alanını girin.",
+    "domainPickerDescriptionSaas": "Mevcut seçenekleri görmek için tam etki alanı, alt etki alanı veya sadece bir isim girin",
+    "domainPickerTabAll": "Tümü",
+    "domainPickerTabOrganization": "Organizasyon",
+    "domainPickerTabProvided": "Sağlanan",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "Kullanılabilirlik kontrol ediliyor...",
+    "domainPickerNoMatchingDomains": "\"{userInput}\" için uygun alan adı bulunamadı. Farklı bir alan adı deneyin veya organizasyonunuzun alan adı ayarlarını kontrol edin.",
+    "domainPickerOrganizationDomains": "Organizasyon Alan Adları",
+    "domainPickerProvidedDomains": "Sağlanan Alan Adları",
+    "domainPickerSubdomain": "Alt Alan: {subdomain}",
+    "domainPickerNamespace": "Ad Alanı: {namespace}",
+    "domainPickerShowMore": "Daha Fazla Göster",
+    "domainNotFound": "Alan Adı Bulunamadı",
+    "domainNotFoundDescription": "Bu kaynak devre dışıdır çünkü alan adı sistemimizde artık mevcut değil. Bu kaynak için yeni bir alan adı belirleyin.",
+    "failed": "Başarısız",
+    "createNewOrgDescription": "Yeni bir organizasyon oluşturun",
+    "organization": "Kuruluş",
+    "port": "Bağlantı Noktası",
     "securityKeyManage": "Güvenlik Anahtarlarını Yönet",
     "securityKeyDescription": "Şifresiz kimlik doğrulama için güvenlik anahtarları ekleyin veya kaldırın",
     "securityKeyRegister": "Yeni Güvenlik Anahtarı Kaydet",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "Kaldır",
     "securityKeyLastUsed": "Son kullanım: {date}",
     "securityKeyNameLabel": "İsim",
-    "securityKeyNamePlaceholder": "Bu güvenlik anahtarı için bir isim girin",
     "securityKeyRegisterSuccess": "Güvenlik anahtarı başarıyla kaydedildi",
     "securityKeyRegisterError": "Güvenlik anahtarı kaydedilirken hata oluştu",
     "securityKeyRemoveSuccess": "Güvenlik anahtarı başarıyla kaldırıldı",
     "securityKeyRemoveError": "Güvenlik anahtarı kaldırılırken hata oluştu",
     "securityKeyLoadError": "Güvenlik anahtarları yüklenirken hata oluştu",
-    "securityKeyLogin": "Güvenlik anahtarı ile giriş yap",
+    "securityKeyLogin": "Güvenlik anahtarı ile devam edin",
     "securityKeyAuthError": "Güvenlik anahtarı ile kimlik doğrulama başarısız oldu",
-    "securityKeyRecommendation": "Hesabınızdan kilitlenmediğinizden emin olmak için farklı bir cihazda başka bir güvenlik anahtarı kaydetmeyi düşünün."
+    "securityKeyRecommendation": "Hesabınızdan kilitlenmediğinizden emin olmak için farklı bir cihazda başka bir güvenlik anahtarı kaydetmeyi düşünün.",
+    "registering": "Kaydediliyor...",
+    "securityKeyPrompt": "Lütfen güvenlik anahtarınızı kullanarak kimliğinizi doğrulayın. Güvenlik anahtarınızın bağlı ve hazır olduğundan emin olun.",
+    "securityKeyBrowserNotSupported": "Tarayıcınız güvenlik anahtarlarını desteklemiyor. Lütfen Chrome, Firefox veya Safari gibi modern bir tarayıcı kullanın.",
+    "securityKeyPermissionDenied": "Giriş yapmaya devam etmek için lütfen güvenlik anahtarınıza erişime izin verin.",
+    "securityKeyRemovedTooQuickly": "Güvenlik anahtarınızın bağlantısını kesmeden önce oturum açma işlemi tamamlanana kadar bağlı kalmasını sağlayın.",
+    "securityKeyNotSupported": "Güvenlik anahtarınız uyumlu olmayabilir. Lütfen farklı bir güvenlik anahtarı deneyin.",
+    "securityKeyUnknownError": "Güvenlik anahtarınızı kullanırken bir sorun oluştu. Lütfen tekrar deneyin.",
+    "twoFactorRequired": "Güvenlik anahtarını kaydetmek için iki faktörlü kimlik doğrulama gereklidir.",
+    "twoFactor": "İki Faktörlü Kimlik Doğrulama",
+    "adminEnabled2FaOnYourAccount": "Yöneticiniz {email} için iki faktörlü kimlik doğrulamayı etkinleştirdi. Devam etmek için kurulum işlemini tamamlayın.",
+    "continueToApplication": "Uygulamaya Devam Et",
+    "securityKeyAdd": "Güvenlik Anahtarı Ekle",
+    "securityKeyRegisterTitle": "Yeni Güvenlik Anahtarı Kaydet",
+    "securityKeyRegisterDescription": "Güvenlik anahtarınızı bağlayın ve tanımlamak için bir ad girin",
+    "securityKeyTwoFactorRequired": "İki Faktörlü Kimlik Doğrulama Gereklidir",
+    "securityKeyTwoFactorDescription": "Güvenlik anahtarını kaydetmek için lütfen iki faktörlü kimlik doğrulama kodunuzu girin",
+    "securityKeyTwoFactorRemoveDescription": "Güvenlik anahtarını kaldırmak için lütfen iki faktörlü kimlik doğrulama kodunuzu girin",
+    "securityKeyTwoFactorCode": "İki Faktörlü Kod",
+    "securityKeyRemoveTitle": "Güvenlik Anahtarını Kaldır",
+    "securityKeyRemoveDescription": "Güvenlik anahtarını \"{name}\" kaldırmak için şifrenizi girin",
+    "securityKeyNoKeysRegistered": "Kayıtlı güvenlik anahtarı yok",
+    "securityKeyNoKeysDescription": "Hesabınızın güvenliğini artırmak için bir güvenlik anahtarı ekleyin",
+    "createDomainRequired": "Alan adı gereklidir",
+    "createDomainAddDnsRecords": "DNS Kayıtlarını Ekle",
+    "createDomainAddDnsRecordsDescription": "Kurulumu tamamlamak için alan sağlayıcınıza şu DNS kayıtlarını ekleyin.",
+    "createDomainNsRecords": "NS Kayıtları",
+    "createDomainRecord": "Kayıt",
+    "createDomainType": "Tür:",
+    "createDomainName": "Ad:",
+    "createDomainValue": "Değer:",
+    "createDomainCnameRecords": "CNAME Kayıtları",
+    "createDomainRecordNumber": "Kayıt {number}",
+    "createDomainTxtRecords": "TXT Kayıtları",
+    "createDomainSaveTheseRecords": "Bu Kayıtları Kaydet",
+    "createDomainSaveTheseRecordsDescription": "Bu DNS kayıtlarını kaydettiğinizden emin olun çünkü tekrar görmeyeceksiniz.",
+    "createDomainDnsPropagation": "DNS Yayılması",
+    "createDomainDnsPropagationDescription": "DNS değişikliklerinin internet genelinde yayılması zaman alabilir. DNS sağlayıcınız ve TTL ayarlarına bağlı olarak bu birkaç dakika ile 48 saat arasında değişebilir.",
+    "resourcePortRequired": "HTTP dışı kaynaklar için bağlantı noktası numarası gereklidir",
+    "resourcePortNotAllowed": "HTTP kaynakları için bağlantı noktası numarası ayarlanmamalı"
 }
diff --git a/messages/zh-CN.json b/messages/zh-CN.json
index 8076ebda..4f7d779e 100644
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -11,8 +11,9 @@
     "componentsErrorNoMemberCreate": "您目前不是任何组织的成员。创建组织以开始操作。",
     "componentsErrorNoMember": "您目前不是任何组织的成员。",
     "welcome": "欢迎使用 Pangolin",
+    "welcomeTo": "欢迎来到",
     "componentsCreateOrg": "创建组织",
-    "componentsMember": "您属于 {count, plural, =0 {无组织} =1 {一个组织} other {# 个组织}}。",
+    "componentsMember": "您属于{count, plural, =0 {没有组织} one {一个组织} other {# 个组织}}。",
     "componentsInvalidKey": "检测到无效或过期的许可证密钥。按照许可证条款操作以继续使用所有功能。",
     "dismiss": "忽略",
     "componentsLicenseViolation": "许可证超限：该服务器使用了 {usedSites} 个站点，已超过授权的 {maxSites} 个。请遵守许可证条款以继续使用全部功能。",
@@ -206,6 +207,7 @@
     "orgGeneralSettings": "组织设置",
     "orgGeneralSettingsDescription": "管理您的机构详细信息和配置",
     "saveGeneralSettings": "保存常规设置",
+    "saveSettings": "保存设置",
     "orgDangerZone": "危险区域",
     "orgDangerZoneDescription": "一旦删除该组织，将无法恢复，请务必确认。",
     "orgDelete": "删除组织",
@@ -249,7 +251,7 @@
     "weeks": "周",
     "months": "月",
     "years": "年",
-    "day": "{count, plural, =1 {# 天} other {# 天}}",
+    "day": "{count, plural, other {# 天}}",
     "apiKeysTitle": "API 密钥",
     "apiKeysConfirmCopy2": "您必须确认您已复制 API 密钥。",
     "apiKeysErrorCreate": "创建 API 密钥出错",
@@ -347,7 +349,7 @@
     "licensePurchase": "购买许可证",
     "licensePurchaseSites": "购买更多站点",
     "licenseSitesUsedMax": "使用了 {usedSites}/{maxSites} 个站点",
-    "licenseSitesUsed": "{count, plural, =0 {# 站点} =1 {# 站点} other {# 站点}}",
+    "licenseSitesUsed": "{count, plural, =0 {# 站点} one {# 站点} other {# 站点}}",
     "licensePurchaseDescription": "请选择您希望 {selectedMode, select, license {直接购买许可证，您可以随时增加更多站点。} other {为现有许可证购买更多站点}}",
     "licenseFee": "许可证费用",
     "licensePriceSite": "每个站点的价格",
@@ -436,7 +438,7 @@
     "accessRoleSelect": "选择角色",
     "inviteEmailSentDescription": "一封电子邮件已经发送给用户，带有下面的访问链接。他们必须访问该链接才能接受邀请。",
     "inviteSentDescription": "用户已被邀请。他们必须访问下面的链接才能接受邀请。",
-    "inviteExpiresIn": "邀请将于 {days, plural, =1 {# 天} other {# 天}}",
+    "inviteExpiresIn": "邀请将在{days, plural, other {# 天}}后过期。",
     "idpTitle": "身份提供商",
     "idpSelect": "为外部用户选择身份提供商",
     "idpNotConfigured": "没有配置身份提供者。请在创建外部用户之前配置身份提供者。",
@@ -958,6 +960,8 @@
     "licenseTierProfessionalRequiredDescription": "此功能仅在专业版可用。",
     "actionGetOrg": "获取组织",
     "actionUpdateOrg": "更新组织",
+    "actionUpdateUser": "更新用户",
+    "actionGetUser": "获取用户",
     "actionGetOrgUser": "获取组织用户",
     "actionListOrgDomains": "列出组织域",
     "actionCreateSite": "创建站点",
@@ -1090,6 +1094,8 @@
     "sidebarAllUsers": "所有用户",
     "sidebarIdentityProviders": "身份提供商",
     "sidebarLicense": "证书",
+    "sidebarClients": "客户",
+    "sidebarDomains": "域",
     "enableDockerSocket": "启用停靠套接字",
     "enableDockerSocketDescription": "启用 Docker Socket 发现以填充容器信息。必须向 Newt 提供 Socket 路径。",
     "enableDockerSocketLink": "了解更多",
@@ -1102,7 +1108,7 @@
     "containerNetworks": "网络",
     "containerHostnameIp": "主机名/IP",
     "containerLabels": "标签",
-    "containerLabelsCount": "{count} label{s,plural,one{} other{s}}",
+    "containerLabelsCount": "{count, plural, other {# 标签}}",
     "containerLabelsTitle": "容器标签",
     "containerLabelEmpty": "<empty>",
     "containerPorts": "端口",
@@ -1114,7 +1120,7 @@
     "showStoppedContainers": "显示已停止的容器",
     "noContainersFound": "未找到容器。请确保Docker容器正在运行。",
     "searchContainersPlaceholder": "在 {count} 个容器中搜索...",
-    "searchResultsCount": "{count} result{s,plural,one{} other{s}}",
+    "searchResultsCount": "{count, plural, other {# 个结果}}",
     "filters": "筛选器",
     "filterOptions": "过滤器选项",
     "filterPorts": "端口",
@@ -1129,10 +1135,89 @@
     "dark": "深色",
     "system": "系统",
     "theme": "主题",
+    "subnetRequired": "子网是必填项",
     "initialSetupTitle": "初始服务器设置",
     "initialSetupDescription": "创建初始服务器管理员帐户。 只能存在一个服务器管理员。 您可以随时更改这些凭据。",
     "createAdminAccount": "创建管理员帐户",
     "setupErrorCreateAdmin": "创建服务器管理员账户时发生错误。",
+    "certificateStatus": "证书状态",
+    "loading": "加载中",
+    "restart": "重启",
+    "domains": "域",
+    "domainsDescription": "管理您的组织域",
+    "domainsSearch": "搜索域...",
+    "domainAdd": "添加域",
+    "domainAddDescription": "在您的组织中注册新域",
+    "domainCreate": "创建域",
+    "domainCreatedDescription": "域创建成功",
+    "domainDeletedDescription": "成功删除域",
+    "domainQuestionRemove": "您确定要从您的账户中移除域{domain}吗？",
+    "domainMessageRemove": "移除后，该域将不再与您的账户关联。",
+    "domainMessageConfirm": "要确认，请在下方输入域名。",
+    "domainConfirmDelete": "确认删除域",
+    "domainDelete": "删除域",
+    "domain": "域",
+    "selectDomainTypeNsName": "域委派（NS）",
+    "selectDomainTypeNsDescription": "此域及其所有子域。当您希望控制整个域区域时使用此选项。",
+    "selectDomainTypeCnameName": "单个域（CNAME）",
+    "selectDomainTypeCnameDescription": "仅此特定域。用于单个子域或特定域条目。",
+    "selectDomainTypeWildcardName": "通配符域",
+    "selectDomainTypeWildcardDescription": "此域及其第一级子域。",
+    "domainDelegation": "单个域",
+    "selectType": "选择一个类型",
+    "actions": "操作",
+    "refresh": "刷新",
+    "refreshError": "刷新数据失败",
+    "verified": "已验证",
+    "pending": "待定",
+    "sidebarBilling": "计费",
+    "billing": "计费",
+    "orgBillingDescription": "管理您的账单信息和订阅",
+    "github": "GitHub",
+    "pangolinHosted": "Pangolin 托管",
+    "fossorial": "Fossorial",
+    "completeAccountSetup": "完成账户设置",
+    "completeAccountSetupDescription": "设置您的密码以开始",
+    "accountSetupSent": "我们将发送账号设置代码到该电子邮件地址。",
+    "accountSetupCode": "设置代码",
+    "accountSetupCodeDescription": "请检查您的邮箱以获取设置代码。",
+    "passwordCreate": "创建密码",
+    "passwordCreateConfirm": "确认密码",
+    "accountSetupSubmit": "发送设置代码",
+    "completeSetup": "完成设置",
+    "accountSetupSuccess": "账号设置完成！欢迎来到 Pangolin！",
+    "documentation": "文档",
+    "saveAllSettings": "保存所有设置",
+    "settingsUpdated": "设置已更新",
+    "settingsUpdatedDescription": "所有设置已成功更新",
+    "settingsErrorUpdate": "设置更新失败",
+    "settingsErrorUpdateDescription": "更新设置时发生错误",
+    "sidebarCollapse": "折叠",
+    "sidebarExpand": "展开",
+    "newtUpdateAvailable": "更新可用",
+    "newtUpdateAvailableInfo": "新版本的 Newt 已可用。请更新到最新版本以获得最佳体验。",
+    "domainPickerEnterDomain": "输入您的域",
+    "domainPickerPlaceholder": "myapp.example.com、api.v1.mydomain.com 或仅 myapp",
+    "domainPickerDescription": "输入资源的完整域名以查看可用选项。",
+    "domainPickerDescriptionSaas": "输入完整域名、子域或名称以查看可用选项。",
+    "domainPickerTabAll": "所有",
+    "domainPickerTabOrganization": "组织",
+    "domainPickerTabProvided": "提供的",
+    "domainPickerSortAsc": "A-Z",
+    "domainPickerSortDesc": "Z-A",
+    "domainPickerCheckingAvailability": "检查可用性...",
+    "domainPickerNoMatchingDomains": "未找到 \"{userInput}\" 的匹配域。尝试其他域或检查您组织的域设置。",
+    "domainPickerOrganizationDomains": "组织域",
+    "domainPickerProvidedDomains": "提供的域",
+    "domainPickerSubdomain": "子域：{subdomain}",
+    "domainPickerNamespace": "命名空间：{namespace}",
+    "domainPickerShowMore": "显示更多",
+    "domainNotFound": "域未找到",
+    "domainNotFoundDescription": "此资源已禁用，因为该域不再在我们的系统中存在。请为此资源设置一个新域。",
+    "failed": "失败",
+    "createNewOrgDescription": "创建一个新组织",
+    "organization": "组织",
+    "port": "端口",
     "securityKeyManage": "管理安全密钥",
     "securityKeyDescription": "添加或删除用于无密码认证的安全密钥",
     "securityKeyRegister": "注册新的安全密钥",
@@ -1142,13 +1227,51 @@
     "securityKeyRemove": "删除",
     "securityKeyLastUsed": "上次使用：{date}",
     "securityKeyNameLabel": "名称",
-    "securityKeyNamePlaceholder": "为此安全密钥输入名称",
     "securityKeyRegisterSuccess": "安全密钥注册成功",
     "securityKeyRegisterError": "注册安全密钥失败",
     "securityKeyRemoveSuccess": "安全密钥删除成功",
     "securityKeyRemoveError": "删除安全密钥失败",
     "securityKeyLoadError": "加载安全密钥失败",
-    "securityKeyLogin": "使用安全密钥登录",
+    "securityKeyLogin": "使用安全密钥继续",
     "securityKeyAuthError": "使用安全密钥认证失败",
-    "securityKeyRecommendation": "考虑在其他设备上注册另一个安全密钥，以确保不会被锁定在您的账户之外。"
+    "securityKeyRecommendation": "考虑在其他设备上注册另一个安全密钥，以确保不会被锁定在您的账户之外。",
+    "registering": "注册中...",
+    "securityKeyPrompt": "请使用您的安全密钥验证身份。确保您的安全密钥已连接并准备好。",
+    "securityKeyBrowserNotSupported": "您的浏览器不支持安全密钥。请使用像 Chrome、Firefox 或 Safari 这样的现代浏览器。",
+    "securityKeyPermissionDenied": "请允许访问您的安全密钥以继续登录。",
+    "securityKeyRemovedTooQuickly": "请保持您的安全密钥连接，直到登录过程完成。",
+    "securityKeyNotSupported": "您的安全密钥可能不兼容。请尝试不同的安全密钥。",
+    "securityKeyUnknownError": "使用安全密钥时出现问题。请再试一次。",
+    "twoFactorRequired": "注册安全密钥需要两步验证。",
+    "twoFactor": "两步验证",
+    "adminEnabled2FaOnYourAccount": "管理员已为{email}启用两步验证。请完成设置以继续。",
+    "continueToApplication": "继续到应用程序",
+    "securityKeyAdd": "添加安全密钥",
+    "securityKeyRegisterTitle": "注册新安全密钥",
+    "securityKeyRegisterDescription": "连接您的安全密钥并输入名称以便识别",
+    "securityKeyTwoFactorRequired": "要求两步验证",
+    "securityKeyTwoFactorDescription": "请输入你的两步验证代码以注册安全密钥",
+    "securityKeyTwoFactorRemoveDescription": "请输入你的两步验证代码以移除安全密钥",
+    "securityKeyTwoFactorCode": "双因素代码",
+    "securityKeyRemoveTitle": "移除安全密钥",
+    "securityKeyRemoveDescription": "输入您的密码以移除安全密钥 \"{name}\"",
+    "securityKeyNoKeysRegistered": "没有注册安全密钥",
+    "securityKeyNoKeysDescription": "添加安全密钥以加强您的账户安全",
+    "createDomainRequired": "必须输入域",
+    "createDomainAddDnsRecords": "添加 DNS 记录",
+    "createDomainAddDnsRecordsDescription": "将以下 DNS 记录添加到您的域名提供商以完成设置。",
+    "createDomainNsRecords": "NS 记录",
+    "createDomainRecord": "记录",
+    "createDomainType": "类型:",
+    "createDomainName": "名称:",
+    "createDomainValue": "值:",
+    "createDomainCnameRecords": "CNAME 记录",
+    "createDomainRecordNumber": "记录 {number}",
+    "createDomainTxtRecords": "TXT 记录",
+    "createDomainSaveTheseRecords": "保存这些记录",
+    "createDomainSaveTheseRecordsDescription": "务必保存这些 DNS 记录，因为您将无法再次查看它们。",
+    "createDomainDnsPropagation": "DNS 传播",
+    "createDomainDnsPropagationDescription": "DNS 更改可能需要一些时间才能在互联网上传播。这可能需要从几分钟到 48 小时，具体取决于您的 DNS 提供商和 TTL 设置。",
+    "resourcePortRequired": "非 HTTP 资源必须输入端口号",
+    "resourcePortNotAllowed": "HTTP 资源不应设置端口号"
 }
diff --git a/package-lock.json b/package-lock.json
index cb44266b..baec0b2b 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -31,6 +31,7 @@
                 "@radix-ui/react-switch": "1.2.5",
                 "@radix-ui/react-tabs": "1.1.12",
                 "@radix-ui/react-toast": "1.2.14",
+                "@radix-ui/react-tooltip": "^1.2.7",
                 "@react-email/components": "0.3.1",
                 "@react-email/render": "^1.1.2",
                 "@react-email/tailwind": "1.2.1",
@@ -60,6 +61,7 @@
                 "http-errors": "2.0.0",
                 "i": "^0.3.7",
                 "input-otp": "1.4.2",
+                "ioredis": "^5.6.1",
                 "jmespath": "^0.16.0",
                 "js-yaml": "4.1.0",
                 "jsonwebtoken": "^9.0.2",
@@ -75,6 +77,7 @@
                 "oslo": "1.2.1",
                 "pg": "^8.16.2",
                 "qrcode.react": "4.2.0",
+                "rate-limit-redis": "^4.2.1",
                 "react": "19.1.0",
                 "react-dom": "19.1.0",
                 "react-easy-sort": "^1.6.0",
@@ -95,7 +98,7 @@
                 "zod-validation-error": "3.5.2"
             },
             "devDependencies": {
-                "@dotenvx/dotenvx": "1.47.3",
+                "@dotenvx/dotenvx": "1.47.6",
                 "@esbuild-plugins/tsconfig-paths": "0.1.2",
                 "@tailwindcss/postcss": "^4.1.10",
                 "@types/better-sqlite3": "7.6.12",
@@ -109,6 +112,7 @@
                 "@types/jsonwebtoken": "^9.0.10",
                 "@types/node": "^24",
                 "@types/nodemailer": "6.4.17",
+                "@types/pg": "8.15.4",
                 "@types/react": "19.1.8",
                 "@types/react-dom": "19.1.6",
                 "@types/semver": "^7.7.0",
@@ -198,6 +202,16 @@
                 "node": ">=6.9.0"
             }
         },
+        "node_modules/@babel/helper-globals": {
+            "version": "7.28.0",
+            "resolved": "https://registry.npmjs.org/@babel/helper-globals/-/helper-globals-7.28.0.tgz",
+            "integrity": "sha512-+W6cISkXFa1jXsDEdYA8HeevQT/FULhxzR99pxphltZcVaugps53THCeiWA8SguxxpSp3gKPiuYfSWopkLQ4hw==",
+            "dev": true,
+            "license": "MIT",
+            "engines": {
+                "node": ">=6.9.0"
+            }
+        },
         "node_modules/@babel/helper-string-parser": {
             "version": "7.27.1",
             "resolved": "https://registry.npmjs.org/@babel/helper-string-parser/-/helper-string-parser-7.27.1.tgz",
@@ -250,38 +264,28 @@
             }
         },
         "node_modules/@babel/traverse": {
-            "version": "7.27.7",
-            "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.27.7.tgz",
-            "integrity": "sha512-X6ZlfR/O/s5EQ/SnUSLzr+6kGnkg8HXGMzpgsMsrJVcfDtH1vIp6ctCN4eZ1LS5c0+te5Cb6Y514fASjMRJ1nw==",
+            "version": "7.28.0",
+            "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.28.0.tgz",
+            "integrity": "sha512-mGe7UK5wWyh0bKRfupsUchrQGqvDbZDbKJw+kcRGSmdHVYrv+ltd0pnpDTVpiTqnaBru9iEvA8pz8W46v0Amwg==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
                 "@babel/code-frame": "^7.27.1",
-                "@babel/generator": "^7.27.5",
-                "@babel/parser": "^7.27.7",
+                "@babel/generator": "^7.28.0",
+                "@babel/helper-globals": "^7.28.0",
+                "@babel/parser": "^7.28.0",
                 "@babel/template": "^7.27.2",
-                "@babel/types": "^7.27.7",
-                "debug": "^4.3.1",
-                "globals": "^11.1.0"
+                "@babel/types": "^7.28.0",
+                "debug": "^4.3.1"
             },
             "engines": {
                 "node": ">=6.9.0"
             }
         },
-        "node_modules/@babel/traverse/node_modules/globals": {
-            "version": "11.12.0",
-            "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
-            "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
-            "dev": true,
-            "license": "MIT",
-            "engines": {
-                "node": ">=4"
-            }
-        },
         "node_modules/@babel/types": {
-            "version": "7.28.0",
-            "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.0.tgz",
-            "integrity": "sha512-jYnje+JyZG5YThjHiF28oT4SIZLnYOcSBb6+SDaFIyzDVSkXQmQQYclJ2R+YxcdmK0AX6x1E5OQNtuh3jHDrUg==",
+            "version": "7.28.1",
+            "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.28.1.tgz",
+            "integrity": "sha512-x0LvFTekgSX+83TI28Y9wYPUfzrnl2aT5+5QLnO6v7mSJYtEEevuDRN0F0uSHRk1G1IWZC43o00Y0xDDrpBGPQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -313,9 +317,9 @@
             }
         },
         "node_modules/@dotenvx/dotenvx": {
-            "version": "1.47.3",
-            "resolved": "https://registry.npmjs.org/@dotenvx/dotenvx/-/dotenvx-1.47.3.tgz",
-            "integrity": "sha512-V0jxoEgyTrP6INJYBXxR6qkaS1qUXmrWTz7FZVx706TgXnMnR7LVRi5Bf9z/o0UmZlkavJD13PLediPi4QvUTQ==",
+            "version": "1.47.6",
+            "resolved": "https://registry.npmjs.org/@dotenvx/dotenvx/-/dotenvx-1.47.6.tgz",
+            "integrity": "sha512-bvVMFc3Z9/mtYUWP1S1UB4SA3U2mQ1p7Qc9QW6Cm7t1Vm6D+dysmus/Mt26Dc1QrE6OgrKUGC99EQcMvcFZC3Q==",
             "dev": true,
             "license": "BSD-3-Clause",
             "dependencies": {
@@ -344,9 +348,9 @@
             "license": "Apache-2.0"
         },
         "node_modules/@ecies/ciphers": {
-            "version": "0.2.3",
-            "resolved": "https://registry.npmjs.org/@ecies/ciphers/-/ciphers-0.2.3.tgz",
-            "integrity": "sha512-tapn6XhOueMwht3E2UzY0ZZjYokdaw9XtL9kEyjhQ/Fb9vL9xTFbOaI+fV0AWvTpYu4BNloC6getKW6NtSg4mA==",
+            "version": "0.2.4",
+            "resolved": "https://registry.npmjs.org/@ecies/ciphers/-/ciphers-0.2.4.tgz",
+            "integrity": "sha512-t+iX+Wf5nRKyNzk8dviW3Ikb/280+aEJAnw9YXvCp2tYGPSkMki+NRY+8aNLmVFv3eNtMdvViPNOPxS8SZNP+w==",
             "dev": true,
             "license": "MIT",
             "engines": {
@@ -359,20 +363,20 @@
             }
         },
         "node_modules/@emnapi/core": {
-            "version": "1.4.3",
-            "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.4.3.tgz",
-            "integrity": "sha512-4m62DuCE07lw01soJwPiBGC0nAww0Q+RY70VZ+n49yDIO13yyinhbWCeNnaob0lakDtWQzSdtNWzJeOJt2ma+g==",
+            "version": "1.4.4",
+            "resolved": "https://registry.npmjs.org/@emnapi/core/-/core-1.4.4.tgz",
+            "integrity": "sha512-A9CnAbC6ARNMKcIcrQwq6HeHCjpcBZ5wSx4U01WXCqEKlrzB9F9315WDNHkrs2xbx7YjjSxbUYxuN6EQzpcY2g==",
             "license": "MIT",
             "optional": true,
             "dependencies": {
-                "@emnapi/wasi-threads": "1.0.2",
+                "@emnapi/wasi-threads": "1.0.3",
                 "tslib": "^2.4.0"
             }
         },
         "node_modules/@emnapi/runtime": {
-            "version": "1.4.3",
-            "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.3.tgz",
-            "integrity": "sha512-pBPWdu6MLKROBX05wSNKcNb++m5Er+KQ9QkB+WVM+pW2Kx9hoSrVTnu3BdkI5eBLZoKu/J6mW/B6i6bJB2ytXQ==",
+            "version": "1.4.4",
+            "resolved": "https://registry.npmjs.org/@emnapi/runtime/-/runtime-1.4.4.tgz",
+            "integrity": "sha512-hHyapA4A3gPaDCNfiqyZUStTMqIkKRshqPIuDOXv1hcBnD4U3l8cP0T1HMCfGRxQ6V64TGCcoswChANyOAwbQg==",
             "license": "MIT",
             "optional": true,
             "dependencies": {
@@ -380,9 +384,9 @@
             }
         },
         "node_modules/@emnapi/wasi-threads": {
-            "version": "1.0.2",
-            "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.0.2.tgz",
-            "integrity": "sha512-5n3nTJblwRi8LlXkJ9eBzu+kZR8Yxcc7ubakyQTFzPMtIhFpUBRbsnc2Dv88IZDIbCDlBiWrknhB4Lsz7mg6BA==",
+            "version": "1.0.3",
+            "resolved": "https://registry.npmjs.org/@emnapi/wasi-threads/-/wasi-threads-1.0.3.tgz",
+            "integrity": "sha512-8K5IFFsQqF9wQNJptGbS6FNKgUTsSRYnTqNCG1vPP8jFdjSv18n2mQfJpkt2Oibo9iBEzcDnDxNwKTzC7svlJw==",
             "license": "MIT",
             "optional": true,
             "dependencies": {
@@ -1589,9 +1593,9 @@
             }
         },
         "node_modules/@img/sharp-darwin-arm64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.2.tgz",
-            "integrity": "sha512-OfXHZPppddivUJnqyKoi5YVeHRkkNE2zUFT2gbpKxp/JZCFYEYubnMg+gOp6lWfasPrTS+KPosKqdI+ELYVDtg==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-darwin-arm64/-/sharp-darwin-arm64-0.34.3.tgz",
+            "integrity": "sha512-ryFMfvxxpQRsgZJqBd4wsttYQbCxsJksrv9Lw/v798JcQ8+w84mBWuXwl+TT0WJ/WrYOLaYpwQXi3sA9nTIaIg==",
             "cpu": [
                 "arm64"
             ],
@@ -1607,13 +1611,13 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-darwin-arm64": "1.1.0"
+                "@img/sharp-libvips-darwin-arm64": "1.2.0"
             }
         },
         "node_modules/@img/sharp-darwin-x64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.2.tgz",
-            "integrity": "sha512-dYvWqmjU9VxqXmjEtjmvHnGqF8GrVjM2Epj9rJ6BUIXvk8slvNDJbhGFvIoXzkDhrJC2jUxNLz/GUjjvSzfw+g==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-darwin-x64/-/sharp-darwin-x64-0.34.3.tgz",
+            "integrity": "sha512-yHpJYynROAj12TA6qil58hmPmAwxKKC7reUqtGLzsOHfP7/rniNGTL8tjWX6L3CTV4+5P4ypcS7Pp+7OB+8ihA==",
             "cpu": [
                 "x64"
             ],
@@ -1629,13 +1633,13 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-darwin-x64": "1.1.0"
+                "@img/sharp-libvips-darwin-x64": "1.2.0"
             }
         },
         "node_modules/@img/sharp-libvips-darwin-arm64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.1.0.tgz",
-            "integrity": "sha512-HZ/JUmPwrJSoM4DIQPv/BfNh9yrOA8tlBbqbLz4JZ5uew2+o22Ik+tHQJcih7QJuSa0zo5coHTfD5J8inqj9DA==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-arm64/-/sharp-libvips-darwin-arm64-1.2.0.tgz",
+            "integrity": "sha512-sBZmpwmxqwlqG9ueWFXtockhsxefaV6O84BMOrhtg/YqbTaRdqDE7hxraVE3y6gVM4eExmfzW4a8el9ArLeEiQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1649,9 +1653,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-darwin-x64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.1.0.tgz",
-            "integrity": "sha512-Xzc2ToEmHN+hfvsl9wja0RlnXEgpKNmftriQp6XzY/RaSfwD9th+MSh0WQKzUreLKKINb3afirxW7A0fz2YWuQ==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-darwin-x64/-/sharp-libvips-darwin-x64-1.2.0.tgz",
+            "integrity": "sha512-M64XVuL94OgiNHa5/m2YvEQI5q2cl9d/wk0qFTDVXcYzi43lxuiFTftMR1tOnFQovVXNZJ5TURSDK2pNe9Yzqg==",
             "cpu": [
                 "x64"
             ],
@@ -1665,9 +1669,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linux-arm": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.1.0.tgz",
-            "integrity": "sha512-s8BAd0lwUIvYCJyRdFqvsj+BJIpDBSxs6ivrOPm/R7piTs5UIwY5OjXrP2bqXC9/moGsyRa37eYWYCOGVXxVrA==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm/-/sharp-libvips-linux-arm-1.2.0.tgz",
+            "integrity": "sha512-mWd2uWvDtL/nvIzThLq3fr2nnGfyr/XMXlq8ZJ9WMR6PXijHlC3ksp0IpuhK6bougvQrchUAfzRLnbsen0Cqvw==",
             "cpu": [
                 "arm"
             ],
@@ -1681,9 +1685,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linux-arm64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.1.0.tgz",
-            "integrity": "sha512-IVfGJa7gjChDET1dK9SekxFFdflarnUB8PwW8aGwEoF3oAsSDuNUTYS+SKDOyOJxQyDC1aPFMuRYLoDInyV9Ew==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-arm64/-/sharp-libvips-linux-arm64-1.2.0.tgz",
+            "integrity": "sha512-RXwd0CgG+uPRX5YYrkzKyalt2OJYRiJQ8ED/fi1tq9WQW2jsQIn0tqrlR5l5dr/rjqq6AHAxURhj2DVjyQWSOA==",
             "cpu": [
                 "arm64"
             ],
@@ -1697,9 +1701,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linux-ppc64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.1.0.tgz",
-            "integrity": "sha512-tiXxFZFbhnkWE2LA8oQj7KYR+bWBkiV2nilRldT7bqoEZ4HiDOcePr9wVDAZPi/Id5fT1oY9iGnDq20cwUz8lQ==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-ppc64/-/sharp-libvips-linux-ppc64-1.2.0.tgz",
+            "integrity": "sha512-Xod/7KaDDHkYu2phxxfeEPXfVXFKx70EAFZ0qyUdOjCcxbjqyJOEUpDe6RIyaunGxT34Anf9ue/wuWOqBW2WcQ==",
             "cpu": [
                 "ppc64"
             ],
@@ -1713,9 +1717,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linux-s390x": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.1.0.tgz",
-            "integrity": "sha512-xukSwvhguw7COyzvmjydRb3x/09+21HykyapcZchiCUkTThEQEOMtBj9UhkaBRLuBrgLFzQ2wbxdeCCJW/jgJA==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-s390x/-/sharp-libvips-linux-s390x-1.2.0.tgz",
+            "integrity": "sha512-eMKfzDxLGT8mnmPJTNMcjfO33fLiTDsrMlUVcp6b96ETbnJmd4uvZxVJSKPQfS+odwfVaGifhsB07J1LynFehw==",
             "cpu": [
                 "s390x"
             ],
@@ -1729,9 +1733,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linux-x64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.1.0.tgz",
-            "integrity": "sha512-yRj2+reB8iMg9W5sULM3S74jVS7zqSzHG3Ol/twnAAkAhnGQnpjj6e4ayUz7V+FpKypwgs82xbRdYtchTTUB+Q==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linux-x64/-/sharp-libvips-linux-x64-1.2.0.tgz",
+            "integrity": "sha512-ZW3FPWIc7K1sH9E3nxIGB3y3dZkpJlMnkk7z5tu1nSkBoCgw2nSRTFHI5pB/3CQaJM0pdzMF3paf9ckKMSE9Tg==",
             "cpu": [
                 "x64"
             ],
@@ -1745,9 +1749,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linuxmusl-arm64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.1.0.tgz",
-            "integrity": "sha512-jYZdG+whg0MDK+q2COKbYidaqW/WTz0cc1E+tMAusiDygrM4ypmSCjOJPmFTvHHJ8j/6cAGyeDWZOsK06tP33w==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-arm64/-/sharp-libvips-linuxmusl-arm64-1.2.0.tgz",
+            "integrity": "sha512-UG+LqQJbf5VJ8NWJ5Z3tdIe/HXjuIdo4JeVNADXBFuG7z9zjoegpzzGIyV5zQKi4zaJjnAd2+g2nna8TZvuW9Q==",
             "cpu": [
                 "arm64"
             ],
@@ -1761,9 +1765,9 @@
             }
         },
         "node_modules/@img/sharp-libvips-linuxmusl-x64": {
-            "version": "1.1.0",
-            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.1.0.tgz",
-            "integrity": "sha512-wK7SBdwrAiycjXdkPnGCPLjYb9lD4l6Ze2gSdAGVZrEL05AOUJESWU2lhlC+Ffn5/G+VKuSm6zzbQSzFX/P65A==",
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@img/sharp-libvips-linuxmusl-x64/-/sharp-libvips-linuxmusl-x64-1.2.0.tgz",
+            "integrity": "sha512-SRYOLR7CXPgNze8akZwjoGBoN1ThNZoqpOgfnOxmWsklTGVfJiGJoC/Lod7aNMGA1jSsKWM1+HRX43OP6p9+6Q==",
             "cpu": [
                 "x64"
             ],
@@ -1777,9 +1781,9 @@
             }
         },
         "node_modules/@img/sharp-linux-arm": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.2.tgz",
-            "integrity": "sha512-0DZzkvuEOqQUP9mo2kjjKNok5AmnOr1jB2XYjkaoNRwpAYMDzRmAqUIa1nRi58S2WswqSfPOWLNOr0FDT3H5RQ==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm/-/sharp-linux-arm-0.34.3.tgz",
+            "integrity": "sha512-oBK9l+h6KBN0i3dC8rYntLiVfW8D8wH+NPNT3O/WBHeW0OQWCjfWksLUaPidsrDKpJgXp3G3/hkmhptAW0I3+A==",
             "cpu": [
                 "arm"
             ],
@@ -1795,13 +1799,13 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-linux-arm": "1.1.0"
+                "@img/sharp-libvips-linux-arm": "1.2.0"
             }
         },
         "node_modules/@img/sharp-linux-arm64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.2.tgz",
-            "integrity": "sha512-D8n8wgWmPDakc83LORcfJepdOSN6MvWNzzz2ux0MnIbOqdieRZwVYY32zxVx+IFUT8er5KPcyU3XXsn+GzG/0Q==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linux-arm64/-/sharp-linux-arm64-0.34.3.tgz",
+            "integrity": "sha512-QdrKe3EvQrqwkDrtuTIjI0bu6YEJHTgEeqdzI3uWJOH6G1O8Nl1iEeVYRGdj1h5I21CqxSvQp1Yv7xeU3ZewbA==",
             "cpu": [
                 "arm64"
             ],
@@ -1817,13 +1821,35 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-linux-arm64": "1.1.0"
+                "@img/sharp-libvips-linux-arm64": "1.2.0"
+            }
+        },
+        "node_modules/@img/sharp-linux-ppc64": {
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linux-ppc64/-/sharp-linux-ppc64-0.34.3.tgz",
+            "integrity": "sha512-GLtbLQMCNC5nxuImPR2+RgrviwKwVql28FWZIW1zWruy6zLgA5/x2ZXk3mxj58X/tszVF69KK0Is83V8YgWhLA==",
+            "cpu": [
+                "ppc64"
+            ],
+            "license": "Apache-2.0",
+            "optional": true,
+            "os": [
+                "linux"
+            ],
+            "engines": {
+                "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
+            },
+            "funding": {
+                "url": "https://opencollective.com/libvips"
+            },
+            "optionalDependencies": {
+                "@img/sharp-libvips-linux-ppc64": "1.2.0"
             }
         },
         "node_modules/@img/sharp-linux-s390x": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.2.tgz",
-            "integrity": "sha512-EGZ1xwhBI7dNISwxjChqBGELCWMGDvmxZXKjQRuqMrakhO8QoMgqCrdjnAqJq/CScxfRn+Bb7suXBElKQpPDiw==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linux-s390x/-/sharp-linux-s390x-0.34.3.tgz",
+            "integrity": "sha512-3gahT+A6c4cdc2edhsLHmIOXMb17ltffJlxR0aC2VPZfwKoTGZec6u5GrFgdR7ciJSsHT27BD3TIuGcuRT0KmQ==",
             "cpu": [
                 "s390x"
             ],
@@ -1839,13 +1865,13 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-linux-s390x": "1.1.0"
+                "@img/sharp-libvips-linux-s390x": "1.2.0"
             }
         },
         "node_modules/@img/sharp-linux-x64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.2.tgz",
-            "integrity": "sha512-sD7J+h5nFLMMmOXYH4DD9UtSNBD05tWSSdWAcEyzqW8Cn5UxXvsHAxmxSesYUsTOBmUnjtxghKDl15EvfqLFbQ==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linux-x64/-/sharp-linux-x64-0.34.3.tgz",
+            "integrity": "sha512-8kYso8d806ypnSq3/Ly0QEw90V5ZoHh10yH0HnrzOCr6DKAPI6QVHvwleqMkVQ0m+fc7EH8ah0BB0QPuWY6zJQ==",
             "cpu": [
                 "x64"
             ],
@@ -1861,13 +1887,13 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-linux-x64": "1.1.0"
+                "@img/sharp-libvips-linux-x64": "1.2.0"
             }
         },
         "node_modules/@img/sharp-linuxmusl-arm64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.2.tgz",
-            "integrity": "sha512-NEE2vQ6wcxYav1/A22OOxoSOGiKnNmDzCYFOZ949xFmrWZOVII1Bp3NqVVpvj+3UeHMFyN5eP/V5hzViQ5CZNA==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-arm64/-/sharp-linuxmusl-arm64-0.34.3.tgz",
+            "integrity": "sha512-vAjbHDlr4izEiXM1OTggpCcPg9tn4YriK5vAjowJsHwdBIdx0fYRsURkxLG2RLm9gyBq66gwtWI8Gx0/ov+JKQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1883,13 +1909,13 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-linuxmusl-arm64": "1.1.0"
+                "@img/sharp-libvips-linuxmusl-arm64": "1.2.0"
             }
         },
         "node_modules/@img/sharp-linuxmusl-x64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.2.tgz",
-            "integrity": "sha512-DOYMrDm5E6/8bm/yQLCWyuDJwUnlevR8xtF8bs+gjZ7cyUNYXiSf/E8Kp0Ss5xasIaXSHzb888V1BE4i1hFhAA==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-linuxmusl-x64/-/sharp-linuxmusl-x64-0.34.3.tgz",
+            "integrity": "sha512-gCWUn9547K5bwvOn9l5XGAEjVTTRji4aPTqLzGXHvIr6bIDZKNTA34seMPgM0WmSf+RYBH411VavCejp3PkOeQ==",
             "cpu": [
                 "x64"
             ],
@@ -1905,20 +1931,20 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-libvips-linuxmusl-x64": "1.1.0"
+                "@img/sharp-libvips-linuxmusl-x64": "1.2.0"
             }
         },
         "node_modules/@img/sharp-wasm32": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.2.tgz",
-            "integrity": "sha512-/VI4mdlJ9zkaq53MbIG6rZY+QRN3MLbR6usYlgITEzi4Rpx5S6LFKsycOQjkOGmqTNmkIdLjEvooFKwww6OpdQ==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-wasm32/-/sharp-wasm32-0.34.3.tgz",
+            "integrity": "sha512-+CyRcpagHMGteySaWos8IbnXcHgfDn7pO2fiC2slJxvNq9gDipYBN42/RagzctVRKgxATmfqOSulgZv5e1RdMg==",
             "cpu": [
                 "wasm32"
             ],
             "license": "Apache-2.0 AND LGPL-3.0-or-later AND MIT",
             "optional": true,
             "dependencies": {
-                "@emnapi/runtime": "^1.4.3"
+                "@emnapi/runtime": "^1.4.4"
             },
             "engines": {
                 "node": "^18.17.0 || ^20.3.0 || >=21.0.0"
@@ -1928,9 +1954,9 @@
             }
         },
         "node_modules/@img/sharp-win32-arm64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.2.tgz",
-            "integrity": "sha512-cfP/r9FdS63VA5k0xiqaNaEoGxBg9k7uE+RQGzuK9fHt7jib4zAVVseR9LsE4gJcNWgT6APKMNnCcnyOtmSEUQ==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-win32-arm64/-/sharp-win32-arm64-0.34.3.tgz",
+            "integrity": "sha512-MjnHPnbqMXNC2UgeLJtX4XqoVHHlZNd+nPt1kRPmj63wURegwBhZlApELdtxM2OIZDRv/DFtLcNhVbd1z8GYXQ==",
             "cpu": [
                 "arm64"
             ],
@@ -1947,9 +1973,9 @@
             }
         },
         "node_modules/@img/sharp-win32-ia32": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.2.tgz",
-            "integrity": "sha512-QLjGGvAbj0X/FXl8n1WbtQ6iVBpWU7JO94u/P2M4a8CFYsvQi4GW2mRy/JqkRx0qpBzaOdKJKw8uc930EX2AHw==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-win32-ia32/-/sharp-win32-ia32-0.34.3.tgz",
+            "integrity": "sha512-xuCdhH44WxuXgOM714hn4amodJMZl3OEvf0GVTm0BEyMeA2to+8HEdRPShH0SLYptJY1uBw+SCFP9WVQi1Q/cw==",
             "cpu": [
                 "ia32"
             ],
@@ -1966,9 +1992,9 @@
             }
         },
         "node_modules/@img/sharp-win32-x64": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.2.tgz",
-            "integrity": "sha512-aUdT6zEYtDKCaxkofmmJDJYGCf0+pJg3eU9/oBuqvEeoB9dKI6ZLc/1iLJCTuJQDO4ptntAlkUmHgGjyuobZbw==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/@img/sharp-win32-x64/-/sharp-win32-x64-0.34.3.tgz",
+            "integrity": "sha512-OWwz05d++TxzLEv4VnsTz5CmZ6mI6S05sfQGEMrNrQcOEERbX46332IvE7pO/EUiw7jUrrS40z/M7kPyjfl04g==",
             "cpu": [
                 "x64"
             ],
@@ -1984,6 +2010,12 @@
                 "url": "https://opencollective.com/libvips"
             }
         },
+        "node_modules/@ioredis/commands": {
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/@ioredis/commands/-/commands-1.2.0.tgz",
+            "integrity": "sha512-Sx1pU8EM64o2BrqNpEO1CNLtKQwyhuXuqyfH7oGKCk+1a33d2r5saW8zNwm3j6BTExtjrv2BxTgzzkMwts6vGg==",
+            "license": "MIT"
+        },
         "node_modules/@isaacs/balanced-match": {
             "version": "4.0.1",
             "resolved": "https://registry.npmjs.org/@isaacs/balanced-match/-/balanced-match-4.0.1.tgz",
@@ -2026,7 +2058,6 @@
             "version": "4.0.1",
             "resolved": "https://registry.npmjs.org/@isaacs/fs-minipass/-/fs-minipass-4.0.1.tgz",
             "integrity": "sha512-wgm9Ehl2jpeqP3zw/7mo3kRHFp5MEDhqAdwy1fTGkHAwnkGOVsgpvQhL8B5n1qlb01jV3n/bI0ZfZp5lWA1k4w==",
-            "dev": true,
             "license": "ISC",
             "dependencies": {
                 "minipass": "^7.0.4"
@@ -2057,16 +2088,16 @@
             }
         },
         "node_modules/@jridgewell/sourcemap-codec": {
-            "version": "1.5.3",
-            "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.3.tgz",
-            "integrity": "sha512-AiR5uKpFxP3PjO4R19kQGIMwxyRyPuXmKEEy301V1C0+1rVjS94EZQXf1QKZYN8Q0YM+estSPhmx5JwNftv6nw==",
+            "version": "1.5.4",
+            "resolved": "https://registry.npmjs.org/@jridgewell/sourcemap-codec/-/sourcemap-codec-1.5.4.tgz",
+            "integrity": "sha512-VT2+G1VQs/9oz078bLrYbecdZKs912zQlkelYpuf+SXF+QvZDYJlbx/LSx+meSAwdDFnF8FVXW92AVjjkVmgFw==",
             "dev": true,
             "license": "MIT"
         },
         "node_modules/@jridgewell/trace-mapping": {
-            "version": "0.3.28",
-            "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.28.tgz",
-            "integrity": "sha512-KNNHHwW3EIp4EDYOvYFGyIFfx36R2dNJYH4knnZlF8T5jdbD5Wx8xmSaQ2gP9URkJ04LGEtlcCtwArKcmFcwKw==",
+            "version": "0.3.29",
+            "resolved": "https://registry.npmjs.org/@jridgewell/trace-mapping/-/trace-mapping-0.3.29.tgz",
+            "integrity": "sha512-uw6guiW/gcAGPDhLmd77/6lW8QLeiV5RUTsAX46Db6oLhGaVj4lhnPwb184s1bkc8kdVg/+h988dro8GRDpmYQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -2081,15 +2112,15 @@
             "license": "MIT"
         },
         "node_modules/@napi-rs/wasm-runtime": {
-            "version": "0.2.11",
-            "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-0.2.11.tgz",
-            "integrity": "sha512-9DPkXtvHydrcOsopiYpUgPHpmj0HWZKMUnL2dZqpvC42lsratuBG06V5ipyno0fUek5VlFsNQ+AcFATSrJXgMA==",
+            "version": "0.2.12",
+            "resolved": "https://registry.npmjs.org/@napi-rs/wasm-runtime/-/wasm-runtime-0.2.12.tgz",
+            "integrity": "sha512-ZVWUcfwY4E/yPitQJl481FjFo3K22D6qF0DuFH6Y/nbnE11GY5uguDxZMGXPQ8WQ0128MXQD7TnfHyK4oWoIJQ==",
             "license": "MIT",
             "optional": true,
             "dependencies": {
                 "@emnapi/core": "^1.4.3",
                 "@emnapi/runtime": "^1.4.3",
-                "@tybys/wasm-util": "^0.9.0"
+                "@tybys/wasm-util": "^0.10.0"
             }
         },
         "node_modules/@next/env": {
@@ -3810,6 +3841,40 @@
                 }
             }
         },
+        "node_modules/@radix-ui/react-tooltip": {
+            "version": "1.2.7",
+            "resolved": "https://registry.npmjs.org/@radix-ui/react-tooltip/-/react-tooltip-1.2.7.tgz",
+            "integrity": "sha512-Ap+fNYwKTYJ9pzqW+Xe2HtMRbQ/EeWkj2qykZ6SuEV4iS/o1bZI5ssJbk4D2r8XuDuOBVz/tIx2JObtuqU+5Zw==",
+            "license": "MIT",
+            "dependencies": {
+                "@radix-ui/primitive": "1.1.2",
+                "@radix-ui/react-compose-refs": "1.1.2",
+                "@radix-ui/react-context": "1.1.2",
+                "@radix-ui/react-dismissable-layer": "1.1.10",
+                "@radix-ui/react-id": "1.1.1",
+                "@radix-ui/react-popper": "1.2.7",
+                "@radix-ui/react-portal": "1.1.9",
+                "@radix-ui/react-presence": "1.1.4",
+                "@radix-ui/react-primitive": "2.1.3",
+                "@radix-ui/react-slot": "1.2.3",
+                "@radix-ui/react-use-controllable-state": "1.2.2",
+                "@radix-ui/react-visually-hidden": "1.2.3"
+            },
+            "peerDependencies": {
+                "@types/react": "*",
+                "@types/react-dom": "*",
+                "react": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc",
+                "react-dom": "^16.8 || ^17.0 || ^18.0 || ^19.0 || ^19.0.0-rc"
+            },
+            "peerDependenciesMeta": {
+                "@types/react": {
+                    "optional": true
+                },
+                "@types/react-dom": {
+                    "optional": true
+                }
+            }
+        },
         "node_modules/@radix-ui/react-use-callback-ref": {
             "version": "1.1.1",
             "resolved": "https://registry.npmjs.org/@radix-ui/react-use-callback-ref/-/react-use-callback-ref-1.1.1.tgz",
@@ -4312,9 +4377,9 @@
             }
         },
         "node_modules/@simplewebauthn/browser": {
-            "version": "13.1.0",
-            "resolved": "https://registry.npmjs.org/@simplewebauthn/browser/-/browser-13.1.0.tgz",
-            "integrity": "sha512-WuHZ/PYvyPJ9nxSzgHtOEjogBhwJfC8xzYkPC+rR/+8chl/ft4ngjiK8kSU5HtRJfczupyOh33b25TjYbvwAcg==",
+            "version": "13.1.2",
+            "resolved": "https://registry.npmjs.org/@simplewebauthn/browser/-/browser-13.1.2.tgz",
+            "integrity": "sha512-aZnW0KawAM83fSBUgglP5WofbrLbLyr7CoPqYr66Eppm7zO86YX6rrCjRB3hQKPrL7ATvY4FVXlykZ6w6FwYYw==",
             "license": "MIT"
         },
         "node_modules/@simplewebauthn/server": {
@@ -4687,9 +4752,9 @@
             }
         },
         "node_modules/@tybys/wasm-util": {
-            "version": "0.9.0",
-            "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.9.0.tgz",
-            "integrity": "sha512-6+7nlbMVX/PVDCwaIQ8nTOPveOcFLSt8GcXdx8hD0bt39uWxYT88uXzqTd4fTvqta7oeUJqudepapKNt2DYJFw==",
+            "version": "0.10.0",
+            "resolved": "https://registry.npmjs.org/@tybys/wasm-util/-/wasm-util-0.10.0.tgz",
+            "integrity": "sha512-VyyPYFlOMNylG45GoAe0xDoLwWuowvf92F9kySqzYh8vmYm7D2u4iUJKa1tOUpS70Ku13ASrOkS4ScXFsTaCNQ==",
             "license": "MIT",
             "optional": true,
             "dependencies": {
@@ -4774,9 +4839,9 @@
             }
         },
         "node_modules/@types/express-serve-static-core": {
-            "version": "5.0.6",
-            "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.0.6.tgz",
-            "integrity": "sha512-3xhRnjJPkULekpSzgtoNYYcTWgEZkp4myc+Saevii5JPnHNvHMRlBSHDbs7Bh1iPPoVTERHEZXyhyLbMEsExsA==",
+            "version": "5.0.7",
+            "resolved": "https://registry.npmjs.org/@types/express-serve-static-core/-/express-serve-static-core-5.0.7.tgz",
+            "integrity": "sha512-R+33OsgWw7rOhD1emjU7dzCDHucJrgJXMA5PYCzJxVil0dsyx5iBEPHqpPfiKNJQb7lZ1vxwoLR4Z87bBUpeGQ==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
@@ -4855,9 +4920,9 @@
             "license": "MIT"
         },
         "node_modules/@types/node": {
-            "version": "24.0.12",
-            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.0.12.tgz",
-            "integrity": "sha512-LtOrbvDf5ndC9Xi+4QZjVL0woFymF/xSTKZKPgrrl7H7XoeDvnD+E2IclKVDyaK9UM756W/3BXqSU+JEHopA9g==",
+            "version": "24.0.14",
+            "resolved": "https://registry.npmjs.org/@types/node/-/node-24.0.14.tgz",
+            "integrity": "sha512-4zXMWD91vBLGRtHK3YbIoFMia+1nqEz72coM42C5ETjnNCa/heoj7NT1G67iAfOqMmcfhuCZ4uNpyz8EjlAejw==",
             "devOptional": true,
             "license": "MIT",
             "dependencies": {
@@ -4874,6 +4939,18 @@
                 "@types/node": "*"
             }
         },
+        "node_modules/@types/pg": {
+            "version": "8.15.4",
+            "resolved": "https://registry.npmjs.org/@types/pg/-/pg-8.15.4.tgz",
+            "integrity": "sha512-I6UNVBAoYbvuWkkU3oosC8yxqH21f4/Jc4DK71JLG3dT2mdlGe1z+ep/LQGXaKaOgcvUrsQoPRqfgtMcvZiJhg==",
+            "devOptional": true,
+            "license": "MIT",
+            "dependencies": {
+                "@types/node": "*",
+                "pg-protocol": "*",
+                "pg-types": "^2.2.0"
+            }
+        },
         "node_modules/@types/qs": {
             "version": "6.14.0",
             "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.14.0.tgz",
@@ -4983,16 +5060,16 @@
             "license": "MIT"
         },
         "node_modules/@typescript-eslint/eslint-plugin": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.36.0.tgz",
-            "integrity": "sha512-lZNihHUVB6ZZiPBNgOQGSxUASI7UJWhT8nHyUGCnaQ28XFCw98IfrMCG3rUl1uwUWoAvodJQby2KTs79UTcrAg==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/eslint-plugin/-/eslint-plugin-8.37.0.tgz",
+            "integrity": "sha512-jsuVWeIkb6ggzB+wPCsR4e6loj+rM72ohW6IBn2C+5NCvfUVY8s33iFPySSVXqtm5Hu29Ne/9bnA0JmyLmgenA==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/regexpp": "^4.10.0",
-                "@typescript-eslint/scope-manager": "8.36.0",
-                "@typescript-eslint/type-utils": "8.36.0",
-                "@typescript-eslint/utils": "8.36.0",
-                "@typescript-eslint/visitor-keys": "8.36.0",
+                "@typescript-eslint/scope-manager": "8.37.0",
+                "@typescript-eslint/type-utils": "8.37.0",
+                "@typescript-eslint/utils": "8.37.0",
+                "@typescript-eslint/visitor-keys": "8.37.0",
                 "graphemer": "^1.4.0",
                 "ignore": "^7.0.0",
                 "natural-compare": "^1.4.0",
@@ -5006,7 +5083,7 @@
                 "url": "https://opencollective.com/typescript-eslint"
             },
             "peerDependencies": {
-                "@typescript-eslint/parser": "^8.36.0",
+                "@typescript-eslint/parser": "^8.37.0",
                 "eslint": "^8.57.0 || ^9.0.0",
                 "typescript": ">=4.8.4 <5.9.0"
             }
@@ -5021,15 +5098,15 @@
             }
         },
         "node_modules/@typescript-eslint/parser": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.36.0.tgz",
-            "integrity": "sha512-FuYgkHwZLuPbZjQHzJXrtXreJdFMKl16BFYyRrLxDhWr6Qr7Kbcu2s1Yhu8tsiMXw1S0W1pjfFfYEt+R604s+Q==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/parser/-/parser-8.37.0.tgz",
+            "integrity": "sha512-kVIaQE9vrN9RLCQMQ3iyRlVJpTiDUY6woHGb30JDkfJErqrQEmtdWH3gV0PBAfGZgQXoqzXOO0T3K6ioApbbAA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/scope-manager": "8.36.0",
-                "@typescript-eslint/types": "8.36.0",
-                "@typescript-eslint/typescript-estree": "8.36.0",
-                "@typescript-eslint/visitor-keys": "8.36.0",
+                "@typescript-eslint/scope-manager": "8.37.0",
+                "@typescript-eslint/types": "8.37.0",
+                "@typescript-eslint/typescript-estree": "8.37.0",
+                "@typescript-eslint/visitor-keys": "8.37.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -5045,13 +5122,13 @@
             }
         },
         "node_modules/@typescript-eslint/project-service": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.36.0.tgz",
-            "integrity": "sha512-JAhQFIABkWccQYeLMrHadu/fhpzmSQ1F1KXkpzqiVxA/iYI6UnRt2trqXHt1sYEcw1mxLnB9rKMsOxXPxowN/g==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/project-service/-/project-service-8.37.0.tgz",
+            "integrity": "sha512-BIUXYsbkl5A1aJDdYJCBAo8rCEbAvdquQ8AnLb6z5Lp1u3x5PNgSSx9A/zqYc++Xnr/0DVpls8iQ2cJs/izTXA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/tsconfig-utils": "^8.36.0",
-                "@typescript-eslint/types": "^8.36.0",
+                "@typescript-eslint/tsconfig-utils": "^8.37.0",
+                "@typescript-eslint/types": "^8.37.0",
                 "debug": "^4.3.4"
             },
             "engines": {
@@ -5066,13 +5143,13 @@
             }
         },
         "node_modules/@typescript-eslint/scope-manager": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.36.0.tgz",
-            "integrity": "sha512-wCnapIKnDkN62fYtTGv2+RY8FlnBYA3tNm0fm91kc2BjPhV2vIjwwozJ7LToaLAyb1ca8BxrS7vT+Pvvf7RvqA==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/scope-manager/-/scope-manager-8.37.0.tgz",
+            "integrity": "sha512-0vGq0yiU1gbjKob2q691ybTg9JX6ShiVXAAfm2jGf3q0hdP6/BruaFjL/ManAR/lj05AvYCH+5bbVo0VtzmjOA==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.36.0",
-                "@typescript-eslint/visitor-keys": "8.36.0"
+                "@typescript-eslint/types": "8.37.0",
+                "@typescript-eslint/visitor-keys": "8.37.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5083,9 +5160,9 @@
             }
         },
         "node_modules/@typescript-eslint/tsconfig-utils": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.36.0.tgz",
-            "integrity": "sha512-Nhh3TIEgN18mNbdXpd5Q8mSCBnrZQeY9V7Ca3dqYvNDStNIGRmJA6dmrIPMJ0kow3C7gcQbpsG2rPzy1Ks/AnA==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/tsconfig-utils/-/tsconfig-utils-8.37.0.tgz",
+            "integrity": "sha512-1/YHvAVTimMM9mmlPvTec9NP4bobA1RkDbMydxG8omqwJJLEW/Iy2C4adsAESIXU3WGLXFHSZUU+C9EoFWl4Zg==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5099,13 +5176,14 @@
             }
         },
         "node_modules/@typescript-eslint/type-utils": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.36.0.tgz",
-            "integrity": "sha512-5aaGYG8cVDd6cxfk/ynpYzxBRZJk7w/ymto6uiyUFtdCozQIsQWh7M28/6r57Fwkbweng8qAzoMCPwSJfWlmsg==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/type-utils/-/type-utils-8.37.0.tgz",
+            "integrity": "sha512-SPkXWIkVZxhgwSwVq9rqj/4VFo7MnWwVaRNznfQDc/xPYHjXnPfLWn+4L6FF1cAz6e7dsqBeMawgl7QjUMj4Ow==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/typescript-estree": "8.36.0",
-                "@typescript-eslint/utils": "8.36.0",
+                "@typescript-eslint/types": "8.37.0",
+                "@typescript-eslint/typescript-estree": "8.37.0",
+                "@typescript-eslint/utils": "8.37.0",
                 "debug": "^4.3.4",
                 "ts-api-utils": "^2.1.0"
             },
@@ -5122,9 +5200,9 @@
             }
         },
         "node_modules/@typescript-eslint/types": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.36.0.tgz",
-            "integrity": "sha512-xGms6l5cTJKQPZOKM75Dl9yBfNdGeLRsIyufewnxT4vZTrjC0ImQT4fj8QmtJK84F58uSh5HVBSANwcfiXxABQ==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/types/-/types-8.37.0.tgz",
+            "integrity": "sha512-ax0nv7PUF9NOVPs+lmQ7yIE7IQmAf8LGcXbMvHX5Gm+YJUYNAl340XkGnrimxZ0elXyoQJuN5sbg6C4evKA4SQ==",
             "license": "MIT",
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5135,15 +5213,15 @@
             }
         },
         "node_modules/@typescript-eslint/typescript-estree": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.36.0.tgz",
-            "integrity": "sha512-JaS8bDVrfVJX4av0jLpe4ye0BpAaUW7+tnS4Y4ETa3q7NoZgzYbN9zDQTJ8kPb5fQ4n0hliAt9tA4Pfs2zA2Hg==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/typescript-estree/-/typescript-estree-8.37.0.tgz",
+            "integrity": "sha512-zuWDMDuzMRbQOM+bHyU4/slw27bAUEcKSKKs3hcv2aNnc/tvE/h7w60dwVw8vnal2Pub6RT1T7BI8tFZ1fE+yg==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/project-service": "8.36.0",
-                "@typescript-eslint/tsconfig-utils": "8.36.0",
-                "@typescript-eslint/types": "8.36.0",
-                "@typescript-eslint/visitor-keys": "8.36.0",
+                "@typescript-eslint/project-service": "8.37.0",
+                "@typescript-eslint/tsconfig-utils": "8.37.0",
+                "@typescript-eslint/types": "8.37.0",
+                "@typescript-eslint/visitor-keys": "8.37.0",
                 "debug": "^4.3.4",
                 "fast-glob": "^3.3.2",
                 "is-glob": "^4.0.3",
@@ -5215,15 +5293,15 @@
             }
         },
         "node_modules/@typescript-eslint/utils": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.36.0.tgz",
-            "integrity": "sha512-VOqmHu42aEMT+P2qYjylw6zP/3E/HvptRwdn/PZxyV27KhZg2IOszXod4NcXisWzPAGSS4trE/g4moNj6XmH2g==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/utils/-/utils-8.37.0.tgz",
+            "integrity": "sha512-TSFvkIW6gGjN2p6zbXo20FzCABbyUAuq6tBvNRGsKdsSQ6a7rnV6ADfZ7f4iI3lIiXc4F4WWvtUfDw9CJ9pO5A==",
             "license": "MIT",
             "dependencies": {
                 "@eslint-community/eslint-utils": "^4.7.0",
-                "@typescript-eslint/scope-manager": "8.36.0",
-                "@typescript-eslint/types": "8.36.0",
-                "@typescript-eslint/typescript-estree": "8.36.0"
+                "@typescript-eslint/scope-manager": "8.37.0",
+                "@typescript-eslint/types": "8.37.0",
+                "@typescript-eslint/typescript-estree": "8.37.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -5238,12 +5316,12 @@
             }
         },
         "node_modules/@typescript-eslint/visitor-keys": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.36.0.tgz",
-            "integrity": "sha512-vZrhV2lRPWDuGoxcmrzRZyxAggPL+qp3WzUrlZD+slFueDiYHxeBa34dUXPuC0RmGKzl4lS5kFJYvKCq9cnNDA==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/@typescript-eslint/visitor-keys/-/visitor-keys-8.37.0.tgz",
+            "integrity": "sha512-YzfhzcTnZVPiLfP/oeKtDp2evwvHLMe0LOy7oe+hb9KKIumLNohYS9Hgp1ifwpu42YWxhZE8yieggz6JpqO/1w==",
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/types": "8.36.0",
+                "@typescript-eslint/types": "8.37.0",
                 "eslint-visitor-keys": "^4.2.1"
             },
             "engines": {
@@ -5255,9 +5333,9 @@
             }
         },
         "node_modules/@unrs/resolver-binding-android-arm-eabi": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-android-arm-eabi/-/resolver-binding-android-arm-eabi-1.9.2.tgz",
-            "integrity": "sha512-tS+lqTU3N0kkthU+rYp0spAYq15DU8ld9kXkaKg9sbQqJNF+WPMuNHZQGCgdxrUOEO0j22RKMwRVhF1HTl+X8A==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-android-arm-eabi/-/resolver-binding-android-arm-eabi-1.11.1.tgz",
+            "integrity": "sha512-ppLRUgHVaGRWUx0R0Ut06Mjo9gBaBkg3v/8AxusGLhsIotbBLuRk51rAzqLC8gq6NyyAojEXglNjzf6R948DNw==",
             "cpu": [
                 "arm"
             ],
@@ -5268,9 +5346,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-android-arm64": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-android-arm64/-/resolver-binding-android-arm64-1.9.2.tgz",
-            "integrity": "sha512-MffGiZULa/KmkNjHeuuflLVqfhqLv1vZLm8lWIyeADvlElJ/GLSOkoUX+5jf4/EGtfwrNFcEaB8BRas03KT0/Q==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-android-arm64/-/resolver-binding-android-arm64-1.11.1.tgz",
+            "integrity": "sha512-lCxkVtb4wp1v+EoN+HjIG9cIIzPkX5OtM03pQYkG+U5O/wL53LC4QbIeazgiKqluGeVEeBlZahHalCaBvU1a2g==",
             "cpu": [
                 "arm64"
             ],
@@ -5281,9 +5359,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-darwin-arm64": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-arm64/-/resolver-binding-darwin-arm64-1.9.2.tgz",
-            "integrity": "sha512-dzJYK5rohS1sYl1DHdJ3mwfwClJj5BClQnQSyAgEfggbUwA9RlROQSSbKBLqrGfsiC/VyrDPtbO8hh56fnkbsQ==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-arm64/-/resolver-binding-darwin-arm64-1.11.1.tgz",
+            "integrity": "sha512-gPVA1UjRu1Y/IsB/dQEsp2V1pm44Of6+LWvbLc9SDk1c2KhhDRDBUkQCYVWe6f26uJb3fOK8saWMgtX8IrMk3g==",
             "cpu": [
                 "arm64"
             ],
@@ -5294,9 +5372,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-darwin-x64": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-x64/-/resolver-binding-darwin-x64-1.9.2.tgz",
-            "integrity": "sha512-gaIMWK+CWtXcg9gUyznkdV54LzQ90S3X3dn8zlh+QR5Xy7Y+Efqw4Rs4im61K1juy4YNb67vmJsCDAGOnIeffQ==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-darwin-x64/-/resolver-binding-darwin-x64-1.11.1.tgz",
+            "integrity": "sha512-cFzP7rWKd3lZaCsDze07QX1SC24lO8mPty9vdP+YVa3MGdVgPmFc59317b2ioXtgCMKGiCLxJ4HQs62oz6GfRQ==",
             "cpu": [
                 "x64"
             ],
@@ -5307,9 +5385,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-freebsd-x64": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-freebsd-x64/-/resolver-binding-freebsd-x64-1.9.2.tgz",
-            "integrity": "sha512-S7QpkMbVoVJb0xwHFwujnwCAEDe/596xqY603rpi/ioTn9VDgBHnCCxh+UFrr5yxuMH+dliHfjwCZJXOPJGPnw==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-freebsd-x64/-/resolver-binding-freebsd-x64-1.11.1.tgz",
+            "integrity": "sha512-fqtGgak3zX4DCB6PFpsH5+Kmt/8CIi4Bry4rb1ho6Av2QHTREM+47y282Uqiu3ZRF5IQioJQ5qWRV6jduA+iGw==",
             "cpu": [
                 "x64"
             ],
@@ -5320,9 +5398,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-arm-gnueabihf": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-gnueabihf/-/resolver-binding-linux-arm-gnueabihf-1.9.2.tgz",
-            "integrity": "sha512-+XPUMCuCCI80I46nCDFbGum0ZODP5NWGiwS3Pj8fOgsG5/ctz+/zzuBlq/WmGa+EjWZdue6CF0aWWNv84sE1uw==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-gnueabihf/-/resolver-binding-linux-arm-gnueabihf-1.11.1.tgz",
+            "integrity": "sha512-u92mvlcYtp9MRKmP+ZvMmtPN34+/3lMHlyMj7wXJDeXxuM0Vgzz0+PPJNsro1m3IZPYChIkn944wW8TYgGKFHw==",
             "cpu": [
                 "arm"
             ],
@@ -5333,9 +5411,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-arm-musleabihf": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-musleabihf/-/resolver-binding-linux-arm-musleabihf-1.9.2.tgz",
-            "integrity": "sha512-sqvUyAd1JUpwbz33Ce2tuTLJKM+ucSsYpPGl2vuFwZnEIg0CmdxiZ01MHQ3j6ExuRqEDUCy8yvkDKvjYFPb8Zg==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm-musleabihf/-/resolver-binding-linux-arm-musleabihf-1.11.1.tgz",
+            "integrity": "sha512-cINaoY2z7LVCrfHkIcmvj7osTOtm6VVT16b5oQdS4beibX2SYBwgYLmqhBjA1t51CarSaBuX5YNsWLjsqfW5Cw==",
             "cpu": [
                 "arm"
             ],
@@ -5346,9 +5424,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-arm64-gnu": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-gnu/-/resolver-binding-linux-arm64-gnu-1.9.2.tgz",
-            "integrity": "sha512-UYA0MA8ajkEDCFRQdng/FVx3F6szBvk3EPnkTTQuuO9lV1kPGuTB+V9TmbDxy5ikaEgyWKxa4CI3ySjklZ9lFA==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-gnu/-/resolver-binding-linux-arm64-gnu-1.11.1.tgz",
+            "integrity": "sha512-34gw7PjDGB9JgePJEmhEqBhWvCiiWCuXsL9hYphDF7crW7UgI05gyBAi6MF58uGcMOiOqSJ2ybEeCvHcq0BCmQ==",
             "cpu": [
                 "arm64"
             ],
@@ -5359,9 +5437,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-arm64-musl": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-musl/-/resolver-binding-linux-arm64-musl-1.9.2.tgz",
-            "integrity": "sha512-P/CO3ODU9YJIHFqAkHbquKtFst0COxdphc8TKGL5yCX75GOiVpGqd1d15ahpqu8xXVsqP4MGFP2C3LRZnnL5MA==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-arm64-musl/-/resolver-binding-linux-arm64-musl-1.11.1.tgz",
+            "integrity": "sha512-RyMIx6Uf53hhOtJDIamSbTskA99sPHS96wxVE/bJtePJJtpdKGXO1wY90oRdXuYOGOTuqjT8ACccMc4K6QmT3w==",
             "cpu": [
                 "arm64"
             ],
@@ -5372,9 +5450,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-ppc64-gnu": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-ppc64-gnu/-/resolver-binding-linux-ppc64-gnu-1.9.2.tgz",
-            "integrity": "sha512-uKStFlOELBxBum2s1hODPtgJhY4NxYJE9pAeyBgNEzHgTqTiVBPjfTlPFJkfxyTjQEuxZbbJlJnMCrRgD7ubzw==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-ppc64-gnu/-/resolver-binding-linux-ppc64-gnu-1.11.1.tgz",
+            "integrity": "sha512-D8Vae74A4/a+mZH0FbOkFJL9DSK2R6TFPC9M+jCWYia/q2einCubX10pecpDiTmkJVUH+y8K3BZClycD8nCShA==",
             "cpu": [
                 "ppc64"
             ],
@@ -5385,9 +5463,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-riscv64-gnu": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-riscv64-gnu/-/resolver-binding-linux-riscv64-gnu-1.9.2.tgz",
-            "integrity": "sha512-LkbNnZlhINfY9gK30AHs26IIVEZ9PEl9qOScYdmY2o81imJYI4IMnJiW0vJVtXaDHvBvxeAgEy5CflwJFIl3tQ==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-riscv64-gnu/-/resolver-binding-linux-riscv64-gnu-1.11.1.tgz",
+            "integrity": "sha512-frxL4OrzOWVVsOc96+V3aqTIQl1O2TjgExV4EKgRY09AJ9leZpEg8Ak9phadbuX0BA4k8U5qtvMSQQGGmaJqcQ==",
             "cpu": [
                 "riscv64"
             ],
@@ -5398,9 +5476,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-riscv64-musl": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-riscv64-musl/-/resolver-binding-linux-riscv64-musl-1.9.2.tgz",
-            "integrity": "sha512-vI+e6FzLyZHSLFNomPi+nT+qUWN4YSj8pFtQZSFTtmgFoxqB6NyjxSjAxEC1m93qn6hUXhIsh8WMp+fGgxCoRg==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-riscv64-musl/-/resolver-binding-linux-riscv64-musl-1.11.1.tgz",
+            "integrity": "sha512-mJ5vuDaIZ+l/acv01sHoXfpnyrNKOk/3aDoEdLO/Xtn9HuZlDD6jKxHlkN8ZhWyLJsRBxfv9GYM2utQ1SChKew==",
             "cpu": [
                 "riscv64"
             ],
@@ -5411,9 +5489,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-s390x-gnu": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-s390x-gnu/-/resolver-binding-linux-s390x-gnu-1.9.2.tgz",
-            "integrity": "sha512-sSO4AlAYhSM2RAzBsRpahcJB1msc6uYLAtP6pesPbZtptF8OU/CbCPhSRW6cnYOGuVmEmWVW5xVboAqCnWTeHQ==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-s390x-gnu/-/resolver-binding-linux-s390x-gnu-1.11.1.tgz",
+            "integrity": "sha512-kELo8ebBVtb9sA7rMe1Cph4QHreByhaZ2QEADd9NzIQsYNQpt9UkM9iqr2lhGr5afh885d/cB5QeTXSbZHTYPg==",
             "cpu": [
                 "s390x"
             ],
@@ -5424,9 +5502,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-x64-gnu": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-gnu/-/resolver-binding-linux-x64-gnu-1.9.2.tgz",
-            "integrity": "sha512-jkSkwch0uPFva20Mdu8orbQjv2A3G88NExTN2oPTI1AJ+7mZfYW3cDCTyoH6OnctBKbBVeJCEqh0U02lTkqD5w==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-gnu/-/resolver-binding-linux-x64-gnu-1.11.1.tgz",
+            "integrity": "sha512-C3ZAHugKgovV5YvAMsxhq0gtXuwESUKc5MhEtjBpLoHPLYM+iuwSj3lflFwK3DPm68660rZ7G8BMcwSro7hD5w==",
             "cpu": [
                 "x64"
             ],
@@ -5437,9 +5515,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-linux-x64-musl": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-musl/-/resolver-binding-linux-x64-musl-1.9.2.tgz",
-            "integrity": "sha512-Uk64NoiTpQbkpl+bXsbeyOPRpUoMdcUqa+hDC1KhMW7aN1lfW8PBlBH4mJ3n3Y47dYE8qi0XTxy1mBACruYBaw==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-linux-x64-musl/-/resolver-binding-linux-x64-musl-1.11.1.tgz",
+            "integrity": "sha512-rV0YSoyhK2nZ4vEswT/QwqzqQXw5I6CjoaYMOX0TqBlWhojUf8P94mvI7nuJTeaCkkds3QE4+zS8Ko+GdXuZtA==",
             "cpu": [
                 "x64"
             ],
@@ -5450,9 +5528,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-wasm32-wasi": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-wasm32-wasi/-/resolver-binding-wasm32-wasi-1.9.2.tgz",
-            "integrity": "sha512-EpBGwkcjDicjR/ybC0g8wO5adPNdVuMrNalVgYcWi+gYtC1XYNuxe3rufcO7dA76OHGeVabcO6cSkPJKVcbCXQ==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-wasm32-wasi/-/resolver-binding-wasm32-wasi-1.11.1.tgz",
+            "integrity": "sha512-5u4RkfxJm+Ng7IWgkzi3qrFOvLvQYnPBmjmZQ8+szTK/b31fQCnleNl1GgEt7nIsZRIf5PLhPwT0WM+q45x/UQ==",
             "cpu": [
                 "wasm32"
             ],
@@ -5466,9 +5544,9 @@
             }
         },
         "node_modules/@unrs/resolver-binding-win32-arm64-msvc": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-arm64-msvc/-/resolver-binding-win32-arm64-msvc-1.9.2.tgz",
-            "integrity": "sha512-EdFbGn7o1SxGmN6aZw9wAkehZJetFPao0VGZ9OMBwKx6TkvDuj6cNeLimF/Psi6ts9lMOe+Dt6z19fZQ9Ye2fw==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-arm64-msvc/-/resolver-binding-win32-arm64-msvc-1.11.1.tgz",
+            "integrity": "sha512-nRcz5Il4ln0kMhfL8S3hLkxI85BXs3o8EYoattsJNdsX4YUU89iOkVn7g0VHSRxFuVMdM4Q1jEpIId1Ihim/Uw==",
             "cpu": [
                 "arm64"
             ],
@@ -5479,9 +5557,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-win32-ia32-msvc": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-ia32-msvc/-/resolver-binding-win32-ia32-msvc-1.9.2.tgz",
-            "integrity": "sha512-JY9hi1p7AG+5c/dMU8o2kWemM8I6VZxfGwn1GCtf3c5i+IKcMo2NQ8OjZ4Z3/itvY/Si3K10jOBQn7qsD/whUA==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-ia32-msvc/-/resolver-binding-win32-ia32-msvc-1.11.1.tgz",
+            "integrity": "sha512-DCEI6t5i1NmAZp6pFonpD5m7i6aFrpofcp4LA2i8IIq60Jyo28hamKBxNrZcyOwVOZkgsRp9O2sXWBWP8MnvIQ==",
             "cpu": [
                 "ia32"
             ],
@@ -5492,9 +5570,9 @@
             ]
         },
         "node_modules/@unrs/resolver-binding-win32-x64-msvc": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-x64-msvc/-/resolver-binding-win32-x64-msvc-1.9.2.tgz",
-            "integrity": "sha512-ryoo+EB19lMxAd80ln9BVf8pdOAxLb97amrQ3SFN9OCRn/5M5wvwDgAe4i8ZjhpbiHoDeP8yavcTEnpKBo7lZg==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/@unrs/resolver-binding-win32-x64-msvc/-/resolver-binding-win32-x64-msvc-1.11.1.tgz",
+            "integrity": "sha512-lrW200hZdbfRtztbygyaq/6jP6AKE8qQN2KvPcJ+x7wiD038YtnYtZ82IMNJ69GJibV7bwL3y9FgK+5w/pYt6g==",
             "cpu": [
                 "x64"
             ],
@@ -6166,9 +6244,9 @@
             }
         },
         "node_modules/caniuse-lite": {
-            "version": "1.0.30001726",
-            "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001726.tgz",
-            "integrity": "sha512-VQAUIUzBiZ/UnlM28fSp2CRF3ivUn1BWEvxMcVTNwpw91Py1pGbPIyIKtd+tzct9C3ouceCVdGAXxZOpZAsgdw==",
+            "version": "1.0.30001727",
+            "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001727.tgz",
+            "integrity": "sha512-pB68nIHmbN6L/4C6MH1DokyR3bYqFwjaSs/sWDHGj4CTcFtQUQMuJftVwWkXq7mNWOybD3KhUv3oWHoGxgP14Q==",
             "funding": [
                 {
                     "type": "opencollective",
@@ -6231,7 +6309,6 @@
             "version": "3.0.0",
             "resolved": "https://registry.npmjs.org/chownr/-/chownr-3.0.0.tgz",
             "integrity": "sha512-+IxzY9BZOQd/XuYPRmrvEVjF/nqj5kgT4kEq7VofrDoM1MxoRjEWkrCC3EtLi59TVawxTAn+orJwFQcrqEN1+g==",
-            "dev": true,
             "license": "BlueOak-1.0.0",
             "engines": {
                 "node": ">=18"
@@ -6378,6 +6455,15 @@
                 "node": ">=6"
             }
         },
+        "node_modules/cluster-key-slot": {
+            "version": "1.1.2",
+            "resolved": "https://registry.npmjs.org/cluster-key-slot/-/cluster-key-slot-1.1.2.tgz",
+            "integrity": "sha512-RMr0FhtfXemyinomL4hrWcYJxmX6deFdCxpJzhDttxgO1+bcCnkk+9drydLVDmAMG7NE6aN/fl4F7ucU/90gAA==",
+            "license": "Apache-2.0",
+            "engines": {
+                "node": ">=0.10.0"
+            }
+        },
         "node_modules/cmdk": {
             "version": "1.1.1",
             "resolved": "https://registry.npmjs.org/cmdk/-/cmdk-1.1.1.tgz",
@@ -6861,6 +6947,15 @@
                 "node": ">=0.4.0"
             }
         },
+        "node_modules/denque": {
+            "version": "2.1.0",
+            "resolved": "https://registry.npmjs.org/denque/-/denque-2.1.0.tgz",
+            "integrity": "sha512-HVQE3AAb/pxF8fQAoiqpvg9i3evqug3hoiwakOyZAwJm+6vZehbkYXZ0l4JxS+I3QxM97v5aaRNhj8v5oBhekw==",
+            "license": "Apache-2.0",
+            "engines": {
+                "node": ">=0.10"
+            }
+        },
         "node_modules/depd": {
             "version": "2.0.0",
             "resolved": "https://registry.npmjs.org/depd/-/depd-2.0.0.tgz",
@@ -8740,7 +8835,6 @@
             "version": "4.2.11",
             "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.11.tgz",
             "integrity": "sha512-RbJ5/jmFcNNCcDV5o9eTnBLJ/HszWV0P73bc+Ff4nS/rJj+YaS6IGyiOL0VoBYX+l1Wrl3k63h/KrH+nhJ0XvQ==",
-            "dev": true,
             "license": "ISC"
         },
         "node_modules/graphemer": {
@@ -9028,6 +9122,30 @@
                 "tslib": "^2.8.0"
             }
         },
+        "node_modules/ioredis": {
+            "version": "5.6.1",
+            "resolved": "https://registry.npmjs.org/ioredis/-/ioredis-5.6.1.tgz",
+            "integrity": "sha512-UxC0Yv1Y4WRJiGQxQkP0hfdL0/5/6YvdfOOClRgJ0qppSarkhneSa6UvkMkms0AkdGimSH3Ikqm+6mkMmX7vGA==",
+            "license": "MIT",
+            "dependencies": {
+                "@ioredis/commands": "^1.1.1",
+                "cluster-key-slot": "^1.1.0",
+                "debug": "^4.3.4",
+                "denque": "^2.1.0",
+                "lodash.defaults": "^4.2.0",
+                "lodash.isarguments": "^3.1.0",
+                "redis-errors": "^1.2.0",
+                "redis-parser": "^3.0.0",
+                "standard-as-callback": "^2.1.0"
+            },
+            "engines": {
+                "node": ">=12.22.0"
+            },
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/ioredis"
+            }
+        },
         "node_modules/ipaddr.js": {
             "version": "1.9.1",
             "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.1.tgz",
@@ -9488,7 +9606,6 @@
             "version": "3.1.1",
             "resolved": "https://registry.npmjs.org/isexe/-/isexe-3.1.1.tgz",
             "integrity": "sha512-LpB/54B+/2J5hqQ7imZHfdU31OlgQqx7ZicVlkm9kzg9/w8GKLEcFfJl/t7DCEDueOyBAD6zCCwTO6Fzs0NoEQ==",
-            "dev": true,
             "license": "ISC",
             "engines": {
                 "node": ">=16"
@@ -9995,12 +10112,24 @@
                 "url": "https://github.com/sponsors/sindresorhus"
             }
         },
+        "node_modules/lodash.defaults": {
+            "version": "4.2.0",
+            "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz",
+            "integrity": "sha512-qjxPLHd3r5DnsdGacqOMU6pb/avJzdh9tFX2ymgoZE27BmjXrNy/y4LoaiTeAb+O3gL8AfpJGtqfX/ae2leYYQ==",
+            "license": "MIT"
+        },
         "node_modules/lodash.includes": {
             "version": "4.3.0",
             "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
             "integrity": "sha512-W3Bx6mdkRTGtlJISOvVD/lbqjTlPPUDTMnlXZFnVwi9NKJ6tiAk6LVdlhZMm17VZisqhKcgzpO5Wz91PCt5b0w==",
             "license": "MIT"
         },
+        "node_modules/lodash.isarguments": {
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/lodash.isarguments/-/lodash.isarguments-3.1.0.tgz",
+            "integrity": "sha512-chi4NHZlZqZD18a0imDHnZPrDeBbTtVN7GXMwuGdRH9qotxAjYs3aVLKc7zNOG9eddR5Ksd8rvFEBc9SsggPpg==",
+            "license": "MIT"
+        },
         "node_modules/lodash.isboolean": {
             "version": "3.0.3",
             "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
@@ -10352,7 +10481,6 @@
             "version": "3.0.2",
             "resolved": "https://registry.npmjs.org/minizlib/-/minizlib-3.0.2.tgz",
             "integrity": "sha512-oG62iEk+CYt5Xj2YqI5Xi9xWUeZhDI8jjQmC5oThVH5JGCTgIjr7ciJDzC7MBzYd//WvR1OTmP5Q38Q8ShQtVA==",
-            "dev": true,
             "license": "MIT",
             "dependencies": {
                 "minipass": "^7.1.2"
@@ -10365,7 +10493,6 @@
             "version": "3.0.1",
             "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-3.0.1.tgz",
             "integrity": "sha512-+NsyUUAZDmo6YVHzL/stxSu3t9YS1iljliy3BSDrXJ/dkn1KYdmtZODGGjLcc9XLgVVpH4KshHB8XmZgMhaBXg==",
-            "dev": true,
             "license": "MIT",
             "bin": {
                 "mkdirp": "dist/cjs/src/bin.js"
@@ -10437,9 +10564,9 @@
             "license": "MIT"
         },
         "node_modules/napi-postinstall": {
-            "version": "0.2.5",
-            "resolved": "https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.2.5.tgz",
-            "integrity": "sha512-kmsgUvCRIJohHjbZ3V8avP0I1Pekw329MVAMDzVxsrkjgdnqiwvMX5XwR+hWV66vsAtZ+iM+fVnq8RTQawUmCQ==",
+            "version": "0.3.0",
+            "resolved": "https://registry.npmjs.org/napi-postinstall/-/napi-postinstall-0.3.0.tgz",
+            "integrity": "sha512-M7NqKyhODKV1gRLdkwE7pDsZP2/SC2a2vHkOYh9MCpKMbWVfyVfUw5MaH83Fv6XMjxr5jryUp3IDDL9rlxsTeA==",
             "license": "MIT",
             "bin": {
                 "napi-postinstall": "lib/cli.js"
@@ -14027,9 +14154,9 @@
             "license": "ISC"
         },
         "node_modules/picomatch": {
-            "version": "4.0.2",
-            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.2.tgz",
-            "integrity": "sha512-M7BAV6Rlcy5u+m6oPhAPFgJTzAioX/6B0DxyvDlo9l8+T3nLKbrczg2WLUyzd45L8RqfUMyGPzekbMvX2Ldkwg==",
+            "version": "4.0.3",
+            "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-4.0.3.tgz",
+            "integrity": "sha512-5gTmgEY/sqK6gFXLIsQNH19lWb4ebPDLA4SdLP7dsWkIXHWlG66oPuVvXSGFPppYZz8ZDZq0dYYrbHfBCVUb1Q==",
             "license": "MIT",
             "engines": {
                 "node": ">=12"
@@ -14343,6 +14470,18 @@
                 "node": ">= 0.6"
             }
         },
+        "node_modules/rate-limit-redis": {
+            "version": "4.2.1",
+            "resolved": "https://registry.npmjs.org/rate-limit-redis/-/rate-limit-redis-4.2.1.tgz",
+            "integrity": "sha512-JsUsVmRVI6G/XrlYtfGV1NMCbGS/CVYayHkxD5Ism5FaL8qpFHCXbFkUeIi5WJ/onJOKWCgtB/xtCLa6qSXb4g==",
+            "license": "MIT",
+            "engines": {
+                "node": ">= 16"
+            },
+            "peerDependencies": {
+                "express-rate-limit": ">= 6"
+            }
+        },
         "node_modules/raw-body": {
             "version": "2.5.2",
             "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.5.2.tgz",
@@ -14689,6 +14828,27 @@
                 "node": ">=0.8.8"
             }
         },
+        "node_modules/redis-errors": {
+            "version": "1.2.0",
+            "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz",
+            "integrity": "sha512-1qny3OExCf0UvUV/5wpYKf2YwPcOqXzkwKKSmKHiE6ZMQs5heeE/c8eXK+PNllPvmjgAbfnsbpkGZWy8cBpn9w==",
+            "license": "MIT",
+            "engines": {
+                "node": ">=4"
+            }
+        },
+        "node_modules/redis-parser": {
+            "version": "3.0.0",
+            "resolved": "https://registry.npmjs.org/redis-parser/-/redis-parser-3.0.0.tgz",
+            "integrity": "sha512-DJnGAeenTdpMEH6uAJRK/uiyEIH9WVsUmoLwzudwGJUwZPp80PDBWPHXSAGNPwNvIXAbe7MSUB1zQFugFml66A==",
+            "license": "MIT",
+            "dependencies": {
+                "redis-errors": "^1.0.0"
+            },
+            "engines": {
+                "node": ">=4"
+            }
+        },
         "node_modules/reflect.getprototypeof": {
             "version": "1.0.10",
             "resolved": "https://registry.npmjs.org/reflect.getprototypeof/-/reflect.getprototypeof-1.0.10.tgz",
@@ -15081,9 +15241,9 @@
             "license": "ISC"
         },
         "node_modules/sharp": {
-            "version": "0.34.2",
-            "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.2.tgz",
-            "integrity": "sha512-lszvBmB9QURERtyKT2bNmsgxXK0ShJrL/fvqlonCo7e6xBF8nT8xU6pW+PMIbLsz0RxQk3rgH9kd8UmvOzlMJg==",
+            "version": "0.34.3",
+            "resolved": "https://registry.npmjs.org/sharp/-/sharp-0.34.3.tgz",
+            "integrity": "sha512-eX2IQ6nFohW4DbvHIOLRB3MHFpYqaqvXd3Tp5e/T/dSH83fxaNJQRvDMhASmkNTsNTVF2/OOopzRCt7xokgPfg==",
             "hasInstallScript": true,
             "license": "Apache-2.0",
             "optional": true,
@@ -15099,27 +15259,28 @@
                 "url": "https://opencollective.com/libvips"
             },
             "optionalDependencies": {
-                "@img/sharp-darwin-arm64": "0.34.2",
-                "@img/sharp-darwin-x64": "0.34.2",
-                "@img/sharp-libvips-darwin-arm64": "1.1.0",
-                "@img/sharp-libvips-darwin-x64": "1.1.0",
-                "@img/sharp-libvips-linux-arm": "1.1.0",
-                "@img/sharp-libvips-linux-arm64": "1.1.0",
-                "@img/sharp-libvips-linux-ppc64": "1.1.0",
-                "@img/sharp-libvips-linux-s390x": "1.1.0",
-                "@img/sharp-libvips-linux-x64": "1.1.0",
-                "@img/sharp-libvips-linuxmusl-arm64": "1.1.0",
-                "@img/sharp-libvips-linuxmusl-x64": "1.1.0",
-                "@img/sharp-linux-arm": "0.34.2",
-                "@img/sharp-linux-arm64": "0.34.2",
-                "@img/sharp-linux-s390x": "0.34.2",
-                "@img/sharp-linux-x64": "0.34.2",
-                "@img/sharp-linuxmusl-arm64": "0.34.2",
-                "@img/sharp-linuxmusl-x64": "0.34.2",
-                "@img/sharp-wasm32": "0.34.2",
-                "@img/sharp-win32-arm64": "0.34.2",
-                "@img/sharp-win32-ia32": "0.34.2",
-                "@img/sharp-win32-x64": "0.34.2"
+                "@img/sharp-darwin-arm64": "0.34.3",
+                "@img/sharp-darwin-x64": "0.34.3",
+                "@img/sharp-libvips-darwin-arm64": "1.2.0",
+                "@img/sharp-libvips-darwin-x64": "1.2.0",
+                "@img/sharp-libvips-linux-arm": "1.2.0",
+                "@img/sharp-libvips-linux-arm64": "1.2.0",
+                "@img/sharp-libvips-linux-ppc64": "1.2.0",
+                "@img/sharp-libvips-linux-s390x": "1.2.0",
+                "@img/sharp-libvips-linux-x64": "1.2.0",
+                "@img/sharp-libvips-linuxmusl-arm64": "1.2.0",
+                "@img/sharp-libvips-linuxmusl-x64": "1.2.0",
+                "@img/sharp-linux-arm": "0.34.3",
+                "@img/sharp-linux-arm64": "0.34.3",
+                "@img/sharp-linux-ppc64": "0.34.3",
+                "@img/sharp-linux-s390x": "0.34.3",
+                "@img/sharp-linux-x64": "0.34.3",
+                "@img/sharp-linuxmusl-arm64": "0.34.3",
+                "@img/sharp-linuxmusl-x64": "0.34.3",
+                "@img/sharp-wasm32": "0.34.3",
+                "@img/sharp-win32-arm64": "0.34.3",
+                "@img/sharp-win32-ia32": "0.34.3",
+                "@img/sharp-win32-x64": "0.34.3"
             }
         },
         "node_modules/shebang-command": {
@@ -15467,6 +15628,12 @@
                 "node": "*"
             }
         },
+        "node_modules/standard-as-callback": {
+            "version": "2.1.0",
+            "resolved": "https://registry.npmjs.org/standard-as-callback/-/standard-as-callback-2.1.0.tgz",
+            "integrity": "sha512-qoRRSyROncaz1z0mvYqIE4lCd9p2R90i6GxW3uZv5ucSu8tU7B5HXUP1gG8pVZsYNVaXjk8ClXHPttLyxAL48A==",
+            "license": "MIT"
+        },
         "node_modules/statuses": {
             "version": "2.0.1",
             "resolved": "https://registry.npmjs.org/statuses/-/statuses-2.0.1.tgz",
@@ -15801,9 +15968,9 @@
             }
         },
         "node_modules/swagger-ui-dist": {
-            "version": "5.25.3",
-            "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.25.3.tgz",
-            "integrity": "sha512-mqWJAhfl8mhVKJezwszUqRJAlrvKG/22am5xRUWzr7ya0MFaFBAAd7Nm+tD4BdKnVx7KRWkWYJMYRkFm5a8iTg==",
+            "version": "5.26.2",
+            "resolved": "https://registry.npmjs.org/swagger-ui-dist/-/swagger-ui-dist-5.26.2.tgz",
+            "integrity": "sha512-WmMS9iMlHQejNm/Uw5ZTo4e3M2QMmEavRz7WLWVsq7Mlx4PSHJbY+VCrLsAz9wLxyHVgrJdt7N8+SdQLa52Ykg==",
             "license": "Apache-2.0",
             "dependencies": {
                 "@scarf/scarf": "=1.4.0"
@@ -15854,7 +16021,6 @@
             "version": "7.4.3",
             "resolved": "https://registry.npmjs.org/tar/-/tar-7.4.3.tgz",
             "integrity": "sha512-5S7Va8hKfV7W5U6g3aYxXmlPoZVAwUMy9AOKyF2fVuZa2UD3qZjg578OrLRt8PcNN1PleVaL/5/yYATNL0ICUw==",
-            "dev": true,
             "license": "ISC",
             "dependencies": {
                 "@isaacs/fs-minipass": "^4.0.0",
@@ -16256,15 +16422,16 @@
             }
         },
         "node_modules/typescript-eslint": {
-            "version": "8.36.0",
-            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.36.0.tgz",
-            "integrity": "sha512-fTCqxthY+h9QbEgSIBfL9iV6CvKDFuoxg6bHPNpJ9HIUzS+jy2lCEyCmGyZRWEBSaykqcDPf1SJ+BfCI8DRopA==",
+            "version": "8.37.0",
+            "resolved": "https://registry.npmjs.org/typescript-eslint/-/typescript-eslint-8.37.0.tgz",
+            "integrity": "sha512-TnbEjzkE9EmcO0Q2zM+GE8NQLItNAJpMmED1BdgoBMYNdqMhzlbqfdSwiRlAzEK2pA9UzVW0gzaaIzXWg2BjfA==",
             "dev": true,
             "license": "MIT",
             "dependencies": {
-                "@typescript-eslint/eslint-plugin": "8.36.0",
-                "@typescript-eslint/parser": "8.36.0",
-                "@typescript-eslint/utils": "8.36.0"
+                "@typescript-eslint/eslint-plugin": "8.37.0",
+                "@typescript-eslint/parser": "8.37.0",
+                "@typescript-eslint/typescript-estree": "8.37.0",
+                "@typescript-eslint/utils": "8.37.0"
             },
             "engines": {
                 "node": "^18.18.0 || ^20.9.0 || >=21.1.0"
@@ -16313,37 +16480,37 @@
             }
         },
         "node_modules/unrs-resolver": {
-            "version": "1.9.2",
-            "resolved": "https://registry.npmjs.org/unrs-resolver/-/unrs-resolver-1.9.2.tgz",
-            "integrity": "sha512-VUyWiTNQD7itdiMuJy+EuLEErLj3uwX/EpHQF8EOf33Dq3Ju6VW1GXm+swk6+1h7a49uv9fKZ+dft9jU7esdLA==",
+            "version": "1.11.1",
+            "resolved": "https://registry.npmjs.org/unrs-resolver/-/unrs-resolver-1.11.1.tgz",
+            "integrity": "sha512-bSjt9pjaEBnNiGgc9rUiHGKv5l4/TGzDmYw3RhnkJGtLhbnnA/5qJj7x3dNDCRx/PJxu774LlH8lCOlB4hEfKg==",
             "hasInstallScript": true,
             "license": "MIT",
             "dependencies": {
-                "napi-postinstall": "^0.2.4"
+                "napi-postinstall": "^0.3.0"
             },
             "funding": {
                 "url": "https://opencollective.com/unrs-resolver"
             },
             "optionalDependencies": {
-                "@unrs/resolver-binding-android-arm-eabi": "1.9.2",
-                "@unrs/resolver-binding-android-arm64": "1.9.2",
-                "@unrs/resolver-binding-darwin-arm64": "1.9.2",
-                "@unrs/resolver-binding-darwin-x64": "1.9.2",
-                "@unrs/resolver-binding-freebsd-x64": "1.9.2",
-                "@unrs/resolver-binding-linux-arm-gnueabihf": "1.9.2",
-                "@unrs/resolver-binding-linux-arm-musleabihf": "1.9.2",
-                "@unrs/resolver-binding-linux-arm64-gnu": "1.9.2",
-                "@unrs/resolver-binding-linux-arm64-musl": "1.9.2",
-                "@unrs/resolver-binding-linux-ppc64-gnu": "1.9.2",
-                "@unrs/resolver-binding-linux-riscv64-gnu": "1.9.2",
-                "@unrs/resolver-binding-linux-riscv64-musl": "1.9.2",
-                "@unrs/resolver-binding-linux-s390x-gnu": "1.9.2",
-                "@unrs/resolver-binding-linux-x64-gnu": "1.9.2",
-                "@unrs/resolver-binding-linux-x64-musl": "1.9.2",
-                "@unrs/resolver-binding-wasm32-wasi": "1.9.2",
-                "@unrs/resolver-binding-win32-arm64-msvc": "1.9.2",
-                "@unrs/resolver-binding-win32-ia32-msvc": "1.9.2",
-                "@unrs/resolver-binding-win32-x64-msvc": "1.9.2"
+                "@unrs/resolver-binding-android-arm-eabi": "1.11.1",
+                "@unrs/resolver-binding-android-arm64": "1.11.1",
+                "@unrs/resolver-binding-darwin-arm64": "1.11.1",
+                "@unrs/resolver-binding-darwin-x64": "1.11.1",
+                "@unrs/resolver-binding-freebsd-x64": "1.11.1",
+                "@unrs/resolver-binding-linux-arm-gnueabihf": "1.11.1",
+                "@unrs/resolver-binding-linux-arm-musleabihf": "1.11.1",
+                "@unrs/resolver-binding-linux-arm64-gnu": "1.11.1",
+                "@unrs/resolver-binding-linux-arm64-musl": "1.11.1",
+                "@unrs/resolver-binding-linux-ppc64-gnu": "1.11.1",
+                "@unrs/resolver-binding-linux-riscv64-gnu": "1.11.1",
+                "@unrs/resolver-binding-linux-riscv64-musl": "1.11.1",
+                "@unrs/resolver-binding-linux-s390x-gnu": "1.11.1",
+                "@unrs/resolver-binding-linux-x64-gnu": "1.11.1",
+                "@unrs/resolver-binding-linux-x64-musl": "1.11.1",
+                "@unrs/resolver-binding-wasm32-wasi": "1.11.1",
+                "@unrs/resolver-binding-win32-arm64-msvc": "1.11.1",
+                "@unrs/resolver-binding-win32-ia32-msvc": "1.11.1",
+                "@unrs/resolver-binding-win32-x64-msvc": "1.11.1"
             }
         },
         "node_modules/uri-js": {
@@ -16500,7 +16667,6 @@
             "version": "4.0.0",
             "resolved": "https://registry.npmjs.org/which/-/which-4.0.0.tgz",
             "integrity": "sha512-GlaYyEb07DPxYCKhKzplCWBJtvxZcZMrL+4UkrTSJHHPyZU4mYYTv3qaOe77H7EODLSSopAUFAc6W8U4yqvscg==",
-            "dev": true,
             "license": "ISC",
             "dependencies": {
                 "isexe": "^3.1.1"
@@ -16806,7 +16972,6 @@
             "version": "5.0.0",
             "resolved": "https://registry.npmjs.org/yallist/-/yallist-5.0.0.tgz",
             "integrity": "sha512-YgvUTfwqyc7UXVMrB+SImsVYSmTS8X/tSrtdNZMImM+n7+QTriRXyXim0mBrTXNeqzVF0KWGgHPeiyViFFrNDw==",
-            "dev": true,
             "license": "BlueOak-1.0.0",
             "engines": {
                 "node": ">=18"
diff --git a/package.json b/package.json
index 04851288..e769bab2 100644
--- a/package.json
+++ b/package.json
@@ -49,6 +49,7 @@
         "@radix-ui/react-switch": "1.2.5",
         "@radix-ui/react-tabs": "1.1.12",
         "@radix-ui/react-toast": "1.2.14",
+        "@radix-ui/react-tooltip": "^1.2.7",
         "@react-email/components": "0.3.1",
         "@react-email/render": "^1.1.2",
         "@simplewebauthn/browser": "^13.1.0",
@@ -113,7 +114,7 @@
         "yargs": "18.0.0"
     },
     "devDependencies": {
-        "@dotenvx/dotenvx": "1.47.3",
+        "@dotenvx/dotenvx": "1.47.6",
         "@esbuild-plugins/tsconfig-paths": "0.1.2",
         "@tailwindcss/postcss": "^4.1.10",
         "@types/better-sqlite3": "7.6.12",
@@ -127,6 +128,7 @@
         "@types/jsonwebtoken": "^9.0.10",
         "@types/node": "^24",
         "@types/nodemailer": "6.4.17",
+        "@types/pg": "8.15.4",
         "@types/react": "19.1.8",
         "@types/react-dom": "19.1.6",
         "@types/semver": "^7.7.0",
diff --git a/public/auth-diagram1.png b/public/auth-diagram1.png
new file mode 100644
index 00000000..92843a6d
Binary files /dev/null and b/public/auth-diagram1.png differ
diff --git a/public/clip.gif b/public/clip.gif
new file mode 100644
index 00000000..4202d679
Binary files /dev/null and b/public/clip.gif differ
diff --git a/public/diagram-dark.svg b/public/diagram-dark.svg
new file mode 100644
index 00000000..58e44f35
--- /dev/null
+++ b/public/diagram-dark.svg
@@ -0,0 +1,132 @@
+<svg width="1006" height="1371" viewBox="0 0 1006 1371" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="69" y="1006" width="879" height="364" rx="20" fill="#2C2C2C" stroke="#414141" stroke-width="2"/>
+<circle cx="503" cy="591" r="130" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g clip-path="url(#clip0_12_157)">
+<path d="M549.271 566.61C552.12 566.61 554.43 568.931 554.43 571.794C554.43 574.658 552.12 576.979 549.271 576.979C546.422 576.979 544.113 574.658 544.113 571.794C544.113 568.931 546.422 566.61 549.271 566.61ZM569.523 588.245C569.005 605.466 555.923 628.229 538.189 634.082C517.472 640.919 501.741 630.66 496.755 618.634C492.87 609.264 495.806 598.055 503.056 593.31C509.178 589.304 520.579 588.245 530.16 594.576C526.794 585.713 517.73 579.888 509.703 578.115C501.675 576.343 493.388 578.369 487.432 581.408C495.072 572.924 512.958 564.686 532.405 575.077C545.439 582.041 551.05 591.79 556.575 604.959C571.076 582.674 560.977 555.83 543.368 539.876C525.414 523.61 501.157 517.084 482.599 518.102C488.724 521.901 495.921 527.324 502.569 533.671C473.189 529.999 448.976 536.71 434 557.181C442.367 555.522 453.399 554.48 464.381 555.025C442.977 570.18 430.547 595.673 436.866 622.276C440.728 615.493 446.504 607.345 453.378 599.961C451.264 619.816 454.199 646.659 479.602 664C478.305 658.556 477.256 651.935 476.777 644.927C488.66 654.244 505.91 661.924 527.312 656.62C565.12 647.25 575.22 610.531 569.523 588.245Z" fill="#F36118"/>
+</g>
+<rect x="1" y="27" width="212" height="86" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter0_d_12_157)">
+<path d="M64.1668 92.625V87.7083C64.1668 85.1004 63.1308 82.5992 61.2867 80.7551C59.4426 78.911 56.9415 77.875 54.3335 77.875H34.6668C32.0589 77.875 29.5577 78.911 27.7136 80.7551C25.8695 82.5992 24.8335 85.1004 24.8335 87.7083V92.625M54.3335 58.2083C54.3335 63.6391 49.931 68.0417 44.5002 68.0417C39.0694 68.0417 34.6668 63.6391 34.6668 58.2083C34.6668 52.7775 39.0694 48.375 44.5002 48.375C49.931 48.375 54.3335 52.7775 54.3335 58.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M112.182 73.2955V57.8182H116.205V84H112.182V79.5682H111.909C111.295 80.8977 110.341 82.0284 109.045 82.9602C107.75 83.8807 106.114 84.3409 104.136 84.3409C102.5 84.3409 101.045 83.983 99.7727 83.267C98.5 82.5398 97.5 81.4489 96.7727 79.9943C96.0455 78.5284 95.6818 76.6818 95.6818 74.4545V57.8182H99.7045V74.1818C99.7045 76.0909 100.239 77.6136 101.307 78.75C102.386 79.8864 103.761 80.4545 105.432 80.4545C106.432 80.4545 107.449 80.1989 108.483 79.6875C109.528 79.1761 110.403 78.392 111.108 77.3352C111.824 76.2784 112.182 74.9318 112.182 73.2955ZM142.118 63.6818L138.504 64.7045C138.277 64.1023 137.942 63.517 137.499 62.9489C137.067 62.3693 136.476 61.892 135.726 61.517C134.976 61.142 134.016 60.9545 132.845 60.9545C131.243 60.9545 129.908 61.3239 128.839 62.0625C127.783 62.7898 127.254 63.7159 127.254 64.8409C127.254 65.8409 127.618 66.6307 128.345 67.2102C129.072 67.7898 130.209 68.2727 131.754 68.6591L135.641 69.6136C137.982 70.1818 139.726 71.0511 140.874 72.2216C142.021 73.3807 142.595 74.875 142.595 76.7045C142.595 78.2045 142.163 79.5455 141.3 80.7273C140.447 81.9091 139.254 82.8409 137.72 83.5227C136.186 84.2045 134.402 84.5455 132.368 84.5455C129.697 84.5455 127.487 83.9659 125.737 82.8068C123.987 81.6477 122.879 79.9545 122.413 77.7273L126.232 76.7727C126.595 78.1818 127.283 79.2386 128.294 79.9432C129.317 80.6477 130.652 81 132.3 81C134.175 81 135.663 80.6023 136.766 79.8068C137.879 79 138.436 78.0341 138.436 76.9091C138.436 76 138.118 75.2386 137.482 74.625C136.845 74 135.868 73.5341 134.55 73.2273L130.186 72.2045C127.788 71.6364 126.027 70.7557 124.902 69.5625C123.788 68.358 123.232 66.8523 123.232 65.0455C123.232 63.5682 123.646 62.2614 124.476 61.125C125.317 59.9886 126.459 59.0966 127.902 58.4489C129.357 57.8011 131.004 57.4773 132.845 57.4773C135.436 57.4773 137.47 58.0455 138.947 59.1818C140.436 60.3182 141.493 61.8182 142.118 63.6818ZM159.628 84.5455C157.105 84.5455 154.929 83.9886 153.099 82.875C151.281 81.75 149.878 80.1818 148.889 78.1705C147.912 76.1477 147.423 73.7955 147.423 71.1136C147.423 68.4318 147.912 66.0682 148.889 64.0227C149.878 61.9659 151.253 60.3636 153.014 59.2159C154.787 58.0568 156.855 57.4773 159.219 57.4773C160.582 57.4773 161.929 57.7045 163.259 58.1591C164.588 58.6136 165.798 59.3523 166.889 60.375C167.98 61.3864 168.849 62.7273 169.497 64.3977C170.145 66.0682 170.469 68.125 170.469 70.5682V72.2727H150.287V68.7955H166.378C166.378 67.3182 166.082 66 165.491 64.8409C164.912 63.6818 164.082 62.767 163.003 62.0966C161.935 61.4261 160.673 61.0909 159.219 61.0909C157.616 61.0909 156.23 61.4886 155.06 62.2841C153.901 63.0682 153.009 64.0909 152.384 65.3523C151.759 66.6136 151.446 67.9659 151.446 69.4091V71.7273C151.446 73.7045 151.787 75.3807 152.469 76.7557C153.162 78.1193 154.122 79.1591 155.349 79.875C156.577 80.5795 158.003 80.9318 159.628 80.9318C160.685 80.9318 161.639 80.7841 162.491 80.4886C163.355 80.1818 164.099 79.7273 164.724 79.125C165.349 78.5114 165.832 77.75 166.173 76.8409L170.06 77.9318C169.651 79.25 168.963 80.4091 167.997 81.4091C167.031 82.3977 165.838 83.1705 164.418 83.7273C162.997 84.2727 161.401 84.5455 159.628 84.5455ZM176.588 84V57.8182H180.474V61.7727H180.747C181.224 60.4773 182.088 59.4261 183.338 58.6193C184.588 57.8125 185.997 57.4091 187.565 57.4091C187.861 57.4091 188.23 57.4148 188.673 57.4261C189.116 57.4375 189.452 57.4545 189.679 57.4773V61.5682C189.543 61.5341 189.23 61.483 188.741 61.4148C188.264 61.3352 187.759 61.2955 187.224 61.2955C185.952 61.2955 184.815 61.5625 183.815 62.0966C182.827 62.6193 182.043 63.3466 181.463 64.2784C180.895 65.1989 180.611 66.25 180.611 67.4318V84H176.588Z" fill="white"/>
+<rect x="136" y="1069" width="254" height="110" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<path d="M268.659 1141H264.227L277.045 1106.09H281.409L294.227 1141H289.795L279.364 1111.61H279.091L268.659 1141ZM270.295 1127.36H288.159V1131.11H270.295V1127.36ZM299.119 1150.82V1114.82H303.006V1118.98H303.483C303.778 1118.52 304.188 1117.94 304.71 1117.24C305.244 1116.52 306.006 1115.89 306.994 1115.33C307.994 1114.76 309.347 1114.48 311.051 1114.48C313.256 1114.48 315.199 1115.03 316.881 1116.13C318.563 1117.23 319.875 1118.8 320.818 1120.82C321.761 1122.84 322.233 1125.23 322.233 1127.98C322.233 1130.75 321.761 1133.15 320.818 1135.19C319.875 1137.21 318.568 1138.78 316.898 1139.89C315.227 1140.99 313.301 1141.55 311.119 1141.55C309.438 1141.55 308.091 1141.27 307.08 1140.71C306.068 1140.14 305.29 1139.5 304.744 1138.78C304.199 1138.06 303.778 1137.45 303.483 1136.98H303.142V1150.82H299.119ZM303.074 1127.91C303.074 1129.89 303.364 1131.63 303.943 1133.14C304.523 1134.64 305.369 1135.82 306.483 1136.67C307.597 1137.51 308.96 1137.93 310.574 1137.93C312.256 1137.93 313.659 1137.49 314.784 1136.6C315.92 1135.7 316.773 1134.5 317.341 1132.99C317.92 1131.47 318.21 1129.77 318.21 1127.91C318.21 1126.07 317.926 1124.41 317.358 1122.93C316.801 1121.44 315.955 1120.27 314.818 1119.4C313.693 1118.53 312.278 1118.09 310.574 1118.09C308.938 1118.09 307.563 1118.51 306.449 1119.34C305.335 1120.15 304.494 1121.3 303.926 1122.78C303.358 1124.24 303.074 1125.95 303.074 1127.91ZM328.369 1150.82V1114.82H332.256V1118.98H332.733C333.028 1118.52 333.438 1117.94 333.96 1117.24C334.494 1116.52 335.256 1115.89 336.244 1115.33C337.244 1114.76 338.597 1114.48 340.301 1114.48C342.506 1114.48 344.449 1115.03 346.131 1116.13C347.813 1117.23 349.125 1118.8 350.068 1120.82C351.011 1122.84 351.483 1125.23 351.483 1127.98C351.483 1130.75 351.011 1133.15 350.068 1135.19C349.125 1137.21 347.818 1138.78 346.148 1139.89C344.477 1140.99 342.551 1141.55 340.369 1141.55C338.688 1141.55 337.341 1141.27 336.33 1140.71C335.318 1140.14 334.54 1139.5 333.994 1138.78C333.449 1138.06 333.028 1137.45 332.733 1136.98H332.392V1150.82H328.369ZM332.324 1127.91C332.324 1129.89 332.614 1131.63 333.193 1133.14C333.773 1134.64 334.619 1135.82 335.733 1136.67C336.847 1137.51 338.21 1137.93 339.824 1137.93C341.506 1137.93 342.909 1137.49 344.034 1136.6C345.17 1135.7 346.023 1134.5 346.591 1132.99C347.17 1131.47 347.46 1129.77 347.46 1127.91C347.46 1126.07 347.176 1124.41 346.608 1122.93C346.051 1121.44 345.205 1120.27 344.068 1119.4C342.943 1118.53 341.528 1118.09 339.824 1118.09C338.188 1118.09 336.813 1118.51 335.699 1119.34C334.585 1120.15 333.744 1121.3 333.176 1122.78C332.608 1124.24 332.324 1125.95 332.324 1127.91Z" fill="white"/>
+<rect x="1" y="1" width="269" height="112" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter1_d_12_157)">
+<path d="M84.1668 78.625V73.7083C84.1668 71.1004 83.1308 68.5992 81.2867 66.7551C79.4426 64.911 76.9415 63.875 74.3335 63.875H54.6668C52.0589 63.875 49.5577 64.911 47.7136 66.7551C45.8695 68.5992 44.8335 71.1004 44.8335 73.7083V78.625M74.3335 44.2083C74.3335 49.6391 69.931 54.0417 64.5002 54.0417C59.0694 54.0417 54.6668 49.6391 54.6668 44.2083C54.6668 38.7775 59.0694 34.375 64.5002 34.375C69.931 34.375 74.3335 38.7775 74.3335 44.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M153.136 39.0909H157.364V62.2045C157.364 64.5909 156.801 66.7216 155.676 68.5966C154.563 70.4602 152.989 71.9318 150.955 73.0114C148.92 74.0795 146.534 74.6136 143.795 74.6136C141.057 74.6136 138.67 74.0795 136.636 73.0114C134.602 71.9318 133.023 70.4602 131.898 68.5966C130.784 66.7216 130.227 64.5909 130.227 62.2045V39.0909H134.455V61.8636C134.455 63.5682 134.83 65.0852 135.58 66.4148C136.33 67.733 137.398 68.7727 138.784 69.5341C140.182 70.2841 141.852 70.6591 143.795 70.6591C145.739 70.6591 147.409 70.2841 148.807 69.5341C150.205 68.7727 151.273 67.733 152.011 66.4148C152.761 65.0852 153.136 63.5682 153.136 61.8636V39.0909ZM183.805 53.6818L180.192 54.7045C179.964 54.1023 179.629 53.517 179.186 52.9489C178.754 52.3693 178.163 51.892 177.413 51.517C176.663 51.142 175.703 50.9545 174.533 50.9545C172.93 50.9545 171.595 51.3239 170.527 52.0625C169.47 52.7898 168.942 53.7159 168.942 54.8409C168.942 55.8409 169.305 56.6307 170.033 57.2102C170.76 57.7898 171.896 58.2727 173.442 58.6591L177.328 59.6136C179.669 60.1818 181.413 61.0511 182.561 62.2216C183.709 63.3807 184.283 64.875 184.283 66.7045C184.283 68.2045 183.851 69.5455 182.987 70.7273C182.135 71.9091 180.942 72.8409 179.408 73.5227C177.874 74.2045 176.089 74.5455 174.055 74.5455C171.385 74.5455 169.175 73.9659 167.425 72.8068C165.675 71.6477 164.567 69.9545 164.101 67.7273L167.919 66.7727C168.283 68.1818 168.97 69.2386 169.982 69.9432C171.004 70.6477 172.339 71 173.987 71C175.862 71 177.351 70.6023 178.453 69.8068C179.567 69 180.124 68.0341 180.124 66.9091C180.124 66 179.805 65.2386 179.169 64.625C178.533 64 177.555 63.5341 176.237 63.2273L171.874 62.2045C169.476 61.6364 167.714 60.7557 166.589 59.5625C165.476 58.358 164.919 56.8523 164.919 55.0455C164.919 53.5682 165.334 52.2614 166.163 51.125C167.004 49.9886 168.146 49.0966 169.589 48.4489C171.044 47.8011 172.692 47.4773 174.533 47.4773C177.124 47.4773 179.158 48.0455 180.635 49.1818C182.124 50.3182 183.18 51.8182 183.805 53.6818ZM201.315 74.5455C198.793 74.5455 196.616 73.9886 194.787 72.875C192.969 71.75 191.565 70.1818 190.577 68.1705C189.599 66.1477 189.111 63.7955 189.111 61.1136C189.111 58.4318 189.599 56.0682 190.577 54.0227C191.565 51.9659 192.94 50.3636 194.702 49.2159C196.474 48.0568 198.543 47.4773 200.906 47.4773C202.27 47.4773 203.616 47.7045 204.946 48.1591C206.276 48.6136 207.486 49.3523 208.577 50.375C209.668 51.3864 210.537 52.7273 211.185 54.3977C211.832 56.0682 212.156 58.125 212.156 60.5682V62.2727H191.974V58.7955H208.065C208.065 57.3182 207.77 56 207.179 54.8409C206.599 53.6818 205.77 52.767 204.69 52.0966C203.622 51.4261 202.361 51.0909 200.906 51.0909C199.304 51.0909 197.918 51.4886 196.747 52.2841C195.588 53.0682 194.696 54.0909 194.071 55.3523C193.446 56.6136 193.134 57.9659 193.134 59.4091V61.7273C193.134 63.7045 193.474 65.3807 194.156 66.7557C194.849 68.1193 195.81 69.1591 197.037 69.875C198.264 70.5795 199.69 70.9318 201.315 70.9318C202.372 70.9318 203.327 70.7841 204.179 70.4886C205.043 70.1818 205.787 69.7273 206.412 69.125C207.037 68.5114 207.52 67.75 207.861 66.8409L211.747 67.9318C211.338 69.25 210.651 70.4091 209.685 71.4091C208.719 72.3977 207.526 73.1705 206.105 73.7273C204.685 74.2727 203.088 74.5455 201.315 74.5455ZM218.276 74V47.8182H222.162V51.7727H222.435C222.912 50.4773 223.776 49.4261 225.026 48.6193C226.276 47.8125 227.685 47.4091 229.253 47.4091C229.548 47.4091 229.918 47.4148 230.361 47.4261C230.804 47.4375 231.139 47.4545 231.366 47.4773V51.5682C231.23 51.5341 230.918 51.483 230.429 51.4148C229.952 51.3352 229.446 51.2955 228.912 51.2955C227.639 51.2955 226.503 51.5625 225.503 52.0966C224.514 52.6193 223.73 53.3466 223.151 54.2784C222.582 55.1989 222.298 56.25 222.298 57.4318V74H218.276Z" fill="white"/>
+<path d="M138 119C138 117.619 136.881 116.5 135.5 116.5C134.119 116.5 133 117.619 133 119H138ZM501.232 456.768C502.209 457.744 503.791 457.744 504.768 456.768L520.678 440.858C521.654 439.882 521.654 438.299 520.678 437.322C519.701 436.346 518.118 436.346 517.142 437.322L503 451.464L488.858 437.322C487.882 436.346 486.299 436.346 485.322 437.322C484.346 438.299 484.346 439.882 485.322 440.858L501.232 456.768ZM135.5 119H133V263H135.5H138V119H135.5ZM159.5 287V289.5H479V287V284.5H159.5V287ZM503 311H500.5V455H503H505.5V311H503ZM479 287V289.5C490.874 289.5 500.5 299.126 500.5 311H503H505.5C505.5 296.364 493.636 284.5 479 284.5V287ZM135.5 263H133C133 277.636 144.864 289.5 159.5 289.5V287V284.5C147.626 284.5 138 274.874 138 263H135.5Z" fill="#7C7C7C"/>
+<rect x="736" y="27" width="212" height="86" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter2_d_12_157)">
+<path d="M799.167 92.625V87.7083C799.167 85.1004 798.131 82.5992 796.287 80.7551C794.443 78.911 791.941 77.875 789.333 77.875H769.667C767.059 77.875 764.558 78.911 762.714 80.7551C760.87 82.5992 759.833 85.1004 759.833 87.7083V92.625M789.333 58.2083C789.333 63.6391 784.931 68.0417 779.5 68.0417C774.069 68.0417 769.667 63.6391 769.667 58.2083C769.667 52.7775 774.069 48.375 779.5 48.375C784.931 48.375 789.333 52.7775 789.333 58.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M847.182 73.2955V57.8182H851.205V84H847.182V79.5682H846.909C846.295 80.8977 845.341 82.0284 844.045 82.9602C842.75 83.8807 841.114 84.3409 839.136 84.3409C837.5 84.3409 836.045 83.983 834.773 83.267C833.5 82.5398 832.5 81.4489 831.773 79.9943C831.045 78.5284 830.682 76.6818 830.682 74.4545V57.8182H834.705V74.1818C834.705 76.0909 835.239 77.6136 836.307 78.75C837.386 79.8864 838.761 80.4545 840.432 80.4545C841.432 80.4545 842.449 80.1989 843.483 79.6875C844.528 79.1761 845.403 78.392 846.108 77.3352C846.824 76.2784 847.182 74.9318 847.182 73.2955ZM877.118 63.6818L873.504 64.7045C873.277 64.1023 872.942 63.517 872.499 62.9489C872.067 62.3693 871.476 61.892 870.726 61.517C869.976 61.142 869.016 60.9545 867.845 60.9545C866.243 60.9545 864.908 61.3239 863.839 62.0625C862.783 62.7898 862.254 63.7159 862.254 64.8409C862.254 65.8409 862.618 66.6307 863.345 67.2102C864.072 67.7898 865.209 68.2727 866.754 68.6591L870.641 69.6136C872.982 70.1818 874.726 71.0511 875.874 72.2216C877.021 73.3807 877.595 74.875 877.595 76.7045C877.595 78.2045 877.163 79.5455 876.3 80.7273C875.447 81.9091 874.254 82.8409 872.72 83.5227C871.186 84.2045 869.402 84.5455 867.368 84.5455C864.697 84.5455 862.487 83.9659 860.737 82.8068C858.987 81.6477 857.879 79.9545 857.413 77.7273L861.232 76.7727C861.595 78.1818 862.283 79.2386 863.294 79.9432C864.317 80.6477 865.652 81 867.3 81C869.175 81 870.663 80.6023 871.766 79.8068C872.879 79 873.436 78.0341 873.436 76.9091C873.436 76 873.118 75.2386 872.482 74.625C871.845 74 870.868 73.5341 869.55 73.2273L865.186 72.2045C862.788 71.6364 861.027 70.7557 859.902 69.5625C858.788 68.358 858.232 66.8523 858.232 65.0455C858.232 63.5682 858.646 62.2614 859.476 61.125C860.317 59.9886 861.459 59.0966 862.902 58.4489C864.357 57.8011 866.004 57.4773 867.845 57.4773C870.436 57.4773 872.47 58.0455 873.947 59.1818C875.436 60.3182 876.493 61.8182 877.118 63.6818ZM894.628 84.5455C892.105 84.5455 889.929 83.9886 888.099 82.875C886.281 81.75 884.878 80.1818 883.889 78.1705C882.912 76.1477 882.423 73.7955 882.423 71.1136C882.423 68.4318 882.912 66.0682 883.889 64.0227C884.878 61.9659 886.253 60.3636 888.014 59.2159C889.787 58.0568 891.855 57.4773 894.219 57.4773C895.582 57.4773 896.929 57.7045 898.259 58.1591C899.588 58.6136 900.798 59.3523 901.889 60.375C902.98 61.3864 903.849 62.7273 904.497 64.3977C905.145 66.0682 905.469 68.125 905.469 70.5682V72.2727H885.287V68.7955H901.378C901.378 67.3182 901.082 66 900.491 64.8409C899.912 63.6818 899.082 62.767 898.003 62.0966C896.935 61.4261 895.673 61.0909 894.219 61.0909C892.616 61.0909 891.23 61.4886 890.06 62.2841C888.901 63.0682 888.009 64.0909 887.384 65.3523C886.759 66.6136 886.446 67.9659 886.446 69.4091V71.7273C886.446 73.7045 886.787 75.3807 887.469 76.7557C888.162 78.1193 889.122 79.1591 890.349 79.875C891.577 80.5795 893.003 80.9318 894.628 80.9318C895.685 80.9318 896.639 80.7841 897.491 80.4886C898.355 80.1818 899.099 79.7273 899.724 79.125C900.349 78.5114 900.832 77.75 901.173 76.8409L905.06 77.9318C904.651 79.25 903.963 80.4091 902.997 81.4091C902.031 82.3977 900.838 83.1705 899.418 83.7273C897.997 84.2727 896.401 84.5455 894.628 84.5455ZM911.588 84V57.8182H915.474V61.7727H915.747C916.224 60.4773 917.088 59.4261 918.338 58.6193C919.588 57.8125 920.997 57.4091 922.565 57.4091C922.861 57.4091 923.23 57.4148 923.673 57.4261C924.116 57.4375 924.452 57.4545 924.679 57.4773V61.5682C924.543 61.5341 924.23 61.483 923.741 61.4148C923.264 61.3352 922.759 61.2955 922.224 61.2955C920.952 61.2955 919.815 61.5625 918.815 62.0966C917.827 62.6193 917.043 63.3466 916.463 64.2784C915.895 65.1989 915.611 66.25 915.611 67.4318V84H911.588Z" fill="white"/>
+<rect x="736" y="1" width="269" height="112" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter3_d_12_157)">
+<path d="M819.167 78.625V73.7083C819.167 71.1004 818.131 68.5992 816.287 66.7551C814.443 64.911 811.941 63.875 809.333 63.875H789.667C787.059 63.875 784.558 64.911 782.714 66.7551C780.87 68.5992 779.833 71.1004 779.833 73.7083V78.625M809.333 44.2083C809.333 49.6391 804.931 54.0417 799.5 54.0417C794.069 54.0417 789.667 49.6391 789.667 44.2083C789.667 38.7775 794.069 34.375 799.5 34.375C804.931 34.375 809.333 38.7775 809.333 44.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M888.136 39.0909H892.364V62.2045C892.364 64.5909 891.801 66.7216 890.676 68.5966C889.563 70.4602 887.989 71.9318 885.955 73.0114C883.92 74.0795 881.534 74.6136 878.795 74.6136C876.057 74.6136 873.67 74.0795 871.636 73.0114C869.602 71.9318 868.023 70.4602 866.898 68.5966C865.784 66.7216 865.227 64.5909 865.227 62.2045V39.0909H869.455V61.8636C869.455 63.5682 869.83 65.0852 870.58 66.4148C871.33 67.733 872.398 68.7727 873.784 69.5341C875.182 70.2841 876.852 70.6591 878.795 70.6591C880.739 70.6591 882.409 70.2841 883.807 69.5341C885.205 68.7727 886.273 67.733 887.011 66.4148C887.761 65.0852 888.136 63.5682 888.136 61.8636V39.0909ZM918.805 53.6818L915.192 54.7045C914.964 54.1023 914.629 53.517 914.186 52.9489C913.754 52.3693 913.163 51.892 912.413 51.517C911.663 51.142 910.703 50.9545 909.533 50.9545C907.93 50.9545 906.595 51.3239 905.527 52.0625C904.47 52.7898 903.942 53.7159 903.942 54.8409C903.942 55.8409 904.305 56.6307 905.033 57.2102C905.76 57.7898 906.896 58.2727 908.442 58.6591L912.328 59.6136C914.669 60.1818 916.413 61.0511 917.561 62.2216C918.709 63.3807 919.283 64.875 919.283 66.7045C919.283 68.2045 918.851 69.5455 917.987 70.7273C917.135 71.9091 915.942 72.8409 914.408 73.5227C912.874 74.2045 911.089 74.5455 909.055 74.5455C906.385 74.5455 904.175 73.9659 902.425 72.8068C900.675 71.6477 899.567 69.9545 899.101 67.7273L902.919 66.7727C903.283 68.1818 903.97 69.2386 904.982 69.9432C906.004 70.6477 907.339 71 908.987 71C910.862 71 912.351 70.6023 913.453 69.8068C914.567 69 915.124 68.0341 915.124 66.9091C915.124 66 914.805 65.2386 914.169 64.625C913.533 64 912.555 63.5341 911.237 63.2273L906.874 62.2045C904.476 61.6364 902.714 60.7557 901.589 59.5625C900.476 58.358 899.919 56.8523 899.919 55.0455C899.919 53.5682 900.334 52.2614 901.163 51.125C902.004 49.9886 903.146 49.0966 904.589 48.4489C906.044 47.8011 907.692 47.4773 909.533 47.4773C912.124 47.4773 914.158 48.0455 915.635 49.1818C917.124 50.3182 918.18 51.8182 918.805 53.6818ZM936.315 74.5455C933.793 74.5455 931.616 73.9886 929.787 72.875C927.969 71.75 926.565 70.1818 925.577 68.1705C924.599 66.1477 924.111 63.7955 924.111 61.1136C924.111 58.4318 924.599 56.0682 925.577 54.0227C926.565 51.9659 927.94 50.3636 929.702 49.2159C931.474 48.0568 933.543 47.4773 935.906 47.4773C937.27 47.4773 938.616 47.7045 939.946 48.1591C941.276 48.6136 942.486 49.3523 943.577 50.375C944.668 51.3864 945.537 52.7273 946.185 54.3977C946.832 56.0682 947.156 58.125 947.156 60.5682V62.2727H926.974V58.7955H943.065C943.065 57.3182 942.77 56 942.179 54.8409C941.599 53.6818 940.77 52.767 939.69 52.0966C938.622 51.4261 937.361 51.0909 935.906 51.0909C934.304 51.0909 932.918 51.4886 931.747 52.2841C930.588 53.0682 929.696 54.0909 929.071 55.3523C928.446 56.6136 928.134 57.9659 928.134 59.4091V61.7273C928.134 63.7045 928.474 65.3807 929.156 66.7557C929.849 68.1193 930.81 69.1591 932.037 69.875C933.264 70.5795 934.69 70.9318 936.315 70.9318C937.372 70.9318 938.327 70.7841 939.179 70.4886C940.043 70.1818 940.787 69.7273 941.412 69.125C942.037 68.5114 942.52 67.75 942.861 66.8409L946.747 67.9318C946.338 69.25 945.651 70.4091 944.685 71.4091C943.719 72.3977 942.526 73.1705 941.105 73.7273C939.685 74.2727 938.088 74.5455 936.315 74.5455ZM953.276 74V47.8182H957.162V51.7727H957.435C957.912 50.4773 958.776 49.4261 960.026 48.6193C961.276 47.8125 962.685 47.4091 964.253 47.4091C964.548 47.4091 964.918 47.4148 965.361 47.4261C965.804 47.4375 966.139 47.4545 966.366 47.4773V51.5682C966.23 51.5341 965.918 51.483 965.429 51.4148C964.952 51.3352 964.446 51.2955 963.912 51.2955C962.639 51.2955 961.503 51.5625 960.503 52.0966C959.514 52.6193 958.73 53.3466 958.151 54.2784C957.582 55.1989 957.298 56.25 957.298 57.4318V74H953.276Z" fill="white"/>
+<path d="M873 119C873 117.619 871.881 116.5 870.5 116.5C869.119 116.5 868 117.619 868 119H873ZM501.232 456.768C502.209 457.744 503.791 457.744 504.768 456.768L520.678 440.858C521.654 439.882 521.654 438.299 520.678 437.322C519.701 436.346 518.118 436.346 517.142 437.322L503 451.464L488.858 437.322C487.882 436.346 486.299 436.346 485.322 437.322C484.346 438.299 484.346 439.882 485.322 440.858L501.232 456.768ZM870.5 119H868V263H870.5H873V119H870.5ZM846.5 287V284.5H527V287V289.5H846.5V287ZM503 311H500.5V455H503H505.5V311H503ZM527 287V284.5C512.364 284.5 500.5 296.364 500.5 311H503H505.5C505.5 299.126 515.126 289.5 527 289.5V287ZM870.5 263H868C868 274.874 858.374 284.5 846.5 284.5V287V289.5C861.136 289.5 873 277.636 873 263H870.5Z" fill="#7C7C7C"/>
+<rect x="369" y="27" width="212" height="86" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter4_d_12_157)">
+<path d="M432.167 92.625V87.7083C432.167 85.1004 431.131 82.5992 429.287 80.7551C427.443 78.911 424.941 77.875 422.333 77.875H402.667C400.059 77.875 397.558 78.911 395.714 80.7551C393.87 82.5992 392.833 85.1004 392.833 87.7083V92.625M422.333 58.2083C422.333 63.6391 417.931 68.0417 412.5 68.0417C407.069 68.0417 402.667 63.6391 402.667 58.2083C402.667 52.7775 407.069 48.375 412.5 48.375C417.931 48.375 422.333 52.7775 422.333 58.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M480.182 73.2955V57.8182H484.205V84H480.182V79.5682H479.909C479.295 80.8977 478.341 82.0284 477.045 82.9602C475.75 83.8807 474.114 84.3409 472.136 84.3409C470.5 84.3409 469.045 83.983 467.773 83.267C466.5 82.5398 465.5 81.4489 464.773 79.9943C464.045 78.5284 463.682 76.6818 463.682 74.4545V57.8182H467.705V74.1818C467.705 76.0909 468.239 77.6136 469.307 78.75C470.386 79.8864 471.761 80.4545 473.432 80.4545C474.432 80.4545 475.449 80.1989 476.483 79.6875C477.528 79.1761 478.403 78.392 479.108 77.3352C479.824 76.2784 480.182 74.9318 480.182 73.2955ZM510.118 63.6818L506.504 64.7045C506.277 64.1023 505.942 63.517 505.499 62.9489C505.067 62.3693 504.476 61.892 503.726 61.517C502.976 61.142 502.016 60.9545 500.845 60.9545C499.243 60.9545 497.908 61.3239 496.839 62.0625C495.783 62.7898 495.254 63.7159 495.254 64.8409C495.254 65.8409 495.618 66.6307 496.345 67.2102C497.072 67.7898 498.209 68.2727 499.754 68.6591L503.641 69.6136C505.982 70.1818 507.726 71.0511 508.874 72.2216C510.021 73.3807 510.595 74.875 510.595 76.7045C510.595 78.2045 510.163 79.5455 509.3 80.7273C508.447 81.9091 507.254 82.8409 505.72 83.5227C504.186 84.2045 502.402 84.5455 500.368 84.5455C497.697 84.5455 495.487 83.9659 493.737 82.8068C491.987 81.6477 490.879 79.9545 490.413 77.7273L494.232 76.7727C494.595 78.1818 495.283 79.2386 496.294 79.9432C497.317 80.6477 498.652 81 500.3 81C502.175 81 503.663 80.6023 504.766 79.8068C505.879 79 506.436 78.0341 506.436 76.9091C506.436 76 506.118 75.2386 505.482 74.625C504.845 74 503.868 73.5341 502.55 73.2273L498.186 72.2045C495.788 71.6364 494.027 70.7557 492.902 69.5625C491.788 68.358 491.232 66.8523 491.232 65.0455C491.232 63.5682 491.646 62.2614 492.476 61.125C493.317 59.9886 494.459 59.0966 495.902 58.4489C497.357 57.8011 499.004 57.4773 500.845 57.4773C503.436 57.4773 505.47 58.0455 506.947 59.1818C508.436 60.3182 509.493 61.8182 510.118 63.6818ZM527.628 84.5455C525.105 84.5455 522.929 83.9886 521.099 82.875C519.281 81.75 517.878 80.1818 516.889 78.1705C515.912 76.1477 515.423 73.7955 515.423 71.1136C515.423 68.4318 515.912 66.0682 516.889 64.0227C517.878 61.9659 519.253 60.3636 521.014 59.2159C522.787 58.0568 524.855 57.4773 527.219 57.4773C528.582 57.4773 529.929 57.7045 531.259 58.1591C532.588 58.6136 533.798 59.3523 534.889 60.375C535.98 61.3864 536.849 62.7273 537.497 64.3977C538.145 66.0682 538.469 68.125 538.469 70.5682V72.2727H518.287V68.7955H534.378C534.378 67.3182 534.082 66 533.491 64.8409C532.912 63.6818 532.082 62.767 531.003 62.0966C529.935 61.4261 528.673 61.0909 527.219 61.0909C525.616 61.0909 524.23 61.4886 523.06 62.2841C521.901 63.0682 521.009 64.0909 520.384 65.3523C519.759 66.6136 519.446 67.9659 519.446 69.4091V71.7273C519.446 73.7045 519.787 75.3807 520.469 76.7557C521.162 78.1193 522.122 79.1591 523.349 79.875C524.577 80.5795 526.003 80.9318 527.628 80.9318C528.685 80.9318 529.639 80.7841 530.491 80.4886C531.355 80.1818 532.099 79.7273 532.724 79.125C533.349 78.5114 533.832 77.75 534.173 76.8409L538.06 77.9318C537.651 79.25 536.963 80.4091 535.997 81.4091C535.031 82.3977 533.838 83.1705 532.418 83.7273C530.997 84.2727 529.401 84.5455 527.628 84.5455ZM544.588 84V57.8182H548.474V61.7727H548.747C549.224 60.4773 550.088 59.4261 551.338 58.6193C552.588 57.8125 553.997 57.4091 555.565 57.4091C555.861 57.4091 556.23 57.4148 556.673 57.4261C557.116 57.4375 557.452 57.4545 557.679 57.4773V61.5682C557.543 61.5341 557.23 61.483 556.741 61.4148C556.264 61.3352 555.759 61.2955 555.224 61.2955C553.952 61.2955 552.815 61.5625 551.815 62.0966C550.827 62.6193 550.043 63.3466 549.463 64.2784C548.895 65.1989 548.611 66.25 548.611 67.4318V84H544.588Z" fill="white"/>
+<rect x="369" y="1" width="269" height="112" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter5_d_12_157)">
+<path d="M452.167 78.625V73.7083C452.167 71.1004 451.131 68.5992 449.287 66.7551C447.443 64.911 444.941 63.875 442.333 63.875H422.667C420.059 63.875 417.558 64.911 415.714 66.7551C413.87 68.5992 412.833 71.1004 412.833 73.7083V78.625M442.333 44.2083C442.333 49.6391 437.931 54.0417 432.5 54.0417C427.069 54.0417 422.667 49.6391 422.667 44.2083C422.667 38.7775 427.069 34.375 432.5 34.375C437.931 34.375 442.333 38.7775 442.333 44.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M521.136 39.0909H525.364V62.2045C525.364 64.5909 524.801 66.7216 523.676 68.5966C522.563 70.4602 520.989 71.9318 518.955 73.0114C516.92 74.0795 514.534 74.6136 511.795 74.6136C509.057 74.6136 506.67 74.0795 504.636 73.0114C502.602 71.9318 501.023 70.4602 499.898 68.5966C498.784 66.7216 498.227 64.5909 498.227 62.2045V39.0909H502.455V61.8636C502.455 63.5682 502.83 65.0852 503.58 66.4148C504.33 67.733 505.398 68.7727 506.784 69.5341C508.182 70.2841 509.852 70.6591 511.795 70.6591C513.739 70.6591 515.409 70.2841 516.807 69.5341C518.205 68.7727 519.273 67.733 520.011 66.4148C520.761 65.0852 521.136 63.5682 521.136 61.8636V39.0909ZM551.805 53.6818L548.192 54.7045C547.964 54.1023 547.629 53.517 547.186 52.9489C546.754 52.3693 546.163 51.892 545.413 51.517C544.663 51.142 543.703 50.9545 542.533 50.9545C540.93 50.9545 539.595 51.3239 538.527 52.0625C537.47 52.7898 536.942 53.7159 536.942 54.8409C536.942 55.8409 537.305 56.6307 538.033 57.2102C538.76 57.7898 539.896 58.2727 541.442 58.6591L545.328 59.6136C547.669 60.1818 549.413 61.0511 550.561 62.2216C551.709 63.3807 552.283 64.875 552.283 66.7045C552.283 68.2045 551.851 69.5455 550.987 70.7273C550.135 71.9091 548.942 72.8409 547.408 73.5227C545.874 74.2045 544.089 74.5455 542.055 74.5455C539.385 74.5455 537.175 73.9659 535.425 72.8068C533.675 71.6477 532.567 69.9545 532.101 67.7273L535.919 66.7727C536.283 68.1818 536.97 69.2386 537.982 69.9432C539.004 70.6477 540.339 71 541.987 71C543.862 71 545.351 70.6023 546.453 69.8068C547.567 69 548.124 68.0341 548.124 66.9091C548.124 66 547.805 65.2386 547.169 64.625C546.533 64 545.555 63.5341 544.237 63.2273L539.874 62.2045C537.476 61.6364 535.714 60.7557 534.589 59.5625C533.476 58.358 532.919 56.8523 532.919 55.0455C532.919 53.5682 533.334 52.2614 534.163 51.125C535.004 49.9886 536.146 49.0966 537.589 48.4489C539.044 47.8011 540.692 47.4773 542.533 47.4773C545.124 47.4773 547.158 48.0455 548.635 49.1818C550.124 50.3182 551.18 51.8182 551.805 53.6818ZM569.315 74.5455C566.793 74.5455 564.616 73.9886 562.787 72.875C560.969 71.75 559.565 70.1818 558.577 68.1705C557.599 66.1477 557.111 63.7955 557.111 61.1136C557.111 58.4318 557.599 56.0682 558.577 54.0227C559.565 51.9659 560.94 50.3636 562.702 49.2159C564.474 48.0568 566.543 47.4773 568.906 47.4773C570.27 47.4773 571.616 47.7045 572.946 48.1591C574.276 48.6136 575.486 49.3523 576.577 50.375C577.668 51.3864 578.537 52.7273 579.185 54.3977C579.832 56.0682 580.156 58.125 580.156 60.5682V62.2727H559.974V58.7955H576.065C576.065 57.3182 575.77 56 575.179 54.8409C574.599 53.6818 573.77 52.767 572.69 52.0966C571.622 51.4261 570.361 51.0909 568.906 51.0909C567.304 51.0909 565.918 51.4886 564.747 52.2841C563.588 53.0682 562.696 54.0909 562.071 55.3523C561.446 56.6136 561.134 57.9659 561.134 59.4091V61.7273C561.134 63.7045 561.474 65.3807 562.156 66.7557C562.849 68.1193 563.81 69.1591 565.037 69.875C566.264 70.5795 567.69 70.9318 569.315 70.9318C570.372 70.9318 571.327 70.7841 572.179 70.4886C573.043 70.1818 573.787 69.7273 574.412 69.125C575.037 68.5114 575.52 67.75 575.861 66.8409L579.747 67.9318C579.338 69.25 578.651 70.4091 577.685 71.4091C576.719 72.3977 575.526 73.1705 574.105 73.7273C572.685 74.2727 571.088 74.5455 569.315 74.5455ZM586.276 74V47.8182H590.162V51.7727H590.435C590.912 50.4773 591.776 49.4261 593.026 48.6193C594.276 47.8125 595.685 47.4091 597.253 47.4091C597.548 47.4091 597.918 47.4148 598.361 47.4261C598.804 47.4375 599.139 47.4545 599.366 47.4773V51.5682C599.23 51.5341 598.918 51.483 598.429 51.4148C597.952 51.3352 597.446 51.2955 596.912 51.2955C595.639 51.2955 594.503 51.5625 593.503 52.0966C592.514 52.6193 591.73 53.3466 591.151 54.2784C590.582 55.1989 590.298 56.25 590.298 57.4318V74H586.276Z" fill="white"/>
+<path d="M505.5 119C505.5 117.619 504.381 116.5 503 116.5C501.619 116.5 500.5 117.619 500.5 119H505.5ZM501.232 456.768C502.209 457.744 503.791 457.744 504.768 456.768L520.678 440.858C521.654 439.882 521.654 438.299 520.678 437.322C519.701 436.346 518.118 436.346 517.142 437.322L503 451.464L488.858 437.322C487.882 436.346 486.299 436.346 485.322 437.322C484.346 438.299 484.346 439.882 485.322 440.858L501.232 456.768ZM503 119H500.5V455H503H505.5V119H503Z" fill="#7C7C7C"/>
+<path d="M220.167 1099.92H180.833C178.118 1099.92 175.917 1102.12 175.917 1104.83V1114.67C175.917 1117.38 178.118 1119.58 180.833 1119.58H220.167C222.882 1119.58 225.083 1117.38 225.083 1114.67V1104.83C225.083 1102.12 222.882 1099.92 220.167 1099.92Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M220.167 1129.42H180.833C178.118 1129.42 175.917 1131.62 175.917 1134.33V1144.17C175.917 1146.88 178.118 1149.08 180.833 1149.08H220.167C222.882 1149.08 225.083 1146.88 225.083 1144.17V1134.33C225.083 1131.62 222.882 1129.42 220.167 1129.42Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M185.75 1109.75H185.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M185.75 1139.25H185.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M505.5 727C505.5 725.619 504.381 724.5 503 724.5C501.619 724.5 500.5 725.619 500.5 727H505.5ZM261.232 1064.77C262.209 1065.74 263.791 1065.74 264.768 1064.77L280.678 1048.86C281.654 1047.88 281.654 1046.3 280.678 1045.32C279.701 1044.35 278.118 1044.35 277.142 1045.32L263 1059.46L248.858 1045.32C247.882 1044.35 246.299 1044.35 245.322 1045.32C244.346 1046.3 244.346 1047.88 245.322 1048.86L261.232 1064.77ZM503 727H500.5V871H503H505.5V727H503ZM479 895V892.5H287V895V897.5H479V895ZM263 919H260.5V1063H263H265.5V919H263ZM287 895V892.5C272.364 892.5 260.5 904.364 260.5 919H263H265.5C265.5 907.126 275.126 897.5 287 897.5V895ZM503 871H500.5C500.5 882.874 490.874 892.5 479 892.5V895V897.5C493.636 897.5 505.5 885.636 505.5 871H503Z" fill="#7C7C7C"/>
+<rect x="621" y="1069" width="254" height="110" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<path d="M753.659 1141H749.227L762.045 1106.09H766.409L779.227 1141H774.795L764.364 1111.61H764.091L753.659 1141ZM755.295 1127.36H773.159V1131.11H755.295V1127.36ZM784.665 1141V1106.09H796.46C799.199 1106.09 801.438 1106.59 803.176 1107.57C804.926 1108.55 806.222 1109.88 807.062 1111.55C807.903 1113.22 808.324 1115.08 808.324 1117.14C808.324 1119.19 807.903 1121.06 807.062 1122.74C806.233 1124.43 804.949 1125.77 803.21 1126.77C801.472 1127.76 799.244 1128.25 796.528 1128.25H788.074V1124.5H796.392C798.267 1124.5 799.773 1124.18 800.909 1123.53C802.045 1122.88 802.869 1122.01 803.381 1120.9C803.903 1119.79 804.165 1118.53 804.165 1117.14C804.165 1115.74 803.903 1114.49 803.381 1113.39C802.869 1112.28 802.04 1111.42 800.892 1110.8C799.744 1110.16 798.222 1109.84 796.324 1109.84H788.892V1141H784.665ZM819.361 1106.09V1141H815.134V1106.09H819.361Z" fill="white"/>
+<path d="M705.167 1099.92H665.833C663.118 1099.92 660.917 1102.12 660.917 1104.83V1114.67C660.917 1117.38 663.118 1119.58 665.833 1119.58H705.167C707.882 1119.58 710.083 1117.38 710.083 1114.67V1104.83C710.083 1102.12 707.882 1099.92 705.167 1099.92Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M705.167 1129.42H665.833C663.118 1129.42 660.917 1131.62 660.917 1134.33V1144.17C660.917 1146.88 663.118 1149.08 665.833 1149.08H705.167C707.882 1149.08 710.083 1146.88 710.083 1144.17V1134.33C710.083 1131.62 707.882 1129.42 705.167 1129.42Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M670.75 1109.75H670.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M670.75 1139.25H670.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M505.5 727C505.5 725.619 504.381 724.5 503 724.5C501.619 724.5 500.5 725.619 500.5 727H505.5ZM746.232 1064.77C747.209 1065.74 748.791 1065.74 749.768 1064.77L765.678 1048.86C766.654 1047.88 766.654 1046.3 765.678 1045.32C764.701 1044.35 763.118 1044.35 762.142 1045.32L748 1059.46L733.858 1045.32C732.882 1044.35 731.299 1044.35 730.322 1045.32C729.346 1046.3 729.346 1047.88 730.322 1048.86L746.232 1064.77ZM503 727H500.5V871H503H505.5V727H503ZM527 895V897.5H724V895V892.5H527V895ZM748 919H745.5V1063H748H750.5V919H748ZM724 895V897.5C735.874 897.5 745.5 907.126 745.5 919H748H750.5C750.5 904.364 738.636 892.5 724 892.5V895ZM503 871H500.5C500.5 885.636 512.364 897.5 527 897.5V895V892.5C515.126 892.5 505.5 882.874 505.5 871H503Z" fill="#7C7C7C"/>
+<path d="M175.227 1331V1296.09H187.023C189.761 1296.09 192 1296.59 193.739 1297.57C195.489 1298.55 196.784 1299.88 197.625 1301.55C198.466 1303.22 198.886 1305.08 198.886 1307.14C198.886 1309.19 198.466 1311.06 197.625 1312.74C196.795 1314.43 195.511 1315.77 193.773 1316.77C192.034 1317.76 189.807 1318.25 187.091 1318.25H178.636V1314.5H186.955C188.83 1314.5 190.335 1314.18 191.472 1313.53C192.608 1312.88 193.432 1312.01 193.943 1310.9C194.466 1309.79 194.727 1308.53 194.727 1307.14C194.727 1305.74 194.466 1304.49 193.943 1303.39C193.432 1302.28 192.602 1301.42 191.455 1300.8C190.307 1300.16 188.784 1299.84 186.886 1299.84H179.455V1331H175.227ZM205.151 1331V1304.82H209.037V1308.77H209.31C209.787 1307.48 210.651 1306.43 211.901 1305.62C213.151 1304.81 214.56 1304.41 216.128 1304.41C216.423 1304.41 216.793 1304.41 217.236 1304.43C217.679 1304.44 218.014 1304.45 218.241 1304.48V1308.57C218.105 1308.53 217.793 1308.48 217.304 1308.41C216.827 1308.34 216.321 1308.3 215.787 1308.3C214.514 1308.3 213.378 1308.56 212.378 1309.1C211.389 1309.62 210.605 1310.35 210.026 1311.28C209.457 1312.2 209.173 1313.25 209.173 1314.43V1331H205.151ZM223.01 1331V1304.82H227.033V1331H223.01ZM225.055 1300.45C224.271 1300.45 223.595 1300.19 223.027 1299.65C222.47 1299.12 222.192 1298.48 222.192 1297.73C222.192 1296.98 222.47 1296.34 223.027 1295.8C223.595 1295.27 224.271 1295 225.055 1295C225.839 1295 226.51 1295.27 227.067 1295.8C227.635 1296.34 227.919 1296.98 227.919 1297.73C227.919 1298.48 227.635 1299.12 227.067 1299.65C226.51 1300.19 225.839 1300.45 225.055 1300.45ZM255.81 1304.82L246.128 1331H242.037L232.355 1304.82H236.719L243.946 1325.68H244.219L251.446 1304.82H255.81ZM268.027 1331.61C266.368 1331.61 264.862 1331.3 263.51 1330.68C262.158 1330.04 261.084 1329.12 260.288 1327.93C259.493 1326.73 259.095 1325.27 259.095 1323.57C259.095 1322.07 259.391 1320.85 259.982 1319.92C260.572 1318.98 261.362 1318.24 262.351 1317.7C263.339 1317.17 264.43 1316.77 265.624 1316.51C266.828 1316.24 268.038 1316.02 269.254 1315.86C270.845 1315.66 272.135 1315.51 273.124 1315.4C274.124 1315.29 274.851 1315.1 275.305 1314.84C275.771 1314.58 276.004 1314.12 276.004 1313.48V1313.34C276.004 1311.66 275.544 1310.35 274.624 1309.42C273.714 1308.49 272.334 1308.02 270.482 1308.02C268.561 1308.02 267.055 1308.44 265.964 1309.28C264.874 1310.12 264.107 1311.02 263.663 1311.98L259.845 1310.61C260.527 1309.02 261.436 1307.78 262.572 1306.9C263.72 1306 264.97 1305.37 266.322 1305.02C267.686 1304.66 269.027 1304.48 270.345 1304.48C271.186 1304.48 272.152 1304.58 273.243 1304.78C274.345 1304.98 275.408 1305.38 276.43 1305.99C277.464 1306.61 278.322 1307.53 279.004 1308.77C279.686 1310.01 280.027 1311.67 280.027 1313.75V1331H276.004V1327.45H275.8C275.527 1328.02 275.072 1328.63 274.436 1329.28C273.8 1329.93 272.953 1330.48 271.896 1330.93C270.839 1331.39 269.55 1331.61 268.027 1331.61ZM268.641 1328C270.232 1328 271.572 1327.69 272.663 1327.06C273.766 1326.44 274.595 1325.63 275.152 1324.64C275.72 1323.65 276.004 1322.61 276.004 1321.52V1317.84C275.834 1318.05 275.459 1318.23 274.879 1318.4C274.311 1318.56 273.652 1318.7 272.902 1318.83C272.163 1318.94 271.442 1319.05 270.737 1319.14C270.044 1319.22 269.482 1319.28 269.05 1319.34C268.004 1319.48 267.027 1319.7 266.118 1320.01C265.22 1320.3 264.493 1320.75 263.936 1321.35C263.391 1321.94 263.118 1322.75 263.118 1323.77C263.118 1325.17 263.635 1326.23 264.669 1326.94C265.714 1327.65 267.038 1328 268.641 1328ZM298.756 1304.82V1308.23H285.188V1304.82H298.756ZM289.142 1298.55H293.165V1323.5C293.165 1324.64 293.33 1325.49 293.659 1326.06C294 1326.61 294.432 1326.99 294.955 1327.18C295.489 1327.36 296.051 1327.45 296.642 1327.45C297.085 1327.45 297.449 1327.43 297.733 1327.39C298.017 1327.33 298.244 1327.28 298.415 1327.25L299.233 1330.86C298.96 1330.97 298.58 1331.07 298.091 1331.17C297.602 1331.28 296.983 1331.34 296.233 1331.34C295.097 1331.34 293.983 1331.1 292.892 1330.61C291.813 1330.12 290.915 1329.38 290.199 1328.38C289.494 1327.38 289.142 1326.11 289.142 1324.59V1298.55ZM315.503 1331.55C312.98 1331.55 310.804 1330.99 308.974 1329.88C307.156 1328.75 305.753 1327.18 304.764 1325.17C303.787 1323.15 303.298 1320.8 303.298 1318.11C303.298 1315.43 303.787 1313.07 304.764 1311.02C305.753 1308.97 307.128 1307.36 308.889 1306.22C310.662 1305.06 312.73 1304.48 315.094 1304.48C316.457 1304.48 317.804 1304.7 319.134 1305.16C320.463 1305.61 321.673 1306.35 322.764 1307.38C323.855 1308.39 324.724 1309.73 325.372 1311.4C326.02 1313.07 326.344 1315.12 326.344 1317.57V1319.27H306.162V1315.8H322.253C322.253 1314.32 321.957 1313 321.366 1311.84C320.787 1310.68 319.957 1309.77 318.878 1309.1C317.81 1308.43 316.548 1308.09 315.094 1308.09C313.491 1308.09 312.105 1308.49 310.935 1309.28C309.776 1310.07 308.884 1311.09 308.259 1312.35C307.634 1313.61 307.321 1314.97 307.321 1316.41V1318.73C307.321 1320.7 307.662 1322.38 308.344 1323.76C309.037 1325.12 309.997 1326.16 311.224 1326.88C312.452 1327.58 313.878 1327.93 315.503 1327.93C316.56 1327.93 317.514 1327.78 318.366 1327.49C319.23 1327.18 319.974 1326.73 320.599 1326.12C321.224 1325.51 321.707 1324.75 322.048 1323.84L325.935 1324.93C325.526 1326.25 324.838 1327.41 323.872 1328.41C322.906 1329.4 321.713 1330.17 320.293 1330.73C318.872 1331.27 317.276 1331.55 315.503 1331.55ZM374.19 1296.09V1331H370.099L351.077 1303.59H350.736V1331H346.509V1296.09H350.599L369.69 1323.57H370.031V1296.09H374.19ZM393.081 1331.55C390.558 1331.55 388.382 1330.99 386.553 1329.88C384.734 1328.75 383.331 1327.18 382.342 1325.17C381.365 1323.15 380.876 1320.8 380.876 1318.11C380.876 1315.43 381.365 1313.07 382.342 1311.02C383.331 1308.97 384.706 1307.36 386.467 1306.22C388.24 1305.06 390.308 1304.48 392.672 1304.48C394.036 1304.48 395.382 1304.7 396.712 1305.16C398.041 1305.61 399.251 1306.35 400.342 1307.38C401.433 1308.39 402.303 1309.73 402.95 1311.4C403.598 1313.07 403.922 1315.12 403.922 1317.57V1319.27H383.74V1315.8H399.831C399.831 1314.32 399.536 1313 398.945 1311.84C398.365 1310.68 397.536 1309.77 396.456 1309.1C395.388 1308.43 394.126 1308.09 392.672 1308.09C391.07 1308.09 389.683 1308.49 388.513 1309.28C387.354 1310.07 386.462 1311.09 385.837 1312.35C385.212 1313.61 384.899 1314.97 384.899 1316.41V1318.73C384.899 1320.7 385.24 1322.38 385.922 1323.76C386.615 1325.12 387.575 1326.16 388.803 1326.88C390.03 1327.58 391.456 1327.93 393.081 1327.93C394.138 1327.93 395.092 1327.78 395.945 1327.49C396.808 1327.18 397.553 1326.73 398.178 1326.12C398.803 1325.51 399.286 1324.75 399.626 1323.84L403.513 1324.93C403.104 1326.25 402.416 1327.41 401.45 1328.41C400.484 1329.4 399.291 1330.17 397.871 1330.73C396.45 1331.27 394.854 1331.55 393.081 1331.55ZM421.428 1304.82V1308.23H407.859V1304.82H421.428ZM411.814 1298.55H415.837V1323.5C415.837 1324.64 416.001 1325.49 416.331 1326.06C416.672 1326.61 417.104 1326.99 417.626 1327.18C418.161 1327.36 418.723 1327.45 419.314 1327.45C419.757 1327.45 420.121 1327.43 420.405 1327.39C420.689 1327.33 420.916 1327.28 421.087 1327.25L421.905 1330.86C421.632 1330.97 421.251 1331.07 420.763 1331.17C420.274 1331.28 419.655 1331.34 418.905 1331.34C417.768 1331.34 416.655 1331.1 415.564 1330.61C414.484 1330.12 413.587 1329.38 412.871 1328.38C412.166 1327.38 411.814 1326.11 411.814 1324.59V1298.55ZM433.411 1331L425.433 1304.82H429.661L435.32 1324.86H435.592L441.183 1304.82H445.479L451.001 1324.8H451.274L456.933 1304.82H461.161L453.183 1331H449.229L443.501 1310.89H443.092L437.365 1331H433.411ZM476.224 1331.55C473.861 1331.55 471.787 1330.98 470.003 1329.86C468.23 1328.73 466.844 1327.16 465.844 1325.14C464.855 1323.11 464.361 1320.75 464.361 1318.05C464.361 1315.32 464.855 1312.94 465.844 1310.9C466.844 1308.87 468.23 1307.29 470.003 1306.16C471.787 1305.04 473.861 1304.48 476.224 1304.48C478.588 1304.48 480.656 1305.04 482.429 1306.16C484.213 1307.29 485.599 1308.87 486.588 1310.9C487.588 1312.94 488.088 1315.32 488.088 1318.05C488.088 1320.75 487.588 1323.11 486.588 1325.14C485.599 1327.16 484.213 1328.73 482.429 1329.86C480.656 1330.98 478.588 1331.55 476.224 1331.55ZM476.224 1327.93C478.02 1327.93 479.497 1327.47 480.656 1326.55C481.815 1325.63 482.673 1324.42 483.23 1322.92C483.787 1321.42 484.065 1319.8 484.065 1318.05C484.065 1316.3 483.787 1314.66 483.23 1313.15C482.673 1311.64 481.815 1310.42 480.656 1309.49C479.497 1308.56 478.02 1308.09 476.224 1308.09C474.429 1308.09 472.952 1308.56 471.793 1309.49C470.634 1310.42 469.776 1311.64 469.219 1313.15C468.662 1314.66 468.384 1316.3 468.384 1318.05C468.384 1319.8 468.662 1321.42 469.219 1322.92C469.776 1324.42 470.634 1325.63 471.793 1326.55C472.952 1327.47 474.429 1327.93 476.224 1327.93ZM494.229 1331V1304.82H498.115V1308.77H498.388C498.865 1307.48 499.729 1306.43 500.979 1305.62C502.229 1304.81 503.638 1304.41 505.206 1304.41C505.501 1304.41 505.871 1304.41 506.314 1304.43C506.757 1304.44 507.092 1304.45 507.32 1304.48V1308.57C507.183 1308.53 506.871 1308.48 506.382 1308.41C505.905 1308.34 505.399 1308.3 504.865 1308.3C503.592 1308.3 502.456 1308.56 501.456 1309.1C500.467 1309.62 499.683 1310.35 499.104 1311.28C498.536 1312.2 498.251 1313.25 498.251 1314.43V1331H494.229ZM515.838 1321.45L515.77 1316.48H516.588L528.043 1304.82H533.02L520.815 1317.16H520.474L515.838 1321.45ZM512.088 1331V1296.09H516.111V1331H512.088ZM528.724 1331L518.497 1318.05L521.361 1315.25L533.838 1331H528.724Z" fill="white"/>
+<circle cx="502.5" cy="842.5" r="22.5" fill="#7C7C7C"/>
+<circle cx="502.5" cy="339.5" r="22.5" fill="#7C7C7C"/>
+<path d="M503 350C508.523 350 513 345.523 513 340C513 334.477 508.523 330 503 330C497.477 330 493 334.477 493 340C493 345.523 497.477 350 503 350Z" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M503 330C500.432 332.696 499 336.277 499 340C499 343.723 500.432 347.304 503 350C505.568 347.304 507 343.723 507 340C507 336.277 505.568 332.696 503 330Z" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M493 340H513" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M510 842H496C494.895 842 494 842.895 494 844V851C494 852.105 494.895 853 496 853H510C511.105 853 512 852.105 512 851V844C512 842.895 511.105 842 510 842Z" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M498 842V838C498 836.674 498.527 835.402 499.464 834.464C500.402 833.527 501.674 833 503 833C504.326 833 505.598 833.527 506.536 834.464C507.473 835.402 508 836.674 508 838V842" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M145.625 1321.33H135.792C134.434 1321.33 133.333 1322.43 133.333 1323.79V1333.62C133.333 1334.98 134.434 1336.08 135.792 1336.08H145.625C146.983 1336.08 148.083 1334.98 148.083 1333.62V1323.79C148.083 1322.43 146.983 1321.33 145.625 1321.33Z" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M111.208 1321.33H101.375C100.017 1321.33 98.9165 1322.43 98.9165 1323.79V1333.62C98.9165 1334.98 100.017 1336.08 101.375 1336.08H111.208C112.566 1336.08 113.667 1334.98 113.667 1333.62V1323.79C113.667 1322.43 112.566 1321.33 111.208 1321.33Z" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M128.417 1286.92H118.583C117.226 1286.92 116.125 1288.02 116.125 1289.38V1299.21C116.125 1300.57 117.226 1301.67 118.583 1301.67H128.417C129.774 1301.67 130.875 1300.57 130.875 1299.21V1289.38C130.875 1288.02 129.774 1286.92 128.417 1286.92Z" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M106.292 1321.33V1313.96C106.292 1313.31 106.551 1312.68 107.012 1312.22C107.473 1311.76 108.098 1311.5 108.75 1311.5H138.25C138.902 1311.5 139.527 1311.76 139.988 1312.22C140.449 1312.68 140.708 1313.31 140.708 1313.96V1321.33" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M123.5 1311.5V1301.67" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<defs>
+<filter id="filter0_d_12_157" x="11" y="41" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_12_157"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_12_157" result="shape"/>
+</filter>
+<filter id="filter1_d_12_157" x="31" y="27" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_12_157"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_12_157" result="shape"/>
+</filter>
+<filter id="filter2_d_12_157" x="746" y="41" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_12_157"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_12_157" result="shape"/>
+</filter>
+<filter id="filter3_d_12_157" x="766" y="27" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_12_157"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_12_157" result="shape"/>
+</filter>
+<filter id="filter4_d_12_157" x="379" y="41" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_12_157"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_12_157" result="shape"/>
+</filter>
+<filter id="filter5_d_12_157" x="399" y="27" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_12_157"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_12_157" result="shape"/>
+</filter>
+<clipPath id="clip0_12_157">
+<rect width="137" height="146" fill="white" transform="translate(434 518)"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/public/diagram.svg b/public/diagram.svg
new file mode 100644
index 00000000..9e9e39fb
--- /dev/null
+++ b/public/diagram.svg
@@ -0,0 +1,132 @@
+<svg width="1006" height="1371" viewBox="0 0 1006 1371" fill="none" xmlns="http://www.w3.org/2000/svg">
+<rect x="69" y="1006" width="879" height="364" rx="20" fill="#2C2C2C" stroke="#414141" stroke-width="2"/>
+<circle cx="503" cy="591" r="130" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g clip-path="url(#clip0_9_205)">
+<path d="M549.271 566.61C552.12 566.61 554.43 568.931 554.43 571.794C554.43 574.658 552.12 576.979 549.271 576.979C546.422 576.979 544.113 574.658 544.113 571.794C544.113 568.931 546.422 566.61 549.271 566.61ZM569.523 588.245C569.005 605.466 555.923 628.229 538.189 634.082C517.472 640.919 501.741 630.66 496.755 618.634C492.871 609.264 495.806 598.055 503.056 593.31C509.178 589.304 520.579 588.245 530.16 594.576C526.794 585.713 517.73 579.888 509.703 578.115C501.675 576.343 493.388 578.369 487.432 581.408C495.072 572.924 512.958 564.686 532.405 575.077C545.439 582.041 551.05 591.79 556.575 604.959C571.076 582.674 560.977 555.83 543.368 539.876C525.414 523.61 501.157 517.084 482.599 518.102C488.724 521.901 495.921 527.324 502.569 533.671C473.189 529.999 448.977 536.71 434 557.181C442.367 555.522 453.399 554.48 464.381 555.025C442.977 570.18 430.547 595.673 436.866 622.276C440.728 615.493 446.504 607.345 453.378 599.961C451.264 619.816 454.199 646.659 479.602 664C478.305 658.556 477.256 651.935 476.777 644.927C488.66 654.244 505.91 661.924 527.312 656.62C565.12 647.25 575.22 610.531 569.523 588.245Z" fill="#F36118"/>
+</g>
+<rect x="1" y="27" width="212" height="86" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter0_d_9_205)">
+<path d="M64.1667 92.625V87.7083C64.1667 85.1004 63.1307 82.5992 61.2866 80.7551C59.4424 78.911 56.9413 77.875 54.3333 77.875H34.6667C32.0587 77.875 29.5576 78.911 27.7134 80.7551C25.8693 82.5992 24.8333 85.1004 24.8333 87.7083V92.625M54.3333 58.2083C54.3333 63.6391 49.9308 68.0417 44.5 68.0417C39.0692 68.0417 34.6667 63.6391 34.6667 58.2083C34.6667 52.7775 39.0692 48.375 44.5 48.375C49.9308 48.375 54.3333 52.7775 54.3333 58.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M112.182 73.2955V57.8182H116.205V84H112.182V79.5682H111.909C111.295 80.8977 110.341 82.0284 109.045 82.9602C107.75 83.8807 106.114 84.3409 104.136 84.3409C102.5 84.3409 101.045 83.983 99.7727 83.267C98.5 82.5398 97.5 81.4489 96.7727 79.9943C96.0455 78.5284 95.6818 76.6818 95.6818 74.4545V57.8182H99.7045V74.1818C99.7045 76.0909 100.239 77.6136 101.307 78.75C102.386 79.8864 103.761 80.4545 105.432 80.4545C106.432 80.4545 107.449 80.1989 108.483 79.6875C109.528 79.1761 110.403 78.392 111.108 77.3352C111.824 76.2784 112.182 74.9318 112.182 73.2955ZM142.118 63.6818L138.504 64.7045C138.277 64.1023 137.942 63.517 137.499 62.9489C137.067 62.3693 136.476 61.892 135.726 61.517C134.976 61.142 134.016 60.9545 132.845 60.9545C131.243 60.9545 129.908 61.3239 128.839 62.0625C127.783 62.7898 127.254 63.7159 127.254 64.8409C127.254 65.8409 127.618 66.6307 128.345 67.2102C129.072 67.7898 130.209 68.2727 131.754 68.6591L135.641 69.6136C137.982 70.1818 139.726 71.0511 140.874 72.2216C142.021 73.3807 142.595 74.875 142.595 76.7045C142.595 78.2045 142.163 79.5455 141.3 80.7273C140.447 81.9091 139.254 82.8409 137.72 83.5227C136.186 84.2045 134.402 84.5455 132.368 84.5455C129.697 84.5455 127.487 83.9659 125.737 82.8068C123.987 81.6477 122.879 79.9545 122.413 77.7273L126.232 76.7727C126.595 78.1818 127.283 79.2386 128.294 79.9432C129.317 80.6477 130.652 81 132.3 81C134.175 81 135.663 80.6023 136.766 79.8068C137.879 79 138.436 78.0341 138.436 76.9091C138.436 76 138.118 75.2386 137.482 74.625C136.845 74 135.868 73.5341 134.55 73.2273L130.186 72.2045C127.788 71.6364 126.027 70.7557 124.902 69.5625C123.788 68.358 123.232 66.8523 123.232 65.0455C123.232 63.5682 123.646 62.2614 124.476 61.125C125.317 59.9886 126.459 59.0966 127.902 58.4489C129.357 57.8011 131.004 57.4773 132.845 57.4773C135.436 57.4773 137.47 58.0455 138.947 59.1818C140.436 60.3182 141.493 61.8182 142.118 63.6818ZM159.628 84.5455C157.105 84.5455 154.929 83.9886 153.099 82.875C151.281 81.75 149.878 80.1818 148.889 78.1705C147.912 76.1477 147.423 73.7955 147.423 71.1136C147.423 68.4318 147.912 66.0682 148.889 64.0227C149.878 61.9659 151.253 60.3636 153.014 59.2159C154.787 58.0568 156.855 57.4773 159.219 57.4773C160.582 57.4773 161.929 57.7045 163.259 58.1591C164.588 58.6136 165.798 59.3523 166.889 60.375C167.98 61.3864 168.849 62.7273 169.497 64.3977C170.145 66.0682 170.469 68.125 170.469 70.5682V72.2727H150.287V68.7955H166.378C166.378 67.3182 166.082 66 165.491 64.8409C164.912 63.6818 164.082 62.767 163.003 62.0966C161.935 61.4261 160.673 61.0909 159.219 61.0909C157.616 61.0909 156.23 61.4886 155.06 62.2841C153.901 63.0682 153.009 64.0909 152.384 65.3523C151.759 66.6136 151.446 67.9659 151.446 69.4091V71.7273C151.446 73.7045 151.787 75.3807 152.469 76.7557C153.162 78.1193 154.122 79.1591 155.349 79.875C156.577 80.5795 158.003 80.9318 159.628 80.9318C160.685 80.9318 161.639 80.7841 162.491 80.4886C163.355 80.1818 164.099 79.7273 164.724 79.125C165.349 78.5114 165.832 77.75 166.173 76.8409L170.06 77.9318C169.651 79.25 168.963 80.4091 167.997 81.4091C167.031 82.3977 165.838 83.1705 164.418 83.7273C162.997 84.2727 161.401 84.5455 159.628 84.5455ZM176.588 84V57.8182H180.474V61.7727H180.747C181.224 60.4773 182.088 59.4261 183.338 58.6193C184.588 57.8125 185.997 57.4091 187.565 57.4091C187.861 57.4091 188.23 57.4148 188.673 57.4261C189.116 57.4375 189.452 57.4545 189.679 57.4773V61.5682C189.543 61.5341 189.23 61.483 188.741 61.4148C188.264 61.3352 187.759 61.2955 187.224 61.2955C185.952 61.2955 184.815 61.5625 183.815 62.0966C182.827 62.6193 182.043 63.3466 181.463 64.2784C180.895 65.1989 180.611 66.25 180.611 67.4318V84H176.588Z" fill="white"/>
+<rect x="136" y="1069" width="254" height="110" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<path d="M268.659 1141H264.227L277.045 1106.09H281.409L294.227 1141H289.795L279.364 1111.61H279.091L268.659 1141ZM270.295 1127.36H288.159V1131.11H270.295V1127.36ZM299.119 1150.82V1114.82H303.006V1118.98H303.483C303.778 1118.52 304.188 1117.94 304.71 1117.24C305.244 1116.52 306.006 1115.89 306.994 1115.33C307.994 1114.76 309.347 1114.48 311.051 1114.48C313.256 1114.48 315.199 1115.03 316.881 1116.13C318.563 1117.23 319.875 1118.8 320.818 1120.82C321.761 1122.84 322.233 1125.23 322.233 1127.98C322.233 1130.75 321.761 1133.15 320.818 1135.19C319.875 1137.21 318.568 1138.78 316.898 1139.89C315.227 1140.99 313.301 1141.55 311.119 1141.55C309.438 1141.55 308.091 1141.27 307.08 1140.71C306.068 1140.14 305.29 1139.5 304.744 1138.78C304.199 1138.06 303.778 1137.45 303.483 1136.98H303.142V1150.82H299.119ZM303.074 1127.91C303.074 1129.89 303.364 1131.63 303.943 1133.14C304.523 1134.64 305.369 1135.82 306.483 1136.67C307.597 1137.51 308.96 1137.93 310.574 1137.93C312.256 1137.93 313.659 1137.49 314.784 1136.6C315.92 1135.7 316.773 1134.5 317.341 1132.99C317.92 1131.47 318.21 1129.77 318.21 1127.91C318.21 1126.07 317.926 1124.41 317.358 1122.93C316.801 1121.44 315.955 1120.27 314.818 1119.4C313.693 1118.53 312.278 1118.09 310.574 1118.09C308.938 1118.09 307.563 1118.51 306.449 1119.34C305.335 1120.15 304.494 1121.3 303.926 1122.78C303.358 1124.24 303.074 1125.95 303.074 1127.91ZM328.369 1150.82V1114.82H332.256V1118.98H332.733C333.028 1118.52 333.438 1117.94 333.96 1117.24C334.494 1116.52 335.256 1115.89 336.244 1115.33C337.244 1114.76 338.597 1114.48 340.301 1114.48C342.506 1114.48 344.449 1115.03 346.131 1116.13C347.813 1117.23 349.125 1118.8 350.068 1120.82C351.011 1122.84 351.483 1125.23 351.483 1127.98C351.483 1130.75 351.011 1133.15 350.068 1135.19C349.125 1137.21 347.818 1138.78 346.148 1139.89C344.477 1140.99 342.551 1141.55 340.369 1141.55C338.688 1141.55 337.341 1141.27 336.33 1140.71C335.318 1140.14 334.54 1139.5 333.994 1138.78C333.449 1138.06 333.028 1137.45 332.733 1136.98H332.392V1150.82H328.369ZM332.324 1127.91C332.324 1129.89 332.614 1131.63 333.193 1133.14C333.773 1134.64 334.619 1135.82 335.733 1136.67C336.847 1137.51 338.21 1137.93 339.824 1137.93C341.506 1137.93 342.909 1137.49 344.034 1136.6C345.17 1135.7 346.023 1134.5 346.591 1132.99C347.17 1131.47 347.46 1129.77 347.46 1127.91C347.46 1126.07 347.176 1124.41 346.608 1122.93C346.051 1121.44 345.205 1120.27 344.068 1119.4C342.943 1118.53 341.528 1118.09 339.824 1118.09C338.188 1118.09 336.813 1118.51 335.699 1119.34C334.585 1120.15 333.744 1121.3 333.176 1122.78C332.608 1124.24 332.324 1125.95 332.324 1127.91Z" fill="white"/>
+<rect x="1" y="1" width="269" height="112" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter1_d_9_205)">
+<path d="M84.1667 78.625V73.7083C84.1667 71.1004 83.1307 68.5992 81.2865 66.7551C79.4424 64.911 76.9413 63.875 74.3333 63.875H54.6667C52.0587 63.875 49.5576 64.911 47.7134 66.7551C45.8693 68.5992 44.8333 71.1004 44.8333 73.7083V78.625M74.3333 44.2083C74.3333 49.6391 69.9308 54.0417 64.5 54.0417C59.0692 54.0417 54.6667 49.6391 54.6667 44.2083C54.6667 38.7775 59.0692 34.375 64.5 34.375C69.9308 34.375 74.3333 38.7775 74.3333 44.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M153.136 39.0909H157.364V62.2045C157.364 64.5909 156.801 66.7216 155.676 68.5966C154.563 70.4602 152.989 71.9318 150.955 73.0114C148.92 74.0795 146.534 74.6136 143.795 74.6136C141.057 74.6136 138.67 74.0795 136.636 73.0114C134.602 71.9318 133.023 70.4602 131.898 68.5966C130.784 66.7216 130.227 64.5909 130.227 62.2045V39.0909H134.455V61.8636C134.455 63.5682 134.83 65.0852 135.58 66.4148C136.33 67.733 137.398 68.7727 138.784 69.5341C140.182 70.2841 141.852 70.6591 143.795 70.6591C145.739 70.6591 147.409 70.2841 148.807 69.5341C150.205 68.7727 151.273 67.733 152.011 66.4148C152.761 65.0852 153.136 63.5682 153.136 61.8636V39.0909ZM183.805 53.6818L180.192 54.7045C179.964 54.1023 179.629 53.517 179.186 52.9489C178.754 52.3693 178.163 51.892 177.413 51.517C176.663 51.142 175.703 50.9545 174.533 50.9545C172.93 50.9545 171.595 51.3239 170.527 52.0625C169.47 52.7898 168.942 53.7159 168.942 54.8409C168.942 55.8409 169.305 56.6307 170.033 57.2102C170.76 57.7898 171.896 58.2727 173.442 58.6591L177.328 59.6136C179.669 60.1818 181.413 61.0511 182.561 62.2216C183.709 63.3807 184.283 64.875 184.283 66.7045C184.283 68.2045 183.851 69.5455 182.987 70.7273C182.135 71.9091 180.942 72.8409 179.408 73.5227C177.874 74.2045 176.089 74.5455 174.055 74.5455C171.385 74.5455 169.175 73.9659 167.425 72.8068C165.675 71.6477 164.567 69.9545 164.101 67.7273L167.919 66.7727C168.283 68.1818 168.97 69.2386 169.982 69.9432C171.004 70.6477 172.339 71 173.987 71C175.862 71 177.351 70.6023 178.453 69.8068C179.567 69 180.124 68.0341 180.124 66.9091C180.124 66 179.805 65.2386 179.169 64.625C178.533 64 177.555 63.5341 176.237 63.2273L171.874 62.2045C169.476 61.6364 167.714 60.7557 166.589 59.5625C165.476 58.358 164.919 56.8523 164.919 55.0455C164.919 53.5682 165.334 52.2614 166.163 51.125C167.004 49.9886 168.146 49.0966 169.589 48.4489C171.044 47.8011 172.692 47.4773 174.533 47.4773C177.124 47.4773 179.158 48.0455 180.635 49.1818C182.124 50.3182 183.18 51.8182 183.805 53.6818ZM201.315 74.5455C198.793 74.5455 196.616 73.9886 194.787 72.875C192.969 71.75 191.565 70.1818 190.577 68.1705C189.599 66.1477 189.111 63.7955 189.111 61.1136C189.111 58.4318 189.599 56.0682 190.577 54.0227C191.565 51.9659 192.94 50.3636 194.702 49.2159C196.474 48.0568 198.543 47.4773 200.906 47.4773C202.27 47.4773 203.616 47.7045 204.946 48.1591C206.276 48.6136 207.486 49.3523 208.577 50.375C209.668 51.3864 210.537 52.7273 211.185 54.3977C211.832 56.0682 212.156 58.125 212.156 60.5682V62.2727H191.974V58.7955H208.065C208.065 57.3182 207.77 56 207.179 54.8409C206.599 53.6818 205.77 52.767 204.69 52.0966C203.622 51.4261 202.361 51.0909 200.906 51.0909C199.304 51.0909 197.918 51.4886 196.747 52.2841C195.588 53.0682 194.696 54.0909 194.071 55.3523C193.446 56.6136 193.134 57.9659 193.134 59.4091V61.7273C193.134 63.7045 193.474 65.3807 194.156 66.7557C194.849 68.1193 195.81 69.1591 197.037 69.875C198.264 70.5795 199.69 70.9318 201.315 70.9318C202.372 70.9318 203.327 70.7841 204.179 70.4886C205.043 70.1818 205.787 69.7273 206.412 69.125C207.037 68.5114 207.52 67.75 207.861 66.8409L211.747 67.9318C211.338 69.25 210.651 70.4091 209.685 71.4091C208.719 72.3977 207.526 73.1705 206.105 73.7273C204.685 74.2727 203.088 74.5455 201.315 74.5455ZM218.276 74V47.8182H222.162V51.7727H222.435C222.912 50.4773 223.776 49.4261 225.026 48.6193C226.276 47.8125 227.685 47.4091 229.253 47.4091C229.548 47.4091 229.918 47.4148 230.361 47.4261C230.804 47.4375 231.139 47.4545 231.366 47.4773V51.5682C231.23 51.5341 230.918 51.483 230.429 51.4148C229.952 51.3352 229.446 51.2955 228.912 51.2955C227.639 51.2955 226.503 51.5625 225.503 52.0966C224.514 52.6193 223.73 53.3466 223.151 54.2784C222.582 55.1989 222.298 56.25 222.298 57.4318V74H218.276Z" fill="white"/>
+<path d="M138 119C138 117.619 136.881 116.5 135.5 116.5C134.119 116.5 133 117.619 133 119H138ZM501.232 456.768C502.209 457.744 503.791 457.744 504.768 456.768L520.678 440.858C521.654 439.882 521.654 438.299 520.678 437.322C519.701 436.346 518.118 436.346 517.142 437.322L503 451.464L488.858 437.322C487.882 436.346 486.299 436.346 485.322 437.322C484.346 438.299 484.346 439.882 485.322 440.858L501.232 456.768ZM135.5 119H133V263H135.5H138V119H135.5ZM159.5 287V289.5H479V287V284.5H159.5V287ZM503 311H500.5V455H503H505.5V311H503ZM479 287V289.5C490.874 289.5 500.5 299.126 500.5 311H503H505.5C505.5 296.364 493.636 284.5 479 284.5V287ZM135.5 263H133C133 277.636 144.864 289.5 159.5 289.5V287V284.5C147.626 284.5 138 274.874 138 263H135.5Z" fill="white"/>
+<rect x="736" y="27" width="212" height="86" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter2_d_9_205)">
+<path d="M799.167 92.625V87.7083C799.167 85.1004 798.131 82.5992 796.287 80.7551C794.442 78.911 791.941 77.875 789.333 77.875H769.667C767.059 77.875 764.558 78.911 762.713 80.7551C760.869 82.5992 759.833 85.1004 759.833 87.7083V92.625M789.333 58.2083C789.333 63.6391 784.931 68.0417 779.5 68.0417C774.069 68.0417 769.667 63.6391 769.667 58.2083C769.667 52.7775 774.069 48.375 779.5 48.375C784.931 48.375 789.333 52.7775 789.333 58.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M847.182 73.2955V57.8182H851.205V84H847.182V79.5682H846.909C846.295 80.8977 845.341 82.0284 844.045 82.9602C842.75 83.8807 841.114 84.3409 839.136 84.3409C837.5 84.3409 836.045 83.983 834.773 83.267C833.5 82.5398 832.5 81.4489 831.773 79.9943C831.045 78.5284 830.682 76.6818 830.682 74.4545V57.8182H834.705V74.1818C834.705 76.0909 835.239 77.6136 836.307 78.75C837.386 79.8864 838.761 80.4545 840.432 80.4545C841.432 80.4545 842.449 80.1989 843.483 79.6875C844.528 79.1761 845.403 78.392 846.108 77.3352C846.824 76.2784 847.182 74.9318 847.182 73.2955ZM877.118 63.6818L873.504 64.7045C873.277 64.1023 872.942 63.517 872.499 62.9489C872.067 62.3693 871.476 61.892 870.726 61.517C869.976 61.142 869.016 60.9545 867.845 60.9545C866.243 60.9545 864.908 61.3239 863.839 62.0625C862.783 62.7898 862.254 63.7159 862.254 64.8409C862.254 65.8409 862.618 66.6307 863.345 67.2102C864.072 67.7898 865.209 68.2727 866.754 68.6591L870.641 69.6136C872.982 70.1818 874.726 71.0511 875.874 72.2216C877.021 73.3807 877.595 74.875 877.595 76.7045C877.595 78.2045 877.163 79.5455 876.3 80.7273C875.447 81.9091 874.254 82.8409 872.72 83.5227C871.186 84.2045 869.402 84.5455 867.368 84.5455C864.697 84.5455 862.487 83.9659 860.737 82.8068C858.987 81.6477 857.879 79.9545 857.413 77.7273L861.232 76.7727C861.595 78.1818 862.283 79.2386 863.294 79.9432C864.317 80.6477 865.652 81 867.3 81C869.175 81 870.663 80.6023 871.766 79.8068C872.879 79 873.436 78.0341 873.436 76.9091C873.436 76 873.118 75.2386 872.482 74.625C871.845 74 870.868 73.5341 869.55 73.2273L865.186 72.2045C862.788 71.6364 861.027 70.7557 859.902 69.5625C858.788 68.358 858.232 66.8523 858.232 65.0455C858.232 63.5682 858.646 62.2614 859.476 61.125C860.317 59.9886 861.459 59.0966 862.902 58.4489C864.357 57.8011 866.004 57.4773 867.845 57.4773C870.436 57.4773 872.47 58.0455 873.947 59.1818C875.436 60.3182 876.493 61.8182 877.118 63.6818ZM894.628 84.5455C892.105 84.5455 889.929 83.9886 888.099 82.875C886.281 81.75 884.878 80.1818 883.889 78.1705C882.912 76.1477 882.423 73.7955 882.423 71.1136C882.423 68.4318 882.912 66.0682 883.889 64.0227C884.878 61.9659 886.253 60.3636 888.014 59.2159C889.787 58.0568 891.855 57.4773 894.219 57.4773C895.582 57.4773 896.929 57.7045 898.259 58.1591C899.588 58.6136 900.798 59.3523 901.889 60.375C902.98 61.3864 903.849 62.7273 904.497 64.3977C905.145 66.0682 905.469 68.125 905.469 70.5682V72.2727H885.287V68.7955H901.378C901.378 67.3182 901.082 66 900.491 64.8409C899.912 63.6818 899.082 62.767 898.003 62.0966C896.935 61.4261 895.673 61.0909 894.219 61.0909C892.616 61.0909 891.23 61.4886 890.06 62.2841C888.901 63.0682 888.009 64.0909 887.384 65.3523C886.759 66.6136 886.446 67.9659 886.446 69.4091V71.7273C886.446 73.7045 886.787 75.3807 887.469 76.7557C888.162 78.1193 889.122 79.1591 890.349 79.875C891.577 80.5795 893.003 80.9318 894.628 80.9318C895.685 80.9318 896.639 80.7841 897.491 80.4886C898.355 80.1818 899.099 79.7273 899.724 79.125C900.349 78.5114 900.832 77.75 901.173 76.8409L905.06 77.9318C904.651 79.25 903.963 80.4091 902.997 81.4091C902.031 82.3977 900.838 83.1705 899.418 83.7273C897.997 84.2727 896.401 84.5455 894.628 84.5455ZM911.588 84V57.8182H915.474V61.7727H915.747C916.224 60.4773 917.088 59.4261 918.338 58.6193C919.588 57.8125 920.997 57.4091 922.565 57.4091C922.861 57.4091 923.23 57.4148 923.673 57.4261C924.116 57.4375 924.452 57.4545 924.679 57.4773V61.5682C924.543 61.5341 924.23 61.483 923.741 61.4148C923.264 61.3352 922.759 61.2955 922.224 61.2955C920.952 61.2955 919.815 61.5625 918.815 62.0966C917.827 62.6193 917.043 63.3466 916.463 64.2784C915.895 65.1989 915.611 66.25 915.611 67.4318V84H911.588Z" fill="white"/>
+<rect x="736" y="1" width="269" height="112" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter3_d_9_205)">
+<path d="M819.167 78.625V73.7083C819.167 71.1004 818.131 68.5992 816.287 66.7551C814.442 64.911 811.941 63.875 809.333 63.875H789.667C787.059 63.875 784.558 64.911 782.713 66.7551C780.869 68.5992 779.833 71.1004 779.833 73.7083V78.625M809.333 44.2083C809.333 49.6391 804.931 54.0417 799.5 54.0417C794.069 54.0417 789.667 49.6391 789.667 44.2083C789.667 38.7775 794.069 34.375 799.5 34.375C804.931 34.375 809.333 38.7775 809.333 44.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M888.136 39.0909H892.364V62.2045C892.364 64.5909 891.801 66.7216 890.676 68.5966C889.563 70.4602 887.989 71.9318 885.955 73.0114C883.92 74.0795 881.534 74.6136 878.795 74.6136C876.057 74.6136 873.67 74.0795 871.636 73.0114C869.602 71.9318 868.023 70.4602 866.898 68.5966C865.784 66.7216 865.227 64.5909 865.227 62.2045V39.0909H869.455V61.8636C869.455 63.5682 869.83 65.0852 870.58 66.4148C871.33 67.733 872.398 68.7727 873.784 69.5341C875.182 70.2841 876.852 70.6591 878.795 70.6591C880.739 70.6591 882.409 70.2841 883.807 69.5341C885.205 68.7727 886.273 67.733 887.011 66.4148C887.761 65.0852 888.136 63.5682 888.136 61.8636V39.0909ZM918.805 53.6818L915.192 54.7045C914.964 54.1023 914.629 53.517 914.186 52.9489C913.754 52.3693 913.163 51.892 912.413 51.517C911.663 51.142 910.703 50.9545 909.533 50.9545C907.93 50.9545 906.595 51.3239 905.527 52.0625C904.47 52.7898 903.942 53.7159 903.942 54.8409C903.942 55.8409 904.305 56.6307 905.033 57.2102C905.76 57.7898 906.896 58.2727 908.442 58.6591L912.328 59.6136C914.669 60.1818 916.413 61.0511 917.561 62.2216C918.709 63.3807 919.283 64.875 919.283 66.7045C919.283 68.2045 918.851 69.5455 917.987 70.7273C917.135 71.9091 915.942 72.8409 914.408 73.5227C912.874 74.2045 911.089 74.5455 909.055 74.5455C906.385 74.5455 904.175 73.9659 902.425 72.8068C900.675 71.6477 899.567 69.9545 899.101 67.7273L902.919 66.7727C903.283 68.1818 903.97 69.2386 904.982 69.9432C906.004 70.6477 907.339 71 908.987 71C910.862 71 912.351 70.6023 913.453 69.8068C914.567 69 915.124 68.0341 915.124 66.9091C915.124 66 914.805 65.2386 914.169 64.625C913.533 64 912.555 63.5341 911.237 63.2273L906.874 62.2045C904.476 61.6364 902.714 60.7557 901.589 59.5625C900.476 58.358 899.919 56.8523 899.919 55.0455C899.919 53.5682 900.334 52.2614 901.163 51.125C902.004 49.9886 903.146 49.0966 904.589 48.4489C906.044 47.8011 907.692 47.4773 909.533 47.4773C912.124 47.4773 914.158 48.0455 915.635 49.1818C917.124 50.3182 918.18 51.8182 918.805 53.6818ZM936.315 74.5455C933.793 74.5455 931.616 73.9886 929.787 72.875C927.969 71.75 926.565 70.1818 925.577 68.1705C924.599 66.1477 924.111 63.7955 924.111 61.1136C924.111 58.4318 924.599 56.0682 925.577 54.0227C926.565 51.9659 927.94 50.3636 929.702 49.2159C931.474 48.0568 933.543 47.4773 935.906 47.4773C937.27 47.4773 938.616 47.7045 939.946 48.1591C941.276 48.6136 942.486 49.3523 943.577 50.375C944.668 51.3864 945.537 52.7273 946.185 54.3977C946.832 56.0682 947.156 58.125 947.156 60.5682V62.2727H926.974V58.7955H943.065C943.065 57.3182 942.77 56 942.179 54.8409C941.599 53.6818 940.77 52.767 939.69 52.0966C938.622 51.4261 937.361 51.0909 935.906 51.0909C934.304 51.0909 932.918 51.4886 931.747 52.2841C930.588 53.0682 929.696 54.0909 929.071 55.3523C928.446 56.6136 928.134 57.9659 928.134 59.4091V61.7273C928.134 63.7045 928.474 65.3807 929.156 66.7557C929.849 68.1193 930.81 69.1591 932.037 69.875C933.264 70.5795 934.69 70.9318 936.315 70.9318C937.372 70.9318 938.327 70.7841 939.179 70.4886C940.043 70.1818 940.787 69.7273 941.412 69.125C942.037 68.5114 942.52 67.75 942.861 66.8409L946.747 67.9318C946.338 69.25 945.651 70.4091 944.685 71.4091C943.719 72.3977 942.526 73.1705 941.105 73.7273C939.685 74.2727 938.088 74.5455 936.315 74.5455ZM953.276 74V47.8182H957.162V51.7727H957.435C957.912 50.4773 958.776 49.4261 960.026 48.6193C961.276 47.8125 962.685 47.4091 964.253 47.4091C964.548 47.4091 964.918 47.4148 965.361 47.4261C965.804 47.4375 966.139 47.4545 966.366 47.4773V51.5682C966.23 51.5341 965.918 51.483 965.429 51.4148C964.952 51.3352 964.446 51.2955 963.912 51.2955C962.639 51.2955 961.503 51.5625 960.503 52.0966C959.514 52.6193 958.73 53.3466 958.151 54.2784C957.582 55.1989 957.298 56.25 957.298 57.4318V74H953.276Z" fill="white"/>
+<path d="M873 119C873 117.619 871.881 116.5 870.5 116.5C869.119 116.5 868 117.619 868 119H873ZM501.232 456.768C502.209 457.744 503.791 457.744 504.768 456.768L520.678 440.858C521.654 439.882 521.654 438.299 520.678 437.322C519.701 436.346 518.118 436.346 517.142 437.322L503 451.464L488.858 437.322C487.882 436.346 486.299 436.346 485.322 437.322C484.346 438.299 484.346 439.882 485.322 440.858L501.232 456.768ZM870.5 119H868V263H870.5H873V119H870.5ZM846.5 287V284.5H527V287V289.5H846.5V287ZM503 311H500.5V455H503H505.5V311H503ZM527 287V284.5C512.364 284.5 500.5 296.364 500.5 311H503H505.5C505.5 299.126 515.126 289.5 527 289.5V287ZM870.5 263H868C868 274.874 858.374 284.5 846.5 284.5V287V289.5C861.136 289.5 873 277.636 873 263H870.5Z" fill="white"/>
+<rect x="369" y="27" width="212" height="86" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter4_d_9_205)">
+<path d="M432.167 92.625V87.7083C432.167 85.1004 431.131 82.5992 429.287 80.7551C427.442 78.911 424.941 77.875 422.333 77.875H402.667C400.059 77.875 397.558 78.911 395.713 80.7551C393.869 82.5992 392.833 85.1004 392.833 87.7083V92.625M422.333 58.2083C422.333 63.6391 417.931 68.0417 412.5 68.0417C407.069 68.0417 402.667 63.6391 402.667 58.2083C402.667 52.7775 407.069 48.375 412.5 48.375C417.931 48.375 422.333 52.7775 422.333 58.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M480.182 73.2955V57.8182H484.205V84H480.182V79.5682H479.909C479.295 80.8977 478.341 82.0284 477.045 82.9602C475.75 83.8807 474.114 84.3409 472.136 84.3409C470.5 84.3409 469.045 83.983 467.773 83.267C466.5 82.5398 465.5 81.4489 464.773 79.9943C464.045 78.5284 463.682 76.6818 463.682 74.4545V57.8182H467.705V74.1818C467.705 76.0909 468.239 77.6136 469.307 78.75C470.386 79.8864 471.761 80.4545 473.432 80.4545C474.432 80.4545 475.449 80.1989 476.483 79.6875C477.528 79.1761 478.403 78.392 479.108 77.3352C479.824 76.2784 480.182 74.9318 480.182 73.2955ZM510.118 63.6818L506.504 64.7045C506.277 64.1023 505.942 63.517 505.499 62.9489C505.067 62.3693 504.476 61.892 503.726 61.517C502.976 61.142 502.016 60.9545 500.845 60.9545C499.243 60.9545 497.908 61.3239 496.839 62.0625C495.783 62.7898 495.254 63.7159 495.254 64.8409C495.254 65.8409 495.618 66.6307 496.345 67.2102C497.072 67.7898 498.209 68.2727 499.754 68.6591L503.641 69.6136C505.982 70.1818 507.726 71.0511 508.874 72.2216C510.021 73.3807 510.595 74.875 510.595 76.7045C510.595 78.2045 510.163 79.5455 509.3 80.7273C508.447 81.9091 507.254 82.8409 505.72 83.5227C504.186 84.2045 502.402 84.5455 500.368 84.5455C497.697 84.5455 495.487 83.9659 493.737 82.8068C491.987 81.6477 490.879 79.9545 490.413 77.7273L494.232 76.7727C494.595 78.1818 495.283 79.2386 496.294 79.9432C497.317 80.6477 498.652 81 500.3 81C502.175 81 503.663 80.6023 504.766 79.8068C505.879 79 506.436 78.0341 506.436 76.9091C506.436 76 506.118 75.2386 505.482 74.625C504.845 74 503.868 73.5341 502.55 73.2273L498.186 72.2045C495.788 71.6364 494.027 70.7557 492.902 69.5625C491.788 68.358 491.232 66.8523 491.232 65.0455C491.232 63.5682 491.646 62.2614 492.476 61.125C493.317 59.9886 494.459 59.0966 495.902 58.4489C497.357 57.8011 499.004 57.4773 500.845 57.4773C503.436 57.4773 505.47 58.0455 506.947 59.1818C508.436 60.3182 509.493 61.8182 510.118 63.6818ZM527.628 84.5455C525.105 84.5455 522.929 83.9886 521.099 82.875C519.281 81.75 517.878 80.1818 516.889 78.1705C515.912 76.1477 515.423 73.7955 515.423 71.1136C515.423 68.4318 515.912 66.0682 516.889 64.0227C517.878 61.9659 519.253 60.3636 521.014 59.2159C522.787 58.0568 524.855 57.4773 527.219 57.4773C528.582 57.4773 529.929 57.7045 531.259 58.1591C532.588 58.6136 533.798 59.3523 534.889 60.375C535.98 61.3864 536.849 62.7273 537.497 64.3977C538.145 66.0682 538.469 68.125 538.469 70.5682V72.2727H518.287V68.7955H534.378C534.378 67.3182 534.082 66 533.491 64.8409C532.912 63.6818 532.082 62.767 531.003 62.0966C529.935 61.4261 528.673 61.0909 527.219 61.0909C525.616 61.0909 524.23 61.4886 523.06 62.2841C521.901 63.0682 521.009 64.0909 520.384 65.3523C519.759 66.6136 519.446 67.9659 519.446 69.4091V71.7273C519.446 73.7045 519.787 75.3807 520.469 76.7557C521.162 78.1193 522.122 79.1591 523.349 79.875C524.577 80.5795 526.003 80.9318 527.628 80.9318C528.685 80.9318 529.639 80.7841 530.491 80.4886C531.355 80.1818 532.099 79.7273 532.724 79.125C533.349 78.5114 533.832 77.75 534.173 76.8409L538.06 77.9318C537.651 79.25 536.963 80.4091 535.997 81.4091C535.031 82.3977 533.838 83.1705 532.418 83.7273C530.997 84.2727 529.401 84.5455 527.628 84.5455ZM544.588 84V57.8182H548.474V61.7727H548.747C549.224 60.4773 550.088 59.4261 551.338 58.6193C552.588 57.8125 553.997 57.4091 555.565 57.4091C555.861 57.4091 556.23 57.4148 556.673 57.4261C557.116 57.4375 557.452 57.4545 557.679 57.4773V61.5682C557.543 61.5341 557.23 61.483 556.741 61.4148C556.264 61.3352 555.759 61.2955 555.224 61.2955C553.952 61.2955 552.815 61.5625 551.815 62.0966C550.827 62.6193 550.043 63.3466 549.463 64.2784C548.895 65.1989 548.611 66.25 548.611 67.4318V84H544.588Z" fill="white"/>
+<rect x="369" y="1" width="269" height="112" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<g filter="url(#filter5_d_9_205)">
+<path d="M452.167 78.625V73.7083C452.167 71.1004 451.131 68.5992 449.287 66.7551C447.442 64.911 444.941 63.875 442.333 63.875H422.667C420.059 63.875 417.558 64.911 415.713 66.7551C413.869 68.5992 412.833 71.1004 412.833 73.7083V78.625M442.333 44.2083C442.333 49.6391 437.931 54.0417 432.5 54.0417C427.069 54.0417 422.667 49.6391 422.667 44.2083C422.667 38.7775 427.069 34.375 432.5 34.375C437.931 34.375 442.333 38.7775 442.333 44.2083Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+</g>
+<path d="M521.136 39.0909H525.364V62.2045C525.364 64.5909 524.801 66.7216 523.676 68.5966C522.563 70.4602 520.989 71.9318 518.955 73.0114C516.92 74.0795 514.534 74.6136 511.795 74.6136C509.057 74.6136 506.67 74.0795 504.636 73.0114C502.602 71.9318 501.023 70.4602 499.898 68.5966C498.784 66.7216 498.227 64.5909 498.227 62.2045V39.0909H502.455V61.8636C502.455 63.5682 502.83 65.0852 503.58 66.4148C504.33 67.733 505.398 68.7727 506.784 69.5341C508.182 70.2841 509.852 70.6591 511.795 70.6591C513.739 70.6591 515.409 70.2841 516.807 69.5341C518.205 68.7727 519.273 67.733 520.011 66.4148C520.761 65.0852 521.136 63.5682 521.136 61.8636V39.0909ZM551.805 53.6818L548.192 54.7045C547.964 54.1023 547.629 53.517 547.186 52.9489C546.754 52.3693 546.163 51.892 545.413 51.517C544.663 51.142 543.703 50.9545 542.533 50.9545C540.93 50.9545 539.595 51.3239 538.527 52.0625C537.47 52.7898 536.942 53.7159 536.942 54.8409C536.942 55.8409 537.305 56.6307 538.033 57.2102C538.76 57.7898 539.896 58.2727 541.442 58.6591L545.328 59.6136C547.669 60.1818 549.413 61.0511 550.561 62.2216C551.709 63.3807 552.283 64.875 552.283 66.7045C552.283 68.2045 551.851 69.5455 550.987 70.7273C550.135 71.9091 548.942 72.8409 547.408 73.5227C545.874 74.2045 544.089 74.5455 542.055 74.5455C539.385 74.5455 537.175 73.9659 535.425 72.8068C533.675 71.6477 532.567 69.9545 532.101 67.7273L535.919 66.7727C536.283 68.1818 536.97 69.2386 537.982 69.9432C539.004 70.6477 540.339 71 541.987 71C543.862 71 545.351 70.6023 546.453 69.8068C547.567 69 548.124 68.0341 548.124 66.9091C548.124 66 547.805 65.2386 547.169 64.625C546.533 64 545.555 63.5341 544.237 63.2273L539.874 62.2045C537.476 61.6364 535.714 60.7557 534.589 59.5625C533.476 58.358 532.919 56.8523 532.919 55.0455C532.919 53.5682 533.334 52.2614 534.163 51.125C535.004 49.9886 536.146 49.0966 537.589 48.4489C539.044 47.8011 540.692 47.4773 542.533 47.4773C545.124 47.4773 547.158 48.0455 548.635 49.1818C550.124 50.3182 551.18 51.8182 551.805 53.6818ZM569.315 74.5455C566.793 74.5455 564.616 73.9886 562.787 72.875C560.969 71.75 559.565 70.1818 558.577 68.1705C557.599 66.1477 557.111 63.7955 557.111 61.1136C557.111 58.4318 557.599 56.0682 558.577 54.0227C559.565 51.9659 560.94 50.3636 562.702 49.2159C564.474 48.0568 566.543 47.4773 568.906 47.4773C570.27 47.4773 571.616 47.7045 572.946 48.1591C574.276 48.6136 575.486 49.3523 576.577 50.375C577.668 51.3864 578.537 52.7273 579.185 54.3977C579.832 56.0682 580.156 58.125 580.156 60.5682V62.2727H559.974V58.7955H576.065C576.065 57.3182 575.77 56 575.179 54.8409C574.599 53.6818 573.77 52.767 572.69 52.0966C571.622 51.4261 570.361 51.0909 568.906 51.0909C567.304 51.0909 565.918 51.4886 564.747 52.2841C563.588 53.0682 562.696 54.0909 562.071 55.3523C561.446 56.6136 561.134 57.9659 561.134 59.4091V61.7273C561.134 63.7045 561.474 65.3807 562.156 66.7557C562.849 68.1193 563.81 69.1591 565.037 69.875C566.264 70.5795 567.69 70.9318 569.315 70.9318C570.372 70.9318 571.327 70.7841 572.179 70.4886C573.043 70.1818 573.787 69.7273 574.412 69.125C575.037 68.5114 575.52 67.75 575.861 66.8409L579.747 67.9318C579.338 69.25 578.651 70.4091 577.685 71.4091C576.719 72.3977 575.526 73.1705 574.105 73.7273C572.685 74.2727 571.088 74.5455 569.315 74.5455ZM586.276 74V47.8182H590.162V51.7727H590.435C590.912 50.4773 591.776 49.4261 593.026 48.6193C594.276 47.8125 595.685 47.4091 597.253 47.4091C597.548 47.4091 597.918 47.4148 598.361 47.4261C598.804 47.4375 599.139 47.4545 599.366 47.4773V51.5682C599.23 51.5341 598.918 51.483 598.429 51.4148C597.952 51.3352 597.446 51.2955 596.912 51.2955C595.639 51.2955 594.503 51.5625 593.503 52.0966C592.514 52.6193 591.73 53.3466 591.151 54.2784C590.582 55.1989 590.298 56.25 590.298 57.4318V74H586.276Z" fill="white"/>
+<path d="M505.5 119C505.5 117.619 504.381 116.5 503 116.5C501.619 116.5 500.5 117.619 500.5 119H505.5ZM501.232 456.768C502.209 457.744 503.791 457.744 504.768 456.768L520.678 440.858C521.654 439.882 521.654 438.299 520.678 437.322C519.701 436.346 518.118 436.346 517.142 437.322L503 451.464L488.858 437.322C487.882 436.346 486.299 436.346 485.322 437.322C484.346 438.299 484.346 439.882 485.322 440.858L501.232 456.768ZM503 119H500.5V455H503H505.5V119H503Z" fill="white"/>
+<path d="M220.167 1099.92H180.833C178.118 1099.92 175.917 1102.12 175.917 1104.83V1114.67C175.917 1117.38 178.118 1119.58 180.833 1119.58H220.167C222.882 1119.58 225.083 1117.38 225.083 1114.67V1104.83C225.083 1102.12 222.882 1099.92 220.167 1099.92Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M220.167 1129.42H180.833C178.118 1129.42 175.917 1131.62 175.917 1134.33V1144.17C175.917 1146.88 178.118 1149.08 180.833 1149.08H220.167C222.882 1149.08 225.083 1146.88 225.083 1144.17V1134.33C225.083 1131.62 222.882 1129.42 220.167 1129.42Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M185.75 1109.75H185.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M185.75 1139.25H185.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M505.5 727C505.5 725.619 504.381 724.5 503 724.5C501.619 724.5 500.5 725.619 500.5 727H505.5ZM261.232 1064.77C262.209 1065.74 263.791 1065.74 264.768 1064.77L280.678 1048.86C281.654 1047.88 281.654 1046.3 280.678 1045.32C279.701 1044.35 278.118 1044.35 277.142 1045.32L263 1059.46L248.858 1045.32C247.882 1044.35 246.299 1044.35 245.322 1045.32C244.346 1046.3 244.346 1047.88 245.322 1048.86L261.232 1064.77ZM503 727H500.5V871H503H505.5V727H503ZM479 895V892.5H287V895V897.5H479V895ZM263 919H260.5V1063H263H265.5V919H263ZM287 895V892.5C272.364 892.5 260.5 904.364 260.5 919H263H265.5C265.5 907.126 275.126 897.5 287 897.5V895ZM503 871H500.5C500.5 882.874 490.874 892.5 479 892.5V895V897.5C493.636 897.5 505.5 885.636 505.5 871H503Z" fill="white"/>
+<rect x="621" y="1069" width="254" height="110" rx="15" fill="black" stroke="#3A3A3A" stroke-width="2"/>
+<path d="M753.659 1141H749.227L762.045 1106.09H766.409L779.227 1141H774.795L764.364 1111.61H764.091L753.659 1141ZM755.295 1127.36H773.159V1131.11H755.295V1127.36ZM784.665 1141V1106.09H796.46C799.199 1106.09 801.438 1106.59 803.176 1107.57C804.926 1108.55 806.222 1109.88 807.062 1111.55C807.903 1113.22 808.324 1115.08 808.324 1117.14C808.324 1119.19 807.903 1121.06 807.062 1122.74C806.233 1124.43 804.949 1125.77 803.21 1126.77C801.472 1127.76 799.244 1128.25 796.528 1128.25H788.074V1124.5H796.392C798.267 1124.5 799.773 1124.18 800.909 1123.53C802.045 1122.88 802.869 1122.01 803.381 1120.9C803.903 1119.79 804.165 1118.53 804.165 1117.14C804.165 1115.74 803.903 1114.49 803.381 1113.39C802.869 1112.28 802.04 1111.42 800.892 1110.8C799.744 1110.16 798.222 1109.84 796.324 1109.84H788.892V1141H784.665ZM819.361 1106.09V1141H815.134V1106.09H819.361Z" fill="white"/>
+<path d="M705.167 1099.92H665.833C663.118 1099.92 660.917 1102.12 660.917 1104.83V1114.67C660.917 1117.38 663.118 1119.58 665.833 1119.58H705.167C707.882 1119.58 710.083 1117.38 710.083 1114.67V1104.83C710.083 1102.12 707.882 1099.92 705.167 1099.92Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M705.167 1129.42H665.833C663.118 1129.42 660.917 1131.62 660.917 1134.33V1144.17C660.917 1146.88 663.118 1149.08 665.833 1149.08H705.167C707.882 1149.08 710.083 1146.88 710.083 1144.17V1134.33C710.083 1131.62 707.882 1129.42 705.167 1129.42Z" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M670.75 1109.75H670.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M670.75 1139.25H670.774" stroke="#F36017" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M505.5 727C505.5 725.619 504.381 724.5 503 724.5C501.619 724.5 500.5 725.619 500.5 727H505.5ZM746.232 1064.77C747.209 1065.74 748.791 1065.74 749.768 1064.77L765.678 1048.86C766.654 1047.88 766.654 1046.3 765.678 1045.32C764.701 1044.35 763.118 1044.35 762.142 1045.32L748 1059.46L733.858 1045.32C732.882 1044.35 731.299 1044.35 730.322 1045.32C729.346 1046.3 729.346 1047.88 730.322 1048.86L746.232 1064.77ZM503 727H500.5V871H503H505.5V727H503ZM527 895V897.5H724V895V892.5H527V895ZM748 919H745.5V1063H748H750.5V919H748ZM724 895V897.5C735.874 897.5 745.5 907.126 745.5 919H748H750.5C750.5 904.364 738.636 892.5 724 892.5V895ZM503 871H500.5C500.5 885.636 512.364 897.5 527 897.5V895V892.5C515.126 892.5 505.5 882.874 505.5 871H503Z" fill="white"/>
+<path d="M197.227 1314V1279.09H209.023C211.761 1279.09 214 1279.59 215.739 1280.57C217.489 1281.55 218.784 1282.88 219.625 1284.55C220.466 1286.22 220.886 1288.08 220.886 1290.14C220.886 1292.19 220.466 1294.06 219.625 1295.74C218.795 1297.43 217.511 1298.77 215.773 1299.77C214.034 1300.76 211.807 1301.25 209.091 1301.25H200.636V1297.5H208.955C210.83 1297.5 212.335 1297.18 213.472 1296.53C214.608 1295.88 215.432 1295.01 215.943 1293.9C216.466 1292.79 216.727 1291.53 216.727 1290.14C216.727 1288.74 216.466 1287.49 215.943 1286.39C215.432 1285.28 214.602 1284.42 213.455 1283.8C212.307 1283.16 210.784 1282.84 208.886 1282.84H201.455V1314H197.227ZM227.151 1314V1287.82H231.037V1291.77H231.31C231.787 1290.48 232.651 1289.43 233.901 1288.62C235.151 1287.81 236.56 1287.41 238.128 1287.41C238.423 1287.41 238.793 1287.41 239.236 1287.43C239.679 1287.44 240.014 1287.45 240.241 1287.48V1291.57C240.105 1291.53 239.793 1291.48 239.304 1291.41C238.827 1291.34 238.321 1291.3 237.787 1291.3C236.514 1291.3 235.378 1291.56 234.378 1292.1C233.389 1292.62 232.605 1293.35 232.026 1294.28C231.457 1295.2 231.173 1296.25 231.173 1297.43V1314H227.151ZM245.01 1314V1287.82H249.033V1314H245.01ZM247.055 1283.45C246.271 1283.45 245.595 1283.19 245.027 1282.65C244.47 1282.12 244.192 1281.48 244.192 1280.73C244.192 1279.98 244.47 1279.34 245.027 1278.8C245.595 1278.27 246.271 1278 247.055 1278C247.839 1278 248.51 1278.27 249.067 1278.8C249.635 1279.34 249.919 1279.98 249.919 1280.73C249.919 1281.48 249.635 1282.12 249.067 1282.65C248.51 1283.19 247.839 1283.45 247.055 1283.45ZM277.81 1287.82L268.128 1314H264.037L254.355 1287.82H258.719L265.946 1308.68H266.219L273.446 1287.82H277.81ZM290.027 1314.61C288.368 1314.61 286.862 1314.3 285.51 1313.68C284.158 1313.04 283.084 1312.12 282.288 1310.93C281.493 1309.73 281.095 1308.27 281.095 1306.57C281.095 1305.07 281.391 1303.85 281.982 1302.92C282.572 1301.98 283.362 1301.24 284.351 1300.7C285.339 1300.17 286.43 1299.77 287.624 1299.51C288.828 1299.24 290.038 1299.02 291.254 1298.86C292.845 1298.66 294.135 1298.51 295.124 1298.4C296.124 1298.29 296.851 1298.1 297.305 1297.84C297.771 1297.58 298.004 1297.12 298.004 1296.48V1296.34C298.004 1294.66 297.544 1293.35 296.624 1292.42C295.714 1291.49 294.334 1291.02 292.482 1291.02C290.561 1291.02 289.055 1291.44 287.964 1292.28C286.874 1293.12 286.107 1294.02 285.663 1294.98L281.845 1293.61C282.527 1292.02 283.436 1290.78 284.572 1289.9C285.72 1289 286.97 1288.37 288.322 1288.02C289.686 1287.66 291.027 1287.48 292.345 1287.48C293.186 1287.48 294.152 1287.58 295.243 1287.78C296.345 1287.98 297.408 1288.38 298.43 1288.99C299.464 1289.61 300.322 1290.53 301.004 1291.77C301.686 1293.01 302.027 1294.67 302.027 1296.75V1314H298.004V1310.45H297.8C297.527 1311.02 297.072 1311.63 296.436 1312.28C295.8 1312.93 294.953 1313.48 293.896 1313.93C292.839 1314.39 291.55 1314.61 290.027 1314.61ZM290.641 1311C292.232 1311 293.572 1310.69 294.663 1310.06C295.766 1309.44 296.595 1308.63 297.152 1307.64C297.72 1306.65 298.004 1305.61 298.004 1304.52V1300.84C297.834 1301.05 297.459 1301.23 296.879 1301.4C296.311 1301.56 295.652 1301.7 294.902 1301.83C294.163 1301.94 293.442 1302.05 292.737 1302.14C292.044 1302.22 291.482 1302.28 291.05 1302.34C290.004 1302.48 289.027 1302.7 288.118 1303.01C287.22 1303.3 286.493 1303.75 285.936 1304.35C285.391 1304.94 285.118 1305.75 285.118 1306.77C285.118 1308.17 285.635 1309.23 286.669 1309.94C287.714 1310.65 289.038 1311 290.641 1311ZM320.756 1287.82V1291.23H307.188V1287.82H320.756ZM311.142 1281.55H315.165V1306.5C315.165 1307.64 315.33 1308.49 315.659 1309.06C316 1309.61 316.432 1309.99 316.955 1310.18C317.489 1310.36 318.051 1310.45 318.642 1310.45C319.085 1310.45 319.449 1310.43 319.733 1310.39C320.017 1310.33 320.244 1310.28 320.415 1310.25L321.233 1313.86C320.96 1313.97 320.58 1314.07 320.091 1314.17C319.602 1314.28 318.983 1314.34 318.233 1314.34C317.097 1314.34 315.983 1314.1 314.892 1313.61C313.813 1313.12 312.915 1312.38 312.199 1311.38C311.494 1310.38 311.142 1309.11 311.142 1307.59V1281.55ZM337.503 1314.55C334.98 1314.55 332.804 1313.99 330.974 1312.88C329.156 1311.75 327.753 1310.18 326.764 1308.17C325.787 1306.15 325.298 1303.8 325.298 1301.11C325.298 1298.43 325.787 1296.07 326.764 1294.02C327.753 1291.97 329.128 1290.36 330.889 1289.22C332.662 1288.06 334.73 1287.48 337.094 1287.48C338.457 1287.48 339.804 1287.7 341.134 1288.16C342.463 1288.61 343.673 1289.35 344.764 1290.38C345.855 1291.39 346.724 1292.73 347.372 1294.4C348.02 1296.07 348.344 1298.12 348.344 1300.57V1302.27H328.162V1298.8H344.253C344.253 1297.32 343.957 1296 343.366 1294.84C342.787 1293.68 341.957 1292.77 340.878 1292.1C339.81 1291.43 338.548 1291.09 337.094 1291.09C335.491 1291.09 334.105 1291.49 332.935 1292.28C331.776 1293.07 330.884 1294.09 330.259 1295.35C329.634 1296.61 329.321 1297.97 329.321 1299.41V1301.73C329.321 1303.7 329.662 1305.38 330.344 1306.76C331.037 1308.12 331.997 1309.16 333.224 1309.88C334.452 1310.58 335.878 1310.93 337.503 1310.93C338.56 1310.93 339.514 1310.78 340.366 1310.49C341.23 1310.18 341.974 1309.73 342.599 1309.12C343.224 1308.51 343.707 1307.75 344.048 1306.84L347.935 1307.93C347.526 1309.25 346.838 1310.41 345.872 1311.41C344.906 1312.4 343.713 1313.17 342.293 1313.73C340.872 1314.27 339.276 1314.55 337.503 1314.55ZM396.19 1279.09V1314H392.099L373.077 1286.59H372.736V1314H368.509V1279.09H372.599L391.69 1306.57H392.031V1279.09H396.19ZM415.081 1314.55C412.558 1314.55 410.382 1313.99 408.553 1312.88C406.734 1311.75 405.331 1310.18 404.342 1308.17C403.365 1306.15 402.876 1303.8 402.876 1301.11C402.876 1298.43 403.365 1296.07 404.342 1294.02C405.331 1291.97 406.706 1290.36 408.467 1289.22C410.24 1288.06 412.308 1287.48 414.672 1287.48C416.036 1287.48 417.382 1287.7 418.712 1288.16C420.041 1288.61 421.251 1289.35 422.342 1290.38C423.433 1291.39 424.303 1292.73 424.95 1294.4C425.598 1296.07 425.922 1298.12 425.922 1300.57V1302.27H405.74V1298.8H421.831C421.831 1297.32 421.536 1296 420.945 1294.84C420.365 1293.68 419.536 1292.77 418.456 1292.1C417.388 1291.43 416.126 1291.09 414.672 1291.09C413.07 1291.09 411.683 1291.49 410.513 1292.28C409.354 1293.07 408.462 1294.09 407.837 1295.35C407.212 1296.61 406.899 1297.97 406.899 1299.41V1301.73C406.899 1303.7 407.24 1305.38 407.922 1306.76C408.615 1308.12 409.575 1309.16 410.803 1309.88C412.03 1310.58 413.456 1310.93 415.081 1310.93C416.138 1310.93 417.092 1310.78 417.945 1310.49C418.808 1310.18 419.553 1309.73 420.178 1309.12C420.803 1308.51 421.286 1307.75 421.626 1306.84L425.513 1307.93C425.104 1309.25 424.416 1310.41 423.45 1311.41C422.484 1312.4 421.291 1313.17 419.871 1313.73C418.45 1314.27 416.854 1314.55 415.081 1314.55ZM443.428 1287.82V1291.23H429.859V1287.82H443.428ZM433.814 1281.55H437.837V1306.5C437.837 1307.64 438.001 1308.49 438.331 1309.06C438.672 1309.61 439.104 1309.99 439.626 1310.18C440.161 1310.36 440.723 1310.45 441.314 1310.45C441.757 1310.45 442.121 1310.43 442.405 1310.39C442.689 1310.33 442.916 1310.28 443.087 1310.25L443.905 1313.86C443.632 1313.97 443.251 1314.07 442.763 1314.17C442.274 1314.28 441.655 1314.34 440.905 1314.34C439.768 1314.34 438.655 1314.1 437.564 1313.61C436.484 1313.12 435.587 1312.38 434.871 1311.38C434.166 1310.38 433.814 1309.11 433.814 1307.59V1281.55ZM455.411 1314L447.433 1287.82H451.661L457.32 1307.86H457.592L463.183 1287.82H467.479L473.001 1307.8H473.274L478.933 1287.82H483.161L475.183 1314H471.229L465.501 1293.89H465.092L459.365 1314H455.411ZM498.224 1314.55C495.861 1314.55 493.787 1313.98 492.003 1312.86C490.23 1311.73 488.844 1310.16 487.844 1308.14C486.855 1306.11 486.361 1303.75 486.361 1301.05C486.361 1298.32 486.855 1295.94 487.844 1293.9C488.844 1291.87 490.23 1290.29 492.003 1289.16C493.787 1288.04 495.861 1287.48 498.224 1287.48C500.588 1287.48 502.656 1288.04 504.429 1289.16C506.213 1290.29 507.599 1291.87 508.588 1293.9C509.588 1295.94 510.088 1298.32 510.088 1301.05C510.088 1303.75 509.588 1306.11 508.588 1308.14C507.599 1310.16 506.213 1311.73 504.429 1312.86C502.656 1313.98 500.588 1314.55 498.224 1314.55ZM498.224 1310.93C500.02 1310.93 501.497 1310.47 502.656 1309.55C503.815 1308.63 504.673 1307.42 505.23 1305.92C505.787 1304.42 506.065 1302.8 506.065 1301.05C506.065 1299.3 505.787 1297.66 505.23 1296.15C504.673 1294.64 503.815 1293.42 502.656 1292.49C501.497 1291.56 500.02 1291.09 498.224 1291.09C496.429 1291.09 494.952 1291.56 493.793 1292.49C492.634 1293.42 491.776 1294.64 491.219 1296.15C490.662 1297.66 490.384 1299.3 490.384 1301.05C490.384 1302.8 490.662 1304.42 491.219 1305.92C491.776 1307.42 492.634 1308.63 493.793 1309.55C494.952 1310.47 496.429 1310.93 498.224 1310.93ZM516.229 1314V1287.82H520.115V1291.77H520.388C520.865 1290.48 521.729 1289.43 522.979 1288.62C524.229 1287.81 525.638 1287.41 527.206 1287.41C527.501 1287.41 527.871 1287.41 528.314 1287.43C528.757 1287.44 529.092 1287.45 529.32 1287.48V1291.57C529.183 1291.53 528.871 1291.48 528.382 1291.41C527.905 1291.34 527.399 1291.3 526.865 1291.3C525.592 1291.3 524.456 1291.56 523.456 1292.1C522.467 1292.62 521.683 1293.35 521.104 1294.28C520.536 1295.2 520.251 1296.25 520.251 1297.43V1314H516.229ZM537.838 1304.45L537.77 1299.48H538.588L550.043 1287.82H555.02L542.815 1300.16H542.474L537.838 1304.45ZM534.088 1314V1279.09H538.111V1314H534.088ZM550.724 1314L540.497 1301.05L543.361 1298.25L555.838 1314H550.724Z" fill="white"/>
+<circle cx="502.5" cy="842.5" r="22.5" fill="#D9D9D9"/>
+<circle cx="502.5" cy="339.5" r="22.5" fill="#D9D9D9"/>
+<path d="M503 350C508.523 350 513 345.523 513 340C513 334.477 508.523 330 503 330C497.477 330 493 334.477 493 340C493 345.523 497.477 350 503 350Z" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M503 330C500.432 332.696 499 336.277 499 340C499 343.723 500.432 347.304 503 350C505.568 347.304 507 343.723 507 340C507 336.277 505.568 332.696 503 330Z" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M493 340H513" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M510 842H496C494.895 842 494 842.895 494 844V851C494 852.105 494.895 853 496 853H510C511.105 853 512 852.105 512 851V844C512 842.895 511.105 842 510 842Z" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M498 842V838C498 836.674 498.527 835.402 499.464 834.464C500.402 833.527 501.674 833 503 833C504.326 833 505.598 833.527 506.536 834.464C507.473 835.402 508 836.674 508 838V842" stroke="black" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M163.625 1306.33H153.792C152.434 1306.33 151.333 1307.43 151.333 1308.79V1318.63C151.333 1319.98 152.434 1321.08 153.792 1321.08H163.625C164.983 1321.08 166.083 1319.98 166.083 1318.63V1308.79C166.083 1307.43 164.983 1306.33 163.625 1306.33Z" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M129.208 1306.33H119.375C118.017 1306.33 116.917 1307.43 116.917 1308.79V1318.63C116.917 1319.98 118.017 1321.08 119.375 1321.08H129.208C130.566 1321.08 131.667 1319.98 131.667 1318.63V1308.79C131.667 1307.43 130.566 1306.33 129.208 1306.33Z" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M146.417 1271.92H136.583C135.226 1271.92 134.125 1273.02 134.125 1274.37V1284.21C134.125 1285.57 135.226 1286.67 136.583 1286.67H146.417C147.774 1286.67 148.875 1285.57 148.875 1284.21V1274.37C148.875 1273.02 147.774 1271.92 146.417 1271.92Z" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M124.292 1306.33V1298.96C124.292 1298.31 124.551 1297.68 125.012 1297.22C125.473 1296.76 126.098 1296.5 126.75 1296.5H156.25C156.902 1296.5 157.527 1296.76 157.988 1297.22C158.449 1297.68 158.708 1298.31 158.708 1298.96V1306.33" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<path d="M141.5 1296.5V1286.67" stroke="white" stroke-width="4" stroke-linecap="round" stroke-linejoin="round"/>
+<defs>
+<filter id="filter0_d_9_205" x="11" y="41" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_9_205"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_9_205" result="shape"/>
+</filter>
+<filter id="filter1_d_9_205" x="31" y="27" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_9_205"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_9_205" result="shape"/>
+</filter>
+<filter id="filter2_d_9_205" x="746" y="41" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_9_205"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_9_205" result="shape"/>
+</filter>
+<filter id="filter3_d_9_205" x="766" y="27" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_9_205"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_9_205" result="shape"/>
+</filter>
+<filter id="filter4_d_9_205" x="379" y="41" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_9_205"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_9_205" result="shape"/>
+</filter>
+<filter id="filter5_d_9_205" x="399" y="27" width="67" height="67" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feColorMatrix in="SourceAlpha" type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 127 0" result="hardAlpha"/>
+<feOffset dy="4"/>
+<feGaussianBlur stdDeviation="2"/>
+<feComposite in2="hardAlpha" operator="out"/>
+<feColorMatrix type="matrix" values="0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0.25 0"/>
+<feBlend mode="normal" in2="BackgroundImageFix" result="effect1_dropShadow_9_205"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_dropShadow_9_205" result="shape"/>
+</filter>
+<clipPath id="clip0_9_205">
+<rect width="137" height="146" fill="white" transform="translate(434 518)"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/public/screenshots/collage.png b/public/screenshots/collage.png
deleted file mode 100644
index c791e7ea..00000000
Binary files a/public/screenshots/collage.png and /dev/null differ
diff --git a/public/screenshots/create-api-key.png b/public/screenshots/create-api-key.png
new file mode 100644
index 00000000..ad0ef6a4
Binary files /dev/null and b/public/screenshots/create-api-key.png differ
diff --git a/public/screenshots/create-idp.png b/public/screenshots/create-idp.png
new file mode 100644
index 00000000..e19ddec5
Binary files /dev/null and b/public/screenshots/create-idp.png differ
diff --git a/public/screenshots/create-resource.png b/public/screenshots/create-resource.png
new file mode 100644
index 00000000..3b21f22b
Binary files /dev/null and b/public/screenshots/create-resource.png differ
diff --git a/public/screenshots/create-share-link.png b/public/screenshots/create-share-link.png
new file mode 100644
index 00000000..18849501
Binary files /dev/null and b/public/screenshots/create-share-link.png differ
diff --git a/public/screenshots/create-site.png b/public/screenshots/create-site.png
new file mode 100644
index 00000000..b5ff8048
Binary files /dev/null and b/public/screenshots/create-site.png differ
diff --git a/public/screenshots/edit-resource.png b/public/screenshots/edit-resource.png
new file mode 100644
index 00000000..2d21afa6
Binary files /dev/null and b/public/screenshots/edit-resource.png differ
diff --git a/public/screenshots/hero.png b/public/screenshots/hero.png
index 4e321ee1..86216cf6 100644
Binary files a/public/screenshots/hero.png and b/public/screenshots/hero.png differ
diff --git a/public/screenshots/resource-auth.png b/public/screenshots/resource-auth.png
new file mode 100644
index 00000000..e9d39f4c
Binary files /dev/null and b/public/screenshots/resource-auth.png differ
diff --git a/public/screenshots/resource-authentication.png b/public/screenshots/resource-authentication.png
new file mode 100644
index 00000000..764cd616
Binary files /dev/null and b/public/screenshots/resource-authentication.png differ
diff --git a/public/screenshots/resources.png b/public/screenshots/resources.png
new file mode 100644
index 00000000..86216cf6
Binary files /dev/null and b/public/screenshots/resources.png differ
diff --git a/public/screenshots/roles.png b/public/screenshots/roles.png
new file mode 100644
index 00000000..09d27387
Binary files /dev/null and b/public/screenshots/roles.png differ
diff --git a/public/screenshots/site-online.png b/public/screenshots/site-online.png
new file mode 100644
index 00000000..0adef017
Binary files /dev/null and b/public/screenshots/site-online.png differ
diff --git a/public/screenshots/sites-fade.png b/public/screenshots/sites-fade.png
new file mode 100644
index 00000000..7e21c2cd
Binary files /dev/null and b/public/screenshots/sites-fade.png differ
diff --git a/public/screenshots/sites.png b/public/screenshots/sites.png
new file mode 100644
index 00000000..0aaa79d0
Binary files /dev/null and b/public/screenshots/sites.png differ
diff --git a/public/screenshots/users.png b/public/screenshots/users.png
new file mode 100644
index 00000000..91286e02
Binary files /dev/null and b/public/screenshots/users.png differ
diff --git a/server/apiServer.ts b/server/apiServer.ts
index ace27e9b..2bf6b615 100644
--- a/server/apiServer.ts
+++ b/server/apiServer.ts
@@ -5,20 +5,25 @@ import config from "@server/lib/config";
 import logger from "@server/logger";
 import {
     errorHandlerMiddleware,
-    notFoundMiddleware,
-    rateLimitMiddleware
+    notFoundMiddleware
 } from "@server/middlewares";
 import { authenticated, unauthenticated } from "@server/routers/external";
 import { router as wsRouter, handleWSUpgrade } from "@server/routers/ws";
 import { logIncomingMiddleware } from "./middlewares/logIncoming";
 import { csrfProtectionMiddleware } from "./middlewares/csrfProtection";
 import helmet from "helmet";
+import rateLimit from "express-rate-limit";
+import createHttpError from "http-errors";
+import HttpCode from "./types/HttpCode";
+import requestTimeoutMiddleware from "./middlewares/requestTimeout";
+import { createStore } from "./lib/rateLimitStore";
 
 const dev = config.isDev;
 const externalPort = config.getRawConfig().server.external_port;
 
 export function createApiServer() {
     const apiServer = express();
+    const prefix = `/api/v1`;
 
     const trustProxy = config.getRawConfig().server.trust_proxy;
     if (trustProxy) {
@@ -54,19 +59,30 @@ export function createApiServer() {
     apiServer.use(cookieParser());
     apiServer.use(express.json());
 
+    // Add request timeout middleware
+    apiServer.use(requestTimeoutMiddleware(60000)); // 60 second timeout
+
     if (!dev) {
         apiServer.use(
-            rateLimitMiddleware({
-                windowMin:
-                    config.getRawConfig().rate_limits.global.window_minutes,
+            rateLimit({
+                windowMs:
+                    config.getRawConfig().rate_limits.global.window_minutes *
+                    60 *
+                    1000,
                 max: config.getRawConfig().rate_limits.global.max_requests,
-                type: "IP_AND_PATH"
+                keyGenerator: (req) => `apiServerGlobal:${req.ip}:${req.path}`,
+                handler: (req, res, next) => {
+                    const message = `Rate limit exceeded. You can make ${config.getRawConfig().rate_limits.global.max_requests} requests every ${config.getRawConfig().rate_limits.global.window_minutes} minute(s).`;
+                    return next(
+                        createHttpError(HttpCode.TOO_MANY_REQUESTS, message)
+                    );
+                },
+                store: createStore()
             })
         );
     }
 
     // API routes
-    const prefix = `/api/v1`;
     apiServer.use(logIncomingMiddleware);
     apiServer.use(prefix, unauthenticated);
     apiServer.use(prefix, authenticated);
diff --git a/server/auth/actions.ts b/server/auth/actions.ts
index d483c33f..7fd92f74 100644
--- a/server/auth/actions.ts
+++ b/server/auth/actions.ts
@@ -69,6 +69,11 @@ export enum ActionsEnum {
     deleteResourceRule = "deleteResourceRule",
     listResourceRules = "listResourceRules",
     updateResourceRule = "updateResourceRule",
+    createClient = "createClient",
+    deleteClient = "deleteClient",
+    updateClient = "updateClient",
+    listClients = "listClients",
+    getClient = "getClient",
     listOrgDomains = "listOrgDomains",
     createNewt = "createNewt",
     createIdp = "createIdp",
@@ -88,7 +93,10 @@ export enum ActionsEnum {
     listApiKeyActions = "listApiKeyActions",
     listApiKeys = "listApiKeys",
     getApiKey = "getApiKey",
-    resetUserPassword = "resetUserPassword"
+    resetUserPassword = "resetUserPassword",
+    createOrgDomain = "createOrgDomain",
+    deleteOrgDomain = "deleteOrgDomain",
+    restartOrgDomain = "restartOrgDomain"
 }
 
 export async function checkUserActionPermission(
diff --git a/server/auth/limits.ts b/server/auth/limits.ts
deleted file mode 100644
index 5d0b14e4..00000000
--- a/server/auth/limits.ts
+++ /dev/null
@@ -1,40 +0,0 @@
-import { db } from '@server/db';
-import { limitsTable } from '@server/db';
-import { and, eq } from 'drizzle-orm';
-import createHttpError from 'http-errors';
-import HttpCode from '@server/types/HttpCode';
-
-interface CheckLimitOptions {
-    orgId: string;
-    limitName: string;
-    currentValue: number;
-    increment?: number;
-}
-
-export async function checkOrgLimit({ orgId, limitName, currentValue, increment = 0 }: CheckLimitOptions): Promise<boolean> {
-    try {
-        const limit = await db.select()
-            .from(limitsTable)
-            .where(
-                and(
-                    eq(limitsTable.orgId, orgId),
-                    eq(limitsTable.name, limitName)
-                )
-            )
-            .limit(1);
-
-        if (limit.length === 0) {
-            throw createHttpError(HttpCode.NOT_FOUND, `Limit "${limitName}" not found for organization`);
-        }
-
-        const limitValue = limit[0].value;
-
-        // Check if the current value plus the increment is within the limit
-        return (currentValue + increment) <= limitValue;
-    } catch (error) {
-        if (error instanceof Error) {
-            throw createHttpError(HttpCode.INTERNAL_SERVER_ERROR, `Error checking limit: ${error.message}`);
-        }
-        throw createHttpError(HttpCode.INTERNAL_SERVER_ERROR, 'Unknown error occurred while checking limit');
-    }
-}
diff --git a/server/auth/sessions/olm.ts b/server/auth/sessions/olm.ts
new file mode 100644
index 00000000..89a0e81e
--- /dev/null
+++ b/server/auth/sessions/olm.ts
@@ -0,0 +1,72 @@
+import {
+    encodeHexLowerCase,
+} from "@oslojs/encoding";
+import { sha256 } from "@oslojs/crypto/sha2";
+import { Olm, olms, olmSessions, OlmSession } from "@server/db";
+import { db } from "@server/db";
+import { eq } from "drizzle-orm";
+
+export const EXPIRES = 1000 * 60 * 60 * 24 * 30;
+
+export async function createOlmSession(
+    token: string,
+    olmId: string,
+): Promise<OlmSession> {
+    const sessionId = encodeHexLowerCase(
+        sha256(new TextEncoder().encode(token)),
+    );
+    const session: OlmSession = {
+        sessionId: sessionId,
+        olmId,
+        expiresAt: new Date(Date.now() + EXPIRES).getTime(),
+    };
+    await db.insert(olmSessions).values(session);
+    return session;
+}
+
+export async function validateOlmSessionToken(
+    token: string,
+): Promise<SessionValidationResult> {
+    const sessionId = encodeHexLowerCase(
+        sha256(new TextEncoder().encode(token)),
+    );
+    const result = await db
+        .select({ olm: olms, session: olmSessions })
+        .from(olmSessions)
+        .innerJoin(olms, eq(olmSessions.olmId, olms.olmId))
+        .where(eq(olmSessions.sessionId, sessionId));
+    if (result.length < 1) {
+        return { session: null, olm: null };
+    }
+    const { olm, session } = result[0];
+    if (Date.now() >= session.expiresAt) {
+        await db
+            .delete(olmSessions)
+            .where(eq(olmSessions.sessionId, session.sessionId));
+        return { session: null, olm: null };
+    }
+    if (Date.now() >= session.expiresAt - (EXPIRES / 2)) {
+        session.expiresAt = new Date(
+            Date.now() + EXPIRES,
+        ).getTime();
+        await db
+            .update(olmSessions)
+            .set({
+                expiresAt: session.expiresAt,
+            })
+            .where(eq(olmSessions.sessionId, session.sessionId));
+    }
+    return { session, olm };
+}
+
+export async function invalidateOlmSession(sessionId: string): Promise<void> {
+    await db.delete(olmSessions).where(eq(olmSessions.sessionId, sessionId));
+}
+
+export async function invalidateAllOlmSessions(olmId: string): Promise<void> {
+    await db.delete(olmSessions).where(eq(olmSessions.olmId, olmId));
+}
+
+export type SessionValidationResult =
+    | { session: OlmSession; olm: Olm }
+    | { session: null; olm: null };
diff --git a/server/build.ts b/server/build.ts
new file mode 100644
index 00000000..babe5e8b
--- /dev/null
+++ b/server/build.ts
@@ -0,0 +1 @@
+export const build = "oss" as any;
diff --git a/server/db/names.ts b/server/db/names.ts
index 56d62373..41f4c170 100644
--- a/server/db/names.ts
+++ b/server/db/names.ts
@@ -59,7 +59,7 @@ export async function getUniqueExitNodeEndpointName(): Promise<string> {
 
 
 export function generateName(): string {
-    return (
+    const name = (
         names.descriptors[
             Math.floor(Math.random() * names.descriptors.length)
         ] +
@@ -68,4 +68,7 @@ export function generateName(): string {
     )
         .toLowerCase()
         .replace(/\s/g, "-");
+
+    // clean out any non-alphanumeric characters except for dashes
+    return name.replace(/[^a-z0-9-]/g, "");
 }
diff --git a/server/db/pg/driver.ts b/server/db/pg/driver.ts
index 116e4610..9625867d 100644
--- a/server/db/pg/driver.ts
+++ b/server/db/pg/driver.ts
@@ -1,4 +1,5 @@
 import { drizzle as DrizzlePostgres } from "drizzle-orm/node-postgres";
+import { Pool } from "pg";
 import { readConfigFile } from "@server/lib/readConfigFile";
 import { withReplicas } from "drizzle-orm/pg-core";
 
@@ -20,19 +21,31 @@ function createDb() {
         );
     }
 
-    const primary = DrizzlePostgres(connectionString);
+    // Create connection pools instead of individual connections
+    const primaryPool = new Pool({
+        connectionString,
+        max: 20,
+        idleTimeoutMillis: 30000,
+        connectionTimeoutMillis: 2000,
+    });
+
     const replicas = [];
 
     if (!replicaConnections.length) {
-        replicas.push(primary);
+        replicas.push(DrizzlePostgres(primaryPool));
     } else {
         for (const conn of replicaConnections) {
-            const replica = DrizzlePostgres(conn.connection_string);
-            replicas.push(replica);
+            const replicaPool = new Pool({
+                connectionString: conn.connection_string,
+                max: 10,
+                idleTimeoutMillis: 30000,
+                connectionTimeoutMillis: 2000,
+            });
+            replicas.push(DrizzlePostgres(replicaPool));
         }
     }
 
-    return withReplicas(primary, replicas as any);
+    return withReplicas(DrizzlePostgres(primaryPool), replicas as any);
 }
 
 export const db = createDb();
diff --git a/server/db/pg/index.ts b/server/db/pg/index.ts
index 9ad4678c..4829c04c 100644
--- a/server/db/pg/index.ts
+++ b/server/db/pg/index.ts
@@ -1,2 +1,2 @@
 export * from "./driver";
-export * from "./schema";
+export * from "./schema";
\ No newline at end of file
diff --git a/server/db/pg/migrate.ts b/server/db/pg/migrate.ts
index b9463dd4..70b2ef54 100644
--- a/server/db/pg/migrate.ts
+++ b/server/db/pg/migrate.ts
@@ -1,5 +1,5 @@
 import { migrate } from "drizzle-orm/node-postgres/migrator";
-import db from "./driver";
+import { db } from "./driver";
 import path from "path";
 
 const migrationsFolder = path.join("server/migrations");
diff --git a/server/db/pg/schema.ts b/server/db/pg/schema.ts
index bc6d3d4d..c8a768a8 100644
--- a/server/db/pg/schema.ts
+++ b/server/db/pg/schema.ts
@@ -12,13 +12,18 @@ import { InferSelectModel } from "drizzle-orm";
 export const domains = pgTable("domains", {
     domainId: varchar("domainId").primaryKey(),
     baseDomain: varchar("baseDomain").notNull(),
-    configManaged: boolean("configManaged").notNull().default(false)
+    configManaged: boolean("configManaged").notNull().default(false),
+    type: varchar("type"), // "ns", "cname", "wildcard"
+    verified: boolean("verified").notNull().default(false),
+    failed: boolean("failed").notNull().default(false),
+    tries: integer("tries").notNull().default(0)
 });
 
 export const orgs = pgTable("orgs", {
     orgId: varchar("orgId").primaryKey(),
     name: varchar("name").notNull(),
     passwordResetTokenExpiryHours: integer("passwordResetTokenExpiryHours").notNull().default(1)
+    subnet: varchar("subnet")
 });
 
 export const orgDomains = pgTable("orgDomains", {
@@ -43,12 +48,17 @@ export const sites = pgTable("sites", {
     }),
     name: varchar("name").notNull(),
     pubKey: varchar("pubKey"),
-    subnet: varchar("subnet").notNull(),
-    megabytesIn: real("bytesIn"),
-    megabytesOut: real("bytesOut"),
+    subnet: varchar("subnet"),
+    megabytesIn: real("bytesIn").default(0),
+    megabytesOut: real("bytesOut").default(0),
     lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
     type: varchar("type").notNull(), // "newt" or "wireguard"
     online: boolean("online").notNull().default(false),
+    address: varchar("address"),
+    endpoint: varchar("endpoint"),
+    publicKey: varchar("publicKey"),
+    lastHolePunch: bigint("lastHolePunch", { mode: "number" }),
+    listenPort: integer("listenPort"),
     dockerSocketEnabled: boolean("dockerSocketEnabled").notNull().default(true)
 });
 
@@ -79,7 +89,6 @@ export const resources = pgTable("resources", {
     emailWhitelistEnabled: boolean("emailWhitelistEnabled")
         .notNull()
         .default(false),
-    isBaseDomain: boolean("isBaseDomain"),
     applyRules: boolean("applyRules").notNull().default(false),
     enabled: boolean("enabled").notNull().default(true),
     stickySession: boolean("stickySession").notNull().default(false),
@@ -108,7 +117,8 @@ export const exitNodes = pgTable("exitNodes", {
     endpoint: varchar("endpoint").notNull(),
     publicKey: varchar("publicKey").notNull(),
     listenPort: integer("listenPort").notNull(),
-    reachableAt: varchar("reachableAt")
+    reachableAt: varchar("reachableAt"),
+    maxConnections: integer("maxConnections")
 });
 
 export const users = pgTable("user", {
@@ -133,6 +143,7 @@ export const newts = pgTable("newt", {
     newtId: varchar("id").primaryKey(),
     secretHash: varchar("secretHash").notNull(),
     dateCreated: varchar("dateCreated").notNull(),
+    version: varchar("version"),
     siteId: integer("siteId").references(() => sites.siteId, {
         onDelete: "cascade"
     })
@@ -275,18 +286,6 @@ export const userResources = pgTable("userResources", {
         .references(() => resources.resourceId, { onDelete: "cascade" })
 });
 
-export const limitsTable = pgTable("limits", {
-    limitId: serial("limitId").primaryKey(),
-    orgId: varchar("orgId")
-        .references(() => orgs.orgId, {
-            onDelete: "cascade"
-        })
-        .notNull(),
-    name: varchar("name").notNull(),
-    value: bigint("value", { mode: "number" }).notNull(),
-    description: varchar("description")
-});
-
 export const userInvites = pgTable("userInvites", {
     inviteId: varchar("inviteId").primaryKey(),
     orgId: varchar("orgId")
@@ -493,6 +492,75 @@ export const idpOrg = pgTable("idpOrg", {
     orgMapping: varchar("orgMapping")
 });
 
+export const clients = pgTable("clients", {
+    clientId: serial("id").primaryKey(),
+    orgId: varchar("orgId")
+        .references(() => orgs.orgId, {
+            onDelete: "cascade"
+        })
+        .notNull(),
+    exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
+        onDelete: "set null"
+    }),
+    name: varchar("name").notNull(),
+    pubKey: varchar("pubKey"),
+    subnet: varchar("subnet").notNull(),
+    megabytesIn: integer("bytesIn"),
+    megabytesOut: integer("bytesOut"),
+    lastBandwidthUpdate: varchar("lastBandwidthUpdate"),
+    lastPing: varchar("lastPing"),
+    type: varchar("type").notNull(), // "olm"
+    online: boolean("online").notNull().default(false),
+    endpoint: varchar("endpoint"),
+    lastHolePunch: integer("lastHolePunch"),
+    maxConnections: integer("maxConnections")
+});
+
+export const clientSites = pgTable("clientSites", {
+    clientId: integer("clientId")
+        .notNull()
+        .references(() => clients.clientId, { onDelete: "cascade" }),
+    siteId: integer("siteId")
+        .notNull()
+        .references(() => sites.siteId, { onDelete: "cascade" }),
+    isRelayed: boolean("isRelayed").notNull().default(false)
+});
+
+export const olms = pgTable("olms", {
+    olmId: varchar("id").primaryKey(),
+    secretHash: varchar("secretHash").notNull(),
+    dateCreated: varchar("dateCreated").notNull(),
+    clientId: integer("clientId").references(() => clients.clientId, {
+        onDelete: "cascade"
+    })
+});
+
+export const olmSessions = pgTable("clientSession", {
+    sessionId: varchar("id").primaryKey(),
+    olmId: varchar("olmId")
+        .notNull()
+        .references(() => olms.olmId, { onDelete: "cascade" }),
+    expiresAt: integer("expiresAt").notNull()
+});
+
+export const userClients = pgTable("userClients", {
+    userId: varchar("userId")
+        .notNull()
+        .references(() => users.userId, { onDelete: "cascade" }),
+    clientId: integer("clientId")
+        .notNull()
+        .references(() => clients.clientId, { onDelete: "cascade" })
+});
+
+export const roleClients = pgTable("roleClients", {
+    roleId: integer("roleId")
+        .notNull()
+        .references(() => roles.roleId, { onDelete: "cascade" }),
+    clientId: integer("clientId")
+        .notNull()
+        .references(() => clients.clientId, { onDelete: "cascade" })
+});
+
 export const securityKeys = pgTable("webauthnCredentials", {
     credentialId: varchar("credentialId").primaryKey(),
     userId: varchar("userId").notNull().references(() => users.userId, {
@@ -539,7 +607,6 @@ export type RoleSite = InferSelectModel<typeof roleSites>;
 export type UserSite = InferSelectModel<typeof userSites>;
 export type RoleResource = InferSelectModel<typeof roleResources>;
 export type UserResource = InferSelectModel<typeof userResources>;
-export type Limit = InferSelectModel<typeof limitsTable>;
 export type UserInvite = InferSelectModel<typeof userInvites>;
 export type UserOrg = InferSelectModel<typeof userOrgs>;
 export type ResourceSession = InferSelectModel<typeof resourceSessions>;
@@ -556,3 +623,10 @@ export type Idp = InferSelectModel<typeof idp>;
 export type ApiKey = InferSelectModel<typeof apiKeys>;
 export type ApiKeyAction = InferSelectModel<typeof apiKeyActions>;
 export type ApiKeyOrg = InferSelectModel<typeof apiKeyOrg>;
+export type Client = InferSelectModel<typeof clients>;
+export type ClientSite = InferSelectModel<typeof clientSites>;
+export type Olm = InferSelectModel<typeof olms>;
+export type OlmSession = InferSelectModel<typeof olmSessions>;
+export type UserClient = InferSelectModel<typeof userClients>;
+export type RoleClient = InferSelectModel<typeof roleClients>;
+export type OrgDomains = InferSelectModel<typeof orgDomains>;
diff --git a/server/db/sqlite/driver.ts b/server/db/sqlite/driver.ts
index 51e3db08..124bd885 100644
--- a/server/db/sqlite/driver.ts
+++ b/server/db/sqlite/driver.ts
@@ -2,28 +2,26 @@ import { drizzle as DrizzleSqlite } from "drizzle-orm/better-sqlite3";
 import Database from "better-sqlite3";
 import * as schema from "./schema";
 import path from "path";
-import fs from "fs/promises";
+import fs from "fs";
 import { APP_PATH } from "@server/lib/consts";
 import { existsSync, mkdirSync } from "fs";
 
 export const location = path.join(APP_PATH, "db", "db.sqlite");
-export const exists = await checkFileExists(location);
+export const exists = checkFileExists(location);
 
 bootstrapVolume();
 
 function createDb() {
     const sqlite = new Database(location);
-    sqlite.pragma('foreign_keys = ON');
-    sqlite.exec('VACUUM;'); // This will initialize the database file with a valid SQLite header
     return DrizzleSqlite(sqlite, { schema });
 }
 
 export const db = createDb();
 export default db;
 
-async function checkFileExists(filePath: string): Promise<boolean> {
+function checkFileExists(filePath: string): boolean {
     try {
-        await fs.access(filePath);
+        fs.accessSync(filePath);
         return true;
     } catch {
         return false;
diff --git a/server/db/sqlite/migrate.ts b/server/db/sqlite/migrate.ts
index 15be0891..e4a730d0 100644
--- a/server/db/sqlite/migrate.ts
+++ b/server/db/sqlite/migrate.ts
@@ -1,5 +1,5 @@
 import { migrate } from "drizzle-orm/better-sqlite3/migrator";
-import db from "./driver";
+import { db } from "./driver";
 import path from "path";
 
 const migrationsFolder = path.join("server/migrations");
@@ -7,7 +7,7 @@ const migrationsFolder = path.join("server/migrations");
 const runMigrations = async () => {
     console.log("Running migrations...");
     try {
-        await migrate(db as any, {
+        migrate(db as any, {
             migrationsFolder: migrationsFolder,
         });
         console.log("Migrations completed successfully.");
diff --git a/server/db/sqlite/schema.ts b/server/db/sqlite/schema.ts
index 456419af..c62fb53f 100644
--- a/server/db/sqlite/schema.ts
+++ b/server/db/sqlite/schema.ts
@@ -6,13 +6,27 @@ export const domains = sqliteTable("domains", {
     baseDomain: text("baseDomain").notNull(),
     configManaged: integer("configManaged", { mode: "boolean" })
         .notNull()
-        .default(false)
+        .default(false),
+    type: text("type"), // "ns", "cname", "wildcard"
+    verified: integer("verified", { mode: "boolean" }).notNull().default(false),
+    failed: integer("failed", { mode: "boolean" }).notNull().default(false),
+    tries: integer("tries").notNull().default(0)
 });
 
 export const orgs = sqliteTable("orgs", {
     orgId: text("orgId").primaryKey(),
     name: text("name").notNull(),
     passwordResetTokenExpiryHours: integer("passwordResetTokenExpiryHours").notNull().default(1)
+    subnet: text("subnet")
+});
+
+export const userDomains = sqliteTable("userDomains", {
+    userId: text("userId")
+        .notNull()
+        .references(() => users.userId, { onDelete: "cascade" }),
+    domainId: text("domainId")
+        .notNull()
+        .references(() => domains.domainId, { onDelete: "cascade" })
 });
 
 export const orgDomains = sqliteTable("orgDomains", {
@@ -37,12 +51,19 @@ export const sites = sqliteTable("sites", {
     }),
     name: text("name").notNull(),
     pubKey: text("pubKey"),
-    subnet: text("subnet").notNull(),
-    megabytesIn: integer("bytesIn"),
-    megabytesOut: integer("bytesOut"),
+    subnet: text("subnet"),
+    megabytesIn: integer("bytesIn").default(0),
+    megabytesOut: integer("bytesOut").default(0),
     lastBandwidthUpdate: text("lastBandwidthUpdate"),
     type: text("type").notNull(), // "newt" or "wireguard"
     online: integer("online", { mode: "boolean" }).notNull().default(false),
+
+    // exit node stuff that is how to connect to the site when it has a wg server
+    address: text("address"), // this is the address of the wireguard interface in newt
+    endpoint: text("endpoint"), // this is how to reach gerbil externally - gets put into the wireguard config
+    publicKey: text("publicKey"), // TODO: Fix typo in publicKey
+    lastHolePunch: integer("lastHolePunch"),
+    listenPort: integer("listenPort"),
     dockerSocketEnabled: integer("dockerSocketEnabled", { mode: "boolean" })
         .notNull()
         .default(true)
@@ -77,7 +98,6 @@ export const resources = sqliteTable("resources", {
     emailWhitelistEnabled: integer("emailWhitelistEnabled", { mode: "boolean" })
         .notNull()
         .default(false),
-    isBaseDomain: integer("isBaseDomain", { mode: "boolean" }),
     applyRules: integer("applyRules", { mode: "boolean" })
         .notNull()
         .default(false),
@@ -110,7 +130,8 @@ export const exitNodes = sqliteTable("exitNodes", {
     endpoint: text("endpoint").notNull(), // this is how to reach gerbil externally - gets put into the wireguard config
     publicKey: text("publicKey").notNull(),
     listenPort: integer("listenPort").notNull(),
-    reachableAt: text("reachableAt") // this is the internal address of the gerbil http server for command control
+    reachableAt: text("reachableAt"), // this is the internal address of the gerbil http server for command control
+    maxConnections: integer("maxConnections")
 });
 
 export const users = sqliteTable("user", {
@@ -166,11 +187,54 @@ export const newts = sqliteTable("newt", {
     newtId: text("id").primaryKey(),
     secretHash: text("secretHash").notNull(),
     dateCreated: text("dateCreated").notNull(),
+    version: text("version"),
     siteId: integer("siteId").references(() => sites.siteId, {
         onDelete: "cascade"
     })
 });
 
+export const clients = sqliteTable("clients", {
+    clientId: integer("id").primaryKey({ autoIncrement: true }),
+    orgId: text("orgId")
+        .references(() => orgs.orgId, {
+            onDelete: "cascade"
+        })
+        .notNull(),
+    exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
+        onDelete: "set null"
+    }),
+    name: text("name").notNull(),
+    pubKey: text("pubKey"),
+    subnet: text("subnet").notNull(),
+    megabytesIn: integer("bytesIn"),
+    megabytesOut: integer("bytesOut"),
+    lastBandwidthUpdate: text("lastBandwidthUpdate"),
+    lastPing: text("lastPing"),
+    type: text("type").notNull(), // "olm"
+    online: integer("online", { mode: "boolean" }).notNull().default(false),
+    endpoint: text("endpoint"),
+    lastHolePunch: integer("lastHolePunch")
+});
+
+export const clientSites = sqliteTable("clientSites", {
+    clientId: integer("clientId")
+        .notNull()
+        .references(() => clients.clientId, { onDelete: "cascade" }),
+    siteId: integer("siteId")
+        .notNull()
+        .references(() => sites.siteId, { onDelete: "cascade" }),
+    isRelayed: integer("isRelayed", { mode: "boolean" }).notNull().default(false)
+});
+
+export const olms = sqliteTable("olms", {
+    olmId: text("id").primaryKey(),
+    secretHash: text("secretHash").notNull(),
+    dateCreated: text("dateCreated").notNull(),
+    clientId: integer("clientId").references(() => clients.clientId, {
+        onDelete: "cascade"
+    })
+});
+
 export const twoFactorBackupCodes = sqliteTable("twoFactorBackupCodes", {
     codeId: integer("id").primaryKey({ autoIncrement: true }),
     userId: text("userId")
@@ -195,6 +259,14 @@ export const newtSessions = sqliteTable("newtSession", {
     expiresAt: integer("expiresAt").notNull()
 });
 
+export const olmSessions = sqliteTable("clientSession", {
+    sessionId: text("id").primaryKey(),
+    olmId: text("olmId")
+        .notNull()
+        .references(() => olms.olmId, { onDelete: "cascade" }),
+    expiresAt: integer("expiresAt").notNull()
+});
+
 export const userOrgs = sqliteTable("userOrgs", {
     userId: text("userId")
         .notNull()
@@ -290,6 +362,24 @@ export const userSites = sqliteTable("userSites", {
         .references(() => sites.siteId, { onDelete: "cascade" })
 });
 
+export const userClients = sqliteTable("userClients", {
+    userId: text("userId")
+        .notNull()
+        .references(() => users.userId, { onDelete: "cascade" }),
+    clientId: integer("clientId")
+        .notNull()
+        .references(() => clients.clientId, { onDelete: "cascade" })
+});
+
+export const roleClients = sqliteTable("roleClients", {
+    roleId: integer("roleId")
+        .notNull()
+        .references(() => roles.roleId, { onDelete: "cascade" }),
+    clientId: integer("clientId")
+        .notNull()
+        .references(() => clients.clientId, { onDelete: "cascade" })
+});
+
 export const roleResources = sqliteTable("roleResources", {
     roleId: integer("roleId")
         .notNull()
@@ -548,6 +638,8 @@ export type Target = InferSelectModel<typeof targets>;
 export type Session = InferSelectModel<typeof sessions>;
 export type Newt = InferSelectModel<typeof newts>;
 export type NewtSession = InferSelectModel<typeof newtSessions>;
+export type Olm = InferSelectModel<typeof olms>;
+export type OlmSession = InferSelectModel<typeof olmSessions>;
 export type EmailVerificationCode = InferSelectModel<
     typeof emailVerificationCodes
 >;
@@ -573,8 +665,13 @@ export type ResourceWhitelist = InferSelectModel<typeof resourceWhitelist>;
 export type VersionMigration = InferSelectModel<typeof versionMigrations>;
 export type ResourceRule = InferSelectModel<typeof resourceRules>;
 export type Domain = InferSelectModel<typeof domains>;
+export type Client = InferSelectModel<typeof clients>;
+export type ClientSite = InferSelectModel<typeof clientSites>;
+export type RoleClient = InferSelectModel<typeof roleClients>;
+export type UserClient = InferSelectModel<typeof userClients>;
 export type SupporterKey = InferSelectModel<typeof supporterKey>;
 export type Idp = InferSelectModel<typeof idp>;
 export type ApiKey = InferSelectModel<typeof apiKeys>;
 export type ApiKeyAction = InferSelectModel<typeof apiKeyActions>;
 export type ApiKeyOrg = InferSelectModel<typeof apiKeyOrg>;
+export type OrgDomains = InferSelectModel<typeof orgDomains>;
diff --git a/server/emails/sendEmail.ts b/server/emails/sendEmail.ts
index d7a59608..9b99d18e 100644
--- a/server/emails/sendEmail.ts
+++ b/server/emails/sendEmail.ts
@@ -2,6 +2,7 @@ import { render } from "@react-email/render";
 import { ReactElement } from "react";
 import emailClient from "@server/emails";
 import logger from "@server/logger";
+import config from "@server/lib/config";
 
 export async function sendEmail(
     template: ReactElement,
@@ -24,9 +25,11 @@ export async function sendEmail(
 
     const emailHtml = await render(template);
 
+    const appName = "Pangolin";
+
     await emailClient.sendMail({
         from: {
-            name: opts.name || "Pangolin",
+            name: opts.name || appName,
             address: opts.from,
         },
         to: opts.to,
diff --git a/server/emails/templates/NotifyResetPassword.tsx b/server/emails/templates/NotifyResetPassword.tsx
index aaa1cbdd..66ea2430 100644
--- a/server/emails/templates/NotifyResetPassword.tsx
+++ b/server/emails/templates/NotifyResetPassword.tsx
@@ -1,11 +1,5 @@
-import {
-    Body,
-    Head,
-    Html,
-    Preview,
-    Tailwind
-} from "@react-email/components";
-import * as React from "react";
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import { themeColors } from "./lib/theme";
 import {
     EmailContainer,
@@ -22,29 +16,29 @@ interface Props {
 }
 
 export const ConfirmPasswordReset = ({ email }: Props) => {
-    const previewText = `Your password has been reset`;
+    const previewText = `Your password has been successfully reset.`;
 
     return (
         <Html>
             <Head />
             <Preview>{previewText}</Preview>
             <Tailwind config={themeColors}>
-                <Body className="font-sans relative">
+                <Body className="font-sans bg-gray-50">
                     <EmailContainer>
                         <EmailLetterHead />
 
-                        <EmailHeading>Password Reset Confirmation</EmailHeading>
+                        {/* <EmailHeading>Password Successfully Reset</EmailHeading> */}
 
-                        <EmailGreeting>Hi {email || "there"},</EmailGreeting>
+                        <EmailGreeting>Hi there,</EmailGreeting>
 
                         <EmailText>
-                            This email confirms that your password has just been
-                            reset. If you made this change, no further action is
-                            required.
+                            Your password has been successfully reset. You can
+                            now sign in to your account using your new password.
                         </EmailText>
 
                         <EmailText>
-                            Thank you for keeping your account secure.
+                            If you didn't make this change, please contact our
+                            support team immediately to secure your account.
                         </EmailText>
 
                         <EmailFooter>
diff --git a/server/emails/templates/ResetPasswordCode.tsx b/server/emails/templates/ResetPasswordCode.tsx
index 1a79527b..df14b8be 100644
--- a/server/emails/templates/ResetPasswordCode.tsx
+++ b/server/emails/templates/ResetPasswordCode.tsx
@@ -1,11 +1,5 @@
-import {
-    Body,
-    Head,
-    Html,
-    Preview,
-    Tailwind
-} from "@react-email/components";
-import * as React from "react";
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import { themeColors } from "./lib/theme";
 import {
     EmailContainer,
@@ -18,6 +12,7 @@ import {
     EmailText
 } from "./components/Email";
 import CopyCodeBox from "./components/CopyCodeBox";
+import ButtonLink from "./components/ButtonLink";
 
 interface Props {
     email: string;
@@ -26,37 +21,39 @@ interface Props {
 }
 
 export const ResetPasswordCode = ({ email, code, link }: Props) => {
-    const previewText = `Your password reset code is ${code}`;
+    const previewText = `Reset your password with code: ${code}`;
 
     return (
         <Html>
             <Head />
             <Preview>{previewText}</Preview>
             <Tailwind config={themeColors}>
-                <Body className="font-sans">
+                <Body className="font-sans bg-gray-50">
                     <EmailContainer>
                         <EmailLetterHead />
 
-                        <EmailHeading>Password Reset Request</EmailHeading>
+                        {/* <EmailHeading>Reset Your Password</EmailHeading> */}
 
-                        <EmailGreeting>Hi {email || "there"},</EmailGreeting>
+                        <EmailGreeting>Hi there,</EmailGreeting>
 
                         <EmailText>
-                            You’ve requested to reset your password. Please{" "}
-                            <a href={link} className="text-primary">
-                                click here
-                            </a>{" "}
-                            and follow the instructions to reset your password,
-                            or manually enter the following code:
+                            You've requested to reset your password. Click the
+                            button below to reset your password, or use the
+                            verification code provided if prompted.
                         </EmailText>
 
+                        <EmailSection>
+                            <ButtonLink href={link}>Reset Password</ButtonLink>
+                        </EmailSection>
+
                         <EmailSection>
                             <CopyCodeBox text={code} />
                         </EmailSection>
 
                         <EmailText>
-                            If you didn’t request this, you can safely ignore
-                            this email.
+                            This reset code will expire in 2 hours. If you
+                            didn't request a password reset, you can safely
+                            ignore this email.
                         </EmailText>
 
                         <EmailFooter>
diff --git a/server/emails/templates/ResourceOTPCode.tsx b/server/emails/templates/ResourceOTPCode.tsx
index 086dc444..4f68d9df 100644
--- a/server/emails/templates/ResourceOTPCode.tsx
+++ b/server/emails/templates/ResourceOTPCode.tsx
@@ -1,11 +1,5 @@
-import {
-    Body,
-    Head,
-    Html,
-    Preview,
-    Tailwind
-} from "@react-email/components";
-import * as React from "react";
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import {
     EmailContainer,
     EmailLetterHead,
@@ -32,34 +26,40 @@ export const ResourceOTPCode = ({
     orgName: organizationName,
     otp
 }: ResourceOTPCodeProps) => {
-    const previewText = `Your one-time password for ${resourceName} is ${otp}`;
+    const previewText = `Your access code for ${resourceName}: ${otp}`;
 
     return (
         <Html>
             <Head />
             <Preview>{previewText}</Preview>
             <Tailwind config={themeColors}>
-                <Body className="font-sans">
+                <Body className="font-sans bg-gray-50">
                     <EmailContainer>
                         <EmailLetterHead />
 
-                        <EmailHeading>
-                            Your One-Time Code for {resourceName}
-                        </EmailHeading>
+                        {/* <EmailHeading> */}
+                        {/*     Access Code for {resourceName} */}
+                        {/* </EmailHeading> */}
 
-                        <EmailGreeting>Hi {email || "there"},</EmailGreeting>
+                        <EmailGreeting>Hi there,</EmailGreeting>
 
                         <EmailText>
-                            You’ve requested a one-time password to access{" "}
+                            You've requested access to{" "}
                             <strong>{resourceName}</strong> in{" "}
-                            <strong>{organizationName}</strong>. Use the code
-                            below to complete your authentication:
+                            <strong>{organizationName}</strong>. Use the
+                            verification code below to complete your
+                            authentication.
                         </EmailText>
 
                         <EmailSection>
                             <CopyCodeBox text={otp} />
                         </EmailSection>
 
+                        <EmailText>
+                            This code will expire in 15 minutes. If you didn't
+                            request this code, please ignore this email.
+                        </EmailText>
+
                         <EmailFooter>
                             <EmailSignature />
                         </EmailFooter>
diff --git a/server/emails/templates/SendInviteLink.tsx b/server/emails/templates/SendInviteLink.tsx
index ed3c7b53..c859d3d7 100644
--- a/server/emails/templates/SendInviteLink.tsx
+++ b/server/emails/templates/SendInviteLink.tsx
@@ -1,11 +1,5 @@
-import {
-    Body,
-    Head,
-    Html,
-    Preview,
-    Tailwind,
-} from "@react-email/components";
-import * as React from "react";
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import { themeColors } from "./lib/theme";
 import {
     EmailContainer,
@@ -41,35 +35,44 @@ export const SendInviteLink = ({
             <Head />
             <Preview>{previewText}</Preview>
             <Tailwind config={themeColors}>
-                <Body className="font-sans">
+                <Body className="font-sans bg-gray-50">
                     <EmailContainer>
                         <EmailLetterHead />
 
-                        <EmailHeading>Invited to Join {orgName}</EmailHeading>
+                        {/* <EmailHeading> */}
+                        {/*     You're Invited to Join {orgName} */}
+                        {/* </EmailHeading> */}
 
-                        <EmailGreeting>Hi {email || "there"},</EmailGreeting>
+                        <EmailGreeting>Hi there,</EmailGreeting>
 
                         <EmailText>
-                            You’ve been invited to join the organization{" "}
+                            You've been invited to join{" "}
                             <strong>{orgName}</strong>
-                            {inviterName ? ` by ${inviterName}.` : "."} Please
-                            access the link below to accept the invite.
-                        </EmailText>
-
-                        <EmailText>
-                            This invite will expire in{" "}
-                            <strong>
-                                {expiresInDays}{" "}
-                                {expiresInDays === "1" ? "day" : "days"}.
-                            </strong>
+                            {inviterName ? ` by ${inviterName}` : ""}. Click the
+                            button below to accept your invitation and get
+                            started.
                         </EmailText>
 
                         <EmailSection>
                             <ButtonLink href={inviteLink}>
-                                Accept Invite to {orgName}
+                                Accept Invitation
                             </ButtonLink>
                         </EmailSection>
 
+                        {/* <EmailText> */}
+                        {/*     If you're having trouble clicking the button, copy */}
+                        {/*     and paste the URL below into your web browser: */}
+                        {/*     <br /> */}
+                        {/*     <span className="break-all">{inviteLink}</span> */}
+                        {/* </EmailText> */}
+
+                        <EmailText>
+                            This invite expires in {expiresInDays}{" "}
+                            {expiresInDays === "1" ? "day" : "days"}. If the
+                            link has expired, please contact the owner of the
+                            organization to request a new invitation.
+                        </EmailText>
+
                         <EmailFooter>
                             <EmailSignature />
                         </EmailFooter>
diff --git a/server/emails/templates/TwoFactorAuthNotification.tsx b/server/emails/templates/TwoFactorAuthNotification.tsx
index 8993a3bd..3261023e 100644
--- a/server/emails/templates/TwoFactorAuthNotification.tsx
+++ b/server/emails/templates/TwoFactorAuthNotification.tsx
@@ -1,11 +1,5 @@
-import {
-    Body,
-    Head,
-    Html,
-    Preview,
-    Tailwind
-} from "@react-email/components";
-import * as React from "react";
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
 import { themeColors } from "./lib/theme";
 import {
     EmailContainer,
@@ -23,44 +17,52 @@ interface Props {
 }
 
 export const TwoFactorAuthNotification = ({ email, enabled }: Props) => {
-    const previewText = `Two-Factor Authentication has been ${enabled ? "enabled" : "disabled"}`;
+    const previewText = `Two-Factor Authentication ${enabled ? "enabled" : "disabled"} for your account`;
 
     return (
         <Html>
             <Head />
             <Preview>{previewText}</Preview>
             <Tailwind config={themeColors}>
-                <Body className="font-sans">
+                <Body className="font-sans bg-gray-50">
                     <EmailContainer>
                         <EmailLetterHead />
 
-                        <EmailHeading>
-                            Two-Factor Authentication{" "}
-                            {enabled ? "Enabled" : "Disabled"}
-                        </EmailHeading>
+                        {/* <EmailHeading> */}
+                        {/*     Security Update: 2FA{" "} */}
+                        {/*     {enabled ? "Enabled" : "Disabled"} */}
+                        {/* </EmailHeading> */}
 
-                        <EmailGreeting>Hi {email || "there"},</EmailGreeting>
+                        <EmailGreeting>Hi there,</EmailGreeting>
 
                         <EmailText>
-                            This email confirms that Two-Factor Authentication
-                            has been successfully{" "}
-                            {enabled ? "enabled" : "disabled"} on your account.
+                            Two-factor authentication has been successfully{" "}
+                            <strong>{enabled ? "enabled" : "disabled"}</strong>{" "}
+                            on your account.
                         </EmailText>
 
                         {enabled ? (
-                            <EmailText>
-                                With Two-Factor Authentication enabled, your
-                                account is now more secure. Please ensure you
-                                keep your authentication method safe.
-                            </EmailText>
+                            <>
+                                <EmailText>
+                                    Your account is now protected with an
+                                    additional layer of security. Keep your
+                                    authentication method safe and accessible.
+                                </EmailText>
+                            </>
                         ) : (
-                            <EmailText>
-                                With Two-Factor Authentication disabled, your
-                                account may be less secure. We recommend
-                                enabling it to protect your account.
-                            </EmailText>
+                            <>
+                                <EmailText>
+                                    We recommend re-enabling two-factor
+                                    authentication to keep your account secure.
+                                </EmailText>
+                            </>
                         )}
 
+                        <EmailText>
+                            If you didn't make this change, please contact our
+                            support team immediately.
+                        </EmailText>
+
                         <EmailFooter>
                             <EmailSignature />
                         </EmailFooter>
diff --git a/server/emails/templates/VerifyEmailCode.tsx b/server/emails/templates/VerifyEmailCode.tsx
index ad0ef053..6a361648 100644
--- a/server/emails/templates/VerifyEmailCode.tsx
+++ b/server/emails/templates/VerifyEmailCode.tsx
@@ -1,5 +1,5 @@
+import React from "react";
 import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
-import * as React from "react";
 import { themeColors } from "./lib/theme";
 import {
     EmailContainer,
@@ -24,25 +24,24 @@ export const VerifyEmail = ({
     verificationCode,
     verifyLink
 }: VerifyEmailProps) => {
-    const previewText = `Your verification code is ${verificationCode}`;
+    const previewText = `Verify your email with code: ${verificationCode}`;
 
     return (
         <Html>
             <Head />
             <Preview>{previewText}</Preview>
             <Tailwind config={themeColors}>
-                <Body className="font-sans">
+                <Body className="font-sans bg-gray-50">
                     <EmailContainer>
                         <EmailLetterHead />
 
-                        <EmailHeading>Please Verify Your Email</EmailHeading>
+                        {/* <EmailHeading>Verify Your Email Address</EmailHeading> */}
 
-                        <EmailGreeting>Hi {username || "there"},</EmailGreeting>
+                        <EmailGreeting>Hi there,</EmailGreeting>
 
                         <EmailText>
-                            You’ve requested to verify your email. Please use
-                            the code below to complete the verification process
-                            upon logging in.
+                            Welcome! To complete your account setup, please
+                            verify your email address using the code below.
                         </EmailText>
 
                         <EmailSection>
@@ -50,7 +49,8 @@ export const VerifyEmail = ({
                         </EmailSection>
 
                         <EmailText>
-                            If you didn’t request this, you can safely ignore
+                            This verification code will expire in 15 minutes. If
+                            you didn't create an account, you can safely ignore
                             this email.
                         </EmailText>
 
diff --git a/server/emails/templates/WelcomeQuickStart.tsx b/server/emails/templates/WelcomeQuickStart.tsx
new file mode 100644
index 00000000..caebff06
--- /dev/null
+++ b/server/emails/templates/WelcomeQuickStart.tsx
@@ -0,0 +1,131 @@
+import React from "react";
+import { Body, Head, Html, Preview, Tailwind } from "@react-email/components";
+import { themeColors } from "./lib/theme";
+import {
+    EmailContainer,
+    EmailFooter,
+    EmailGreeting,
+    EmailHeading,
+    EmailLetterHead,
+    EmailSection,
+    EmailSignature,
+    EmailText,
+    EmailInfoSection
+} from "./components/Email";
+import ButtonLink from "./components/ButtonLink";
+import CopyCodeBox from "./components/CopyCodeBox";
+
+interface WelcomeQuickStartProps {
+    username?: string;
+    link: string;
+    fallbackLink: string;
+    resourceMethod: string;
+    resourceHostname: string;
+    resourcePort: string | number;
+    resourceUrl: string;
+    cliCommand: string;
+}
+
+export const WelcomeQuickStart = ({
+    username,
+    link,
+    fallbackLink,
+    resourceMethod,
+    resourceHostname,
+    resourcePort,
+    resourceUrl,
+    cliCommand
+}: WelcomeQuickStartProps) => {
+    const previewText = "Welcome! Here's what to do next";
+
+    return (
+        <Html>
+            <Head />
+            <Preview>{previewText}</Preview>
+            <Tailwind config={themeColors}>
+                <Body className="font-sans bg-gray-50">
+                    <EmailContainer>
+                        <EmailLetterHead />
+
+                        <EmailGreeting>Hi there,</EmailGreeting>
+
+                        <EmailText>
+                            Thank you for trying out Pangolin! We're excited to
+                            have you on board.
+                        </EmailText>
+
+                        <EmailText>
+                            To continue to configure your site, resources, and
+                            other features, complete your account setup to
+                            access the full dashboard.
+                        </EmailText>
+
+                        <EmailSection>
+                            <ButtonLink href={link}>
+                                View Your Dashboard
+                            </ButtonLink>
+                            {/* <p className="text-sm text-gray-300 mt-2"> */}
+                            {/*     If the button above doesn't work, you can also */}
+                            {/*     use this{" "} */}
+                            {/*     <a href={fallbackLink} className="underline"> */}
+                            {/*         link */}
+                            {/*     </a> */}
+                            {/*     . */}
+                            {/* </p> */}
+                        </EmailSection>
+
+                        <EmailSection>
+                            <div className="mb-2 font-semibold text-gray-900 text-base text-left">
+                                Connect your site using Newt
+                            </div>
+                            <div className="inline-block w-full">
+                                <div className="bg-gray-50 border border-gray-200 rounded-lg px-6 py-4 mx-auto text-left">
+                                    <span className="text-sm font-mono text-gray-900 tracking-wider">
+                                        {cliCommand}
+                                    </span>
+                                </div>
+                                <p className="text-xs text-gray-500 mt-2">
+                                    To learn how to use Newt, including more
+                                    installation methods, visit the{" "}
+                                    <a
+                                        href="https://docs.fossorial.io"
+                                        className="underline"
+                                    >
+                                        docs
+                                    </a>
+                                    .
+                                </p>
+                            </div>
+                        </EmailSection>
+
+                        <EmailInfoSection
+                            title="Your Demo Resource"
+                            items={[
+                                { label: "Method", value: resourceMethod },
+                                { label: "Hostname", value: resourceHostname },
+                                { label: "Port", value: resourcePort },
+                                {
+                                    label: "Resource URL",
+                                    value: (
+                                        <a
+                                            href={resourceUrl}
+                                            className="underline text-blue-600"
+                                        >
+                                            {resourceUrl}
+                                        </a>
+                                    )
+                                }
+                            ]}
+                        />
+
+                        <EmailFooter>
+                            <EmailSignature />
+                        </EmailFooter>
+                    </EmailContainer>
+                </Body>
+            </Tailwind>
+        </Html>
+    );
+};
+
+export default WelcomeQuickStart;
diff --git a/server/emails/templates/components/ButtonLink.tsx b/server/emails/templates/components/ButtonLink.tsx
index e32e1810..618fed15 100644
--- a/server/emails/templates/components/ButtonLink.tsx
+++ b/server/emails/templates/components/ButtonLink.tsx
@@ -12,7 +12,11 @@ export default function ButtonLink({
     return (
         <a
             href={href}
-            className={`rounded-full bg-primary px-4 py-2 text-center font-semibold text-white text-xl no-underline inline-block ${className}`}
+            className={`inline-block bg-primary text-white font-semibold px-8 py-3 rounded-lg text-center no-underline ${className}`}
+            style={{
+                backgroundColor: "#F97316",
+                textDecoration: "none"
+            }}
         >
             {children}
         </a>
diff --git a/server/emails/templates/components/CopyCodeBox.tsx b/server/emails/templates/components/CopyCodeBox.tsx
index ef48b383..3e4d1d08 100644
--- a/server/emails/templates/components/CopyCodeBox.tsx
+++ b/server/emails/templates/components/CopyCodeBox.tsx
@@ -2,10 +2,15 @@ import React from "react";
 
 export default function CopyCodeBox({ text }: { text: string }) {
     return (
-        <div className="text-center rounded-lg bg-neutral-100 p-2">
-            <span className="text-2xl font-mono text-neutral-600 tracking-wide">
-                {text}
-            </span>
+        <div className="inline-block">
+            <div className="bg-gray-50 border border-gray-200 rounded-lg px-6 py-4 mx-auto">
+                <span className="text-2xl font-mono text-gray-900 tracking-wider font-semibold">
+                    {text}
+                </span>
+            </div>
+            <p className="text-xs text-gray-500 mt-2">
+                Copy and paste this code when prompted
+            </p>
         </div>
     );
 }
diff --git a/server/emails/templates/components/Email.tsx b/server/emails/templates/components/Email.tsx
index c73e4c85..ef5c37f8 100644
--- a/server/emails/templates/components/Email.tsx
+++ b/server/emails/templates/components/Email.tsx
@@ -1,47 +1,27 @@
-import { Container } from "@react-email/components";
 import React from "react";
+import { Container, Img } from "@react-email/components";
+import { build } from "@server/build";
 
 // EmailContainer: Wraps the entire email layout
 export function EmailContainer({ children }: { children: React.ReactNode }) {
     return (
-        <Container className="bg-white border border-solid border-gray-200 p-6 max-w-lg mx-auto my-8 rounded-lg">
+        <Container className="bg-white border border-solid border-gray-200 max-w-lg mx-auto my-8 rounded-lg overflow-hidden shadow-sm">
             {children}
         </Container>
     );
 }
 
-// EmailLetterHead: For branding or logo at the top
+// EmailLetterHead: For branding with logo on dark background
 export function EmailLetterHead() {
     return (
-        <div className="mb-4">
-            <table
-                role="presentation"
-                width="100%"
-                style={{
-                    marginBottom: "24px"
-                }}
-            >
-                <tr>
-                    <td
-                        style={{
-                            fontSize: "14px",
-                            fontWeight: "bold",
-                            color: "#F97317"
-                        }}
-                    >
-                        Pangolin
-                    </td>
-                    <td
-                        style={{
-                            fontSize: "14px",
-                            textAlign: "right",
-                            color: "#6B7280"
-                        }}
-                    >
-                        {new Date().getFullYear()}
-                    </td>
-                </tr>
-            </table>
+        <div className="px-6 pt-8 pb-2 text-center">
+            <Img
+                src="https://fossorial-public-assets.s3.us-east-1.amazonaws.com/word_mark_black.png"
+                alt="Fossorial"
+                width="120"
+                height="auto"
+                className="mx-auto"
+            />
         </div>
     );
 }
@@ -49,14 +29,22 @@ export function EmailLetterHead() {
 // EmailHeading: For the primary message or headline
 export function EmailHeading({ children }: { children: React.ReactNode }) {
     return (
-        <h1 className="text-2xl font-semibold text-gray-800 text-center">
-            {children}
-        </h1>
+        <div className="px-6 pt-4 pb-1">
+            <h1 className="text-2xl font-semibold text-gray-900 text-center leading-tight">
+                {children}
+            </h1>
+        </div>
     );
 }
 
 export function EmailGreeting({ children }: { children: React.ReactNode }) {
-    return <p className="text-base text-gray-700 my-4">{children}</p>;
+    return (
+        <div className="px-6">
+            <p className="text-base text-gray-700 leading-relaxed">
+                {children}
+            </p>
+        </div>
+    );
 }
 
 // EmailText: For general text content
@@ -68,9 +56,13 @@ export function EmailText({
     className?: string;
 }) {
     return (
-        <p className={`my-2 text-base text-gray-700 ${className}`}>
-            {children}
-        </p>
+        <div className="px-6">
+            <p
+                className={`text-base text-gray-700 leading-relaxed ${className}`}
+            >
+                {children}
+            </p>
+        </div>
     );
 }
 
@@ -82,20 +74,74 @@ export function EmailSection({
     children: React.ReactNode;
     className?: string;
 }) {
-    return <div className={`text-center my-6 ${className}`}>{children}</div>;
+    return (
+        <div className={`px-6 py-6 text-center ${className}`}>{children}</div>
+    );
 }
 
 // EmailFooter: For closing or signature
 export function EmailFooter({ children }: { children: React.ReactNode }) {
-    return <div className="text-sm text-gray-500 mt-6">{children}</div>;
+    return (
+        <>
+            {build === "saas" && (
+                <div className="px-6 py-6 border-t border-gray-100 bg-gray-50">
+                    {children}
+                    <p className="text-xs text-gray-400 mt-4">
+                        For any questions or support, please contact us at:
+                        <br />
+                        support@fossorial.io
+                    </p>
+                    <p className="text-xs text-gray-300 text-center mt-4">
+                        &copy; {new Date().getFullYear()} Fossorial, Inc. All
+                        rights reserved.
+                    </p>
+                </div>
+            )}
+        </>
+    );
 }
 
 export function EmailSignature() {
     return (
-        <p>
-            Best regards,
-            <br />
-            Fossorial
-        </p>
+        <div className="text-sm text-gray-600">
+            <p className="mb-2">
+                Best regards,
+                <br />
+                <strong>The Fossorial Team</strong>
+            </p>
+        </div>
+    );
+}
+
+// EmailInfoSection: For structured key-value info (like resource details)
+export function EmailInfoSection({
+    title,
+    items
+}: {
+    title?: string;
+    items: { label: string; value: React.ReactNode }[];
+}) {
+    return (
+        <div className="px-6 py-4">
+            {title && (
+                <div className="mb-2 font-semibold text-gray-900 text-base">
+                    {title}
+                </div>
+            )}
+            <table className="w-full text-sm text-left">
+                <tbody>
+                    {items.map((item, idx) => (
+                        <tr key={idx}>
+                            <td className="pr-4 py-1 text-gray-600 align-top whitespace-nowrap">
+                                {item.label}
+                            </td>
+                            <td className="py-1 text-gray-900 break-all">
+                                {item.value}
+                            </td>
+                        </tr>
+                    ))}
+                </tbody>
+            </table>
+        </div>
     );
 }
diff --git a/server/emails/templates/lib/theme.ts b/server/emails/templates/lib/theme.ts
index ada77fd2..a10ff77a 100644
--- a/server/emails/templates/lib/theme.ts
+++ b/server/emails/templates/lib/theme.ts
@@ -1,3 +1,5 @@
+import React from "react";
+
 export const themeColors = {
     theme: {
         extend: {
diff --git a/server/index.ts b/server/index.ts
index a07bbc93..55b34543 100644
--- a/server/index.ts
+++ b/server/index.ts
@@ -9,6 +9,7 @@ import { createIntegrationApiServer } from "./integrationApiServer";
 import config from "@server/lib/config";
 
 async function startServers() {
+    await config.initServer();
     await runSetupFunctions();
 
     // Start all servers
diff --git a/server/integrationApiServer.ts b/server/integrationApiServer.ts
index f3dfbbef..eefaacd8 100644
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -20,8 +20,9 @@ const externalPort = config.getRawConfig().server.integration_port;
 export function createIntegrationApiServer() {
     const apiServer = express();
 
-    if (config.getRawConfig().server.trust_proxy) {
-        apiServer.set("trust proxy", 1);
+    const trustProxy = config.getRawConfig().server.trust_proxy;
+    if (trustProxy) {
+        apiServer.set("trust proxy", trustProxy);
     }
 
     apiServer.use(cors());
diff --git a/server/lib/config.ts b/server/lib/config.ts
index f6cd240f..0a964469 100644
--- a/server/lib/config.ts
+++ b/server/lib/config.ts
@@ -17,10 +17,6 @@ export class Config {
     isDev: boolean = process.env.ENVIRONMENT !== "prod";
 
     constructor() {
-        this.load();
-    }
-
-    public load() {
         const environment = readConfigFile();
 
         const {
@@ -85,22 +81,37 @@ export class Config {
             parsedConfig.server.resource_access_token_headers.token;
         process.env.RESOURCE_SESSION_REQUEST_PARAM =
             parsedConfig.server.resource_session_request_param;
-        process.env.FLAGS_ALLOW_BASE_DOMAIN_RESOURCES = parsedConfig.flags
-            ?.allow_base_domain_resources
+        process.env.DASHBOARD_URL = parsedConfig.app.dashboard_url;
+        process.env.FLAGS_DISABLE_LOCAL_SITES = parsedConfig.flags
+            ?.disable_local_sites
+            ? "true"
+            : "false";
+        process.env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES = parsedConfig.flags
+            ?.disable_basic_wireguard_sites
             ? "true"
             : "false";
-        process.env.DASHBOARD_URL = parsedConfig.app.dashboard_url;
 
-        license.setServerSecret(parsedConfig.server.secret);
-
-        this.checkKeyStatus();
+        process.env.FLAGS_ENABLE_CLIENTS = parsedConfig.flags?.enable_clients
+            ? "true"
+            : "false";
 
         this.rawConfig = parsedConfig;
     }
 
+    public async initServer() {
+        if (!this.rawConfig) {
+            throw new Error("Config not loaded. Call load() first.");
+        }
+        license.setServerSecret(this.rawConfig.server.secret);
+
+        await this.checkKeyStatus();
+    }
+
     private async checkKeyStatus() {
         const licenseStatus = await license.check();
-        if (!licenseStatus.isHostLicensed) {
+        if (
+            !licenseStatus.isHostLicensed
+        ) {
             this.checkSupporterKey();
         }
     }
@@ -116,6 +127,9 @@ export class Config {
     }
 
     public getDomain(domainId: string) {
+        if (!this.rawConfig.domains || !this.rawConfig.domains[domainId]) {
+            return null;
+        }
         return this.rawConfig.domains[domainId];
     }
 
diff --git a/server/lib/consts.ts b/server/lib/consts.ts
index 843ce54f..2fffc282 100644
--- a/server/lib/consts.ts
+++ b/server/lib/consts.ts
@@ -2,7 +2,7 @@ import path from "path";
 import { fileURLToPath } from "url";
 
 // This is a placeholder value replaced by the build process
-export const APP_VERSION = "1.6.0";
+export const APP_VERSION = "1.7.0";
 
 export const __FILENAME = fileURLToPath(import.meta.url);
 export const __DIRNAME = path.dirname(__FILENAME);
diff --git a/server/lib/ip.test.ts b/server/lib/ip.test.ts
index 2c2dd057..67a2faaa 100644
--- a/server/lib/ip.test.ts
+++ b/server/lib/ip.test.ts
@@ -4,7 +4,14 @@ import { assertEquals } from "@test/assert";
 // Test cases
 function testFindNextAvailableCidr() {
     console.log("Running findNextAvailableCidr tests...");
-    
+  
+    // Test 0: Basic IPv4 allocation with a subnet in the wrong range
+    {
+        const existing = ["100.90.130.1/30", "100.90.128.4/30"];
+        const result = findNextAvailableCidr(existing, 30, "100.90.130.1/24");
+        assertEquals(result, "100.90.130.4/30", "Basic IPv4 allocation failed");
+    }
+
     // Test 1: Basic IPv4 allocation
     {
         const existing = ["10.0.0.0/16", "10.1.0.0/16"];
@@ -26,6 +33,12 @@ function testFindNextAvailableCidr() {
         assertEquals(result, null, "No available space test failed");
     }
 
+    // Test 4: Empty existing 
+    {
+        const existing: string[] = [];
+        const result = findNextAvailableCidr(existing, 30, "10.0.0.0/8");
+        assertEquals(result, "10.0.0.0/30", "Empty existing test failed");
+    }
     // // Test 4: IPv6 allocation
     // {
     //     const existing = ["2001:db8::/32", "2001:db8:1::/32"];
diff --git a/server/lib/ip.ts b/server/lib/ip.ts
index fd6f07ab..ad952098 100644
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -1,3 +1,8 @@
+import { db } from "@server/db";
+import { clients, orgs, sites } from "@server/db";
+import { and, eq, isNotNull } from "drizzle-orm";
+import config from "@server/lib/config";
+
 interface IPRange {
     start: bigint;
     end: bigint;
@@ -9,7 +14,7 @@ type IPVersion = 4 | 6;
  * Detects IP version from address string
  */
 function detectIpVersion(ip: string): IPVersion {
-    return ip.includes(':') ? 6 : 4;
+    return ip.includes(":") ? 6 : 4;
 }
 
 /**
@@ -19,34 +24,34 @@ function ipToBigInt(ip: string): bigint {
     const version = detectIpVersion(ip);
 
     if (version === 4) {
-        return ip.split('.')
-            .reduce((acc, octet) => {
-                const num = parseInt(octet);
-                if (isNaN(num) || num < 0 || num > 255) {
-                    throw new Error(`Invalid IPv4 octet: ${octet}`);
-                }
-                return BigInt.asUintN(64, (acc << BigInt(8)) + BigInt(num));
-            }, BigInt(0));
+        return ip.split(".").reduce((acc, octet) => {
+            const num = parseInt(octet);
+            if (isNaN(num) || num < 0 || num > 255) {
+                throw new Error(`Invalid IPv4 octet: ${octet}`);
+            }
+            return BigInt.asUintN(64, (acc << BigInt(8)) + BigInt(num));
+        }, BigInt(0));
     } else {
         // Handle IPv6
         // Expand :: notation
         let fullAddress = ip;
-        if (ip.includes('::')) {
-            const parts = ip.split('::');
-            if (parts.length > 2) throw new Error('Invalid IPv6 address: multiple :: found');
-            const missing = 8 - (parts[0].split(':').length + parts[1].split(':').length);
-            const padding = Array(missing).fill('0').join(':');
+        if (ip.includes("::")) {
+            const parts = ip.split("::");
+            if (parts.length > 2)
+                throw new Error("Invalid IPv6 address: multiple :: found");
+            const missing =
+                8 - (parts[0].split(":").length + parts[1].split(":").length);
+            const padding = Array(missing).fill("0").join(":");
             fullAddress = `${parts[0]}:${padding}:${parts[1]}`;
         }
 
-        return fullAddress.split(':')
-            .reduce((acc, hextet) => {
-                const num = parseInt(hextet || '0', 16);
-                if (isNaN(num) || num < 0 || num > 65535) {
-                    throw new Error(`Invalid IPv6 hextet: ${hextet}`);
-                }
-                return BigInt.asUintN(128, (acc << BigInt(16)) + BigInt(num));
-            }, BigInt(0));
+        return fullAddress.split(":").reduce((acc, hextet) => {
+            const num = parseInt(hextet || "0", 16);
+            if (isNaN(num) || num < 0 || num > 65535) {
+                throw new Error(`Invalid IPv6 hextet: ${hextet}`);
+            }
+            return BigInt.asUintN(128, (acc << BigInt(16)) + BigInt(num));
+        }, BigInt(0));
     }
 }
 
@@ -60,11 +65,15 @@ function bigIntToIp(num: bigint, version: IPVersion): string {
             octets.unshift(Number(num & BigInt(255)));
             num = num >> BigInt(8);
         }
-        return octets.join('.');
+        return octets.join(".");
     } else {
         const hextets: string[] = [];
         for (let i = 0; i < 8; i++) {
-            hextets.unshift(Number(num & BigInt(65535)).toString(16).padStart(4, '0'));
+            hextets.unshift(
+                Number(num & BigInt(65535))
+                    .toString(16)
+                    .padStart(4, "0")
+            );
             num = num >> BigInt(16);
         }
         // Compress zero sequences
@@ -74,7 +83,7 @@ function bigIntToIp(num: bigint, version: IPVersion): string {
         let currentZeroLength = 0;
 
         for (let i = 0; i < hextets.length; i++) {
-            if (hextets[i] === '0000') {
+            if (hextets[i] === "0000") {
                 if (currentZeroStart === -1) currentZeroStart = i;
                 currentZeroLength++;
                 if (currentZeroLength > maxZeroLength) {
@@ -88,12 +97,14 @@ function bigIntToIp(num: bigint, version: IPVersion): string {
         }
 
         if (maxZeroLength > 1) {
-            hextets.splice(maxZeroStart, maxZeroLength, '');
-            if (maxZeroStart === 0) hextets.unshift('');
-            if (maxZeroStart + maxZeroLength === 8) hextets.push('');
+            hextets.splice(maxZeroStart, maxZeroLength, "");
+            if (maxZeroStart === 0) hextets.unshift("");
+            if (maxZeroStart + maxZeroLength === 8) hextets.push("");
         }
 
-        return hextets.map(h => h === '0000' ? '0' : h.replace(/^0+/, '')).join(':');
+        return hextets
+            .map((h) => (h === "0000" ? "0" : h.replace(/^0+/, "")))
+            .join(":");
     }
 }
 
@@ -101,7 +112,7 @@ function bigIntToIp(num: bigint, version: IPVersion): string {
  * Converts CIDR to IP range
  */
 export function cidrToRange(cidr: string): IPRange {
-    const [ip, prefix] = cidr.split('/');
+    const [ip, prefix] = cidr.split("/");
     const version = detectIpVersion(ip);
     const prefixBits = parseInt(prefix);
     const ipBigInt = ipToBigInt(ip);
@@ -113,7 +124,10 @@ export function cidrToRange(cidr: string): IPRange {
     }
 
     const shiftBits = BigInt(maxPrefix - prefixBits);
-    const mask = BigInt.asUintN(version === 4 ? 64 : 128, (BigInt(1) << shiftBits) - BigInt(1));
+    const mask = BigInt.asUintN(
+        version === 4 ? 64 : 128,
+        (BigInt(1) << shiftBits) - BigInt(1)
+    );
     const start = ipBigInt & ~mask;
     const end = start | mask;
 
@@ -132,28 +146,32 @@ export function findNextAvailableCidr(
     blockSize: number,
     startCidr?: string
 ): string | null {
-
     if (!startCidr && existingCidrs.length === 0) {
         return null;
     }
 
     // If no existing CIDRs, use the IP version from startCidr
-    const version = startCidr
-        ? detectIpVersion(startCidr.split('/')[0])
-        : 4; // Default to IPv4 if no startCidr provided
+    const version = startCidr ? detectIpVersion(startCidr.split("/")[0]) : 4; // Default to IPv4 if no startCidr provided
 
     // Use appropriate default startCidr if none provided
     startCidr = startCidr || (version === 4 ? "0.0.0.0/0" : "::/0");
 
     // If there are existing CIDRs, ensure all are same version
-    if (existingCidrs.length > 0 &&
-        existingCidrs.some(cidr => detectIpVersion(cidr.split('/')[0]) !== version)) {
-        throw new Error('All CIDRs must be of the same IP version');
+    if (
+        existingCidrs.length > 0 &&
+        existingCidrs.some(
+            (cidr) => detectIpVersion(cidr.split("/")[0]) !== version
+        )
+    ) {
+        throw new Error("All CIDRs must be of the same IP version");
     }
 
+    // Extract the network part from startCidr to ensure we stay in the right subnet
+    const startCidrRange = cidrToRange(startCidr);
+
     // Convert existing CIDRs to ranges and sort them
     const existingRanges = existingCidrs
-        .map(cidr => cidrToRange(cidr))
+        .map((cidr) => cidrToRange(cidr))
         .sort((a, b) => (a.start < b.start ? -1 : 1));
 
     // Calculate block size
@@ -161,14 +179,17 @@ export function findNextAvailableCidr(
     const blockSizeBigInt = BigInt(1) << BigInt(maxPrefix - blockSize);
 
     // Start from the beginning of the given CIDR
-    let current = cidrToRange(startCidr).start;
-    const maxIp = cidrToRange(startCidr).end;
+    let current = startCidrRange.start;
+    const maxIp = startCidrRange.end;
 
     // Iterate through existing ranges
     for (let i = 0; i <= existingRanges.length; i++) {
         const nextRange = existingRanges[i];
+
         // Align current to block size
-        const alignedCurrent = current + ((blockSizeBigInt - (current % blockSizeBigInt)) % blockSizeBigInt);
+        const alignedCurrent =
+            current +
+            ((blockSizeBigInt - (current % blockSizeBigInt)) % blockSizeBigInt);
 
         // Check if we've gone beyond the maximum allowed IP
         if (alignedCurrent + blockSizeBigInt - BigInt(1) > maxIp) {
@@ -176,12 +197,18 @@ export function findNextAvailableCidr(
         }
 
         // If we're at the end of existing ranges or found a gap
-        if (!nextRange || alignedCurrent + blockSizeBigInt - BigInt(1) < nextRange.start) {
+        if (
+            !nextRange ||
+            alignedCurrent + blockSizeBigInt - BigInt(1) < nextRange.start
+        ) {
             return `${bigIntToIp(alignedCurrent, version)}/${blockSize}`;
         }
 
-        // Move current pointer to after the current range
-        current = nextRange.end + BigInt(1);
+        // If next range overlaps with our search space, move past it
+        if (nextRange.end >= startCidrRange.start && nextRange.start <= maxIp) {
+            // Move current pointer to after the current range
+            current = nextRange.end + BigInt(1);
+        }
     }
 
     return null;
@@ -195,7 +222,7 @@ export function findNextAvailableCidr(
  */
 export function isIpInCidr(ip: string, cidr: string): boolean {
     const ipVersion = detectIpVersion(ip);
-    const cidrVersion = detectIpVersion(cidr.split('/')[0]);
+    const cidrVersion = detectIpVersion(cidr.split("/")[0]);
 
     // If IP versions don't match, the IP cannot be in the CIDR range
     if (ipVersion !== cidrVersion) {
@@ -207,3 +234,69 @@ export function isIpInCidr(ip: string, cidr: string): boolean {
     const range = cidrToRange(cidr);
     return ipBigInt >= range.start && ipBigInt <= range.end;
 }
+
+export async function getNextAvailableClientSubnet(
+    orgId: string
+): Promise<string> {
+    const [org] = await db.select().from(orgs).where(eq(orgs.orgId, orgId));
+
+    if (!org) {
+        throw new Error(`Organization with ID ${orgId} not found`);
+    }
+
+    if (!org.subnet) {
+        throw new Error(`Organization with ID ${orgId} has no subnet defined`);
+    }
+
+    const existingAddressesSites = await db
+        .select({
+            address: sites.address
+        })
+        .from(sites)
+        .where(and(isNotNull(sites.address), eq(sites.orgId, orgId)));
+
+    const existingAddressesClients = await db
+        .select({
+            address: clients.subnet
+        })
+        .from(clients)
+        .where(and(isNotNull(clients.subnet), eq(clients.orgId, orgId)));
+
+    const addresses = [
+        ...existingAddressesSites.map(
+            (site) => `${site.address?.split("/")[0]}/32`
+        ), // we are overriding the 32 so that we pick individual addresses in the subnet of the org for the site and the client even though they are stored with the /block_size of the org
+        ...existingAddressesClients.map(
+            (client) => `${client.address.split("/")}/32`
+        )
+    ].filter((address) => address !== null) as string[];
+
+    let subnet = findNextAvailableCidr(addresses, 32, org.subnet); // pick the sites address in the org
+    if (!subnet) {
+        throw new Error("No available subnets remaining in space");
+    }
+
+    return subnet;
+}
+
+export async function getNextAvailableOrgSubnet(): Promise<string> {
+    const existingAddresses = await db
+        .select({
+            subnet: orgs.subnet
+        })
+        .from(orgs)
+        .where(isNotNull(orgs.subnet));
+
+    const addresses = existingAddresses.map((org) => org.subnet!);
+
+    let subnet = findNextAvailableCidr(
+        addresses,
+        config.getRawConfig().orgs.block_size,
+        config.getRawConfig().orgs.subnet_group
+    );
+    if (!subnet) {
+        throw new Error("No available subnets remaining in space");
+    }
+
+    return subnet;
+}
diff --git a/server/lib/rateLimitStore.ts b/server/lib/rateLimitStore.ts
new file mode 100644
index 00000000..2f6dc675
--- /dev/null
+++ b/server/lib/rateLimitStore.ts
@@ -0,0 +1,6 @@
+import { MemoryStore, Store } from "express-rate-limit";
+
+export function createStore(): Store {
+    let rateLimitStore: Store = new MemoryStore();
+    return rateLimitStore;
+}
diff --git a/server/lib/readConfigFile.ts b/server/lib/readConfigFile.ts
index 0058127f..f738b986 100644
--- a/server/lib/readConfigFile.ts
+++ b/server/lib/readConfigFile.ts
@@ -3,8 +3,7 @@ import yaml from "js-yaml";
 import { configFilePath1, configFilePath2 } from "./consts";
 import { z } from "zod";
 import stoi from "./stoi";
-import { passwordSchema } from "@server/auth/passwordSchema";
-import { fromError } from "zod-validation-error";
+import { build } from "@server/build";
 
 const portSchema = z.number().positive().gt(0).lte(65535);
 
@@ -12,203 +11,243 @@ const getEnvOrYaml = (envVar: string) => (valFromYaml: any) => {
     return process.env[envVar] ?? valFromYaml;
 };
 
-export const configSchema = z.object({
-    app: z.object({
-        dashboard_url: z
-            .string()
-            .url()
-            .optional()
-            .pipe(z.string().url())
-            .transform((url) => url.toLowerCase()),
-        log_level: z
-            .enum(["debug", "info", "warn", "error"])
-            .optional()
-            .default("info"),
-        save_logs: z.boolean().optional().default(false),
-        log_failed_attempts: z.boolean().optional().default(false)
-    }),
-    domains: z
-        .record(
-            z.string(),
-            z.object({
-                base_domain: z
-                    .string()
-                    .nonempty("base_domain must not be empty")
-                    .transform((url) => url.toLowerCase()),
-                cert_resolver: z.string().optional().default("letsencrypt"),
-                prefer_wildcard_cert: z.boolean().optional().default(false)
-            })
-        )
-        .refine(
-            (domains) => {
-                const keys = Object.keys(domains);
-
-                if (keys.length === 0) {
-                    return false;
-                }
-
-                return true;
-            },
-            {
-                message: "At least one domain must be defined"
-            }
-        ),
-    server: z.object({
-        integration_port: portSchema
-            .optional()
-            .default(3003)
-            .transform(stoi)
-            .pipe(portSchema.optional()),
-        external_port: portSchema
-            .optional()
-            .default(3000)
-            .transform(stoi)
-            .pipe(portSchema),
-        internal_port: portSchema
-            .optional()
-            .default(3001)
-            .transform(stoi)
-            .pipe(portSchema),
-        next_port: portSchema
-            .optional()
-            .default(3002)
-            .transform(stoi)
-            .pipe(portSchema),
-        internal_hostname: z
-            .string()
-            .optional()
-            .default("pangolin")
-            .transform((url) => url.toLowerCase()),
-        session_cookie_name: z.string().optional().default("p_session_token"),
-        resource_access_token_param: z.string().optional().default("p_token"),
-        resource_access_token_headers: z
-            .object({
-                id: z.string().optional().default("P-Access-Token-Id"),
-                token: z.string().optional().default("P-Access-Token")
-            })
-            .optional()
-            .default({}),
-        resource_session_request_param: z
-            .string()
-            .optional()
-            .default("resource_session_request_param"),
-        dashboard_session_length_hours: z
-            .number()
-            .positive()
-            .gt(0)
-            .optional()
-            .default(720),
-        resource_session_length_hours: z
-            .number()
-            .positive()
-            .gt(0)
-            .optional()
-            .default(720),
-        cors: z
-            .object({
-                origins: z.array(z.string()).optional(),
-                methods: z.array(z.string()).optional(),
-                allowed_headers: z.array(z.string()).optional(),
-                credentials: z.boolean().optional()
-            })
+export const configSchema = z
+    .object({
+        app: z.object({
+            dashboard_url: z
+                .string()
+                .url()
+                .optional()
+                .pipe(z.string().url())
+                .transform((url) => url.toLowerCase()),
+            log_level: z
+                .enum(["debug", "info", "warn", "error"])
+                .optional()
+                .default("info"),
+            save_logs: z.boolean().optional().default(false),
+            log_failed_attempts: z.boolean().optional().default(false)
+        }),
+        domains: z
+            .record(
+                z.string(),
+                z.object({
+                    base_domain: z
+                        .string()
+                        .nonempty("base_domain must not be empty")
+                        .transform((url) => url.toLowerCase()),
+                    cert_resolver: z.string().optional().default("letsencrypt"),
+                    prefer_wildcard_cert: z.boolean().optional().default(false)
+                })
+            )
             .optional(),
-        trust_proxy: z.number().int().gte(0).optional().default(1),
-        secret: z
-            .string()
-            .optional()
-            .transform(getEnvOrYaml("SERVER_SECRET"))
-            .pipe(z.string().min(8))
-    }),
-    postgres: z
-        .object({
-            connection_string: z.string(),
-            replicas: z
-                .array(
-                    z.object({
-                        connection_string: z.string()
-                    })
-                )
+        server: z.object({
+            integration_port: portSchema
                 .optional()
-        })
-        .optional(),
-    traefik: z
-        .object({
-            http_entrypoint: z.string().optional().default("web"),
-            https_entrypoint: z.string().optional().default("websecure"),
-            additional_middlewares: z.array(z.string()).optional()
-        })
-        .optional()
-        .default({}),
-    gerbil: z
-        .object({
-            start_port: portSchema
+                .default(3003)
+                .transform(stoi)
+                .pipe(portSchema.optional()),
+            external_port: portSchema
                 .optional()
-                .default(51820)
+                .default(3000)
                 .transform(stoi)
                 .pipe(portSchema),
-            base_endpoint: z
+            internal_port: portSchema
+                .optional()
+                .default(3001)
+                .transform(stoi)
+                .pipe(portSchema),
+            next_port: portSchema
+                .optional()
+                .default(3002)
+                .transform(stoi)
+                .pipe(portSchema),
+            internal_hostname: z
                 .string()
                 .optional()
-                .pipe(z.string())
+                .default("pangolin")
                 .transform((url) => url.toLowerCase()),
-            use_subdomain: z.boolean().optional().default(false),
-            subnet_group: z.string().optional().default("100.89.137.0/20"),
-            block_size: z.number().positive().gt(0).optional().default(24),
-            site_block_size: z.number().positive().gt(0).optional().default(30)
-        })
-        .optional()
-        .default({}),
-    rate_limits: z
-        .object({
-            global: z
+            session_cookie_name: z
+                .string()
+                .optional()
+                .default("p_session_token"),
+            resource_access_token_param: z
+                .string()
+                .optional()
+                .default("p_token"),
+            resource_access_token_headers: z
                 .object({
-                    window_minutes: z
-                        .number()
-                        .positive()
-                        .gt(0)
-                        .optional()
-                        .default(1),
-                    max_requests: z
-                        .number()
-                        .positive()
-                        .gt(0)
-                        .optional()
-                        .default(500)
+                    id: z.string().optional().default("P-Access-Token-Id"),
+                    token: z.string().optional().default("P-Access-Token")
                 })
                 .optional()
                 .default({}),
-            auth: z
-                .object({
-                    window_minutes: z.number().positive().gt(0),
-                    max_requests: z.number().positive().gt(0)
-                })
+            resource_session_request_param: z
+                .string()
                 .optional()
-        })
-        .optional()
-        .default({}),
-    email: z
-        .object({
-            smtp_host: z.string().optional(),
-            smtp_port: portSchema.optional(),
-            smtp_user: z.string().optional(),
-            smtp_pass: z.string().optional(),
-            smtp_secure: z.boolean().optional(),
-            smtp_tls_reject_unauthorized: z.boolean().optional(),
-            no_reply: z.string().email().optional()
-        })
-        .optional(),
-    flags: z
-        .object({
-            require_email_verification: z.boolean().optional(),
-            disable_signup_without_invite: z.boolean().optional(),
-            disable_user_create_org: z.boolean().optional(),
-            allow_raw_resources: z.boolean().optional(),
-            allow_base_domain_resources: z.boolean().optional(),
-            allow_local_sites: z.boolean().optional(),
-            enable_integration_api: z.boolean().optional()
-        })
-        .optional()
-});
+                .default("resource_session_request_param"),
+            dashboard_session_length_hours: z
+                .number()
+                .positive()
+                .gt(0)
+                .optional()
+                .default(720),
+            resource_session_length_hours: z
+                .number()
+                .positive()
+                .gt(0)
+                .optional()
+                .default(720),
+            cors: z
+                .object({
+                    origins: z.array(z.string()).optional(),
+                    methods: z.array(z.string()).optional(),
+                    allowed_headers: z.array(z.string()).optional(),
+                    credentials: z.boolean().optional()
+                })
+                .optional(),
+            trust_proxy: z.number().int().gte(0).optional().default(1),
+            secret: z
+                .string()
+                .optional()
+                .transform(getEnvOrYaml("SERVER_SECRET"))
+                .pipe(z.string().min(8))
+        }),
+        postgres: z
+            .object({
+                connection_string: z.string(),
+                replicas: z
+                    .array(
+                        z.object({
+                            connection_string: z.string()
+                        })
+                    )
+                    .optional()
+            })
+            .optional(),
+        traefik: z
+            .object({
+                http_entrypoint: z.string().optional().default("web"),
+                https_entrypoint: z.string().optional().default("websecure"),
+                additional_middlewares: z.array(z.string()).optional(),
+                cert_resolver: z.string().optional().default("letsencrypt"),
+                prefer_wildcard_cert: z.boolean().optional().default(false)
+            })
+            .optional()
+            .default({}),
+        gerbil: z
+            .object({
+                exit_node_name: z.string().optional(),
+                start_port: portSchema
+                    .optional()
+                    .default(51820)
+                    .transform(stoi)
+                    .pipe(portSchema),
+                base_endpoint: z
+                    .string()
+                    .optional()
+                    .pipe(z.string())
+                    .transform((url) => url.toLowerCase()),
+                use_subdomain: z.boolean().optional().default(false),
+                subnet_group: z.string().optional().default("100.89.137.0/20"),
+                block_size: z.number().positive().gt(0).optional().default(24),
+                site_block_size: z
+                    .number()
+                    .positive()
+                    .gt(0)
+                    .optional()
+                    .default(30)
+            })
+            .optional()
+            .default({}),
+        orgs: z
+            .object({
+                block_size: z.number().positive().gt(0).optional().default(24),
+                subnet_group: z.string().optional().default("100.90.128.0/24")
+            })
+            .optional()
+            .default({
+                block_size: 24,
+                subnet_group: "100.90.128.0/24"
+            }),
+        rate_limits: z
+            .object({
+                global: z
+                    .object({
+                        window_minutes: z
+                            .number()
+                            .positive()
+                            .gt(0)
+                            .optional()
+                            .default(1),
+                        max_requests: z
+                            .number()
+                            .positive()
+                            .gt(0)
+                            .optional()
+                            .default(500)
+                    })
+                    .optional()
+                    .default({}),
+                auth: z
+                    .object({
+                        window_minutes: z
+                            .number()
+                            .positive()
+                            .gt(0)
+                            .optional()
+                            .default(1),
+                        max_requests: z
+                            .number()
+                            .positive()
+                            .gt(0)
+                            .optional()
+                            .default(500)
+                    })
+                    .optional()
+                    .default({})
+            })
+            .optional()
+            .default({}),
+        email: z
+            .object({
+                smtp_host: z.string().optional(),
+                smtp_port: portSchema.optional(),
+                smtp_user: z.string().optional(),
+                smtp_pass: z.string().optional(),
+                smtp_secure: z.boolean().optional(),
+                smtp_tls_reject_unauthorized: z.boolean().optional(),
+                no_reply: z.string().email().optional()
+            })
+            .optional(),
+        flags: z
+            .object({
+                require_email_verification: z.boolean().optional(),
+                disable_signup_without_invite: z.boolean().optional(),
+                disable_user_create_org: z.boolean().optional(),
+                allow_raw_resources: z.boolean().optional(),
+                enable_integration_api: z.boolean().optional(),
+                disable_local_sites: z.boolean().optional(),
+                disable_basic_wireguard_sites: z.boolean().optional(),
+                disable_config_managed_domains: z.boolean().optional(),
+                enable_clients: z.boolean().optional()
+            })
+            .optional()
+    })
+    .refine(
+        (data) => {
+            const keys = Object.keys(data.domains || {});
+            if (data.flags?.disable_config_managed_domains) {
+                return true;
+            }
+            if (keys.length === 0) {
+                return false;
+            }
+            return true;
+        },
+        {
+            message: "At least one domain must be defined"
+        }
+    );
 
 export function readConfigFile() {
     const loadConfig = (configPath: string) => {
diff --git a/server/lib/validators.ts b/server/lib/validators.ts
index 50ff5674..6c581e47 100644
--- a/server/lib/validators.ts
+++ b/server/lib/validators.ts
@@ -93,3 +93,1482 @@ export function isTargetValid(value: string | undefined) {
 
     return DOMAIN_REGEX.test(value);
 }
+
+export function isValidDomain(domain: string): boolean {
+    // Check overall length
+    if (domain.length > 253) return false;
+
+    // Check for invalid characters or patterns
+    if (
+        domain.startsWith(".") ||
+        domain.endsWith(".") ||
+        domain.includes("..")
+    ) {
+        return false;
+    }
+
+    const labels = domain.split(".");
+
+    // Must have at least 2 labels (domain + TLD)
+    if (labels.length < 2) return false;
+
+    // Validate each label
+    for (const label of labels) {
+        if (label.length === 0 || label.length > 63) return false;
+        if (label.startsWith("-") || label.endsWith("-")) return false;
+        if (!/^[a-zA-Z0-9-]+$/.test(label)) return false;
+    }
+
+    // TLD should be at least 2 characters and contain only letters
+    const tld = labels[labels.length - 1];
+    if (tld.length < 2 || !/^[a-zA-Z]+$/.test(tld)) return false;
+
+    // Check if TLD is in the list of valid TLDs
+    if (!validTlds.includes(tld.toUpperCase())) return false;
+
+    return true;
+}
+
+const validTlds = [
+    "AAA",
+    "AARP",
+    "ABB",
+    "ABBOTT",
+    "ABBVIE",
+    "ABC",
+    "ABLE",
+    "ABOGADO",
+    "ABUDHABI",
+    "AC",
+    "ACADEMY",
+    "ACCENTURE",
+    "ACCOUNTANT",
+    "ACCOUNTANTS",
+    "ACO",
+    "ACTOR",
+    "AD",
+    "ADS",
+    "ADULT",
+    "AE",
+    "AEG",
+    "AERO",
+    "AETNA",
+    "AF",
+    "AFL",
+    "AFRICA",
+    "AG",
+    "AGAKHAN",
+    "AGENCY",
+    "AI",
+    "AIG",
+    "AIRBUS",
+    "AIRFORCE",
+    "AIRTEL",
+    "AKDN",
+    "AL",
+    "ALIBABA",
+    "ALIPAY",
+    "ALLFINANZ",
+    "ALLSTATE",
+    "ALLY",
+    "ALSACE",
+    "ALSTOM",
+    "AM",
+    "AMAZON",
+    "AMERICANEXPRESS",
+    "AMERICANFAMILY",
+    "AMEX",
+    "AMFAM",
+    "AMICA",
+    "AMSTERDAM",
+    "ANALYTICS",
+    "ANDROID",
+    "ANQUAN",
+    "ANZ",
+    "AO",
+    "AOL",
+    "APARTMENTS",
+    "APP",
+    "APPLE",
+    "AQ",
+    "AQUARELLE",
+    "AR",
+    "ARAB",
+    "ARAMCO",
+    "ARCHI",
+    "ARMY",
+    "ARPA",
+    "ART",
+    "ARTE",
+    "AS",
+    "ASDA",
+    "ASIA",
+    "ASSOCIATES",
+    "AT",
+    "ATHLETA",
+    "ATTORNEY",
+    "AU",
+    "AUCTION",
+    "AUDI",
+    "AUDIBLE",
+    "AUDIO",
+    "AUSPOST",
+    "AUTHOR",
+    "AUTO",
+    "AUTOS",
+    "AW",
+    "AWS",
+    "AX",
+    "AXA",
+    "AZ",
+    "AZURE",
+    "BA",
+    "BABY",
+    "BAIDU",
+    "BANAMEX",
+    "BAND",
+    "BANK",
+    "BAR",
+    "BARCELONA",
+    "BARCLAYCARD",
+    "BARCLAYS",
+    "BAREFOOT",
+    "BARGAINS",
+    "BASEBALL",
+    "BASKETBALL",
+    "BAUHAUS",
+    "BAYERN",
+    "BB",
+    "BBC",
+    "BBT",
+    "BBVA",
+    "BCG",
+    "BCN",
+    "BD",
+    "BE",
+    "BEATS",
+    "BEAUTY",
+    "BEER",
+    "BERLIN",
+    "BEST",
+    "BESTBUY",
+    "BET",
+    "BF",
+    "BG",
+    "BH",
+    "BHARTI",
+    "BI",
+    "BIBLE",
+    "BID",
+    "BIKE",
+    "BING",
+    "BINGO",
+    "BIO",
+    "BIZ",
+    "BJ",
+    "BLACK",
+    "BLACKFRIDAY",
+    "BLOCKBUSTER",
+    "BLOG",
+    "BLOOMBERG",
+    "BLUE",
+    "BM",
+    "BMS",
+    "BMW",
+    "BN",
+    "BNPPARIBAS",
+    "BO",
+    "BOATS",
+    "BOEHRINGER",
+    "BOFA",
+    "BOM",
+    "BOND",
+    "BOO",
+    "BOOK",
+    "BOOKING",
+    "BOSCH",
+    "BOSTIK",
+    "BOSTON",
+    "BOT",
+    "BOUTIQUE",
+    "BOX",
+    "BR",
+    "BRADESCO",
+    "BRIDGESTONE",
+    "BROADWAY",
+    "BROKER",
+    "BROTHER",
+    "BRUSSELS",
+    "BS",
+    "BT",
+    "BUILD",
+    "BUILDERS",
+    "BUSINESS",
+    "BUY",
+    "BUZZ",
+    "BV",
+    "BW",
+    "BY",
+    "BZ",
+    "BZH",
+    "CA",
+    "CAB",
+    "CAFE",
+    "CAL",
+    "CALL",
+    "CALVINKLEIN",
+    "CAM",
+    "CAMERA",
+    "CAMP",
+    "CANON",
+    "CAPETOWN",
+    "CAPITAL",
+    "CAPITALONE",
+    "CAR",
+    "CARAVAN",
+    "CARDS",
+    "CARE",
+    "CAREER",
+    "CAREERS",
+    "CARS",
+    "CASA",
+    "CASE",
+    "CASH",
+    "CASINO",
+    "CAT",
+    "CATERING",
+    "CATHOLIC",
+    "CBA",
+    "CBN",
+    "CBRE",
+    "CC",
+    "CD",
+    "CENTER",
+    "CEO",
+    "CERN",
+    "CF",
+    "CFA",
+    "CFD",
+    "CG",
+    "CH",
+    "CHANEL",
+    "CHANNEL",
+    "CHARITY",
+    "CHASE",
+    "CHAT",
+    "CHEAP",
+    "CHINTAI",
+    "CHRISTMAS",
+    "CHROME",
+    "CHURCH",
+    "CI",
+    "CIPRIANI",
+    "CIRCLE",
+    "CISCO",
+    "CITADEL",
+    "CITI",
+    "CITIC",
+    "CITY",
+    "CK",
+    "CL",
+    "CLAIMS",
+    "CLEANING",
+    "CLICK",
+    "CLINIC",
+    "CLINIQUE",
+    "CLOTHING",
+    "CLOUD",
+    "CLUB",
+    "CLUBMED",
+    "CM",
+    "CN",
+    "CO",
+    "COACH",
+    "CODES",
+    "COFFEE",
+    "COLLEGE",
+    "COLOGNE",
+    "COM",
+    "COMMBANK",
+    "COMMUNITY",
+    "COMPANY",
+    "COMPARE",
+    "COMPUTER",
+    "COMSEC",
+    "CONDOS",
+    "CONSTRUCTION",
+    "CONSULTING",
+    "CONTACT",
+    "CONTRACTORS",
+    "COOKING",
+    "COOL",
+    "COOP",
+    "CORSICA",
+    "COUNTRY",
+    "COUPON",
+    "COUPONS",
+    "COURSES",
+    "CPA",
+    "CR",
+    "CREDIT",
+    "CREDITCARD",
+    "CREDITUNION",
+    "CRICKET",
+    "CROWN",
+    "CRS",
+    "CRUISE",
+    "CRUISES",
+    "CU",
+    "CUISINELLA",
+    "CV",
+    "CW",
+    "CX",
+    "CY",
+    "CYMRU",
+    "CYOU",
+    "CZ",
+    "DAD",
+    "DANCE",
+    "DATA",
+    "DATE",
+    "DATING",
+    "DATSUN",
+    "DAY",
+    "DCLK",
+    "DDS",
+    "DE",
+    "DEAL",
+    "DEALER",
+    "DEALS",
+    "DEGREE",
+    "DELIVERY",
+    "DELL",
+    "DELOITTE",
+    "DELTA",
+    "DEMOCRAT",
+    "DENTAL",
+    "DENTIST",
+    "DESI",
+    "DESIGN",
+    "DEV",
+    "DHL",
+    "DIAMONDS",
+    "DIET",
+    "DIGITAL",
+    "DIRECT",
+    "DIRECTORY",
+    "DISCOUNT",
+    "DISCOVER",
+    "DISH",
+    "DIY",
+    "DJ",
+    "DK",
+    "DM",
+    "DNP",
+    "DO",
+    "DOCS",
+    "DOCTOR",
+    "DOG",
+    "DOMAINS",
+    "DOT",
+    "DOWNLOAD",
+    "DRIVE",
+    "DTV",
+    "DUBAI",
+    "DUNLOP",
+    "DUPONT",
+    "DURBAN",
+    "DVAG",
+    "DVR",
+    "DZ",
+    "EARTH",
+    "EAT",
+    "EC",
+    "ECO",
+    "EDEKA",
+    "EDU",
+    "EDUCATION",
+    "EE",
+    "EG",
+    "EMAIL",
+    "EMERCK",
+    "ENERGY",
+    "ENGINEER",
+    "ENGINEERING",
+    "ENTERPRISES",
+    "EPSON",
+    "EQUIPMENT",
+    "ER",
+    "ERICSSON",
+    "ERNI",
+    "ES",
+    "ESQ",
+    "ESTATE",
+    "ET",
+    "EU",
+    "EUROVISION",
+    "EUS",
+    "EVENTS",
+    "EXCHANGE",
+    "EXPERT",
+    "EXPOSED",
+    "EXPRESS",
+    "EXTRASPACE",
+    "FAGE",
+    "FAIL",
+    "FAIRWINDS",
+    "FAITH",
+    "FAMILY",
+    "FAN",
+    "FANS",
+    "FARM",
+    "FARMERS",
+    "FASHION",
+    "FAST",
+    "FEDEX",
+    "FEEDBACK",
+    "FERRARI",
+    "FERRERO",
+    "FI",
+    "FIDELITY",
+    "FIDO",
+    "FILM",
+    "FINAL",
+    "FINANCE",
+    "FINANCIAL",
+    "FIRE",
+    "FIRESTONE",
+    "FIRMDALE",
+    "FISH",
+    "FISHING",
+    "FIT",
+    "FITNESS",
+    "FJ",
+    "FK",
+    "FLICKR",
+    "FLIGHTS",
+    "FLIR",
+    "FLORIST",
+    "FLOWERS",
+    "FLY",
+    "FM",
+    "FO",
+    "FOO",
+    "FOOD",
+    "FOOTBALL",
+    "FORD",
+    "FOREX",
+    "FORSALE",
+    "FORUM",
+    "FOUNDATION",
+    "FOX",
+    "FR",
+    "FREE",
+    "FRESENIUS",
+    "FRL",
+    "FROGANS",
+    "FRONTIER",
+    "FTR",
+    "FUJITSU",
+    "FUN",
+    "FUND",
+    "FURNITURE",
+    "FUTBOL",
+    "FYI",
+    "GA",
+    "GAL",
+    "GALLERY",
+    "GALLO",
+    "GALLUP",
+    "GAME",
+    "GAMES",
+    "GAP",
+    "GARDEN",
+    "GAY",
+    "GB",
+    "GBIZ",
+    "GD",
+    "GDN",
+    "GE",
+    "GEA",
+    "GENT",
+    "GENTING",
+    "GEORGE",
+    "GF",
+    "GG",
+    "GGEE",
+    "GH",
+    "GI",
+    "GIFT",
+    "GIFTS",
+    "GIVES",
+    "GIVING",
+    "GL",
+    "GLASS",
+    "GLE",
+    "GLOBAL",
+    "GLOBO",
+    "GM",
+    "GMAIL",
+    "GMBH",
+    "GMO",
+    "GMX",
+    "GN",
+    "GODADDY",
+    "GOLD",
+    "GOLDPOINT",
+    "GOLF",
+    "GOO",
+    "GOODYEAR",
+    "GOOG",
+    "GOOGLE",
+    "GOP",
+    "GOT",
+    "GOV",
+    "GP",
+    "GQ",
+    "GR",
+    "GRAINGER",
+    "GRAPHICS",
+    "GRATIS",
+    "GREEN",
+    "GRIPE",
+    "GROCERY",
+    "GROUP",
+    "GS",
+    "GT",
+    "GU",
+    "GUCCI",
+    "GUGE",
+    "GUIDE",
+    "GUITARS",
+    "GURU",
+    "GW",
+    "GY",
+    "HAIR",
+    "HAMBURG",
+    "HANGOUT",
+    "HAUS",
+    "HBO",
+    "HDFC",
+    "HDFCBANK",
+    "HEALTH",
+    "HEALTHCARE",
+    "HELP",
+    "HELSINKI",
+    "HERE",
+    "HERMES",
+    "HIPHOP",
+    "HISAMITSU",
+    "HITACHI",
+    "HIV",
+    "HK",
+    "HKT",
+    "HM",
+    "HN",
+    "HOCKEY",
+    "HOLDINGS",
+    "HOLIDAY",
+    "HOMEDEPOT",
+    "HOMEGOODS",
+    "HOMES",
+    "HOMESENSE",
+    "HONDA",
+    "HORSE",
+    "HOSPITAL",
+    "HOST",
+    "HOSTING",
+    "HOT",
+    "HOTELS",
+    "HOTMAIL",
+    "HOUSE",
+    "HOW",
+    "HR",
+    "HSBC",
+    "HT",
+    "HU",
+    "HUGHES",
+    "HYATT",
+    "HYUNDAI",
+    "IBM",
+    "ICBC",
+    "ICE",
+    "ICU",
+    "ID",
+    "IE",
+    "IEEE",
+    "IFM",
+    "IKANO",
+    "IL",
+    "IM",
+    "IMAMAT",
+    "IMDB",
+    "IMMO",
+    "IMMOBILIEN",
+    "IN",
+    "INC",
+    "INDUSTRIES",
+    "INFINITI",
+    "INFO",
+    "ING",
+    "INK",
+    "INSTITUTE",
+    "INSURANCE",
+    "INSURE",
+    "INT",
+    "INTERNATIONAL",
+    "INTUIT",
+    "INVESTMENTS",
+    "IO",
+    "IPIRANGA",
+    "IQ",
+    "IR",
+    "IRISH",
+    "IS",
+    "ISMAILI",
+    "IST",
+    "ISTANBUL",
+    "IT",
+    "ITAU",
+    "ITV",
+    "JAGUAR",
+    "JAVA",
+    "JCB",
+    "JE",
+    "JEEP",
+    "JETZT",
+    "JEWELRY",
+    "JIO",
+    "JLL",
+    "JM",
+    "JMP",
+    "JNJ",
+    "JO",
+    "JOBS",
+    "JOBURG",
+    "JOT",
+    "JOY",
+    "JP",
+    "JPMORGAN",
+    "JPRS",
+    "JUEGOS",
+    "JUNIPER",
+    "KAUFEN",
+    "KDDI",
+    "KE",
+    "KERRYHOTELS",
+    "KERRYPROPERTIES",
+    "KFH",
+    "KG",
+    "KH",
+    "KI",
+    "KIA",
+    "KIDS",
+    "KIM",
+    "KINDLE",
+    "KITCHEN",
+    "KIWI",
+    "KM",
+    "KN",
+    "KOELN",
+    "KOMATSU",
+    "KOSHER",
+    "KP",
+    "KPMG",
+    "KPN",
+    "KR",
+    "KRD",
+    "KRED",
+    "KUOKGROUP",
+    "KW",
+    "KY",
+    "KYOTO",
+    "KZ",
+    "LA",
+    "LACAIXA",
+    "LAMBORGHINI",
+    "LAMER",
+    "LAND",
+    "LANDROVER",
+    "LANXESS",
+    "LASALLE",
+    "LAT",
+    "LATINO",
+    "LATROBE",
+    "LAW",
+    "LAWYER",
+    "LB",
+    "LC",
+    "LDS",
+    "LEASE",
+    "LECLERC",
+    "LEFRAK",
+    "LEGAL",
+    "LEGO",
+    "LEXUS",
+    "LGBT",
+    "LI",
+    "LIDL",
+    "LIFE",
+    "LIFEINSURANCE",
+    "LIFESTYLE",
+    "LIGHTING",
+    "LIKE",
+    "LILLY",
+    "LIMITED",
+    "LIMO",
+    "LINCOLN",
+    "LINK",
+    "LIVE",
+    "LIVING",
+    "LK",
+    "LLC",
+    "LLP",
+    "LOAN",
+    "LOANS",
+    "LOCKER",
+    "LOCUS",
+    "LOL",
+    "LONDON",
+    "LOTTE",
+    "LOTTO",
+    "LOVE",
+    "LPL",
+    "LPLFINANCIAL",
+    "LR",
+    "LS",
+    "LT",
+    "LTD",
+    "LTDA",
+    "LU",
+    "LUNDBECK",
+    "LUXE",
+    "LUXURY",
+    "LV",
+    "LY",
+    "MA",
+    "MADRID",
+    "MAIF",
+    "MAISON",
+    "MAKEUP",
+    "MAN",
+    "MANAGEMENT",
+    "MANGO",
+    "MAP",
+    "MARKET",
+    "MARKETING",
+    "MARKETS",
+    "MARRIOTT",
+    "MARSHALLS",
+    "MATTEL",
+    "MBA",
+    "MC",
+    "MCKINSEY",
+    "MD",
+    "ME",
+    "MED",
+    "MEDIA",
+    "MEET",
+    "MELBOURNE",
+    "MEME",
+    "MEMORIAL",
+    "MEN",
+    "MENU",
+    "MERCKMSD",
+    "MG",
+    "MH",
+    "MIAMI",
+    "MICROSOFT",
+    "MIL",
+    "MINI",
+    "MINT",
+    "MIT",
+    "MITSUBISHI",
+    "MK",
+    "ML",
+    "MLB",
+    "MLS",
+    "MM",
+    "MMA",
+    "MN",
+    "MO",
+    "MOBI",
+    "MOBILE",
+    "MODA",
+    "MOE",
+    "MOI",
+    "MOM",
+    "MONASH",
+    "MONEY",
+    "MONSTER",
+    "MORMON",
+    "MORTGAGE",
+    "MOSCOW",
+    "MOTO",
+    "MOTORCYCLES",
+    "MOV",
+    "MOVIE",
+    "MP",
+    "MQ",
+    "MR",
+    "MS",
+    "MSD",
+    "MT",
+    "MTN",
+    "MTR",
+    "MU",
+    "MUSEUM",
+    "MUSIC",
+    "MV",
+    "MW",
+    "MX",
+    "MY",
+    "MZ",
+    "NA",
+    "NAB",
+    "NAGOYA",
+    "NAME",
+    "NAVY",
+    "NBA",
+    "NC",
+    "NE",
+    "NEC",
+    "NET",
+    "NETBANK",
+    "NETFLIX",
+    "NETWORK",
+    "NEUSTAR",
+    "NEW",
+    "NEWS",
+    "NEXT",
+    "NEXTDIRECT",
+    "NEXUS",
+    "NF",
+    "NFL",
+    "NG",
+    "NGO",
+    "NHK",
+    "NI",
+    "NICO",
+    "NIKE",
+    "NIKON",
+    "NINJA",
+    "NISSAN",
+    "NISSAY",
+    "NL",
+    "NO",
+    "NOKIA",
+    "NORTON",
+    "NOW",
+    "NOWRUZ",
+    "NOWTV",
+    "NP",
+    "NR",
+    "NRA",
+    "NRW",
+    "NTT",
+    "NU",
+    "NYC",
+    "NZ",
+    "OBI",
+    "OBSERVER",
+    "OFFICE",
+    "OKINAWA",
+    "OLAYAN",
+    "OLAYANGROUP",
+    "OLLO",
+    "OM",
+    "OMEGA",
+    "ONE",
+    "ONG",
+    "ONL",
+    "ONLINE",
+    "OOO",
+    "OPEN",
+    "ORACLE",
+    "ORANGE",
+    "ORG",
+    "ORGANIC",
+    "ORIGINS",
+    "OSAKA",
+    "OTSUKA",
+    "OTT",
+    "OVH",
+    "PA",
+    "PAGE",
+    "PANASONIC",
+    "PARIS",
+    "PARS",
+    "PARTNERS",
+    "PARTS",
+    "PARTY",
+    "PAY",
+    "PCCW",
+    "PE",
+    "PET",
+    "PF",
+    "PFIZER",
+    "PG",
+    "PH",
+    "PHARMACY",
+    "PHD",
+    "PHILIPS",
+    "PHONE",
+    "PHOTO",
+    "PHOTOGRAPHY",
+    "PHOTOS",
+    "PHYSIO",
+    "PICS",
+    "PICTET",
+    "PICTURES",
+    "PID",
+    "PIN",
+    "PING",
+    "PINK",
+    "PIONEER",
+    "PIZZA",
+    "PK",
+    "PL",
+    "PLACE",
+    "PLAY",
+    "PLAYSTATION",
+    "PLUMBING",
+    "PLUS",
+    "PM",
+    "PN",
+    "PNC",
+    "POHL",
+    "POKER",
+    "POLITIE",
+    "PORN",
+    "POST",
+    "PR",
+    "PRAXI",
+    "PRESS",
+    "PRIME",
+    "PRO",
+    "PROD",
+    "PRODUCTIONS",
+    "PROF",
+    "PROGRESSIVE",
+    "PROMO",
+    "PROPERTIES",
+    "PROPERTY",
+    "PROTECTION",
+    "PRU",
+    "PRUDENTIAL",
+    "PS",
+    "PT",
+    "PUB",
+    "PW",
+    "PWC",
+    "PY",
+    "QA",
+    "QPON",
+    "QUEBEC",
+    "QUEST",
+    "RACING",
+    "RADIO",
+    "RE",
+    "READ",
+    "REALESTATE",
+    "REALTOR",
+    "REALTY",
+    "RECIPES",
+    "RED",
+    "REDSTONE",
+    "REDUMBRELLA",
+    "REHAB",
+    "REISE",
+    "REISEN",
+    "REIT",
+    "RELIANCE",
+    "REN",
+    "RENT",
+    "RENTALS",
+    "REPAIR",
+    "REPORT",
+    "REPUBLICAN",
+    "REST",
+    "RESTAURANT",
+    "REVIEW",
+    "REVIEWS",
+    "REXROTH",
+    "RICH",
+    "RICHARDLI",
+    "RICOH",
+    "RIL",
+    "RIO",
+    "RIP",
+    "RO",
+    "ROCKS",
+    "RODEO",
+    "ROGERS",
+    "ROOM",
+    "RS",
+    "RSVP",
+    "RU",
+    "RUGBY",
+    "RUHR",
+    "RUN",
+    "RW",
+    "RWE",
+    "RYUKYU",
+    "SA",
+    "SAARLAND",
+    "SAFE",
+    "SAFETY",
+    "SAKURA",
+    "SALE",
+    "SALON",
+    "SAMSCLUB",
+    "SAMSUNG",
+    "SANDVIK",
+    "SANDVIKCOROMANT",
+    "SANOFI",
+    "SAP",
+    "SARL",
+    "SAS",
+    "SAVE",
+    "SAXO",
+    "SB",
+    "SBI",
+    "SBS",
+    "SC",
+    "SCB",
+    "SCHAEFFLER",
+    "SCHMIDT",
+    "SCHOLARSHIPS",
+    "SCHOOL",
+    "SCHULE",
+    "SCHWARZ",
+    "SCIENCE",
+    "SCOT",
+    "SD",
+    "SE",
+    "SEARCH",
+    "SEAT",
+    "SECURE",
+    "SECURITY",
+    "SEEK",
+    "SELECT",
+    "SENER",
+    "SERVICES",
+    "SEVEN",
+    "SEW",
+    "SEX",
+    "SEXY",
+    "SFR",
+    "SG",
+    "SH",
+    "SHANGRILA",
+    "SHARP",
+    "SHELL",
+    "SHIA",
+    "SHIKSHA",
+    "SHOES",
+    "SHOP",
+    "SHOPPING",
+    "SHOUJI",
+    "SHOW",
+    "SI",
+    "SILK",
+    "SINA",
+    "SINGLES",
+    "SITE",
+    "SJ",
+    "SK",
+    "SKI",
+    "SKIN",
+    "SKY",
+    "SKYPE",
+    "SL",
+    "SLING",
+    "SM",
+    "SMART",
+    "SMILE",
+    "SN",
+    "SNCF",
+    "SO",
+    "SOCCER",
+    "SOCIAL",
+    "SOFTBANK",
+    "SOFTWARE",
+    "SOHU",
+    "SOLAR",
+    "SOLUTIONS",
+    "SONG",
+    "SONY",
+    "SOY",
+    "SPA",
+    "SPACE",
+    "SPORT",
+    "SPOT",
+    "SR",
+    "SRL",
+    "SS",
+    "ST",
+    "STADA",
+    "STAPLES",
+    "STAR",
+    "STATEBANK",
+    "STATEFARM",
+    "STC",
+    "STCGROUP",
+    "STOCKHOLM",
+    "STORAGE",
+    "STORE",
+    "STREAM",
+    "STUDIO",
+    "STUDY",
+    "STYLE",
+    "SU",
+    "SUCKS",
+    "SUPPLIES",
+    "SUPPLY",
+    "SUPPORT",
+    "SURF",
+    "SURGERY",
+    "SUZUKI",
+    "SV",
+    "SWATCH",
+    "SWISS",
+    "SX",
+    "SY",
+    "SYDNEY",
+    "SYSTEMS",
+    "SZ",
+    "TAB",
+    "TAIPEI",
+    "TALK",
+    "TAOBAO",
+    "TARGET",
+    "TATAMOTORS",
+    "TATAR",
+    "TATTOO",
+    "TAX",
+    "TAXI",
+    "TC",
+    "TCI",
+    "TD",
+    "TDK",
+    "TEAM",
+    "TECH",
+    "TECHNOLOGY",
+    "TEL",
+    "TEMASEK",
+    "TENNIS",
+    "TEVA",
+    "TF",
+    "TG",
+    "TH",
+    "THD",
+    "THEATER",
+    "THEATRE",
+    "TIAA",
+    "TICKETS",
+    "TIENDA",
+    "TIPS",
+    "TIRES",
+    "TIROL",
+    "TJ",
+    "TJMAXX",
+    "TJX",
+    "TK",
+    "TKMAXX",
+    "TL",
+    "TM",
+    "TMALL",
+    "TN",
+    "TO",
+    "TODAY",
+    "TOKYO",
+    "TOOLS",
+    "TOP",
+    "TORAY",
+    "TOSHIBA",
+    "TOTAL",
+    "TOURS",
+    "TOWN",
+    "TOYOTA",
+    "TOYS",
+    "TR",
+    "TRADE",
+    "TRADING",
+    "TRAINING",
+    "TRAVEL",
+    "TRAVELERS",
+    "TRAVELERSINSURANCE",
+    "TRUST",
+    "TRV",
+    "TT",
+    "TUBE",
+    "TUI",
+    "TUNES",
+    "TUSHU",
+    "TV",
+    "TVS",
+    "TW",
+    "TZ",
+    "UA",
+    "UBANK",
+    "UBS",
+    "UG",
+    "UK",
+    "UNICOM",
+    "UNIVERSITY",
+    "UNO",
+    "UOL",
+    "UPS",
+    "US",
+    "UY",
+    "UZ",
+    "VA",
+    "VACATIONS",
+    "VANA",
+    "VANGUARD",
+    "VC",
+    "VE",
+    "VEGAS",
+    "VENTURES",
+    "VERISIGN",
+    "VERSICHERUNG",
+    "VET",
+    "VG",
+    "VI",
+    "VIAJES",
+    "VIDEO",
+    "VIG",
+    "VIKING",
+    "VILLAS",
+    "VIN",
+    "VIP",
+    "VIRGIN",
+    "VISA",
+    "VISION",
+    "VIVA",
+    "VIVO",
+    "VLAANDEREN",
+    "VN",
+    "VODKA",
+    "VOLVO",
+    "VOTE",
+    "VOTING",
+    "VOTO",
+    "VOYAGE",
+    "VU",
+    "WALES",
+    "WALMART",
+    "WALTER",
+    "WANG",
+    "WANGGOU",
+    "WATCH",
+    "WATCHES",
+    "WEATHER",
+    "WEATHERCHANNEL",
+    "WEBCAM",
+    "WEBER",
+    "WEBSITE",
+    "WED",
+    "WEDDING",
+    "WEIBO",
+    "WEIR",
+    "WF",
+    "WHOSWHO",
+    "WIEN",
+    "WIKI",
+    "WILLIAMHILL",
+    "WIN",
+    "WINDOWS",
+    "WINE",
+    "WINNERS",
+    "WME",
+    "WOLTERSKLUWER",
+    "WOODSIDE",
+    "WORK",
+    "WORKS",
+    "WORLD",
+    "WOW",
+    "WS",
+    "WTC",
+    "WTF",
+    "XBOX",
+    "XEROX",
+    "XIHUAN",
+    "XIN",
+    "XN--11B4C3D",
+    "XN--1CK2E1B",
+    "XN--1QQW23A",
+    "XN--2SCRJ9C",
+    "XN--30RR7Y",
+    "XN--3BST00M",
+    "XN--3DS443G",
+    "XN--3E0B707E",
+    "XN--3HCRJ9C",
+    "XN--3PXU8K",
+    "XN--42C2D9A",
+    "XN--45BR5CYL",
+    "XN--45BRJ9C",
+    "XN--45Q11C",
+    "XN--4DBRK0CE",
+    "XN--4GBRIM",
+    "XN--54B7FTA0CC",
+    "XN--55QW42G",
+    "XN--55QX5D",
+    "XN--5SU34J936BGSG",
+    "XN--5TZM5G",
+    "XN--6FRZ82G",
+    "XN--6QQ986B3XL",
+    "XN--80ADXHKS",
+    "XN--80AO21A",
+    "XN--80AQECDR1A",
+    "XN--80ASEHDB",
+    "XN--80ASWG",
+    "XN--8Y0A063A",
+    "XN--90A3AC",
+    "XN--90AE",
+    "XN--90AIS",
+    "XN--9DBQ2A",
+    "XN--9ET52U",
+    "XN--9KRT00A",
+    "XN--B4W605FERD",
+    "XN--BCK1B9A5DRE4C",
+    "XN--C1AVG",
+    "XN--C2BR7G",
+    "XN--CCK2B3B",
+    "XN--CCKWCXETD",
+    "XN--CG4BKI",
+    "XN--CLCHC0EA0B2G2A9GCD",
+    "XN--CZR694B",
+    "XN--CZRS0T",
+    "XN--CZRU2D",
+    "XN--D1ACJ3B",
+    "XN--D1ALF",
+    "XN--E1A4C",
+    "XN--ECKVDTC9D",
+    "XN--EFVY88H",
+    "XN--FCT429K",
+    "XN--FHBEI",
+    "XN--FIQ228C5HS",
+    "XN--FIQ64B",
+    "XN--FIQS8S",
+    "XN--FIQZ9S",
+    "XN--FJQ720A",
+    "XN--FLW351E",
+    "XN--FPCRJ9C3D",
+    "XN--FZC2C9E2C",
+    "XN--FZYS8D69UVGM",
+    "XN--G2XX48C",
+    "XN--GCKR3F0F",
+    "XN--GECRJ9C",
+    "XN--GK3AT1E",
+    "XN--H2BREG3EVE",
+    "XN--H2BRJ9C",
+    "XN--H2BRJ9C8C",
+    "XN--HXT814E",
+    "XN--I1B6B1A6A2E",
+    "XN--IMR513N",
+    "XN--IO0A7I",
+    "XN--J1AEF",
+    "XN--J1AMH",
+    "XN--J6W193G",
+    "XN--JLQ480N2RG",
+    "XN--JVR189M",
+    "XN--KCRX77D1X4A",
+    "XN--KPRW13D",
+    "XN--KPRY57D",
+    "XN--KPUT3I",
+    "XN--L1ACC",
+    "XN--LGBBAT1AD8J",
+    "XN--MGB9AWBF",
+    "XN--MGBA3A3EJT",
+    "XN--MGBA3A4F16A",
+    "XN--MGBA7C0BBN0A",
+    "XN--MGBAAM7A8H",
+    "XN--MGBAB2BD",
+    "XN--MGBAH1A3HJKRD",
+    "XN--MGBAI9AZGQP6J",
+    "XN--MGBAYH7GPA",
+    "XN--MGBBH1A",
+    "XN--MGBBH1A71E",
+    "XN--MGBC0A9AZCG",
+    "XN--MGBCA7DZDO",
+    "XN--MGBCPQ6GPA1A",
+    "XN--MGBERP4A5D4AR",
+    "XN--MGBGU82A",
+    "XN--MGBI4ECEXP",
+    "XN--MGBPL2FH",
+    "XN--MGBT3DHD",
+    "XN--MGBTX2B",
+    "XN--MGBX4CD0AB",
+    "XN--MIX891F",
+    "XN--MK1BU44C",
+    "XN--MXTQ1M",
+    "XN--NGBC5AZD",
+    "XN--NGBE9E0A",
+    "XN--NGBRX",
+    "XN--NODE",
+    "XN--NQV7F",
+    "XN--NQV7FS00EMA",
+    "XN--NYQY26A",
+    "XN--O3CW4H",
+    "XN--OGBPF8FL",
+    "XN--OTU796D",
+    "XN--P1ACF",
+    "XN--P1AI",
+    "XN--PGBS0DH",
+    "XN--PSSY2U",
+    "XN--Q7CE6A",
+    "XN--Q9JYB4C",
+    "XN--QCKA1PMC",
+    "XN--QXA6A",
+    "XN--QXAM",
+    "XN--RHQV96G",
+    "XN--ROVU88B",
+    "XN--RVC1E0AM3E",
+    "XN--S9BRJ9C",
+    "XN--SES554G",
+    "XN--T60B56A",
+    "XN--TCKWE",
+    "XN--TIQ49XQYJ",
+    "XN--UNUP4Y",
+    "XN--VERMGENSBERATER-CTB",
+    "XN--VERMGENSBERATUNG-PWB",
+    "XN--VHQUV",
+    "XN--VUQ861B",
+    "XN--W4R85EL8FHU5DNRA",
+    "XN--W4RS40L",
+    "XN--WGBH1C",
+    "XN--WGBL6A",
+    "XN--XHQ521B",
+    "XN--XKC2AL3HYE2A",
+    "XN--XKC2DL3A5EE0H",
+    "XN--Y9A3AQ",
+    "XN--YFRO4I67O",
+    "XN--YGBI2AMMX",
+    "XN--ZFR164B",
+    "XXX",
+    "XYZ",
+    "YACHTS",
+    "YAHOO",
+    "YAMAXUN",
+    "YANDEX",
+    "YE",
+    "YODOBASHI",
+    "YOGA",
+    "YOKOHAMA",
+    "YOU",
+    "YOUTUBE",
+    "YT",
+    "YUN",
+    "ZA",
+    "ZAPPOS",
+    "ZARA",
+    "ZERO",
+    "ZIP",
+    "ZM",
+    "ZONE",
+    "ZUERICH",
+    "ZW",
+    ""
+];
diff --git a/server/middlewares/index.ts b/server/middlewares/index.ts
index 03d6f3bb..b1180995 100644
--- a/server/middlewares/index.ts
+++ b/server/middlewares/index.ts
@@ -1,5 +1,4 @@
 export * from "./notFound";
-export * from "./rateLimit";
 export * from "./formatError";
 export * from "./verifySession";
 export * from "./verifyUser";
@@ -14,9 +13,17 @@ export * from "./verifyAdmin";
 export * from "./verifySetResourceUsers";
 export * from "./verifyUserInRole";
 export * from "./verifyAccessTokenAccess";
+export * from "./requestTimeout";
+export * from "./verifyClientAccess";
+export * from "./verifyUserHasAction";
 export * from "./verifyUserIsServerAdmin";
 export * from "./verifyIsLoggedInUser";
+export * from "./verifyIsLoggedInUser";
+export * from "./verifyClientAccess";
 export * from "./integration";
 export * from "./verifyValidLicense";
 export * from "./verifyUserHasAction";
 export * from "./verifyApiKeyAccess";
+export * from "./verifyDomainAccess";
+export * from "./verifyClientsEnabled";
+export * from "./verifyUserIsOrgOwner";
diff --git a/server/middlewares/rateLimit.ts b/server/middlewares/rateLimit.ts
deleted file mode 100644
index 2098288f..00000000
--- a/server/middlewares/rateLimit.ts
+++ /dev/null
@@ -1,49 +0,0 @@
-import { rateLimit } from "express-rate-limit";
-import createHttpError from "http-errors";
-import { NextFunction, Request, Response } from "express";
-import logger from "@server/logger";
-import HttpCode from "@server/types/HttpCode";
-
-export function rateLimitMiddleware({
-    windowMin,
-    max,
-    type,
-    skipCondition,
-}: {
-    windowMin: number;
-    max: number;
-    type: "IP_ONLY" | "IP_AND_PATH";
-    skipCondition?: (req: Request, res: Response) => boolean;
-}) {
-    if (type === "IP_AND_PATH") {
-        return rateLimit({
-            windowMs: windowMin * 60 * 1000,
-            max,
-            skip: skipCondition,
-            keyGenerator: (req: Request) => {
-                return `${req.ip}-${req.path}`;
-            },
-            handler: (req: Request, res: Response, next: NextFunction) => {
-                const message = `Rate limit exceeded. You can make ${max} requests every ${windowMin} minute(s).`;
-                logger.warn(
-                    `Rate limit exceeded for IP ${req.ip} on path ${req.path}`,
-                );
-                return next(
-                    createHttpError(HttpCode.TOO_MANY_REQUESTS, message),
-                );
-            },
-        });
-    }
-    return rateLimit({
-        windowMs: windowMin * 60 * 1000,
-        max,
-        skip: skipCondition,
-        handler: (req: Request, res: Response, next: NextFunction) => {
-            const message = `Rate limit exceeded. You can make ${max} requests every ${windowMin} minute(s).`;
-            logger.warn(`Rate limit exceeded for IP ${req.ip}`);
-            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
-        },
-    });
-}
-
-export default rateLimitMiddleware;
diff --git a/server/middlewares/requestTimeout.ts b/server/middlewares/requestTimeout.ts
new file mode 100644
index 00000000..8b5852b7
--- /dev/null
+++ b/server/middlewares/requestTimeout.ts
@@ -0,0 +1,35 @@
+import { Request, Response, NextFunction } from 'express';
+import logger from '@server/logger';
+import createHttpError from 'http-errors';
+import HttpCode from '@server/types/HttpCode';
+
+export function requestTimeoutMiddleware(timeoutMs: number = 30000) {
+    return (req: Request, res: Response, next: NextFunction) => {
+        // Set a timeout for the request
+        const timeout = setTimeout(() => {
+            if (!res.headersSent) {
+                logger.error(`Request timeout: ${req.method} ${req.url} from ${req.ip}`);
+                return next(
+                    createHttpError(
+                        HttpCode.REQUEST_TIMEOUT,
+                        'Request timeout - operation took too long to complete'
+                    )
+                );
+            }
+        }, timeoutMs);
+
+        // Clear timeout when response finishes
+        res.on('finish', () => {
+            clearTimeout(timeout);
+        });
+
+        // Clear timeout when response closes
+        res.on('close', () => {
+            clearTimeout(timeout);
+        });
+
+        next();
+    };
+}
+
+export default requestTimeoutMiddleware;
diff --git a/server/middlewares/verifyClientAccess.ts b/server/middlewares/verifyClientAccess.ts
new file mode 100644
index 00000000..df45b541
--- /dev/null
+++ b/server/middlewares/verifyClientAccess.ts
@@ -0,0 +1,131 @@
+import { Request, Response, NextFunction } from "express";
+import { db } from "@server/db";
+import { userOrgs, clients, roleClients, userClients } from "@server/db";
+import { and, eq } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export async function verifyClientAccess(
+    req: Request,
+    res: Response,
+    next: NextFunction
+) {
+    const userId = req.user!.userId; // Assuming you have user information in the request
+    const clientId = parseInt(
+        req.params.clientId || req.body.clientId || req.query.clientId
+    );
+
+    if (!userId) {
+        return next(
+            createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
+        );
+    }
+
+    if (isNaN(clientId)) {
+        return next(createHttpError(HttpCode.BAD_REQUEST, "Invalid client ID"));
+    }
+
+    try {
+        // Get the client
+        const [client] = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.clientId, clientId))
+            .limit(1);
+
+        if (!client) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Client with ID ${clientId} not found`
+                )
+            );
+        }
+
+        if (!client.orgId) {
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    `Client with ID ${clientId} does not have an organization ID`
+                )
+            );
+        }
+
+        if (!req.userOrg) {
+            // Get user's role ID in the organization
+            const userOrgRole = await db
+                .select()
+                .from(userOrgs)
+                .where(
+                    and(
+                        eq(userOrgs.userId, userId),
+                        eq(userOrgs.orgId, client.orgId)
+                    )
+                )
+                .limit(1);
+            req.userOrg = userOrgRole[0];
+        }
+
+        if (!req.userOrg) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User does not have access to this organization"
+                )
+            );
+        }
+
+        const userOrgRoleId = req.userOrg.roleId;
+        req.userOrgRoleId = userOrgRoleId;
+        req.userOrgId = client.orgId;
+
+        // Check role-based site access first
+        const [roleClientAccess] = await db
+            .select()
+            .from(roleClients)
+            .where(
+                and(
+                    eq(roleClients.clientId, clientId),
+                    eq(roleClients.roleId, userOrgRoleId)
+                )
+            )
+            .limit(1);
+
+        if (roleClientAccess) {
+            // User has access to the site through their role
+            return next();
+        }
+
+        // If role doesn't have access, check user-specific site access
+        const [userClientAccess] = await db
+            .select()
+            .from(userClients)
+            .where(
+                and(
+                    eq(userClients.userId, userId),
+                    eq(userClients.clientId, clientId)
+                )
+            )
+            .limit(1);
+
+        if (userClientAccess) {
+            // User has direct access to the site
+            return next();
+        }
+
+        // If we reach here, the user doesn't have access to the site
+        return next(
+            createHttpError(
+                HttpCode.FORBIDDEN,
+                "User does not have access to this client"
+            )
+        );
+    } catch (error) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Error verifying site access"
+            )
+        );
+    }
+}
diff --git a/server/middlewares/verifyClientsEnabled.ts b/server/middlewares/verifyClientsEnabled.ts
new file mode 100644
index 00000000..6e8070da
--- /dev/null
+++ b/server/middlewares/verifyClientsEnabled.ts
@@ -0,0 +1,29 @@
+import { Request, Response, NextFunction } from "express";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+import config from "@server/lib/config";
+
+export async function verifyClientsEnabled(
+    req: Request,
+    res: Response,
+    next: NextFunction
+) {
+    try {
+        if (!config.getRawConfig().flags?.enable_clients) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_IMPLEMENTED,
+                    "Clients are not enabled on this server."
+                )
+            );
+        }
+        return next();
+    } catch (error) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Failed to check if clients are enabled"
+            )
+        );
+    }
+}
diff --git a/server/middlewares/verifyDomainAccess.ts b/server/middlewares/verifyDomainAccess.ts
new file mode 100644
index 00000000..a6daf451
--- /dev/null
+++ b/server/middlewares/verifyDomainAccess.ts
@@ -0,0 +1,93 @@
+import { Request, Response, NextFunction } from "express";
+import { db, domains, orgDomains } from "@server/db";
+import { userOrgs, apiKeyOrg } from "@server/db";
+import { and, eq } from "drizzle-orm";
+import createHttpError from "http-errors";
+import HttpCode from "@server/types/HttpCode";
+
+export async function verifyDomainAccess(
+    req: Request,
+    res: Response,
+    next: NextFunction
+) {
+    try {
+        const userId = req.user!.userId;
+        const domainId =
+            req.params.domainId || req.body.apiKeyId || req.query.apiKeyId;
+        const orgId = req.params.orgId;
+
+        if (!userId) {
+            return next(
+                createHttpError(HttpCode.UNAUTHORIZED, "User not authenticated")
+            );
+        }
+
+        if (!orgId) {
+            return next(
+                createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
+            );
+        }
+
+        if (!domainId) {
+            return next(
+                createHttpError(HttpCode.BAD_REQUEST, "Invalid domain ID")
+            );
+        }
+
+        const [domain] = await db
+            .select()
+            .from(domains)
+            .innerJoin(orgDomains, eq(orgDomains.domainId, domains.domainId))
+            .where(
+                and(
+                    eq(orgDomains.domainId, domainId),
+                    eq(orgDomains.orgId, orgId)
+                )
+            )
+            .limit(1);
+
+        if (!domain.orgDomains) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Domain with ID ${domainId} not found`
+                )
+            );
+        }
+
+        if (!req.userOrg) {
+            const userOrgRole = await db
+                .select()
+                .from(userOrgs)
+                .where(
+                    and(
+                        eq(userOrgs.userId, userId),
+                        eq(userOrgs.orgId, apiKeyOrg.orgId)
+                    )
+                )
+                .limit(1);
+            req.userOrg = userOrgRole[0];
+        }
+
+        if (!req.userOrg) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User does not have access to this organization"
+                )
+            );
+        }
+
+        const userOrgRoleId = req.userOrg.roleId;
+        req.userOrgRoleId = userOrgRoleId;
+
+        return next();
+    } catch (error) {
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Error verifying domain access"
+            )
+        );
+    }
+}
diff --git a/server/openApi.ts b/server/openApi.ts
index 4df6cbdd..32cdb67b 100644
--- a/server/openApi.ts
+++ b/server/openApi.ts
@@ -14,5 +14,6 @@ export enum OpenAPITags {
     AccessToken = "Access Token",
     Idp = "Identity Provider",
     Client = "Client",
-    ApiKey = "API Key"
+    ApiKey = "API Key",
+    Domain = "Domain"
 }
diff --git a/server/routers/auth/requestTotpSecret.ts b/server/routers/auth/requestTotpSecret.ts
index 475e2dac..753867b6 100644
--- a/server/routers/auth/requestTotpSecret.ts
+++ b/server/routers/auth/requestTotpSecret.ts
@@ -112,7 +112,11 @@ export async function requestTotpSecret(
 
         const hex = crypto.getRandomValues(new Uint8Array(20));
         const secret = encodeHex(hex);
-        const uri = createTOTPKeyURI("Pangolin", user.email!, hex);
+        const uri = createTOTPKeyURI(
+            "Pangolin",
+            user.email!,
+            hex
+        );
 
         await db
             .update(users)
diff --git a/server/routers/auth/securityKey.ts b/server/routers/auth/securityKey.ts
index 4e642ece..dad3c692 100644
--- a/server/routers/auth/securityKey.ts
+++ b/server/routers/auth/securityKey.ts
@@ -107,7 +107,8 @@ async function clearChallenge(sessionId: string) {
 
 export const registerSecurityKeyBody = z.object({
     name: z.string().min(1),
-    password: z.string().min(1)
+    password: z.string().min(1),
+    code: z.string().optional()
 }).strict();
 
 export const verifyRegistrationBody = z.object({
@@ -143,7 +144,7 @@ export async function startRegistration(
         );
     }
 
-    const { name, password } = parsedBody.data;
+    const { name, password, code } = parsedBody.data;
     const user = req.user as User;
 
     // Only allow internal users to use security keys
@@ -163,6 +164,39 @@ export async function startRegistration(
             return next(unauthorized());
         }
 
+        // If user has 2FA enabled, require and verify the code
+        if (user.twoFactorEnabled) {
+            if (!code) {
+                return response<{ codeRequested: boolean }>(res, {
+                    data: { codeRequested: true },
+                    success: true,
+                    error: false,
+                    message: "Two-factor authentication required",
+                    status: HttpCode.ACCEPTED
+                });
+            }
+
+            const validOTP = await verifyTotpCode(
+                code,
+                user.twoFactorSecret!,
+                user.userId
+            );
+
+            if (!validOTP) {
+                if (config.getRawConfig().app.log_failed_attempts) {
+                    logger.info(
+                        `Two-factor code incorrect. Email: ${user.email}. IP: ${req.ip}.`
+                    );
+                }
+                return next(
+                    createHttpError(
+                        HttpCode.UNAUTHORIZED,
+                        "The two-factor code you entered is incorrect"
+                    )
+                );
+            }
+        }
+
         // Get existing security keys for user
         const existingSecurityKeys = await db
             .select()
diff --git a/server/routers/auth/signup.ts b/server/routers/auth/signup.ts
index a248ff07..aabebbbe 100644
--- a/server/routers/auth/signup.ts
+++ b/server/routers/auth/signup.ts
@@ -1,8 +1,7 @@
 import { NextFunction, Request, Response } from "express";
-import { db } from "@server/db";
+import { db, users } from "@server/db";
 import HttpCode from "@server/types/HttpCode";
 import { z } from "zod";
-import { users } from "@server/db";
 import { fromError } from "zod-validation-error";
 import createHttpError from "http-errors";
 import response from "@server/lib/response";
@@ -57,9 +56,6 @@ export async function signup(
     }
 
     const { name, email, password, inviteToken, inviteId } = parsedBody.data;
-
-    logger.debug("signup", { name, email, password, inviteToken, inviteId });
-
     const passwordHash = await hashPassword(password);
     const userId = generateId(15);
 
@@ -144,15 +140,21 @@ export async function signup(
 
             if (diff < 2) {
                 // If the user was created less than 2 hours ago, we don't want to create a new user
-                return response<SignUpResponse>(res, {
-                    data: {
-                        emailVerificationRequired: true
-                    },
-                    success: true,
-                    error: false,
-                    message: `A user with that email address already exists. We sent an email to ${email} with a verification code.`,
-                    status: HttpCode.OK
-                });
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "A user with that email address already exists"
+                    )
+                );
+                // return response<SignUpResponse>(res, {
+                //     data: {
+                //         emailVerificationRequired: true
+                //     },
+                //     success: true,
+                //     error: false,
+                //     message: `A user with that email address already exists. We sent an email to ${email} with a verification code.`,
+                //     status: HttpCode.OK
+                // });
             } else {
                 // If the user was created more than 2 hours ago, we want to delete the old user and create a new one
                 await db.delete(users).where(eq(users.userId, user.userId));
diff --git a/server/routers/auth/verifyEmail.ts b/server/routers/auth/verifyEmail.ts
index f707de22..97ab540b 100644
--- a/server/routers/auth/verifyEmail.ts
+++ b/server/routers/auth/verifyEmail.ts
@@ -4,7 +4,7 @@ import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import HttpCode from "@server/types/HttpCode";
 import { response } from "@server/lib";
-import { db } from "@server/db";
+import { db, userOrgs } from "@server/db";
 import { User, emailVerificationCodes, users } from "@server/db";
 import { eq } from "drizzle-orm";
 import { isWithinExpirationDate } from "oslo";
diff --git a/server/routers/auth/verifyTotp.ts b/server/routers/auth/verifyTotp.ts
index b2dfaf7d..35aae8d1 100644
--- a/server/routers/auth/verifyTotp.ts
+++ b/server/routers/auth/verifyTotp.ts
@@ -75,6 +75,14 @@ export async function verifyTotp(
                     )
                 );
             user = res;
+
+            const validPassword = await verifyPassword(
+                password,
+                user.passwordHash!
+            );
+            if (!validPassword) {
+                return next(unauthorized());
+            }
         }
 
         if (!user) {
@@ -90,25 +98,6 @@ export async function verifyTotp(
                 )
             );
         }
-
-        // Add type guard to ensure password is defined
-        if (!password) {
-            return next(
-                createHttpError(
-                    HttpCode.BAD_REQUEST,
-                    "Password is required for two-factor authentication"
-                )
-            );
-        }
-
-        const validPassword = await verifyPassword(
-            password,
-            user.passwordHash!
-        );
-        if (!validPassword) {
-            return next(unauthorized());
-        }
-
         if (user.type !== UserType.Internal) {
             return next(
                 createHttpError(
diff --git a/server/routers/client/createClient.ts b/server/routers/client/createClient.ts
new file mode 100644
index 00000000..34aef346
--- /dev/null
+++ b/server/routers/client/createClient.ts
@@ -0,0 +1,261 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import {
+    roles,
+    Client,
+    clients,
+    roleClients,
+    userClients,
+    olms,
+    clientSites,
+    exitNodes,
+    orgs,
+    sites
+} from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { eq, and } from "drizzle-orm";
+import { fromError } from "zod-validation-error";
+import moment from "moment";
+import { hashPassword } from "@server/auth/password";
+import { isValidCIDR, isValidIP } from "@server/lib/validators";
+import { isIpInCidr } from "@server/lib/ip";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const createClientParamsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
+const createClientSchema = z
+    .object({
+        name: z.string().min(1).max(255),
+        siteIds: z.array(z.number().int().positive()),
+        olmId: z.string(),
+        secret: z.string(),
+        subnet: z.string(),
+        type: z.enum(["olm"])
+    })
+    .strict();
+
+export type CreateClientBody = z.infer<typeof createClientSchema>;
+
+export type CreateClientResponse = Client;
+
+registry.registerPath({
+    method: "put",
+    path: "/org/{orgId}/client",
+    description: "Create a new client.",
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    request: {
+        params: createClientParamsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: createClientSchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function createClient(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedBody = createClientSchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { name, type, siteIds, olmId, secret, subnet } = parsedBody.data;
+
+        const parsedParams = createClientParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
+
+        if (req.user && !req.userOrgRoleId) {
+            return next(
+                createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
+            );
+        }
+
+        if (!isValidIP(subnet)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Invalid subnet format. Please provide a valid CIDR notation."
+                )
+            );
+        }
+
+        const [org] = await db.select().from(orgs).where(eq(orgs.orgId, orgId));
+
+        if (!org) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Organization with ID ${orgId} not found`
+                )
+            );
+        }
+
+        if (!org.subnet) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `Organization with ID ${orgId} has no subnet defined`
+                )
+            );
+        }
+
+        if (!isIpInCidr(subnet, org.subnet)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "IP is not in the CIDR range of the subnet."
+                )
+            );
+        }
+
+        const updatedSubnet = `${subnet}/${org.subnet.split("/")[1]}`; // we want the block size of the whole org
+
+        // make sure the subnet is unique
+        const subnetExistsClients = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.subnet, updatedSubnet))
+            .limit(1);
+
+        if (subnetExistsClients.length > 0) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    `Subnet ${subnet} already exists`
+                )
+            );
+        }
+
+        const subnetExistsSites = await db
+            .select()
+            .from(sites)
+            .where(eq(sites.address, updatedSubnet))
+            .limit(1);
+
+        if (subnetExistsSites.length > 0) {
+            return next(
+                createHttpError(
+                    HttpCode.CONFLICT,
+                    `Subnet ${subnet} already exists`
+                )
+            );
+        }
+
+        await db.transaction(async (trx) => {
+            // TODO: more intelligent way to pick the exit node
+
+            // make sure there is an exit node by counting the exit nodes table
+            const nodes = await db.select().from(exitNodes);
+            if (nodes.length === 0) {
+                return next(
+                    createHttpError(
+                        HttpCode.NOT_FOUND,
+                        "No exit nodes available"
+                    )
+                );
+            }
+
+            // get the first exit node
+            const exitNode = nodes[0];
+
+            const adminRole = await trx
+                .select()
+                .from(roles)
+                .where(and(eq(roles.isAdmin, true), eq(roles.orgId, orgId)))
+                .limit(1);
+
+            if (adminRole.length === 0) {
+                trx.rollback();
+                return next(
+                    createHttpError(HttpCode.NOT_FOUND, `Admin role not found`)
+                );
+            }
+
+            const [newClient] = await trx
+                .insert(clients)
+                .values({
+                    exitNodeId: exitNode.exitNodeId,
+                    orgId,
+                    name,
+                    subnet: updatedSubnet,
+                    type
+                })
+                .returning();
+
+            await trx.insert(roleClients).values({
+                roleId: adminRole[0].roleId,
+                clientId: newClient.clientId
+            });
+
+            if (req.user && req.userOrgRoleId != adminRole[0].roleId) {
+                // make sure the user can access the site
+                trx.insert(userClients).values({
+                    userId: req.user?.userId!,
+                    clientId: newClient.clientId
+                });
+            }
+
+            // Create site to client associations
+            if (siteIds && siteIds.length > 0) {
+                await trx.insert(clientSites).values(
+                    siteIds.map((siteId) => ({
+                        clientId: newClient.clientId,
+                        siteId
+                    }))
+                );
+            }
+
+            const secretHash = await hashPassword(secret);
+
+            await trx.insert(olms).values({
+                olmId,
+                secretHash,
+                clientId: newClient.clientId,
+                dateCreated: moment().toISOString()
+            });
+
+            return response<CreateClientResponse>(res, {
+                data: newClient,
+                success: true,
+                error: false,
+                message: "Site created successfully",
+                status: HttpCode.CREATED
+            });
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/client/deleteClient.ts b/server/routers/client/deleteClient.ts
new file mode 100644
index 00000000..a7512574
--- /dev/null
+++ b/server/routers/client/deleteClient.ts
@@ -0,0 +1,88 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import { clients, clientSites } from "@server/db";
+import { eq } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const deleteClientSchema = z
+    .object({
+        clientId: z.string().transform(Number).pipe(z.number().int().positive())
+    })
+    .strict();
+
+registry.registerPath({
+    method: "delete",
+    path: "/client/{clientId}",
+    description: "Delete a client by its client ID.",
+    tags: [OpenAPITags.Client],
+    request: {
+        params: deleteClientSchema
+    },
+    responses: {}
+});
+
+export async function deleteClient(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = deleteClientSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { clientId } = parsedParams.data;
+
+        const [client] = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.clientId, clientId))
+            .limit(1);
+
+        if (!client) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Client with ID ${clientId} not found`
+                )
+            );
+        }
+
+        await db.transaction(async (trx) => {
+            // Delete the client-site associations first
+            await trx
+                .delete(clientSites)
+                .where(eq(clientSites.clientId, clientId));
+
+            // Then delete the client itself
+            await trx
+                .delete(clients)
+                .where(eq(clients.clientId, clientId));
+        });
+
+        return response(res, {
+            data: null,
+            success: true,
+            error: false,
+            message: "Client deleted successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/client/getClient.ts b/server/routers/client/getClient.ts
new file mode 100644
index 00000000..46f31b8c
--- /dev/null
+++ b/server/routers/client/getClient.ts
@@ -0,0 +1,101 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import { clients, clientSites } from "@server/db";
+import { eq, and } from "drizzle-orm";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import stoi from "@server/lib/stoi";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const getClientSchema = z
+    .object({
+        clientId: z.string().transform(stoi).pipe(z.number().int().positive()),
+        orgId: z.string().optional()
+    })
+    .strict();
+
+async function query(clientId: number) {
+    // Get the client
+    const [client] = await db
+        .select()
+        .from(clients)
+        .where(eq(clients.clientId, clientId))
+        .limit(1);
+    
+    if (!client) {
+        return null;
+    }
+    
+    // Get the siteIds associated with this client
+    const sites = await db
+        .select({ siteId: clientSites.siteId })
+        .from(clientSites)
+        .where(eq(clientSites.clientId, clientId));
+    
+    // Add the siteIds to the client object
+    return {
+        ...client,
+        siteIds: sites.map(site => site.siteId)
+    };
+}
+
+export type GetClientResponse = NonNullable<Awaited<ReturnType<typeof query>>>;
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/client/{clientId}",
+    description: "Get a client by its client ID.",
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    request: {
+        params: getClientSchema
+    },
+    responses: {}
+});
+
+export async function getClient(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = getClientSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            logger.error(
+                `Error parsing params: ${fromError(parsedParams.error).toString()}`
+            );
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { clientId } = parsedParams.data;
+
+        const client = await query(clientId);
+
+        if (!client) {
+            return next(
+                createHttpError(HttpCode.NOT_FOUND, "Client not found")
+            );
+        }
+
+        return response<GetClientResponse>(res, {
+            data: client,
+            success: true,
+            error: false,
+            message: "Client retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/routers/client/index.ts b/server/routers/client/index.ts
new file mode 100644
index 00000000..385c7bed
--- /dev/null
+++ b/server/routers/client/index.ts
@@ -0,0 +1,6 @@
+export * from "./pickClientDefaults";
+export * from "./createClient";
+export * from "./deleteClient";
+export * from "./listClients";
+export * from "./updateClient";
+export * from "./getClient";
\ No newline at end of file
diff --git a/server/routers/client/listClients.ts b/server/routers/client/listClients.ts
new file mode 100644
index 00000000..ff03b2e0
--- /dev/null
+++ b/server/routers/client/listClients.ts
@@ -0,0 +1,229 @@
+import { db } from "@server/db";
+import {
+    clients,
+    orgs,
+    roleClients,
+    sites,
+    userClients,
+    clientSites
+} from "@server/db";
+import logger from "@server/logger";
+import HttpCode from "@server/types/HttpCode";
+import response from "@server/lib/response";
+import { and, count, eq, inArray, or, sql } from "drizzle-orm";
+import { NextFunction, Request, Response } from "express";
+import createHttpError from "http-errors";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+const listClientsParamsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
+const listClientsSchema = z.object({
+    limit: z
+        .string()
+        .optional()
+        .default("1000")
+        .transform(Number)
+        .pipe(z.number().int().positive()),
+    offset: z
+        .string()
+        .optional()
+        .default("0")
+        .transform(Number)
+        .pipe(z.number().int().nonnegative())
+});
+
+function queryClients(orgId: string, accessibleClientIds: number[]) {
+    return db
+        .select({
+            clientId: clients.clientId,
+            orgId: clients.orgId,
+            name: clients.name,
+            pubKey: clients.pubKey,
+            subnet: clients.subnet,
+            megabytesIn: clients.megabytesIn,
+            megabytesOut: clients.megabytesOut,
+            orgName: orgs.name,
+            type: clients.type,
+            online: clients.online
+        })
+        .from(clients)
+        .leftJoin(orgs, eq(clients.orgId, orgs.orgId))
+        .where(
+            and(
+                inArray(clients.clientId, accessibleClientIds),
+                eq(clients.orgId, orgId)
+            )
+        );
+}
+
+async function getSiteAssociations(clientIds: number[]) {
+    if (clientIds.length === 0) return [];
+
+    return db
+        .select({
+            clientId: clientSites.clientId,
+            siteId: clientSites.siteId,
+            siteName: sites.name,
+            siteNiceId: sites.niceId
+        })
+        .from(clientSites)
+        .leftJoin(sites, eq(clientSites.siteId, sites.siteId))
+        .where(inArray(clientSites.clientId, clientIds));
+}
+
+export type ListClientsResponse = {
+    clients: Array<Awaited<ReturnType<typeof queryClients>>[0] & { sites: Array<{
+        siteId: number;
+        siteName: string | null;
+        siteNiceId: string | null;
+    }> }>;
+    pagination: { total: number; limit: number; offset: number };
+};
+
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/clients",
+    description: "List all clients for an organization.",
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
+    request: {
+        query: listClientsSchema,
+        params: listClientsParamsSchema
+    },
+    responses: {}
+});
+
+export async function listClients(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedQuery = listClientsSchema.safeParse(req.query);
+        if (!parsedQuery.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedQuery.error)
+                )
+            );
+        }
+        const { limit, offset } = parsedQuery.data;
+
+        const parsedParams = listClientsParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error)
+                )
+            );
+        }
+        const { orgId } = parsedParams.data;
+
+        if (req.user && orgId && orgId !== req.userOrgId) {
+            return next(
+                createHttpError(
+                    HttpCode.FORBIDDEN,
+                    "User does not have access to this organization"
+                )
+            );
+        }
+
+        let accessibleClients;
+        if (req.user) {
+            accessibleClients = await db
+                .select({
+                    clientId: sql<number>`COALESCE(${userClients.clientId}, ${roleClients.clientId})`
+                })
+                .from(userClients)
+                .fullJoin(
+                    roleClients,
+                    eq(userClients.clientId, roleClients.clientId)
+                )
+                .where(
+                    or(
+                        eq(userClients.userId, req.user!.userId),
+                        eq(roleClients.roleId, req.userOrgRoleId!)
+                    )
+                );
+        } else {
+            accessibleClients = await db
+                .select({ clientId: clients.clientId })
+                .from(clients)
+                .where(eq(clients.orgId, orgId));
+        }
+
+        const accessibleClientIds = accessibleClients.map(
+            (client) => client.clientId
+        );
+        const baseQuery = queryClients(orgId, accessibleClientIds);
+
+        // Get client count
+        const countQuery = db
+            .select({ count: count() })
+            .from(clients)
+            .where(
+                and(
+                    inArray(clients.clientId, accessibleClientIds),
+                    eq(clients.orgId, orgId)
+                )
+            );
+
+        const clientsList = await baseQuery.limit(limit).offset(offset);
+        const totalCountResult = await countQuery;
+        const totalCount = totalCountResult[0].count;
+
+        // Get associated sites for all clients
+        const clientIds = clientsList.map(client => client.clientId);
+        const siteAssociations = await getSiteAssociations(clientIds);
+
+        // Group site associations by client ID
+        const sitesByClient = siteAssociations.reduce((acc, association) => {
+            if (!acc[association.clientId]) {
+                acc[association.clientId] = [];
+            }
+            acc[association.clientId].push({
+                siteId: association.siteId,
+                siteName: association.siteName,
+                siteNiceId: association.siteNiceId
+            });
+            return acc;
+        }, {} as Record<number, Array<{
+            siteId: number;
+            siteName: string | null;
+            siteNiceId: string | null;
+        }>>);
+
+        // Merge clients with their site associations
+        const clientsWithSites = clientsList.map(client => ({
+            ...client,
+            sites: sitesByClient[client.clientId] || []
+        }));
+
+        return response<ListClientsResponse>(res, {
+            data: {
+                clients: clientsWithSites,
+                pagination: {
+                    total: totalCount,
+                    limit,
+                    offset
+                }
+            },
+            success: true,
+            error: false,
+            message: "Clients retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/client/pickClientDefaults.ts b/server/routers/client/pickClientDefaults.ts
new file mode 100644
index 00000000..b1459400
--- /dev/null
+++ b/server/routers/client/pickClientDefaults.ts
@@ -0,0 +1,85 @@
+import { Request, Response, NextFunction } from "express";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { generateId } from "@server/auth/sessions/app";
+import { getNextAvailableClientSubnet } from "@server/lib/ip";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+
+export type PickClientDefaultsResponse = {
+    olmId: string;
+    olmSecret: string;
+    subnet: string;
+};
+
+const pickClientDefaultsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
+registry.registerPath({
+    method: "get",
+    path: "/site/{siteId}/pick-client-defaults",
+    description: "Return pre-requisite data for creating a client.",
+    tags: [OpenAPITags.Client, OpenAPITags.Site],
+    request: {
+        params: pickClientDefaultsSchema
+    },
+    responses: {}
+});
+
+export async function pickClientDefaults(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedParams = pickClientDefaultsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
+
+        const olmId = generateId(15);
+        const secret = generateId(48);
+
+        const newSubnet = await getNextAvailableClientSubnet(orgId);
+        if (!newSubnet) {
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "No available subnet found"
+                )
+            );
+        }
+
+        const subnet = newSubnet.split("/")[0];
+
+        return response<PickClientDefaultsResponse>(res, {
+            data: {
+                olmId: olmId,
+                olmSecret: secret,
+                subnet: subnet
+            },
+            success: true,
+            error: false,
+            message: "Organization retrieved successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/client/updateClient.ts b/server/routers/client/updateClient.ts
new file mode 100644
index 00000000..87bb3c47
--- /dev/null
+++ b/server/routers/client/updateClient.ts
@@ -0,0 +1,225 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db } from "@server/db";
+import { clients, clientSites } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { eq, and } from "drizzle-orm";
+import { fromError } from "zod-validation-error";
+import { OpenAPITags, registry } from "@server/openApi";
+import {
+    addPeer as newtAddPeer,
+    deletePeer as newtDeletePeer
+} from "../newt/peers";
+import {
+    addPeer as olmAddPeer,
+    deletePeer as olmDeletePeer
+} from "../olm/peers";
+
+const updateClientParamsSchema = z
+    .object({
+        clientId: z.string().transform(Number).pipe(z.number().int().positive())
+    })
+    .strict();
+
+const updateClientSchema = z
+    .object({
+        name: z.string().min(1).max(255).optional(),
+        siteIds: z
+            .array(z.string().transform(Number).pipe(z.number()))
+            .optional()
+    })
+    .strict();
+
+export type UpdateClientBody = z.infer<typeof updateClientSchema>;
+
+registry.registerPath({
+    method: "post",
+    path: "/client/{clientId}",
+    description: "Update a client by its client ID.",
+    tags: [OpenAPITags.Client],
+    request: {
+        params: updateClientParamsSchema,
+        body: {
+            content: {
+                "application/json": {
+                    schema: updateClientSchema
+                }
+            }
+        }
+    },
+    responses: {}
+});
+
+export async function updateClient(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedBody = updateClientSchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { name, siteIds } = parsedBody.data;
+
+        const parsedParams = updateClientParamsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { clientId } = parsedParams.data;
+
+        // Fetch the client to make sure it exists and the user has access to it
+        const [client] = await db
+            .select()
+            .from(clients)
+            .where(eq(clients.clientId, clientId))
+            .limit(1);
+
+        if (!client) {
+            return next(
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Client with ID ${clientId} not found`
+                )
+            );
+        }
+
+        if (siteIds) {
+            let sitesAdded = [];
+            let sitesRemoved = [];
+
+            // Fetch existing site associations
+            const existingSites = await db
+                .select({ siteId: clientSites.siteId })
+                .from(clientSites)
+                .where(eq(clientSites.clientId, clientId));
+
+            const existingSiteIds = existingSites.map((site) => site.siteId);
+
+            // Determine which sites were added and removed
+            sitesAdded = siteIds.filter(
+                (siteId) => !existingSiteIds.includes(siteId)
+            );
+            sitesRemoved = existingSiteIds.filter(
+                (siteId) => !siteIds.includes(siteId)
+            );
+
+            logger.info(
+                `Adding ${sitesAdded.length} new sites to client ${client.clientId}`
+            );
+            for (const siteId of sitesAdded) {
+                if (!client.subnet || !client.pubKey || !client.endpoint) {
+                    logger.debug("Client subnet, pubKey or endpoint is not set");
+                    continue;
+                }
+
+                const site = await newtAddPeer(siteId, {
+                    publicKey: client.pubKey,
+                    allowedIps: [`${client.subnet.split("/")[0]}/32`], // we want to only allow from that client
+                    endpoint: client.endpoint
+                });
+                if (!site) {
+                    logger.debug("Failed to add peer to newt - missing site");
+                    continue;
+                }
+
+                if (!site.endpoint || !site.publicKey) {
+                    logger.debug("Site endpoint or publicKey is not set");
+                    continue;
+                }
+                await olmAddPeer(client.clientId, {
+                    siteId: siteId,
+                    endpoint: site.endpoint,
+                    publicKey: site.publicKey,
+                    serverIP: site.address,
+                    serverPort: site.listenPort
+                });
+            }
+
+            logger.info(
+                `Removing ${sitesRemoved.length} sites from client ${client.clientId}`
+            );
+            for (const siteId of sitesRemoved) {
+                if (!client.pubKey) {
+                    logger.debug("Client pubKey is not set");
+                    continue;
+                }
+                const site = await newtDeletePeer(siteId, client.pubKey);
+                if (!site) {
+                    logger.debug(
+                        "Failed to delete peer from newt - missing site"
+                    );
+                    continue;
+                }
+                if (!site.endpoint || !site.publicKey) {
+                    logger.debug("Site endpoint or publicKey is not set");
+                    continue;
+                }
+                await olmDeletePeer(client.clientId, site.siteId, site.publicKey);
+            }
+        }
+
+        await db.transaction(async (trx) => {
+            // Update client name if provided
+            if (name) {
+                await trx
+                    .update(clients)
+                    .set({ name })
+                    .where(eq(clients.clientId, clientId));
+            }
+
+            // Update site associations if provided
+            if (siteIds) {
+                // Delete existing site associations
+                await trx
+                    .delete(clientSites)
+                    .where(eq(clientSites.clientId, clientId));
+
+                // Create new site associations
+                if (siteIds.length > 0) {
+                    await trx.insert(clientSites).values(
+                        siteIds.map((siteId) => ({
+                            clientId,
+                            siteId
+                        }))
+                    );
+                }
+            }
+
+            // Fetch the updated client
+            const [updatedClient] = await trx
+                .select()
+                .from(clients)
+                .where(eq(clients.clientId, clientId))
+                .limit(1);
+
+            return response(res, {
+                data: updatedClient,
+                success: true,
+                error: false,
+                message: "Client updated successfully",
+                status: HttpCode.OK
+            });
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/domain/createOrgDomain.ts b/server/routers/domain/createOrgDomain.ts
new file mode 100644
index 00000000..b401409b
--- /dev/null
+++ b/server/routers/domain/createOrgDomain.ts
@@ -0,0 +1,290 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, Domain, domains, OrgDomains, orgDomains } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { subdomainSchema } from "@server/lib/schemas";
+import { generateId } from "@server/auth/sessions/app";
+import { eq, and } from "drizzle-orm";
+import { isValidDomain } from "@server/lib/validators";
+import { build } from "@server/build";
+
+const paramsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
+const bodySchema = z
+    .object({
+        type: z.enum(["ns", "cname", "wildcard"]),
+        baseDomain: subdomainSchema
+    })
+    .strict();
+
+export type CreateDomainResponse = {
+    domainId: string;
+    nsRecords?: string[];
+    cnameRecords?: { baseDomain: string; value: string }[];
+    aRecords?: { baseDomain: string; value: string }[];
+    txtRecords?: { baseDomain: string; value: string }[];
+};
+
+// Helper to check if a domain is a subdomain or equal to another domain
+function isSubdomainOrEqual(a: string, b: string): boolean {
+    const aParts = a.toLowerCase().split(".");
+    const bParts = b.toLowerCase().split(".");
+    if (aParts.length < bParts.length) return false;
+    return aParts.slice(-bParts.length).join(".") === bParts.join(".");
+}
+
+export async function createOrgDomain(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsedBody = bodySchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const parsedParams = paramsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
+        const { type, baseDomain } = parsedBody.data;
+
+        if (build == "oss") {
+            if (type !== "wildcard") {
+                return next(
+                    createHttpError(
+                        HttpCode.NOT_IMPLEMENTED,
+                        "Creating NS or CNAME records is not supported"
+                    )
+                );
+            }
+        } else if (build == "enterprise" || build == "saas") {
+            if (type !== "ns" && type !== "cname") {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Invalid domain type. Only NS, CNAME are allowed."
+                    )
+                );
+            }
+        }
+
+        // Validate organization exists
+        if (!isValidDomain(baseDomain)) {
+            return next(
+                createHttpError(HttpCode.BAD_REQUEST, "Invalid domain format")
+            );
+        }
+
+        let numOrgDomains: OrgDomains[] | undefined;
+        let aRecords: CreateDomainResponse["aRecords"];
+        let cnameRecords: CreateDomainResponse["cnameRecords"];
+        let txtRecords: CreateDomainResponse["txtRecords"];
+        let nsRecords: CreateDomainResponse["nsRecords"];
+        let returned: Domain | undefined;
+
+        await db.transaction(async (trx) => {
+            const [existing] = await trx
+                .select()
+                .from(domains)
+                .where(
+                    and(
+                        eq(domains.baseDomain, baseDomain),
+                        eq(domains.type, type)
+                    )
+                )
+                .leftJoin(
+                    orgDomains,
+                    eq(orgDomains.domainId, domains.domainId)
+                );
+
+            if (existing) {
+                const {
+                    domains: existingDomain,
+                    orgDomains: existingOrgDomain
+                } = existing;
+
+                // user alrady added domain to this account
+                // always reject
+                if (existingOrgDomain?.orgId === orgId) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            "Domain is already added to this org"
+                        )
+                    );
+                }
+
+                // domain already exists elsewhere
+                // check if it's already fully verified
+                if (existingDomain.verified) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            "Domain is already verified to an org"
+                        )
+                    );
+                }
+            }
+
+            // --- Domain overlap logic ---
+            // Only consider existing verified domains
+            const verifiedDomains = await trx
+                .select()
+                .from(domains)
+                .where(eq(domains.verified, true));
+
+            if (type == "cname") {
+                // Block if a verified CNAME exists at the same name
+                const cnameExists = verifiedDomains.some(
+                    (d) => d.type === "cname" && d.baseDomain === baseDomain
+                );
+                if (cnameExists) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            `A CNAME record already exists for ${baseDomain}. Only one CNAME record is allowed per domain.`
+                        )
+                    );
+                }
+                // Block if a verified NS exists at or below (same or subdomain)
+                const nsAtOrBelow = verifiedDomains.some(
+                    (d) =>
+                        d.type === "ns" &&
+                        (isSubdomainOrEqual(baseDomain, d.baseDomain) ||
+                            baseDomain === d.baseDomain)
+                );
+                if (nsAtOrBelow) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            `A nameserver (NS) record exists at or below ${baseDomain}. You cannot create a CNAME record here.`
+                        )
+                    );
+                }
+            } else if (type == "ns") {
+                // Block if a verified NS exists at or below (same or subdomain)
+                const nsAtOrBelow = verifiedDomains.some(
+                    (d) =>
+                        d.type === "ns" &&
+                        (isSubdomainOrEqual(baseDomain, d.baseDomain) ||
+                            baseDomain === d.baseDomain)
+                );
+                if (nsAtOrBelow) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            `A nameserver (NS) record already exists at or below ${baseDomain}. You cannot create another NS record here.`
+                        )
+                    );
+                }
+            } else if (type == "wildcard") {
+                // TODO: Figure out how to handle wildcards
+            }
+
+            const domainId = generateId(15);
+
+            const [insertedDomain] = await trx
+                .insert(domains)
+                .values({
+                    domainId,
+                    baseDomain,
+                    type,
+                    verified: build == "oss" ? true : false
+                })
+                .returning();
+
+            returned = insertedDomain;
+
+            // add domain to account
+            await trx
+                .insert(orgDomains)
+                .values({
+                    orgId,
+                    domainId
+                })
+                .returning();
+
+            // TODO: This needs to be cross region and not hardcoded
+            if (type === "ns") {
+                nsRecords = ["ns-east.fossorial.io", "ns-west.fossorial.io"];
+            } else if (type === "cname") {
+                cnameRecords = [
+                    {
+                        value: `${domainId}.cname.fossorial.io`,
+                        baseDomain: baseDomain
+                    },
+                    {
+                        value: `_acme-challenge.${domainId}.cname.fossorial.io`,
+                        baseDomain: `_acme-challenge.${baseDomain}`
+                    }
+                ];
+            } else if (type === "wildcard") {
+                aRecords = [
+                    {
+                        value: `Server IP Address`,
+                        baseDomain: `*.${baseDomain}`
+                    },
+                    {
+                        value: `Server IP Address`,
+                        baseDomain: `${baseDomain}`
+                    }
+                ];
+            }
+
+            numOrgDomains = await trx
+                .select()
+                .from(orgDomains)
+                .where(eq(orgDomains.orgId, orgId));
+        });
+
+        if (!returned) {
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "Failed to create domain"
+                )
+            );
+        }
+
+        return response<CreateDomainResponse>(res, {
+            data: {
+                domainId: returned.domainId,
+                cnameRecords,
+                txtRecords,
+                nsRecords,
+                aRecords
+            },
+            success: true,
+            error: false,
+            message: "Domain created successfully",
+            status: HttpCode.CREATED
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/domain/deleteOrgDomain.ts b/server/routers/domain/deleteOrgDomain.ts
new file mode 100644
index 00000000..345dafe7
--- /dev/null
+++ b/server/routers/domain/deleteOrgDomain.ts
@@ -0,0 +1,104 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, domains, OrgDomains, orgDomains } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { and, eq } from "drizzle-orm";
+
+const paramsSchema = z
+    .object({
+        domainId: z.string(),
+        orgId: z.string()
+    })
+    .strict();
+
+export type DeleteAccountDomainResponse = {
+    success: boolean;
+};
+
+export async function deleteAccountDomain(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsed = paramsSchema.safeParse(req.params);
+        if (!parsed.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsed.error).toString()
+                )
+            );
+        }
+        const { domainId, orgId } = parsed.data;
+
+        let numOrgDomains: OrgDomains[] | undefined;
+
+        await db.transaction(async (trx) => {
+            const [existing] = await trx
+                .select()
+                .from(orgDomains)
+                .where(
+                    and(
+                        eq(orgDomains.orgId, orgId),
+                        eq(orgDomains.domainId, domainId)
+                    )
+                )
+                .innerJoin(
+                    domains,
+                    eq(orgDomains.domainId, domains.domainId)
+                );
+
+            if (!existing) {
+                return next(
+                    createHttpError(
+                        HttpCode.NOT_FOUND,
+                        "Domain not found for this account"
+                    )
+                );
+            }
+
+            if (existing.domains.configManaged) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Cannot delete a domain that is managed by the config"
+                    )
+                );
+            }
+
+            await trx
+                .delete(orgDomains)
+                .where(
+                    and(
+                        eq(orgDomains.orgId, orgId),
+                        eq(orgDomains.domainId, domainId)
+                    )
+                );
+
+            await trx.delete(domains).where(eq(domains.domainId, domainId));
+
+            numOrgDomains = await trx
+                .select()
+                .from(orgDomains)
+                .where(eq(orgDomains.orgId, orgId));
+        });
+
+        return response<DeleteAccountDomainResponse>(res, {
+            data: { success: true },
+            success: true,
+            error: false,
+            message: "Domain deleted from account successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/domain/index.ts b/server/routers/domain/index.ts
index 2233b069..c0cafafe 100644
--- a/server/routers/domain/index.ts
+++ b/server/routers/domain/index.ts
@@ -1 +1,4 @@
 export * from "./listDomains";
+export * from "./createOrgDomain";
+export * from "./deleteOrgDomain";
+export * from "./restartOrgDomain";
\ No newline at end of file
diff --git a/server/routers/domain/listDomains.ts b/server/routers/domain/listDomains.ts
index a8216c5f..fe51cde6 100644
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -37,7 +37,12 @@ async function queryDomains(orgId: string, limit: number, offset: number) {
     const res = await db
         .select({
             domainId: domains.domainId,
-            baseDomain: domains.baseDomain
+            baseDomain: domains.baseDomain,
+            verified: domains.verified,
+            type: domains.type,
+            failed: domains.failed,
+            tries: domains.tries,
+            configManaged: domains.configManaged
         })
         .from(orgDomains)
         .where(eq(orgDomains.orgId, orgId))
@@ -112,7 +117,7 @@ export async function listDomains(
             },
             success: true,
             error: false,
-            message: "Users retrieved successfully",
+            message: "Domains retrieved successfully",
             status: HttpCode.OK
         });
     } catch (error) {
diff --git a/server/routers/domain/restartOrgDomain.ts b/server/routers/domain/restartOrgDomain.ts
new file mode 100644
index 00000000..f40f2516
--- /dev/null
+++ b/server/routers/domain/restartOrgDomain.ts
@@ -0,0 +1,57 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { db, domains } from "@server/db";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { and, eq } from "drizzle-orm";
+
+const paramsSchema = z
+    .object({
+        domainId: z.string(),
+        orgId: z.string()
+    })
+    .strict();
+
+export type RestartOrgDomainResponse = {
+    success: boolean;
+};
+
+export async function restartOrgDomain(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        const parsed = paramsSchema.safeParse(req.params);
+        if (!parsed.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsed.error).toString()
+                )
+            );
+        }
+        const { domainId, orgId } = parsed.data;
+
+        await db
+            .update(domains)
+            .set({ failed: false, tries: 0 })
+            .where(and(eq(domains.domainId, domainId)));
+
+        return response<RestartOrgDomainResponse>(res, {
+            data: { success: true },
+            success: true,
+            error: false,
+            message: "Domain restarted successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/external.ts b/server/routers/external.ts
index b13d46ac..11ce07b2 100644
--- a/server/routers/external.ts
+++ b/server/routers/external.ts
@@ -8,6 +8,7 @@ import * as target from "./target";
 import * as user from "./user";
 import * as auth from "./auth";
 import * as role from "./role";
+import * as client from "./client";
 import * as supporterKey from "./supporterKey";
 import * as accessToken from "./accessToken";
 import * as idp from "./idp";
@@ -16,7 +17,6 @@ import * as apiKeys from "./apiKeys";
 import HttpCode from "@server/types/HttpCode";
 import {
     verifyAccessTokenAccess,
-    rateLimitMiddleware,
     verifySessionMiddleware,
     verifySessionUserMiddleware,
     verifyOrgAccess,
@@ -29,14 +29,20 @@ import {
     getUserOrgs,
     verifyUserIsServerAdmin,
     verifyIsLoggedInUser,
-    verifyApiKeyAccess
+    verifyClientAccess,
+    verifyApiKeyAccess,
+    verifyDomainAccess,
+    verifyClientsEnabled,
+    verifyUserHasAction,
+    verifyUserIsOrgOwner
 } from "@server/middlewares";
-import { verifyUserHasAction } from "../middlewares/verifyUserHasAction";
+import { createStore } from "@server/lib/rateLimitStore";
 import { ActionsEnum } from "@server/auth/actions";
-import { verifyUserIsOrgOwner } from "../middlewares/verifyUserIsOrgOwner";
-import { createNewt, getToken } from "./newt";
+import { createNewt, getNewtToken } from "./newt";
+import { getOlmToken } from "./olm";
 import rateLimit from "express-rate-limit";
 import createHttpError from "http-errors";
+import { build } from "@server/build";
 
 // Root routes
 export const unauthenticated = Router();
@@ -49,8 +55,11 @@ unauthenticated.get("/", (_, res) => {
 export const authenticated = Router();
 authenticated.use(verifySessionUserMiddleware);
 
+authenticated.get("/pick-org-defaults", org.pickOrgDefaults);
 authenticated.get("/org/checkId", org.checkId);
-authenticated.put("/org", getUserOrgs, org.createOrg);
+if (build === "oss" || build === "enterprise") {
+    authenticated.put("/org", getUserOrgs, org.createOrg);
+}
 
 authenticated.get("/orgs", verifyUserIsServerAdmin, org.listOrgs);
 authenticated.get("/user/:userId/orgs", verifyIsLoggedInUser, org.listUserOrgs);
@@ -111,6 +120,55 @@ authenticated.get(
     verifyUserHasAction(ActionsEnum.getSite),
     site.getSite
 );
+
+authenticated.get(
+    "/org/:orgId/pick-client-defaults",
+    verifyClientsEnabled,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.createClient),
+    client.pickClientDefaults
+);
+
+authenticated.get(
+    "/org/:orgId/clients",
+    verifyClientsEnabled,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.listClients),
+    client.listClients
+);
+
+authenticated.get(
+    "/org/:orgId/client/:clientId",
+    verifyClientsEnabled,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.getClient),
+    client.getClient
+);
+
+authenticated.put(
+    "/org/:orgId/client",
+    verifyClientsEnabled,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.createClient),
+    client.createClient
+);
+
+authenticated.delete(
+    "/client/:clientId",
+    verifyClientsEnabled,
+    verifyClientAccess,
+    verifyUserHasAction(ActionsEnum.deleteClient),
+    client.deleteClient
+);
+
+authenticated.post(
+    "/client/:clientId",
+    verifyClientsEnabled,
+    verifyClientAccess, // this will check if the user has access to the client
+    verifyUserHasAction(ActionsEnum.updateClient), // this will check if the user has permission to update the client
+    client.updateClient
+);
+
 // authenticated.get(
 //     "/site/:siteId/roles",
 //     verifySiteAccess,
@@ -731,42 +789,178 @@ authenticated.get(
     apiKeys.getApiKey
 );
 
+authenticated.put(
+    `/org/:orgId/domain`,
+    verifyOrgAccess,
+    verifyUserHasAction(ActionsEnum.createOrgDomain),
+    domain.createOrgDomain
+);
+
+authenticated.post(
+    `/org/:orgId/domain/:domainId/restart`,
+    verifyOrgAccess,
+    verifyDomainAccess,
+    verifyUserHasAction(ActionsEnum.restartOrgDomain),
+    domain.restartOrgDomain
+);
+
+authenticated.delete(
+    `/org/:orgId/domain/:domainId`,
+    verifyOrgAccess,
+    verifyDomainAccess,
+    verifyUserHasAction(ActionsEnum.deleteOrgDomain),
+    domain.deleteAccountDomain
+);
+
 // Auth routes
 export const authRouter = Router();
 unauthenticated.use("/auth", authRouter);
 authRouter.use(
-    rateLimitMiddleware({
-        windowMin:
-            config.getRawConfig().rate_limits.auth?.window_minutes ||
-            config.getRawConfig().rate_limits.global.window_minutes,
-        max:
-            config.getRawConfig().rate_limits.auth?.max_requests ||
-            config.getRawConfig().rate_limits.global.max_requests,
-        type: "IP_AND_PATH"
+    rateLimit({
+        windowMs: config.getRawConfig().rate_limits.auth.window_minutes,
+        max: config.getRawConfig().rate_limits.auth.max_requests,
+        keyGenerator: (req) => `authRouterGlobal:${req.ip}:${req.path}`,
+        handler: (req, res, next) => {
+            const message = `Rate limit exceeded. You can make ${config.getRawConfig().rate_limits.auth.max_requests} requests every ${config.getRawConfig().rate_limits.auth.window_minutes} minute(s).`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
     })
 );
 
-authRouter.put("/signup", auth.signup);
-authRouter.post("/login", auth.login);
+authRouter.put(
+    "/signup",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => `signup:${req.ip}:${req.body.email}`,
+        handler: (req, res, next) => {
+            const message = `You can only sign up ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.signup
+);
+authRouter.post(
+    "/login",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => `login:${req.body.email || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only log in ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.login
+);
 authRouter.post("/logout", auth.logout);
-authRouter.post("/newt/get-token", getToken);
+authRouter.post(
+    "/newt/get-token",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 900,
+        keyGenerator: (req) => `newtGetToken:${req.body.newtId || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only request a Newt token ${900} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    getNewtToken
+);
+authRouter.post(
+    "/olm/get-token",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 900,
+        keyGenerator: (req) => `newtGetToken:${req.body.newtId || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only request an Olm token ${900} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    getOlmToken
+);
 
-authRouter.post("/2fa/enable", auth.verifyTotp);
-authRouter.post("/2fa/request", auth.requestTotpSecret);
-authRouter.post("/2fa/disable", verifySessionUserMiddleware, auth.disable2fa);
-authRouter.post("/verify-email", verifySessionMiddleware, auth.verifyEmail);
+authRouter.post(
+    "/2fa/enable",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => {
+            return `signup:${req.body.email || req.user?.userId || req.ip}`;
+        },
+        handler: (req, res, next) => {
+            const message = `You can only enable 2FA ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.verifyTotp
+);
+authRouter.post(
+    "/2fa/request",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => {
+            return `signup:${req.body.email || req.user?.userId || req.ip}`;
+        },
+        handler: (req, res, next) => {
+            const message = `You can only request a 2FA code ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.requestTotpSecret
+);
+authRouter.post(
+    "/2fa/disable",
+    verifySessionUserMiddleware,
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => `signup:${req.user?.userId || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only disable 2FA ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.disable2fa
+);
+authRouter.post(
+    "/verify-email",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => `signup:${req.body.email || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only sign up ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    verifySessionMiddleware,
+    auth.verifyEmail
+);
 
 authRouter.post(
     "/verify-email/request",
     verifySessionMiddleware,
     rateLimit({
         windowMs: 15 * 60 * 1000,
-        max: 3,
-        keyGenerator: (req) => `requestEmailVerificationCode:${req.body.email}`,
+        max: 15,
+        keyGenerator: (req) => `requestEmailVerificationCode:${req.body.email || req.ip}`,
         handler: (req, res, next) => {
-            const message = `You can only request an email verification code ${3} times every ${15} minutes. Please try again later.`;
+            const message = `You can only request an email verification code ${15} times every ${15} minutes. Please try again later.`;
             return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
-        }
+        },
+        store: createStore()
     }),
     auth.requestEmailVerificationCode
 );
@@ -781,31 +975,75 @@ authRouter.post(
     "/reset-password/request",
     rateLimit({
         windowMs: 15 * 60 * 1000,
-        max: 3,
-        keyGenerator: (req) => `requestPasswordReset:${req.body.email}`,
+        max: 15,
+        keyGenerator: (req) => `requestPasswordReset:${req.body.email || req.ip}`,
         handler: (req, res, next) => {
-            const message = `You can only request a password reset ${3} times every ${15} minutes. Please try again later.`;
+            const message = `You can only request a password reset ${15} times every ${15} minutes. Please try again later.`;
             return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
-        }
+        },
+        store: createStore()
     }),
     auth.requestPasswordReset
 );
 
-authRouter.post("/reset-password/", auth.resetPassword);
+authRouter.post(
+    "/reset-password/",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) => `resetPassword:${req.body.email || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only request a password reset ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.resetPassword
+);
 
-authRouter.post("/resource/:resourceId/password", resource.authWithPassword);
-authRouter.post("/resource/:resourceId/pincode", resource.authWithPincode);
+authRouter.post(
+    "/resource/:resourceId/password",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) =>
+            `authWithPassword:${req.ip}:${req.params.resourceId || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only authenticate with password ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    resource.authWithPassword
+);
+authRouter.post(
+    "/resource/:resourceId/pincode",
+    rateLimit({
+        windowMs: 15 * 60 * 1000,
+        max: 15,
+        keyGenerator: (req) =>
+            `authWithPincode:${req.ip}:${req.params.resourceId || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only authenticate with pincode ${15} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    resource.authWithPincode
+);
 
 authRouter.post(
     "/resource/:resourceId/whitelist",
     rateLimit({
         windowMs: 15 * 60 * 1000,
-        max: 10,
-        keyGenerator: (req) => `authWithWhitelist:${req.body.email}`,
+        max: 15,
+        keyGenerator: (req) =>
+            `authWithWhitelist:${req.ip}:${req.body.email}:${req.params.resourceId}`,
         handler: (req, res, next) => {
-            const message = `You can only request an email OTP ${10} times every ${15} minutes. Please try again later.`;
+            const message = `You can only request an email OTP ${15} times every ${15} minutes. Please try again later.`;
             return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
-        }
+        },
+        store: createStore()
     }),
     resource.authWithWhitelist
 );
@@ -826,33 +1064,59 @@ authRouter.get("/initial-setup-complete", auth.initialSetupComplete);
 
 // Security Key routes
 authRouter.post(
-    "/security-key/register/start", 
+    "/security-key/register/start",
+    verifySessionUserMiddleware,
     rateLimit({
         windowMs: 15 * 60 * 1000, // 15 minutes
-        max: 5, // Allow 5 security key registrations per 15 minutes per IP
-        keyGenerator: (req) => `securityKeyRegister:${req.ip}:${req.user?.userId}`,
+        max: 5, // Allow 5 security key registrations per 15 minutes
+        keyGenerator: (req) => `securityKeyRegister:${req.user?.userId || req.ip}`,
         handler: (req, res, next) => {
-            const message = `You can only register ${5} security keys every ${15} minutes. Please try again later.`;
+            const message = `You can only register a security key ${5} times every ${15} minutes. Please try again later.`;
             return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
-        }
+        },
+        store: createStore()
     }),
-    verifySessionUserMiddleware, 
     auth.startRegistration
 );
-authRouter.post("/security-key/register/verify", verifySessionUserMiddleware, auth.verifyRegistration);
+authRouter.post(
+    "/security-key/register/verify",
+    verifySessionUserMiddleware,
+    auth.verifyRegistration
+);
 authRouter.post(
     "/security-key/authenticate/start",
     rateLimit({
         windowMs: 15 * 60 * 1000, // 15 minutes
         max: 10, // Allow 10 authentication attempts per 15 minutes per IP
-        keyGenerator: (req) => `securityKeyAuth:${req.ip}`,
+        keyGenerator: (req) => {
+            return `securityKeyAuth:${req.body.email || req.ip}`;
+        },
         handler: (req, res, next) => {
             const message = `You can only attempt security key authentication ${10} times every ${15} minutes. Please try again later.`;
             return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
-        }
+        },
+        store: createStore()
     }),
     auth.startAuthentication
 );
 authRouter.post("/security-key/authenticate/verify", auth.verifyAuthentication);
-authRouter.get("/security-key/list", verifySessionUserMiddleware, auth.listSecurityKeys);
-authRouter.delete("/security-key/:credentialId", verifySessionUserMiddleware, auth.deleteSecurityKey);
+authRouter.get(
+    "/security-key/list",
+    verifySessionUserMiddleware,
+    auth.listSecurityKeys
+);
+authRouter.delete(
+    "/security-key/:credentialId",
+    verifySessionUserMiddleware,
+    rateLimit({
+        windowMs: 15 * 60 * 1000, // 15 minutes
+        max: 20, // Allow 10 authentication attempts per 15 minutes per IP
+        keyGenerator: (req) => `securityKeyAuth:${req.user?.userId || req.ip}`,
+        handler: (req, res, next) => {
+            const message = `You can only delete a security key ${10} times every ${15} minutes. Please try again later.`;
+            return next(createHttpError(HttpCode.TOO_MANY_REQUESTS, message));
+        },
+        store: createStore()
+    }),
+    auth.deleteSecurityKey
+);
diff --git a/server/routers/gerbil/getAllRelays.ts b/server/routers/gerbil/getAllRelays.ts
new file mode 100644
index 00000000..abe4d593
--- /dev/null
+++ b/server/routers/gerbil/getAllRelays.ts
@@ -0,0 +1,160 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { clients, exitNodes, newts, olms, Site, sites, clientSites } from "@server/db";
+import { db } from "@server/db";
+import { eq } from "drizzle-orm";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+
+// Define Zod schema for request validation
+const getAllRelaysSchema = z.object({
+    publicKey: z.string().optional(),
+});
+
+// Type for peer destination
+interface PeerDestination {
+    destinationIP: string;
+    destinationPort: number;
+}
+
+// Updated mappings type to support multiple destinations per endpoint
+interface ProxyMapping {
+    destinations: PeerDestination[];
+}
+
+export async function getAllRelays(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        // Validate request parameters
+        const parsedParams = getAllRelaysSchema.safeParse(req.body);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { publicKey } = parsedParams.data;
+
+        if (!publicKey) {
+            return next(createHttpError(HttpCode.BAD_REQUEST, 'publicKey is required'));
+        }
+
+        // Fetch exit node
+        let [exitNode] = await db.select().from(exitNodes).where(eq(exitNodes.publicKey, publicKey));
+        if (!exitNode) {
+            return next(createHttpError(HttpCode.NOT_FOUND, "Exit node not found"));
+        }
+
+        // Fetch sites for this exit node
+        const sitesRes = await db.select().from(sites).where(eq(sites.exitNodeId, exitNode.exitNodeId));
+
+        if (sitesRes.length === 0) {
+            return res.status(HttpCode.OK).send({
+                mappings: {}
+            });
+        }
+        
+        // Initialize mappings object for multi-peer support
+        let mappings: { [key: string]: ProxyMapping } = {};
+
+        // Process each site
+        for (const site of sitesRes) {
+            if (!site.endpoint || !site.subnet || !site.listenPort) {
+                continue;
+            }
+
+            // Find all clients associated with this site through clientSites
+            const clientSitesRes = await db
+                .select()
+                .from(clientSites)
+                .where(eq(clientSites.siteId, site.siteId));
+            
+            for (const clientSite of clientSitesRes) {
+                // Get client information
+                const [client] = await db
+                    .select()
+                    .from(clients)
+                    .where(eq(clients.clientId, clientSite.clientId));
+
+                if (!client || !client.endpoint) {
+                    continue;
+                }
+
+                // Add this site as a destination for the client
+                if (!mappings[client.endpoint]) {
+                    mappings[client.endpoint] = { destinations: [] };
+                }
+
+                // Add site as a destination for this client
+                const destination: PeerDestination = {
+                    destinationIP: site.subnet.split("/")[0],
+                    destinationPort: site.listenPort
+                };
+
+                // Check if this destination is already in the array to avoid duplicates
+                const isDuplicate = mappings[client.endpoint].destinations.some(
+                    dest => dest.destinationIP === destination.destinationIP && 
+                            dest.destinationPort === destination.destinationPort
+                );
+
+                if (!isDuplicate) {
+                    mappings[client.endpoint].destinations.push(destination);
+                }
+            }
+
+            // Also handle site-to-site communication (all sites in the same org)
+            if (site.orgId) {
+                const orgSites = await db
+                    .select()
+                    .from(sites)
+                    .where(eq(sites.orgId, site.orgId));
+                
+                for (const peer of orgSites) {
+                    // Skip self
+                    if (peer.siteId === site.siteId || !peer.endpoint || !peer.subnet || !peer.listenPort) {
+                        continue;
+                    }
+
+                    // Add peer site as a destination for this site
+                    if (!mappings[site.endpoint]) {
+                        mappings[site.endpoint] = { destinations: [] };
+                    }
+
+                    const destination: PeerDestination = {
+                        destinationIP: peer.subnet.split("/")[0],
+                        destinationPort: peer.listenPort
+                    };
+
+                    // Check for duplicates
+                    const isDuplicate = mappings[site.endpoint].destinations.some(
+                        dest => dest.destinationIP === destination.destinationIP && 
+                                dest.destinationPort === destination.destinationPort
+                    );
+
+                    if (!isDuplicate) {
+                        mappings[site.endpoint].destinations.push(destination);
+                    }
+                }
+            }
+        }
+
+        logger.debug(`Returning mappings for ${Object.keys(mappings).length} endpoints`);
+        return res.status(HttpCode.OK).send({ mappings });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "An error occurred..."
+            )
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/routers/gerbil/getConfig.ts b/server/routers/gerbil/getConfig.ts
index de3da171..d5ec6ced 100644
--- a/server/routers/gerbil/getConfig.ts
+++ b/server/routers/gerbil/getConfig.ts
@@ -2,8 +2,7 @@ import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { sites, resources, targets, exitNodes } from "@server/db";
 import { db } from "@server/db";
-import { eq } from "drizzle-orm";
-import response from "@server/lib/response";
+import { eq, isNotNull, and } from "drizzle-orm";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
@@ -53,7 +52,7 @@ export async function getConfig(
         }
 
         // Fetch exit node
-        let exitNodeQuery = await db
+        const exitNodeQuery = await db
             .select()
             .from(exitNodes)
             .where(eq(exitNodes.publicKey, publicKey));
@@ -68,6 +67,10 @@ export async function getConfig(
                 subEndpoint = await getUniqueExitNodeEndpointName();
             }
 
+            const exitNodeName =
+                config.getRawConfig().gerbil.exit_node_name ||
+                `Exit Node ${publicKey.slice(0, 8)}`;
+
             // create a new exit node
             exitNode = await db
                 .insert(exitNodes)
@@ -77,7 +80,7 @@ export async function getConfig(
                     address,
                     listenPort,
                     reachableAt,
-                    name: `Exit Node ${publicKey.slice(0, 8)}`
+                    name: exitNodeName
                 })
                 .returning()
                 .execute();
@@ -101,13 +104,30 @@ export async function getConfig(
         const sitesRes = await db
             .select()
             .from(sites)
-            .where(eq(sites.exitNodeId, exitNode[0].exitNodeId));
+            .where(
+                and(
+                    eq(sites.exitNodeId, exitNode[0].exitNodeId),
+                    isNotNull(sites.pubKey),
+                    isNotNull(sites.subnet)
+                )
+            );
 
-        const peers = await Promise.all(
+        let peers = await Promise.all(
             sitesRes.map(async (site) => {
+                if (site.type === "wireguard") {
+                    return {
+                        publicKey: site.pubKey,
+                        allowedIps: await getAllowedIps(site.siteId)
+                    };
+                } else if (site.type === "newt") {
+                    return {
+                        publicKey: site.pubKey,
+                        allowedIps: [site.subnet!]
+                    };
+                }
                 return {
-                    publicKey: site.pubKey,
-                    allowedIps: await getAllowedIps(site.siteId)
+                    publicKey: null,
+                    allowedIps: []
                 };
             })
         );
diff --git a/server/routers/gerbil/index.ts b/server/routers/gerbil/index.ts
index 82f82c4c..4a4f3b60 100644
--- a/server/routers/gerbil/index.ts
+++ b/server/routers/gerbil/index.ts
@@ -1,2 +1,4 @@
 export * from "./getConfig";
 export * from "./receiveBandwidth";
+export * from "./updateHolePunch";
+export * from "./getAllRelays";
\ No newline at end of file
diff --git a/server/routers/gerbil/receiveBandwidth.ts b/server/routers/gerbil/receiveBandwidth.ts
index cd025b7e..5e672d0f 100644
--- a/server/routers/gerbil/receiveBandwidth.ts
+++ b/server/routers/gerbil/receiveBandwidth.ts
@@ -1,12 +1,15 @@
 import { Request, Response, NextFunction } from "express";
-import { eq } from "drizzle-orm";
-import { sites, } from "@server/db";
+import { eq, and, lt, inArray, sql } from "drizzle-orm";
+import { sites } from "@server/db";
 import { db } from "@server/db";
 import logger from "@server/logger";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import response from "@server/lib/response";
 
+// Track sites that are already offline to avoid unnecessary queries
+const offlineSites = new Set<string>();
+
 interface PeerBandwidth {
     publicKey: string;
     bytesIn: number;
@@ -25,47 +28,101 @@ export const receiveBandwidth = async (
             throw new Error("Invalid bandwidth data");
         }
 
+        const currentTime = new Date();
+        const oneMinuteAgo = new Date(currentTime.getTime() - 60000); // 1 minute ago
+
+        logger.debug(`Received data: ${JSON.stringify(bandwidthData)}`);
+
         await db.transaction(async (trx) => {
-            for (const peer of bandwidthData) {
-                const { publicKey, bytesIn, bytesOut } = peer;
+            // First, handle sites that are actively reporting bandwidth
+            const activePeers = bandwidthData.filter(peer => peer.bytesIn > 0); // Bytesout will have data as it tries to send keep alive messages
 
-                const [site] = await trx
-                    .select()
-                    .from(sites)
-                    .where(eq(sites.pubKey, publicKey))
-                    .limit(1);
+            if (activePeers.length > 0) {
+                // Remove any active peers from offline tracking since they're sending data
+                activePeers.forEach(peer => offlineSites.delete(peer.publicKey));
 
-                if (!site) {
-                    logger.warn(`Site not found for public key: ${publicKey}`);
-                    continue;
-                }
-                let online = site.online;
+                // Aggregate usage data by organization
+                const orgUsageMap = new Map<string, number>();
+                const orgUptimeMap = new Map<string, number>();
 
-                // if the bandwidth for the site is > 0 then set it to online. if it has been less than 0 (no update) for 5 minutes then set it to offline
-                if (bytesIn > 0 || bytesOut > 0) {
-                    online = true;
-                } else if (site.lastBandwidthUpdate) {
-                    const lastBandwidthUpdate = new Date(
-                        site.lastBandwidthUpdate
-                    );
-                    const currentTime = new Date();
-                    const diff =
-                        currentTime.getTime() - lastBandwidthUpdate.getTime();
-                    if (diff < 300000) {
-                        online = false;
+                // Update all active sites with bandwidth data and get the site data in one operation
+                const updatedSites = [];
+                for (const peer of activePeers) {
+                    const updatedSite = await trx
+                        .update(sites)
+                        .set({
+                            megabytesOut: sql`${sites.megabytesOut} + ${peer.bytesIn}`,
+                            megabytesIn: sql`${sites.megabytesIn} + ${peer.bytesOut}`,
+                            lastBandwidthUpdate: currentTime.toISOString(),
+                            online: true
+                        })
+                        .where(eq(sites.pubKey, peer.publicKey))
+                        .returning({
+                            online: sites.online,
+                            orgId: sites.orgId,
+                            siteId: sites.siteId,
+                            lastBandwidthUpdate: sites.lastBandwidthUpdate,
+                        });
+
+                    if (updatedSite.length > 0) {
+                        updatedSites.push({ ...updatedSite[0], peer });
                     }
                 }
 
-                // Update the site's bandwidth usage
-                await trx
-                    .update(sites)
-                    .set({
-                        megabytesOut: (site.megabytesOut || 0) + bytesIn,
-                        megabytesIn: (site.megabytesIn || 0) + bytesOut,
-                        lastBandwidthUpdate: new Date().toISOString(),
-                        online
-                    })
-                    .where(eq(sites.siteId, site.siteId));
+                // Calculate org usage aggregations using the updated site data
+                for (const { peer, ...site } of updatedSites) {
+                    // Aggregate bandwidth usage for the org
+                    const totalBandwidth = peer.bytesIn + peer.bytesOut;
+                    const currentOrgUsage = orgUsageMap.get(site.orgId) || 0;
+                    orgUsageMap.set(site.orgId, currentOrgUsage + totalBandwidth);
+
+                    // Add 10 seconds of uptime for each active site
+                    const currentOrgUptime = orgUptimeMap.get(site.orgId) || 0;
+                    orgUptimeMap.set(site.orgId, currentOrgUptime + 10 / 60); // Store in minutes and jut add 10 seconds
+                }
+            }
+
+            // Handle sites that reported zero bandwidth but need online status updated
+            const zeroBandwidthPeers = bandwidthData.filter(peer =>
+                peer.bytesIn === 0 && !offlineSites.has(peer.publicKey) // Bytesout will have data as it tries to send keep alive messages
+            );
+
+            if (zeroBandwidthPeers.length > 0) {
+                const zeroBandwidthSites = await trx
+                    .select()
+                    .from(sites)
+                    .where(inArray(sites.pubKey, zeroBandwidthPeers.map(p => p.publicKey)));
+
+                for (const site of zeroBandwidthSites) {
+                    let newOnlineStatus = site.online;
+
+                    // Check if site should go offline based on last bandwidth update WITH DATA
+                    if (site.lastBandwidthUpdate) {
+                        const lastUpdateWithData = new Date(site.lastBandwidthUpdate);
+                        if (lastUpdateWithData < oneMinuteAgo) {
+                            newOnlineStatus = false;
+                        }
+                    } else {
+                        // No previous data update recorded, set to offline
+                        newOnlineStatus = false;
+                    }
+
+                    // Always update lastBandwidthUpdate to show this instance is receiving reports
+                    // Only update online status if it changed
+                    if (site.online !== newOnlineStatus) {
+                        await trx
+                            .update(sites)
+                            .set({
+                                online: newOnlineStatus
+                            })
+                            .where(eq(sites.siteId, site.siteId));
+
+                        // If site went offline, add it to our tracking set
+                        if (!newOnlineStatus && site.pubKey) {
+                            offlineSites.add(site.pubKey);
+                        }
+                    }
+                }
             }
         });
 
@@ -73,7 +130,7 @@ export const receiveBandwidth = async (
             data: {},
             success: true,
             error: false,
-            message: "Organization retrieved successfully",
+            message: "Bandwidth data updated successfully",
             status: HttpCode.OK
         });
     } catch (error) {
diff --git a/server/routers/gerbil/updateHolePunch.ts b/server/routers/gerbil/updateHolePunch.ts
new file mode 100644
index 00000000..c48f7551
--- /dev/null
+++ b/server/routers/gerbil/updateHolePunch.ts
@@ -0,0 +1,242 @@
+import { Request, Response, NextFunction } from "express";
+import { z } from "zod";
+import { clients, newts, olms, Site, sites, clientSites } from "@server/db";
+import { db } from "@server/db";
+import { eq } from "drizzle-orm";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { validateNewtSessionToken } from "@server/auth/sessions/newt";
+import { validateOlmSessionToken } from "@server/auth/sessions/olm";
+
+// Define Zod schema for request validation
+const updateHolePunchSchema = z.object({
+    olmId: z.string().optional(),
+    newtId: z.string().optional(),
+    token: z.string(),
+    ip: z.string(),
+    port: z.number(),
+    timestamp: z.number()
+});
+
+// New response type with multi-peer destination support
+interface PeerDestination {
+    destinationIP: string;
+    destinationPort: number;
+}
+
+export async function updateHolePunch(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        // Validate request parameters
+        const parsedParams = updateHolePunchSchema.safeParse(req.body);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { olmId, newtId, ip, port, timestamp, token } = parsedParams.data;
+
+        
+        let currentSiteId: number | undefined;
+        let destinations: PeerDestination[] = [];
+        
+        if (olmId) {
+            logger.debug(`Got hole punch with ip: ${ip}, port: ${port} for olmId: ${olmId}`);
+
+            const { session, olm: olmSession } =
+                await validateOlmSessionToken(token);
+            if (!session || !olmSession) {
+                return next(
+                    createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized")
+                );
+            }
+
+            if (olmId !== olmSession.olmId) {
+                logger.warn(`Olm ID mismatch: ${olmId} !== ${olmSession.olmId}`);
+                return next(
+                    createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized")
+                );
+            }
+
+            const [olm] = await db
+                .select()
+                .from(olms)
+                .where(eq(olms.olmId, olmId));
+
+            if (!olm || !olm.clientId) {
+                logger.warn(`Olm not found: ${olmId}`);
+                return next(
+                    createHttpError(HttpCode.NOT_FOUND, "Olm not found")
+                );
+            }
+
+            const [client] = await db
+                .update(clients)
+                .set({
+                    endpoint: `${ip}:${port}`,
+                    lastHolePunch: timestamp
+                })
+                .where(eq(clients.clientId, olm.clientId))
+                .returning();
+            
+            if (!client) {
+                logger.warn(`Client not found for olm: ${olmId}`);
+                return next(
+                    createHttpError(HttpCode.NOT_FOUND, "Client not found")
+                );
+            }
+
+            // Get all sites that this client is connected to
+            const clientSitePairs = await db
+                .select()
+                .from(clientSites)
+                .where(eq(clientSites.clientId, client.clientId));
+            
+            if (clientSitePairs.length === 0) {
+                logger.warn(`No sites found for client: ${client.clientId}`);
+                return next(
+                    createHttpError(HttpCode.NOT_FOUND, "No sites found for client")
+                );
+            }
+            
+            // Get all sites details
+            const siteIds = clientSitePairs.map(pair => pair.siteId);
+            
+            for (const siteId of siteIds) {
+                const [site] = await db
+                    .select()
+                    .from(sites)
+                    .where(eq(sites.siteId, siteId));
+                
+                if (site && site.subnet && site.listenPort) {
+                    destinations.push({
+                        destinationIP: site.subnet.split("/")[0],
+                        destinationPort: site.listenPort
+                    });
+                }
+            }
+
+        } else if (newtId) {
+            const { session, newt: newtSession } =
+                await validateNewtSessionToken(token);
+
+            if (!session || !newtSession) {
+                return next(
+                    createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized")
+                );
+            }
+
+            if (newtId !== newtSession.newtId) {
+                logger.warn(`Newt ID mismatch: ${newtId} !== ${newtSession.newtId}`);
+                return next(
+                    createHttpError(HttpCode.UNAUTHORIZED, "Unauthorized")
+                );
+            }
+
+            const [newt] = await db
+                .select()
+                .from(newts)
+                .where(eq(newts.newtId, newtId));
+
+            if (!newt || !newt.siteId) {
+                logger.warn(`Newt not found: ${newtId}`);
+                return next(
+                    createHttpError(HttpCode.NOT_FOUND, "New not found")
+                );
+            }
+
+            currentSiteId = newt.siteId;
+
+            // Update the current site with the new endpoint
+            const [updatedSite] = await db
+                .update(sites)
+                .set({
+                    endpoint: `${ip}:${port}`,
+                    lastHolePunch: timestamp
+                })
+                .where(eq(sites.siteId, newt.siteId))
+                .returning();
+            
+            if (!updatedSite || !updatedSite.subnet) {
+                logger.warn(`Site not found: ${newt.siteId}`);
+                return next(
+                    createHttpError(HttpCode.NOT_FOUND, "Site not found")
+                );
+            }
+
+            // Find all clients that connect to this site
+            const sitesClientPairs = await db
+                .select()
+                .from(clientSites)
+                .where(eq(clientSites.siteId, newt.siteId));
+            
+            // Get client details for each client
+            for (const pair of sitesClientPairs) {
+                const [client] = await db
+                    .select()
+                    .from(clients)
+                    .where(eq(clients.clientId, pair.clientId));
+                
+                if (client && client.endpoint) {
+                    const [host, portStr] = client.endpoint.split(':');
+                    if (host && portStr) {
+                        destinations.push({
+                            destinationIP: host,
+                            destinationPort: parseInt(portStr, 10)
+                        });
+                    }
+                }
+            }
+            
+            // If this is a newt/site, also add other sites in the same org
+        //     if (updatedSite.orgId) {
+        //         const orgSites = await db
+        //             .select()
+        //             .from(sites)
+        //             .where(eq(sites.orgId, updatedSite.orgId));
+                
+        //         for (const site of orgSites) {
+        //             // Don't add the current site to the destinations
+        //             if (site.siteId !== currentSiteId && site.subnet && site.endpoint && site.listenPort) {
+        //                 const [host, portStr] = site.endpoint.split(':');
+        //                 if (host && portStr) {
+        //                     destinations.push({
+        //                         destinationIP: host,
+        //                         destinationPort: site.listenPort
+        //                     });
+        //                 }
+        //             }
+        //         }
+        //     }
+        }
+
+        // if (destinations.length === 0) {
+        //     logger.warn(
+        //         `No peer destinations found for olmId: ${olmId} or newtId: ${newtId}`
+        //     );
+        //     return next(createHttpError(HttpCode.NOT_FOUND, "No peer destinations found"));
+        // }
+
+        // Return the new multi-peer structure
+        return res.status(HttpCode.OK).send({
+            destinations: destinations
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "An error occurred..."
+            )
+        );
+    }
+}
\ No newline at end of file
diff --git a/server/routers/idp/validateOidcCallback.ts b/server/routers/idp/validateOidcCallback.ts
index 3d28db24..6003c63d 100644
--- a/server/routers/idp/validateOidcCallback.ts
+++ b/server/routers/idp/validateOidcCallback.ts
@@ -11,6 +11,7 @@ import {
     idpOidcConfig,
     idpOrg,
     orgs,
+    Role,
     roles,
     userOrgs,
     users
@@ -307,6 +308,8 @@ export async function validateOidcCallback(
 
             let existingUserId = existingUser?.userId;
 
+            let orgUserCounts: { orgId: string; userCount: number }[] = [];
+
             // sync the user with the orgs and roles
             await db.transaction(async (trx) => {
                 let userId = existingUser?.userId;
@@ -410,6 +413,19 @@ export async function validateOidcCallback(
                         }))
                     );
                 }
+
+                // Loop through all the orgs and get the total number of users from the userOrgs table
+                for (const org of currentUserOrgs) {
+                    const userCount = await trx
+                        .select()
+                        .from(userOrgs)
+                        .where(eq(userOrgs.orgId, org.orgId));
+
+                    orgUserCounts.push({
+                        orgId: org.orgId,
+                        userCount: userCount.length
+                    });
+                }
             });
 
             const token = generateSessionToken();
diff --git a/server/routers/internal.ts b/server/routers/internal.ts
index 345a8b4e..118c8ae3 100644
--- a/server/routers/internal.ts
+++ b/server/routers/internal.ts
@@ -51,6 +51,8 @@ internalRouter.use("/gerbil", gerbilRouter);
 
 gerbilRouter.post("/get-config", gerbil.getConfig);
 gerbilRouter.post("/receive-bandwidth", gerbil.receiveBandwidth);
+gerbilRouter.post("/update-hole-punch", gerbil.updateHolePunch);
+gerbilRouter.post("/get-all-relays", gerbil.getAllRelays);
 
 // Badger routes
 const badgerRouter = Router();
diff --git a/server/routers/messageHandlers.ts b/server/routers/messageHandlers.ts
deleted file mode 100644
index e79f8606..00000000
--- a/server/routers/messageHandlers.ts
+++ /dev/null
@@ -1,12 +0,0 @@
-import {
-    handleRegisterMessage,
-    handleDockerStatusMessage,
-    handleDockerContainersMessage
-} from "./newt";
-import { MessageHandler } from "./ws";
-
-export const messageHandlers: Record<string, MessageHandler> = {
-    "newt/wg/register": handleRegisterMessage,
-    "newt/socket/status": handleDockerStatusMessage,
-    "newt/socket/containers": handleDockerContainersMessage
-};
diff --git a/server/routers/newt/getToken.ts b/server/routers/newt/getNewtToken.ts
similarity index 98%
rename from server/routers/newt/getToken.ts
rename to server/routers/newt/getNewtToken.ts
index 15071348..3bf45dcf 100644
--- a/server/routers/newt/getToken.ts
+++ b/server/routers/newt/getNewtToken.ts
@@ -24,7 +24,7 @@ export const newtGetTokenBodySchema = z.object({
 
 export type NewtGetTokenBody = z.infer<typeof newtGetTokenBodySchema>;
 
-export async function getToken(
+export async function getNewtToken(
     req: Request,
     res: Response,
     next: NextFunction
diff --git a/server/routers/newt/handleGetConfigMessage.ts b/server/routers/newt/handleGetConfigMessage.ts
new file mode 100644
index 00000000..8d79d4fd
--- /dev/null
+++ b/server/routers/newt/handleGetConfigMessage.ts
@@ -0,0 +1,165 @@
+import { z } from "zod";
+import { MessageHandler } from "../ws";
+import logger from "@server/logger";
+import { fromError } from "zod-validation-error";
+import { db } from "@server/db";
+import { clients, clientSites, Newt, sites } from "@server/db";
+import { eq } from "drizzle-orm";
+import { updatePeer } from "../olm/peers";
+
+const inputSchema = z.object({
+    publicKey: z.string(),
+    port: z.number().int().positive()
+});
+
+type Input = z.infer<typeof inputSchema>;
+
+export const handleGetConfigMessage: MessageHandler = async (context) => {
+    const { message, client, sendToClient } = context;
+    const newt = client as Newt;
+
+    const now = new Date().getTime() / 1000;
+
+    logger.debug("Handling Newt get config message!");
+
+    if (!newt) {
+        logger.warn("Newt not found");
+        return;
+    }
+
+    if (!newt.siteId) {
+        logger.warn("Newt has no site!"); // TODO: Maybe we create the site here?
+        return;
+    }
+
+    const parsed = inputSchema.safeParse(message.data);
+    if (!parsed.success) {
+        logger.error(
+            "handleGetConfigMessage: Invalid input: " +
+                fromError(parsed.error).toString()
+        );
+        return;
+    }
+
+    const { publicKey, port } = message.data as Input;
+    const siteId = newt.siteId;
+
+    // Get the current site data
+    const [existingSite] = await db
+        .select()
+        .from(sites)
+        .where(eq(sites.siteId, siteId));
+
+    if (!existingSite) {
+        logger.warn("handleGetConfigMessage: Site not found");
+        return;
+    }
+    
+    // we need to wait for hole punch success
+    if (!existingSite.endpoint) {
+        logger.warn(`Site ${existingSite.siteId} has no endpoint, skipping`);
+        return;
+    }
+
+    if (existingSite.publicKey !== publicKey) {
+        // TODO: somehow we should make sure a recent hole punch has happened if this occurs (hole punch could be from the last restart if done quickly)
+    }
+
+    if (existingSite.lastHolePunch && now - existingSite.lastHolePunch > 6) {
+        logger.warn(
+            `Site ${existingSite.siteId} last hole punch is too old, skipping`
+        );
+        return;
+    }
+
+    // update the endpoint and the public key
+    const [site] = await db
+        .update(sites)
+        .set({
+            publicKey,
+            listenPort: port
+        })
+        .where(eq(sites.siteId, siteId))
+        .returning();
+
+    if (!site) {
+        logger.error("handleGetConfigMessage: Failed to update site");
+        return;
+    }
+
+    // Get all clients connected to this site
+    const clientsRes = await db
+        .select()
+        .from(clients)
+        .innerJoin(clientSites, eq(clients.clientId, clientSites.clientId))
+        .where(eq(clientSites.siteId, siteId));
+
+    // Prepare peers data for the response
+    const peers = await Promise.all(
+        clientsRes
+            .filter((client) => {
+                if (!client.clients.pubKey) {
+                    return false;
+                }
+                if (!client.clients.subnet) {
+                    return false;
+                }
+                if (!client.clients.endpoint) {
+                    return false;
+                }
+                if (!client.clients.online) {
+                    return false;
+                }
+
+                return true;
+            })
+            .map(async (client) => {
+                // Add or update this peer on the olm if it is connected
+                try {
+                    if (site.endpoint && site.publicKey) {
+                        await updatePeer(client.clients.clientId, {
+                            siteId: site.siteId,
+                            endpoint: site.endpoint,
+                            publicKey: site.publicKey,
+                            serverIP: site.address,
+                            serverPort: site.listenPort
+                        });
+                    }
+                } catch (error) {
+                    logger.error(
+                        `Failed to add/update peer ${client.clients.pubKey} to newt ${newt.newtId}: ${error}`
+                    );
+                }
+
+                return {
+                    publicKey: client.clients.pubKey!,
+                    allowedIps: [`${client.clients.subnet.split('/')[0]}/32`], // we want to only allow from that client
+                    endpoint: client.clientSites.isRelayed
+                        ? ""
+                        : client.clients.endpoint! // if its relayed it should be localhost
+                };
+            })
+    );
+
+    // Filter out any null values from peers that didn't have an olm
+    const validPeers = peers.filter((peer) => peer !== null);
+
+    // Build the configuration response
+    const configResponse = {
+        ipAddress: site.address,
+        peers: validPeers
+    };
+
+    logger.debug("Sending config: ", configResponse);
+
+    return {
+        message: {
+            type: "newt/wg/receive-config",
+            data: {
+                ...configResponse
+            }
+        },
+        broadcast: false,
+        excludeSender: false
+    };
+};
diff --git a/server/routers/newt/handleNewtPingRequestMessage.ts b/server/routers/newt/handleNewtPingRequestMessage.ts
new file mode 100644
index 00000000..91266434
--- /dev/null
+++ b/server/routers/newt/handleNewtPingRequestMessage.ts
@@ -0,0 +1,89 @@
+import { db, sites } from "@server/db";
+import { MessageHandler } from "../ws";
+import { exitNodes, Newt } from "@server/db";
+import logger from "@server/logger";
+import config from "@server/lib/config";
+import { ne, eq, or, and, count } from "drizzle-orm";
+
+export const handleNewtPingRequestMessage: MessageHandler = async (context) => {
+    const { message, client, sendToClient } = context;
+    const newt = client as Newt;
+
+    logger.info("Handling ping request newt message!");
+
+    if (!newt) {
+        logger.warn("Newt not found");
+        return;
+    }
+
+    // TODO: pick which nodes to send and ping better than just all of them
+    let exitNodesList = await db
+        .select()
+        .from(exitNodes);
+
+    exitNodesList = exitNodesList.filter((node) => node.maxConnections !== 0);
+
+    let lastExitNodeId = null;
+    if (newt.siteId) {
+        const [lastExitNode] = await db
+            .select()
+            .from(sites)
+            .where(eq(sites.siteId, newt.siteId))
+            .limit(1);
+        lastExitNodeId = lastExitNode?.exitNodeId || null;
+    }
+
+    const exitNodesPayload = await Promise.all(
+        exitNodesList.map(async (node) => {
+            // (MAX_CONNECTIONS - current_connections) / MAX_CONNECTIONS)
+            // higher = more desirable
+            // like saying, this node has x% of its capacity left
+
+            let weight = 1;
+            const maxConnections = node.maxConnections;
+            if (maxConnections !== null && maxConnections !== undefined) {
+                const [currentConnections] = await db
+                    .select({
+                        count: count()
+                    })
+                    .from(sites)
+                    .where(
+                        and(
+                            eq(sites.exitNodeId, node.exitNodeId),
+                            eq(sites.online, true)
+                        )
+                    );
+
+                    if (currentConnections.count >= maxConnections) {
+                        return null
+                    }
+
+                weight =
+                    (maxConnections - currentConnections.count) /
+                    maxConnections;
+            }
+
+            return {
+                exitNodeId: node.exitNodeId,
+                exitNodeName: node.name,
+                endpoint: node.endpoint,
+                weight,
+                wasPreviouslyConnected: node.exitNodeId === lastExitNodeId
+            };
+        })
+    );
+
+    // filter out null values
+    const filteredExitNodes = exitNodesPayload.filter((node) => node !== null);
+
+    return {
+        message: {
+            type: "newt/ping/exitNodes",
+            data: {
+                exitNodes: filteredExitNodes
+            }
+        },
+        broadcast: false, // Send to all clients
+        excludeSender: false // Include sender in broadcast
+    };
+};
diff --git a/server/routers/newt/handleRegisterMessage.ts b/server/routers/newt/handleNewtRegisterMessage.ts
similarity index 53%
rename from server/routers/newt/handleRegisterMessage.ts
rename to server/routers/newt/handleNewtRegisterMessage.ts
index e63de0e0..71a6fd5c 100644
--- a/server/routers/newt/handleRegisterMessage.ts
+++ b/server/routers/newt/handleNewtRegisterMessage.ts
@@ -1,20 +1,30 @@
-import { db } from "@server/db";
+import { db, newts } from "@server/db";
 import { MessageHandler } from "../ws";
-import {
-    exitNodes,
-    resources,
-    sites,
-    Target,
-    targets
-} from "@server/db";
+import { exitNodes, Newt, resources, sites, Target, targets } from "@server/db";
 import { eq, and, sql, inArray } from "drizzle-orm";
 import { addPeer, deletePeer } from "../gerbil/peers";
 import logger from "@server/logger";
+import config from "@server/lib/config";
+import {
+    findNextAvailableCidr,
+    getNextAvailableClientSubnet
+} from "@server/lib/ip";
 
-export const handleRegisterMessage: MessageHandler = async (context) => {
-    const { message, newt, sendToClient } = context;
+export type ExitNodePingResult = {
+    exitNodeId: number;
+    latencyMs: number;
+    weight: number;
+    error?: string;
+    exitNodeName: string;
+    endpoint: string;
+    wasPreviouslyConnected: boolean;
+};
 
-    logger.info("Handling register message!");
+export const handleNewtRegisterMessage: MessageHandler = async (context) => {
+    const { message, client, sendToClient } = context;
+    const newt = client as Newt;
+
+    logger.info("Handling register newt message!");
 
     if (!newt) {
         logger.warn("Newt not found");
@@ -28,51 +38,126 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
 
     const siteId = newt.siteId;
 
-    const { publicKey } = message.data;
+    const { publicKey, pingResults, newtVersion, backwardsCompatible } =
+        message.data;
     if (!publicKey) {
         logger.warn("Public key not provided");
         return;
     }
 
-    const [site] = await db
+    if (backwardsCompatible) {
+        logger.debug(
+            "Backwards compatible mode detecting - not sending connect message and waiting for ping response."
+        );
+        return;
+    }
+
+    let exitNodeId: number | undefined;
+    if (pingResults) {
+        const bestPingResult = selectBestExitNode(
+            pingResults as ExitNodePingResult[]
+        );
+        if (!bestPingResult) {
+            logger.warn("No suitable exit node found based on ping results");
+            return;
+        }
+        exitNodeId = bestPingResult.exitNodeId;
+    }
+
+    if (newtVersion) {
+        // update the newt version in the database
+        await db
+            .update(newts)
+            .set({
+                version: newtVersion as string
+            })
+            .where(eq(newts.newtId, newt.newtId));
+    }
+
+    const [oldSite] = await db
         .select()
         .from(sites)
         .where(eq(sites.siteId, siteId))
         .limit(1);
 
-    if (!site || !site.exitNodeId) {
+    if (!oldSite || !oldSite.exitNodeId) {
         logger.warn("Site not found or does not have exit node");
         return;
     }
 
-    await db
-        .update(sites)
-        .set({
-            pubKey: publicKey
-        })
-        .where(eq(sites.siteId, siteId))
-        .returning();
+    let siteSubnet = oldSite.subnet;
+    let exitNodeIdToQuery = oldSite.exitNodeId;
+    if (exitNodeId && (oldSite.exitNodeId !== exitNodeId || !oldSite.subnet)) {
+        // This effectively moves the exit node to the new one
+        exitNodeIdToQuery = exitNodeId; // Use the provided exitNodeId if it differs from the site's exitNodeId
+
+        const sitesQuery = await db
+            .select({
+                subnet: sites.subnet
+            })
+            .from(sites)
+            .where(eq(sites.exitNodeId, exitNodeId));
+
+        const [exitNode] = await db
+            .select()
+            .from(exitNodes)
+            .where(eq(exitNodes.exitNodeId, exitNodeIdToQuery))
+            .limit(1);
+
+        const blockSize = config.getRawConfig().gerbil.site_block_size;
+        const subnets = sitesQuery.map((site) => site.subnet).filter((subnet) => subnet !== null);
+        subnets.push(exitNode.address.replace(/\/\d+$/, `/${blockSize}`));
+        const newSubnet = findNextAvailableCidr(
+            subnets,
+            blockSize,
+            exitNode.address
+        );
+        if (!newSubnet) {
+            logger.error("No available subnets found for the new exit node");
+            return;
+        }
+
+        siteSubnet = newSubnet;
+
+        await db
+            .update(sites)
+            .set({
+                pubKey: publicKey,
+                exitNodeId: exitNodeId,
+                subnet: newSubnet
+            })
+            .where(eq(sites.siteId, siteId))
+            .returning();
+    } else {
+        await db
+            .update(sites)
+            .set({
+                pubKey: publicKey
+            })
+            .where(eq(sites.siteId, siteId))
+            .returning();
+    }
 
     const [exitNode] = await db
         .select()
         .from(exitNodes)
-        .where(eq(exitNodes.exitNodeId, site.exitNodeId))
+        .where(eq(exitNodes.exitNodeId, exitNodeIdToQuery))
         .limit(1);
 
-    if (site.pubKey && site.pubKey !== publicKey) {
+    if (oldSite.pubKey && oldSite.pubKey !== publicKey) {
         logger.info("Public key mismatch. Deleting old peer...");
-        await deletePeer(site.exitNodeId, site.pubKey);
+        await deletePeer(oldSite.exitNodeId, oldSite.pubKey);
     }
 
-    if (!site.subnet) {
+    if (!siteSubnet) {
         logger.warn("Site has no subnet");
         return;
     }
 
     // add the peer to the exit node
-    await addPeer(site.exitNodeId, {
+    await addPeer(exitNodeIdToQuery, {
         publicKey: publicKey,
-        allowedIps: [site.subnet]
+        allowedIps: [siteSubnet]
     });
 
     // Improved version
@@ -161,7 +246,7 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
                 endpoint: `${exitNode.endpoint}:${exitNode.listenPort}`,
                 publicKey: exitNode.publicKey,
                 serverIP: exitNode.address.split("/")[0],
-                tunnelIP: site.subnet.split("/")[0],
+                tunnelIP: siteSubnet.split("/")[0],
                 targets: {
                     udp: udpTargets,
                     tcp: tcpTargets
@@ -172,3 +257,14 @@ export const handleRegisterMessage: MessageHandler = async (context) => {
         excludeSender: false // Include sender in broadcast
     };
 };
+
+function selectBestExitNode(
+    pingResults: ExitNodePingResult[]
+): ExitNodePingResult | null {
+    if (!pingResults || pingResults.length === 0) {
+        logger.warn("No ping results provided");
+        return null;
+    }
+
+    return pingResults[0];
+}
diff --git a/server/routers/newt/handleReceiveBandwidthMessage.ts b/server/routers/newt/handleReceiveBandwidthMessage.ts
new file mode 100644
index 00000000..89b24f78
--- /dev/null
+++ b/server/routers/newt/handleReceiveBandwidthMessage.ts
@@ -0,0 +1,52 @@
+import { db } from "@server/db";
+import { MessageHandler } from "../ws";
+import { clients, Newt } from "@server/db";
+import { eq } from "drizzle-orm";
+import logger from "@server/logger";
+
+interface PeerBandwidth {
+    publicKey: string;
+    bytesIn: number;
+    bytesOut: number;
+}
+
+export const handleReceiveBandwidthMessage: MessageHandler = async (context) => {
+    const { message, client, sendToClient } = context;
+
+    if (!message.data.bandwidthData) {
+        logger.warn("No bandwidth data provided");
+    }
+
+    const bandwidthData: PeerBandwidth[] = message.data.bandwidthData;
+
+    if (!Array.isArray(bandwidthData)) {
+        throw new Error("Invalid bandwidth data");
+    }
+
+    await db.transaction(async (trx) => {
+        for (const peer of bandwidthData) {
+            const { publicKey, bytesIn, bytesOut } = peer;
+
+            // Find the client by public key
+            const [client] = await trx
+                .select()
+                .from(clients)
+                .where(eq(clients.pubKey, publicKey))
+                .limit(1);
+
+            if (!client) {
+                continue;
+            }
+
+            // Update the client's bandwidth usage
+            await trx
+                .update(clients)
+                .set({
+                    megabytesOut: (client.megabytesIn || 0) + bytesIn,
+                    megabytesIn: (client.megabytesOut || 0) + bytesOut,
+                    lastBandwidthUpdate: new Date().toISOString(),
+                })
+                .where(eq(clients.clientId, client.clientId));
+        }
+    });
+};
diff --git a/server/routers/newt/handleSocketMessages.ts b/server/routers/newt/handleSocketMessages.ts
index 0a217c52..01b7be60 100644
--- a/server/routers/newt/handleSocketMessages.ts
+++ b/server/routers/newt/handleSocketMessages.ts
@@ -1,9 +1,11 @@
 import { MessageHandler } from "../ws";
 import logger from "@server/logger";
 import { dockerSocketCache } from "./dockerSocket";
+import { Newt } from "@server/db";
 
 export const handleDockerStatusMessage: MessageHandler = async (context) => {
-    const { message, newt } = context;
+    const { message, client, sendToClient } = context;
+    const newt = client as Newt;
 
     logger.info("Handling Docker socket check response");
 
@@ -33,7 +35,8 @@ export const handleDockerStatusMessage: MessageHandler = async (context) => {
 export const handleDockerContainersMessage: MessageHandler = async (
     context
 ) => {
-    const { message, newt } = context;
+    const { message, client, sendToClient } = context;
+    const newt = client as Newt;
 
     logger.info("Handling Docker containers response");
 
diff --git a/server/routers/newt/index.ts b/server/routers/newt/index.ts
index ad6d531c..08f047e3 100644
--- a/server/routers/newt/index.ts
+++ b/server/routers/newt/index.ts
@@ -1,4 +1,7 @@
 export * from "./createNewt";
-export * from "./getToken";
-export * from "./handleRegisterMessage";
-export * from "./handleSocketMessages";
\ No newline at end of file
+export * from "./getNewtToken";
+export * from "./handleNewtRegisterMessage";
+export * from "./handleReceiveBandwidthMessage";
+export * from "./handleGetConfigMessage";
+export * from "./handleSocketMessages";
+export * from "./handleNewtPingRequestMessage";
\ No newline at end of file
diff --git a/server/routers/newt/peers.ts b/server/routers/newt/peers.ts
new file mode 100644
index 00000000..ff57e6fd
--- /dev/null
+++ b/server/routers/newt/peers.ts
@@ -0,0 +1,114 @@
+import { db } from "@server/db";
+import { newts, sites } from "@server/db";
+import { eq } from "drizzle-orm";
+import { sendToClient } from "../ws";
+import logger from "@server/logger";
+
+export async function addPeer(
+    siteId: number,
+    peer: {
+        publicKey: string;
+        allowedIps: string[];
+        endpoint: string;
+    }
+) {
+    const [site] = await db
+        .select()
+        .from(sites)
+        .where(eq(sites.siteId, siteId))
+        .limit(1);
+    if (!site) {
+        throw new Error(`Exit node with ID ${siteId} not found`);
+    }
+
+    // get the newt on the site
+    const [newt] = await db
+        .select()
+        .from(newts)
+        .where(eq(newts.siteId, siteId))
+        .limit(1);
+    if (!newt) {
+        throw new Error(`Site found for site ${siteId}`);
+    }
+
+    sendToClient(newt.newtId, {
+        type: "newt/wg/peer/add",
+        data: peer
+    });
+
+    logger.info(`Added peer ${peer.publicKey} to newt ${newt.newtId}`);
+
+    return site;
+}
+
+export async function deletePeer(siteId: number, publicKey: string) {
+    const [site] = await db
+        .select()
+        .from(sites)
+        .where(eq(sites.siteId, siteId))
+        .limit(1);
+    if (!site) {
+        throw new Error(`Site with ID ${siteId} not found`);
+    }
+
+    // get the newt on the site
+    const [newt] = await db
+        .select()
+        .from(newts)
+        .where(eq(newts.siteId, siteId))
+        .limit(1);
+    if (!newt) {
+        throw new Error(`Newt not found for site ${siteId}`);
+    }
+
+    sendToClient(newt.newtId, {
+        type: "newt/wg/peer/remove",
+        data: {
+            publicKey
+        }
+    });
+
+    logger.info(`Deleted peer ${publicKey} from newt ${newt.newtId}`);
+
+    return site;
+}
+
+export async function updatePeer(
+    siteId: number,
+    publicKey: string,
+    peer: {
+        allowedIps?: string[];
+        endpoint?: string;
+    }
+) {
+    const [site] = await db
+        .select()
+        .from(sites)
+        .where(eq(sites.siteId, siteId))
+        .limit(1);
+    if (!site) {
+        throw new Error(`Site with ID ${siteId} not found`);
+    }
+
+    // get the newt on the site
+    const [newt] = await db
+        .select()
+        .from(newts)
+        .where(eq(newts.siteId, siteId))
+        .limit(1);
+    if (!newt) {
+        throw new Error(`Newt not found for site ${siteId}`);
+    }
+
+    sendToClient(newt.newtId, {
+        type: "newt/wg/peer/update",
+        data: {
+            publicKey,
+            ...peer
+        }
+    });
+
+    logger.info(`Updated peer ${publicKey} on newt ${newt.newtId}`);
+
+    return site;
+}
diff --git a/server/routers/olm/createOlm.ts b/server/routers/olm/createOlm.ts
new file mode 100644
index 00000000..3066e4ea
--- /dev/null
+++ b/server/routers/olm/createOlm.ts
@@ -0,0 +1,106 @@
+import { NextFunction, Request, Response } from "express";
+import { db } from "@server/db";
+import { hash } from "@node-rs/argon2";
+import HttpCode from "@server/types/HttpCode";
+import { z } from "zod";
+import { newts } from "@server/db";
+import createHttpError from "http-errors";
+import response from "@server/lib/response";
+import { SqliteError } from "better-sqlite3";
+import moment from "moment";
+import { generateSessionToken } from "@server/auth/sessions/app";
+import { createNewtSession } from "@server/auth/sessions/newt";
+import { fromError } from "zod-validation-error";
+import { hashPassword } from "@server/auth/password";
+
+export const createNewtBodySchema = z.object({});
+
+export type CreateNewtBody = z.infer<typeof createNewtBodySchema>;
+
+export type CreateNewtResponse = {
+    token: string;
+    newtId: string;
+    secret: string;
+};
+
+const createNewtSchema = z
+    .object({
+        newtId: z.string(),
+        secret: z.string()
+    })
+    .strict();
+
+export async function createNewt(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+
+        const parsedBody = createNewtSchema.safeParse(req.body);
+        if (!parsedBody.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedBody.error).toString()
+                )
+            );
+        }
+
+        const { newtId, secret } = parsedBody.data;
+
+        if (req.user && !req.userOrgRoleId) {
+            return next(
+                createHttpError(HttpCode.FORBIDDEN, "User does not have a role")
+            );
+        }
+
+        const secretHash = await hashPassword(secret);
+
+        await db.insert(newts).values({
+            newtId: newtId,
+            secretHash,
+            dateCreated: moment().toISOString(),
+        });
+
+        // give the newt their default permissions:
+        // await db.insert(newtActions).values({
+        //     newtId: newtId,
+        //     actionId: ActionsEnum.createOrg,
+        //     orgId: null,
+        // });
+
+        const token = generateSessionToken();
+        await createNewtSession(token, newtId);
+
+        return response<CreateNewtResponse>(res, {
+            data: {
+                newtId,
+                secret,
+                token,
+            },
+            success: true,
+            error: false,
+            message: "Newt created successfully",
+            status: HttpCode.OK,
+        });
+    } catch (e) {
+        if (e instanceof SqliteError && e.code === "SQLITE_CONSTRAINT_UNIQUE") {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "A newt with that email address already exists"
+                )
+            );
+        } else {
+            console.error(e);
+
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "Failed to create newt"
+                )
+            );
+        }
+    }
+}
diff --git a/server/routers/olm/getOlmToken.ts b/server/routers/olm/getOlmToken.ts
new file mode 100644
index 00000000..c26f5936
--- /dev/null
+++ b/server/routers/olm/getOlmToken.ts
@@ -0,0 +1,119 @@
+import { generateSessionToken } from "@server/auth/sessions/app";
+import { db } from "@server/db";
+import { olms } from "@server/db";
+import HttpCode from "@server/types/HttpCode";
+import response from "@server/lib/response";
+import { eq } from "drizzle-orm";
+import { NextFunction, Request, Response } from "express";
+import createHttpError from "http-errors";
+import { z } from "zod";
+import { fromError } from "zod-validation-error";
+import {
+    createOlmSession,
+    validateOlmSessionToken
+} from "@server/auth/sessions/olm";
+import { verifyPassword } from "@server/auth/password";
+import logger from "@server/logger";
+import config from "@server/lib/config";
+
+export const olmGetTokenBodySchema = z.object({
+    olmId: z.string(),
+    secret: z.string(),
+    token: z.string().optional()
+});
+
+export type OlmGetTokenBody = z.infer<typeof olmGetTokenBodySchema>;
+
+export async function getOlmToken(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    const parsedBody = olmGetTokenBodySchema.safeParse(req.body);
+
+    if (!parsedBody.success) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                fromError(parsedBody.error).toString()
+            )
+        );
+    }
+
+    const { olmId, secret, token } = parsedBody.data;
+
+    try {
+        if (token) {
+            const { session, olm } = await validateOlmSessionToken(token);
+            if (session) {
+                if (config.getRawConfig().app.log_failed_attempts) {
+                    logger.info(
+                        `Olm session already valid. Olm ID: ${olmId}. IP: ${req.ip}.`
+                    );
+                }
+                return response<null>(res, {
+                    data: null,
+                    success: true,
+                    error: false,
+                    message: "Token session already valid",
+                    status: HttpCode.OK
+                });
+            }
+        }
+
+        const existingOlmRes = await db
+            .select()
+            .from(olms)
+            .where(eq(olms.olmId, olmId));
+        if (!existingOlmRes || !existingOlmRes.length) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "No olm found with that olmId"
+                )
+            );
+        }
+
+        const existingOlm = existingOlmRes[0];
+
+        const validSecret = await verifyPassword(
+            secret,
+            existingOlm.secretHash
+        );
+        if (!validSecret) {
+            if (config.getRawConfig().app.log_failed_attempts) {
+                logger.info(
+                    `Olm id or secret is incorrect. Olm: ID ${olmId}. IP: ${req.ip}.`
+                );
+            }
+            return next(
+                createHttpError(HttpCode.BAD_REQUEST, "Secret is incorrect")
+            );
+        }
+
+        logger.debug("Creating new olm session token");
+
+        const resToken = generateSessionToken();
+        await createOlmSession(resToken, existingOlm.olmId);
+
+        logger.debug("Token created successfully");
+
+        return response<{ token: string }>(res, {
+            data: {
+                token: resToken
+            },
+            success: true,
+            error: false,
+            message: "Token created successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(
+                HttpCode.INTERNAL_SERVER_ERROR,
+                "Failed to authenticate olm"
+            )
+        );
+    }
+}
diff --git a/server/routers/olm/handleOlmPingMessage.ts b/server/routers/olm/handleOlmPingMessage.ts
new file mode 100644
index 00000000..941f7638
--- /dev/null
+++ b/server/routers/olm/handleOlmPingMessage.ts
@@ -0,0 +1,93 @@
+import { db } from "@server/db";
+import { MessageHandler } from "../ws";
+import { clients, Olm } from "@server/db";
+import { eq, lt, isNull } from "drizzle-orm";
+import logger from "@server/logger";
+
+// Track if the offline checker interval is running
+let offlineCheckerInterval: NodeJS.Timeout | null = null;
+const OFFLINE_CHECK_INTERVAL = 30 * 1000; // Check every 30 seconds
+const OFFLINE_THRESHOLD_MS = 2 * 60 * 1000; // 2 minutes
+
+/**
+ * Starts the background interval that checks for clients that haven't pinged recently
+ * and marks them as offline
+ */
+export const startOfflineChecker = (): void => {
+    if (offlineCheckerInterval) {
+        return; // Already running
+    }
+
+    offlineCheckerInterval = setInterval(async () => {
+        try {
+            const twoMinutesAgo = new Date(Date.now() - OFFLINE_THRESHOLD_MS);
+
+            // Find clients that haven't pinged in the last 2 minutes and mark them as offline
+            await db
+                .update(clients)
+                .set({ online: false })
+                .where(
+                    eq(clients.online, true) &&
+                    (lt(clients.lastPing, twoMinutesAgo.toISOString()) || isNull(clients.lastPing))
+                );
+
+        } catch (error) {
+            logger.error("Error in offline checker interval", { error });
+        }
+    }, OFFLINE_CHECK_INTERVAL);
+
+    logger.info("Started offline checker interval");
+}
+
+/**
+ * Stops the background interval that checks for offline clients
+ */
+export const stopOfflineChecker = (): void => {
+    if (offlineCheckerInterval) {
+        clearInterval(offlineCheckerInterval);
+        offlineCheckerInterval = null;
+        logger.info("Stopped offline checker interval");
+    }
+}
+
+/**
+ * Handles ping messages from clients and responds with pong
+ */
+export const handleOlmPingMessage: MessageHandler = async (context) => {
+    const { message, client: c, sendToClient } = context;
+    const olm = c as Olm;
+
+    if (!olm) {
+        logger.warn("Olm not found");
+        return;
+    }
+
+    if (!olm.clientId) {
+        logger.warn("Olm has no client ID!");
+        return;
+    }
+
+    try {
+        // Update the client's last ping timestamp
+        await db
+            .update(clients)
+            .set({
+                lastPing: new Date().toISOString(),
+                online: true,
+            })
+            .where(eq(clients.clientId, olm.clientId));
+    } catch (error) {
+        logger.error("Error handling ping message", { error });
+    }
+
+    return {
+        message: {
+            type: "pong",
+            data: {
+                timestamp: new Date().toISOString(),
+            }
+        },
+        broadcast: false,
+        excludeSender: false
+    };
+};
diff --git a/server/routers/olm/handleOlmRegisterMessage.ts b/server/routers/olm/handleOlmRegisterMessage.ts
new file mode 100644
index 00000000..9f626a7b
--- /dev/null
+++ b/server/routers/olm/handleOlmRegisterMessage.ts
@@ -0,0 +1,181 @@
+import { db } from "@server/db";
+import { MessageHandler } from "../ws";
+import {
+    clients,
+    clientSites,
+    exitNodes,
+    Olm,
+    olms,
+    sites
+} from "@server/db";
+import { eq, inArray } from "drizzle-orm";
+import { addPeer, deletePeer } from "../newt/peers";
+import logger from "@server/logger";
+
+export const handleOlmRegisterMessage: MessageHandler = async (context) => {
+    logger.info("Handling register olm message!");
+    const { message, client: c, sendToClient } = context;
+    const olm = c as Olm;
+
+    const now = new Date().getTime() / 1000;
+
+    if (!olm) {
+        logger.warn("Olm not found");
+        return;
+    }
+    if (!olm.clientId) {
+        logger.warn("Olm has no client ID!");
+        return;
+    }
+    const clientId = olm.clientId;
+    const { publicKey } = message.data;
+    if (!publicKey) {
+        logger.warn("Public key not provided");
+        return;
+    }
+
+    // Get the client
+    const [client] = await db
+        .select()
+        .from(clients)
+        .where(eq(clients.clientId, clientId))
+        .limit(1);
+
+    if (!client) {
+        logger.warn("Client not found");
+        return;
+    }
+
+    if (client.exitNodeId) {
+        // Get the exit node for this site
+        const [exitNode] = await db
+            .select()
+            .from(exitNodes)
+            .where(eq(exitNodes.exitNodeId, client.exitNodeId))
+            .limit(1);
+
+        // Send holepunch message for each site
+        sendToClient(olm.olmId, {
+            type: "olm/wg/holepunch",
+            data: {
+                serverPubKey: exitNode.publicKey
+            }
+        });
+    }
+
+    if (now - (client.lastHolePunch || 0) > 6) {
+        logger.warn("Client last hole punch is too old, skipping all sites");
+        return;
+    }
+
+    if (client.pubKey !== publicKey) {
+        logger.info(
+            "Public key mismatch. Updating public key and clearing session info..."
+        );
+        // Update the client's public key
+        await db
+            .update(clients)
+            .set({
+                pubKey: publicKey
+            })
+            .where(eq(clients.clientId, olm.clientId));
+
+        // set isRelay to false for all of the client's sites to reset the connection metadata
+        await db
+            .update(clientSites)
+            .set({
+                isRelayed: false
+            })
+            .where(eq(clientSites.clientId, olm.clientId));
+    }
+
+    // Get all sites data
+    const sitesData = await db
+        .select()
+        .from(sites)
+        .innerJoin(clientSites, eq(sites.siteId, clientSites.siteId))
+        .where(eq(clientSites.clientId, client.clientId));
+
+    // Prepare an array to store site configurations
+    const siteConfigurations = [];
+
+    // Process each site
+    for (const { sites: site } of sitesData) {
+        if (!site.exitNodeId) {
+            logger.warn(
+                `Site ${site.siteId} does not have exit node, skipping`
+            );
+            continue;
+        }
+
+        // Validate endpoint and hole punch status
+        if (!site.endpoint) {
+            logger.warn(`Site ${site.siteId} has no endpoint, skipping`);
+            continue;
+        }
+
+        if (site.lastHolePunch && now - site.lastHolePunch > 6) {
+            logger.warn(
+                `Site ${site.siteId} last hole punch is too old, skipping`
+            );
+            continue;
+        }
+
+        // If public key changed, delete old peer from this site
+        if (client.pubKey && client.pubKey != publicKey) {
+            logger.info(
+                `Public key mismatch. Deleting old peer from site ${site.siteId}...`
+            );
+            await deletePeer(site.siteId, client.pubKey!);
+        }
+
+        if (!site.subnet) {
+            logger.warn(`Site ${site.siteId} has no subnet, skipping`);
+            continue;
+        }
+
+        // Add the peer to the exit node for this site
+        if (client.endpoint) {
+            logger.info(
+                `Adding peer ${publicKey} to site ${site.siteId} with endpoint ${client.endpoint}`
+            );
+            await addPeer(site.siteId, {
+                publicKey: publicKey,
+                allowedIps: [`${client.subnet.split('/')[0]}/32`], // we want to only allow from that client
+                endpoint: client.endpoint
+            });
+        } else {
+            logger.warn(
+                `Client ${client.clientId} has no endpoint, skipping peer addition`
+            );
+        }
+
+        // Add site configuration to the array
+        siteConfigurations.push({
+            siteId: site.siteId,
+            endpoint: site.endpoint,
+            publicKey: site.publicKey,
+            serverIP: site.address,
+            serverPort: site.listenPort
+        });
+    }
+
+    // If we have no valid site configurations, don't send a connect message
+    if (siteConfigurations.length === 0) {
+        logger.warn("No valid site configurations found");
+        return;
+    }
+
+    // Return connect message with all site configurations
+    return {
+        message: {
+            type: "olm/wg/connect",
+            data: {
+                sites: siteConfigurations,
+                tunnelIP: client.subnet
+            }
+        },
+        broadcast: false,
+        excludeSender: false
+    };
+};
diff --git a/server/routers/olm/handleOlmRelayMessage.ts b/server/routers/olm/handleOlmRelayMessage.ts
new file mode 100644
index 00000000..83a97a41
--- /dev/null
+++ b/server/routers/olm/handleOlmRelayMessage.ts
@@ -0,0 +1,58 @@
+import { db } from "@server/db";
+import { MessageHandler } from "../ws";
+import { clients, clientSites, Olm } from "@server/db";
+import { eq } from "drizzle-orm";
+import { updatePeer } from "../newt/peers";
+import logger from "@server/logger";
+
+export const handleOlmRelayMessage: MessageHandler = async (context) => {
+    const { message, client: c, sendToClient } = context;
+    const olm = c as Olm;
+
+    logger.info("Handling relay olm message!");
+
+    if (!olm) {
+        logger.warn("Olm not found");
+        return;
+    }
+
+    if (!olm.clientId) {
+        logger.warn("Olm has no site!"); // TODO: Maybe we create the site here?
+        return;
+    }
+
+    const clientId = olm.clientId;
+
+    const [client] = await db
+        .select()
+        .from(clients)
+        .where(eq(clients.clientId, clientId))
+        .limit(1);
+
+    if (!client) {
+        logger.warn("Site not found or does not have exit node");
+        return;
+    }
+
+    // make sure we hand endpoints for both the site and the client and the lastHolePunch is not too old
+    if (!client.pubKey) {
+        logger.warn("Site or client has no endpoint or listen port");
+        return;
+    }
+
+    const { siteId } = message.data;
+
+    await db
+        .update(clientSites)
+        .set({
+            isRelayed: true
+        })
+        .where(eq(clientSites.clientId, olm.clientId));
+
+    // update the peer on the exit node
+    await updatePeer(siteId, client.pubKey, {
+        endpoint: "" // this removes the endpoint
+    });
+
+    return;
+};
diff --git a/server/routers/olm/index.ts b/server/routers/olm/index.ts
new file mode 100644
index 00000000..8426612e
--- /dev/null
+++ b/server/routers/olm/index.ts
@@ -0,0 +1,5 @@
+export * from "./handleOlmRegisterMessage";
+export * from "./getOlmToken";
+export * from "./createOlm";
+export * from "./handleOlmRelayMessage";
+export * from "./handleOlmPingMessage";
\ No newline at end of file
diff --git a/server/routers/olm/peers.ts b/server/routers/olm/peers.ts
new file mode 100644
index 00000000..48a915aa
--- /dev/null
+++ b/server/routers/olm/peers.ts
@@ -0,0 +1,92 @@
+import { db } from "@server/db";
+import { clients, olms, newts, sites } from "@server/db";
+import { eq } from "drizzle-orm";
+import { sendToClient } from "../ws";
+import logger from "@server/logger";
+
+export async function addPeer(
+    clientId: number,
+    peer: {
+        siteId: number;
+        publicKey: string;
+        endpoint: string;
+        serverIP: string | null;
+        serverPort: number | null;
+    }
+) {
+    const [olm] = await db
+        .select()
+        .from(olms)
+        .where(eq(olms.clientId, clientId))
+        .limit(1);
+    if (!olm) {
+        throw new Error(`Olm with ID ${clientId} not found`);
+    }
+
+    sendToClient(olm.olmId, {
+        type: "olm/wg/peer/add",
+        data: {
+            siteId: peer.siteId,
+            publicKey: peer.publicKey,
+            endpoint: peer.endpoint,
+            serverIP: peer.serverIP,
+            serverPort: peer.serverPort
+        }
+    });
+
+    logger.info(`Added peer ${peer.publicKey} to olm ${olm.olmId}`);
+}
+
+export async function deletePeer(clientId: number, siteId: number, publicKey: string) {
+    const [olm] = await db
+        .select()
+        .from(olms)
+        .where(eq(olms.clientId, clientId))
+        .limit(1);
+    if (!olm) {
+        throw new Error(`Olm with ID ${clientId} not found`);
+    }
+
+    sendToClient(olm.olmId, {
+        type: "olm/wg/peer/remove",
+        data: {
+            publicKey,
+            siteId: siteId
+        }
+    });
+
+    logger.info(`Deleted peer ${publicKey} from olm ${olm.olmId}`);
+}
+
+export async function updatePeer(
+    clientId: number,
+    peer: {
+        siteId: number;
+        publicKey: string;
+        endpoint: string;
+        serverIP: string | null;
+        serverPort: number | null;
+    }
+) {
+    const [olm] = await db
+        .select()
+        .from(olms)
+        .where(eq(olms.clientId, clientId))
+        .limit(1);
+    if (!olm) {
+        throw new Error(`Olm with ID ${clientId} not found`);
+    }
+
+    sendToClient(olm.olmId, {
+        type: "olm/wg/peer/update",
+        data: {
+            siteId: peer.siteId,
+            publicKey: peer.publicKey,
+            endpoint: peer.endpoint,
+            serverIP: peer.serverIP,
+            serverPort: peer.serverPort
+        }
+    });
+
+    logger.info(`Added peer ${peer.publicKey} to olm ${olm.olmId}`);
+}
diff --git a/server/routers/org/createOrg.ts b/server/routers/org/createOrg.ts
index ac977063..9ac65115 100644
--- a/server/routers/org/createOrg.ts
+++ b/server/routers/org/createOrg.ts
@@ -23,16 +23,16 @@ import config from "@server/lib/config";
 import { fromError } from "zod-validation-error";
 import { defaultRoleAllowedActions } from "../role";
 import { OpenAPITags, registry } from "@server/openApi";
+import { isValidCIDR } from "@server/lib/validators";
 
 const createOrgSchema = z
     .object({
         orgId: z.string(),
-        name: z.string().min(1).max(255)
+        name: z.string().min(1).max(255),
+        subnet: z.string()
     })
     .strict();
 
-// const MAX_ORGS = 5;
-
 registry.registerPath({
     method: "put",
     path: "/org",
@@ -78,7 +78,33 @@ export async function createOrg(
             );
         }
 
-        const { orgId, name } = parsedBody.data;
+        const { orgId, name, subnet } = parsedBody.data;
+
+        if (!isValidCIDR(subnet)) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    "Invalid subnet format. Please provide a valid CIDR notation."
+                )
+            );
+        }
+
+        // TODO: for now we are making all of the orgs the same subnet
+        // make sure the subnet is unique
+        // const subnetExists = await db
+        //     .select()
+        //     .from(orgs)
+        //     .where(eq(orgs.subnet, subnet))
+        //     .limit(1);
+
+        // if (subnetExists.length > 0) {
+        //     return next(
+        //         createHttpError(
+        //             HttpCode.CONFLICT,
+        //             `Subnet ${subnet} already exists`
+        //         )
+        //     );
+        // }
 
         // make sure the orgId is unique
         const orgExists = await db
@@ -109,7 +135,8 @@ export async function createOrg(
                 .insert(orgs)
                 .values({
                     orgId,
-                    name
+                    name,
+                    subnet
                 })
                 .returning();
 
@@ -142,25 +169,25 @@ export async function createOrg(
 
             // Get all actions and create role actions
             const actionIds = await trx.select().from(actions).execute();
-            
+
             if (actionIds.length > 0) {
-                await trx
-                    .insert(roleActions)
-                    .values(
-                        actionIds.map((action) => ({
-                            roleId,
-                            actionId: action.actionId,
-                            orgId: newOrg[0].orgId
-                        }))
-                    );
+                await trx.insert(roleActions).values(
+                    actionIds.map((action) => ({
+                        roleId,
+                        actionId: action.actionId,
+                        orgId: newOrg[0].orgId
+                    }))
+                );
             }
 
-            await trx.insert(orgDomains).values(
-                allDomains.map((domain) => ({
-                    orgId: newOrg[0].orgId,
-                    domainId: domain.domainId
-                }))
-            );
+            if (allDomains.length) {
+                await trx.insert(orgDomains).values(
+                    allDomains.map((domain) => ({
+                        orgId: newOrg[0].orgId,
+                        domainId: domain.domainId
+                    }))
+                );
+            }
 
             if (req.user) {
                 await trx.insert(userOrgs).values({
@@ -187,7 +214,7 @@ export async function createOrg(
                     orgId: newOrg[0].orgId,
                     roleId: roleId,
                     isOwner: true
-                });
+                }); 
             }
 
             const memberRole = await trx
diff --git a/server/routers/org/deleteOrg.ts b/server/routers/org/deleteOrg.ts
index 5b2accce..41b491a2 100644
--- a/server/routers/org/deleteOrg.ts
+++ b/server/routers/org/deleteOrg.ts
@@ -89,6 +89,8 @@ export async function deleteOrg(
             .where(eq(sites.orgId, orgId))
             .limit(1);
 
+        const deletedNewtIds: string[] = [];
+
         await db.transaction(async (trx) => {
             if (sites) {
                 for (const site of orgSites) {
@@ -102,11 +104,7 @@ export async function deleteOrg(
                                 .where(eq(newts.siteId, site.siteId))
                                 .returning();
                             if (deletedNewt) {
-                                const payload = {
-                                    type: `newt/terminate`,
-                                    data: {}
-                                };
-                                sendToClient(deletedNewt.newtId, payload);
+                                deletedNewtIds.push(deletedNewt.newtId);
 
                                 // delete all of the sessions for the newt
                                 await trx
@@ -131,6 +129,18 @@ export async function deleteOrg(
             await trx.delete(orgs).where(eq(orgs.orgId, orgId));
         });
 
+        // Send termination messages outside of transaction to prevent blocking
+        for (const newtId of deletedNewtIds) {
+            const payload = {
+                type: `newt/terminate`,
+                data: {}
+            };
+            // Don't await this to prevent blocking the response
+            sendToClient(newtId, payload).catch(error => {
+                logger.error("Failed to send termination message to newt:", error);
+            });
+        }
+
         return response(res, {
             data: null,
             success: true,
diff --git a/server/routers/org/index.ts b/server/routers/org/index.ts
index 772f0cec..c0100059 100644
--- a/server/routers/org/index.ts
+++ b/server/routers/org/index.ts
@@ -7,3 +7,4 @@ export * from "./listUserOrgs";
 export * from "./checkId";
 export * from "./getOrgOverview";
 export * from "./listOrgs";
+export * from "./pickOrgDefaults";
diff --git a/server/routers/org/listUserOrgs.ts b/server/routers/org/listUserOrgs.ts
index 694a4fb2..e3c0d06f 100644
--- a/server/routers/org/listUserOrgs.ts
+++ b/server/routers/org/listUserOrgs.ts
@@ -5,7 +5,7 @@ import { Org, orgs, userOrgs } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
-import { sql, inArray, eq } from "drizzle-orm";
+import { sql, inArray, eq, and } from "drizzle-orm";
 import logger from "@server/logger";
 import { fromZodError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
@@ -40,8 +40,10 @@ const listOrgsSchema = z.object({
 //     responses: {}
 // });
 
+type ResponseOrg = Org & { isOwner?: boolean };
+
 export type ListUserOrgsResponse = {
-    orgs: Org[];
+    orgs: ResponseOrg[];
     pagination: { total: number; limit: number; offset: number };
 };
 
@@ -106,6 +108,10 @@ export async function listUserOrgs(
             .select()
             .from(orgs)
             .where(inArray(orgs.orgId, userOrgIds))
+            .leftJoin(
+                userOrgs,
+                and(eq(userOrgs.orgId, orgs.orgId), eq(userOrgs.userId, userId))
+            )
             .limit(limit)
             .offset(offset);
 
@@ -115,9 +121,19 @@ export async function listUserOrgs(
             .where(inArray(orgs.orgId, userOrgIds));
         const totalCount = totalCountResult[0].count;
 
+        const responseOrgs = organizations.map((val) => {
+            const res = {
+                ...val.orgs
+            } as ResponseOrg;
+            if (val.userOrgs && val.userOrgs.isOwner) {
+                res.isOwner = val.userOrgs.isOwner;
+            }
+            return res;
+        });
+
         return response<ListUserOrgsResponse>(res, {
             data: {
-                orgs: organizations,
+                orgs: responseOrgs,
                 pagination: {
                     total: totalCount,
                     limit,
diff --git a/server/routers/org/pickOrgDefaults.ts b/server/routers/org/pickOrgDefaults.ts
new file mode 100644
index 00000000..771b0d99
--- /dev/null
+++ b/server/routers/org/pickOrgDefaults.ts
@@ -0,0 +1,39 @@
+import { Request, Response, NextFunction } from "express";
+import response from "@server/lib/response";
+import HttpCode from "@server/types/HttpCode";
+import createHttpError from "http-errors";
+import logger from "@server/logger";
+import { getNextAvailableOrgSubnet } from "@server/lib/ip";
+import config from "@server/lib/config";
+
+export type PickOrgDefaultsResponse = {
+    subnet: string;
+};
+
+export async function pickOrgDefaults(
+    req: Request,
+    res: Response,
+    next: NextFunction
+): Promise<any> {
+    try {
+        // TODO: Why would each org have to have its own subnet?
+        // const subnet = await getNextAvailableOrgSubnet();
+        // Just hard code the subnet for now for everyone
+        const subnet = config.getRawConfig().orgs.subnet_group;
+
+        return response<PickOrgDefaultsResponse>(res, {
+            data: {
+                subnet: subnet
+            },
+            success: true,
+            error: false,
+            message: "Organization defaults created successfully",
+            status: HttpCode.OK
+        });
+    } catch (error) {
+        logger.error(error);
+        return next(
+            createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "An error occurred")
+        );
+    }
+}
diff --git a/server/routers/org/updateOrg.ts b/server/routers/org/updateOrg.ts
index 06c92fad..6dcd1016 100644
--- a/server/routers/org/updateOrg.ts
+++ b/server/routers/org/updateOrg.ts
@@ -19,7 +19,6 @@ const updateOrgParamsSchema = z
 const updateOrgBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional()
-        // domain: z.string().min(1).max(255).optional(),
     })
     .strict()
     .refine((data) => Object.keys(data).length > 0, {
diff --git a/server/routers/resource/createResource.ts b/server/routers/resource/createResource.ts
index 1cbfa38e..1c4ace3b 100644
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -21,6 +21,7 @@ import logger from "@server/logger";
 import { subdomainSchema } from "@server/lib/schemas";
 import config from "@server/lib/config";
 import { OpenAPITags, registry } from "@server/openApi";
+import { build } from "@server/build";
 
 const createResourceParamsSchema = z
     .object({
@@ -34,9 +35,8 @@ const createHttpResourceSchema = z
         name: z.string().min(1).max(255),
         subdomain: z
             .string()
-            .optional()
-            .transform((val) => val?.toLowerCase()),
-        isBaseDomain: z.boolean().optional(),
+            .nullable()
+            .optional(),
         siteId: z.number(),
         http: z.boolean(),
         protocol: z.enum(["tcp", "udp"]),
@@ -52,19 +52,6 @@ const createHttpResourceSchema = z
         },
         { message: "Invalid subdomain" }
     )
-    .refine(
-        (data) => {
-            if (!config.getRawConfig().flags?.allow_base_domain_resources) {
-                if (data.isBaseDomain) {
-                    return false;
-                }
-            }
-            return true;
-        },
-        {
-            message: "Base domain resources are not allowed"
-        }
-    );
 
 const createRawResourceSchema = z
     .object({
@@ -101,9 +88,12 @@ registry.registerPath({
         body: {
             content: {
                 "application/json": {
-                    schema: createHttpResourceSchema.or(
-                        createRawResourceSchema
-                    )
+                    schema:
+                        build == "oss"
+                            ? createHttpResourceSchema.or(
+                                  createRawResourceSchema
+                              )
+                            : createHttpResourceSchema
                 }
             }
         }
@@ -166,6 +156,14 @@ export async function createResource(
                 { siteId, orgId }
             );
         } else {
+            if (!config.getRawConfig().flags?.allow_raw_resources && build == "oss") {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Raw resources are not allowed"
+                    )
+                );
+            }
             return await createRawResource(
                 { req, res, next },
                 { siteId, orgId }
@@ -203,35 +201,86 @@ async function createHttpResource(
         );
     }
 
-    const { name, subdomain, isBaseDomain, http, protocol, domainId } =
-        parsedBody.data;
+    const { name, domainId } = parsedBody.data;
+    let subdomain = parsedBody.data.subdomain;
 
-    const [orgDomain] = await db
+    const [domainRes] = await db
         .select()
-        .from(orgDomains)
-        .where(
+        .from(domains)
+        .where(eq(domains.domainId, domainId))
+        .leftJoin(
+            orgDomains,
             and(eq(orgDomains.orgId, orgId), eq(orgDomains.domainId, domainId))
-        )
-        .leftJoin(domains, eq(orgDomains.domainId, domains.domainId));
+        );
 
-    if (!orgDomain || !orgDomain.domains) {
+    if (!domainRes || !domainRes.domains) {
         return next(
             createHttpError(
                 HttpCode.NOT_FOUND,
-                `Domain with ID ${parsedBody.data.domainId} not found`
+                `Domain with ID ${domainId} not found`
             )
         );
     }
 
-    const domain = orgDomain.domains;
+    if (domainRes.orgDomains && domainRes.orgDomains.orgId !== orgId) {
+        return next(
+            createHttpError(
+                HttpCode.FORBIDDEN,
+                `Organization does not have access to domain with ID ${domainId}`
+            )
+        );
+    }
+
+    if (!domainRes.domains.verified) {
+        return next(
+            createHttpError(
+                HttpCode.BAD_REQUEST,
+                `Domain with ID ${domainRes.domains.domainId} is not verified`
+            )
+        );
+    }
 
     let fullDomain = "";
-    if (isBaseDomain) {
-        fullDomain = domain.baseDomain;
-    } else {
-        fullDomain = `${subdomain}.${domain.baseDomain}`;
+    if (domainRes.domains.type == "ns") {
+        if (subdomain) {
+            fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
+        } else {
+            fullDomain = domainRes.domains.baseDomain;
+        }
+    } else if (domainRes.domains.type == "cname") {
+        fullDomain = domainRes.domains.baseDomain;
+    } else if (domainRes.domains.type == "wildcard") {
+        if (subdomain) {
+            // the subdomain cant have a dot in it
+            const parsedSubdomain = subdomainSchema.safeParse(subdomain);
+            if (!parsedSubdomain.success) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        fromError(parsedSubdomain.error).toString()
+                    )
+                );
+            }
+            if (parsedSubdomain.data.includes(".")) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Subdomain cannot contain a dot when using wildcard domains"
+                    )
+                );
+            }
+            fullDomain = `${subdomain}.${domainRes.domains.baseDomain}`;
+        } else {
+            fullDomain = domainRes.domains.baseDomain;
+        }
     }
 
+    if (fullDomain === domainRes.domains.baseDomain) {
+        subdomain = null;
+    }
+
+    fullDomain = fullDomain.toLowerCase();
+
     logger.debug(`Full domain: ${fullDomain}`);
 
     // make sure the full domain is unique
@@ -261,10 +310,9 @@ async function createHttpResource(
                 orgId,
                 name,
                 subdomain,
-                http,
-                protocol,
-                ssl: true,
-                isBaseDomain
+                http: true,
+                protocol: "tcp",
+                ssl: true
             })
             .returning();
 
diff --git a/server/routers/resource/listResources.ts b/server/routers/resource/listResources.ts
index 6dc852e4..3fb2a733 100644
--- a/server/routers/resource/listResources.ts
+++ b/server/routers/resource/listResources.ts
@@ -69,7 +69,8 @@ function queryResources(
                 http: resources.http,
                 protocol: resources.protocol,
                 proxyPort: resources.proxyPort,
-                enabled: resources.enabled
+                enabled: resources.enabled,
+                domainId: resources.domainId
             })
             .from(resources)
             .leftJoin(sites, eq(resources.siteId, sites.siteId))
@@ -103,7 +104,8 @@ function queryResources(
                 http: resources.http,
                 protocol: resources.protocol,
                 proxyPort: resources.proxyPort,
-                enabled: resources.enabled
+                enabled: resources.enabled,
+                domainId: resources.domainId
             })
             .from(resources)
             .leftJoin(sites, eq(resources.siteId, sites.siteId))
diff --git a/server/routers/resource/updateResource.ts b/server/routers/resource/updateResource.ts
index 68e38a3e..fda24f47 100644
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -20,6 +20,7 @@ import { tlsNameSchema } from "@server/lib/schemas";
 import { subdomainSchema } from "@server/lib/schemas";
 import { registry } from "@server/openApi";
 import { OpenAPITags } from "@server/openApi";
+import { build } from "@server/build";
 
 const updateResourceParamsSchema = z
     .object({
@@ -34,13 +35,12 @@ const updateHttpResourceBodySchema = z
     .object({
         name: z.string().min(1).max(255).optional(),
         subdomain: subdomainSchema
-            .optional()
-            .transform((val) => val?.toLowerCase()),
+            .nullable()
+            .optional(),
         ssl: z.boolean().optional(),
         sso: z.boolean().optional(),
         blockAccess: z.boolean().optional(),
         emailWhitelistEnabled: z.boolean().optional(),
-        isBaseDomain: z.boolean().optional(),
         applyRules: z.boolean().optional(),
         domainId: z.string().optional(),
         enabled: z.boolean().optional(),
@@ -61,19 +61,6 @@ const updateHttpResourceBodySchema = z
         },
         { message: "Invalid subdomain" }
     )
-    .refine(
-        (data) => {
-            if (!config.getRawConfig().flags?.allow_base_domain_resources) {
-                if (data.isBaseDomain) {
-                    return false;
-                }
-            }
-            return true;
-        },
-        {
-            message: "Base domain resources are not allowed"
-        }
-    )
     .refine(
         (data) => {
             if (data.tlsServerName) {
@@ -134,9 +121,12 @@ registry.registerPath({
         body: {
             content: {
                 "application/json": {
-                    schema: updateHttpResourceBodySchema.and(
-                        updateRawResourceBodySchema
-                    )
+                    schema:
+                        build == "oss"
+                            ? updateHttpResourceBodySchema.and(
+                                  updateRawResourceBodySchema
+                              )
+                            : updateHttpResourceBodySchema
                 }
             }
         }
@@ -242,86 +232,124 @@ async function updateHttpResource(
     const updateData = parsedBody.data;
 
     if (updateData.domainId) {
-        const [existingDomain] = await db
-            .select()
-            .from(orgDomains)
-            .where(
-                and(
-                    eq(orgDomains.orgId, org.orgId),
-                    eq(orgDomains.domainId, updateData.domainId)
-                )
-            )
-            .leftJoin(domains, eq(orgDomains.domainId, domains.domainId));
+        const domainId = updateData.domainId;
 
-        if (!existingDomain) {
+        const [domainRes] = await db
+            .select()
+            .from(domains)
+            .where(eq(domains.domainId, domainId))
+            .leftJoin(
+                orgDomains,
+                and(
+                    eq(orgDomains.orgId, resource.orgId),
+                    eq(orgDomains.domainId, domainId)
+                )
+            );
+
+        if (!domainRes || !domainRes.domains) {
             return next(
-                createHttpError(HttpCode.NOT_FOUND, `Domain not found`)
+                createHttpError(
+                    HttpCode.NOT_FOUND,
+                    `Domain with ID ${updateData.domainId} not found`
+                )
             );
         }
-    }
-
-    const domainId = updateData.domainId || resource.domainId!;
-    const subdomain = updateData.subdomain || resource.subdomain;
-
-    const [domain] = await db
-        .select()
-        .from(domains)
-        .where(eq(domains.domainId, domainId));
-
-    const isBaseDomain =
-        updateData.isBaseDomain !== undefined
-            ? updateData.isBaseDomain
-            : resource.isBaseDomain;
-
-    let fullDomain: string | null = null;
-    if (isBaseDomain) {
-        fullDomain = domain.baseDomain;
-    } else if (subdomain && domain) {
-        fullDomain = `${subdomain}.${domain.baseDomain}`;
-    }
-
-    if (fullDomain) {
-        const [existingDomain] = await db
-            .select()
-            .from(resources)
-            .where(eq(resources.fullDomain, fullDomain));
 
         if (
-            existingDomain &&
-            existingDomain.resourceId !== resource.resourceId
+            domainRes.orgDomains &&
+            domainRes.orgDomains.orgId !== resource.orgId
         ) {
             return next(
                 createHttpError(
-                    HttpCode.CONFLICT,
-                    "Resource with that domain already exists"
+                    HttpCode.FORBIDDEN,
+                    `You do not have permission to use domain with ID ${updateData.domainId}`
                 )
             );
         }
-    }
 
-    const updatePayload = {
-        ...updateData,
-        fullDomain
-    };
+        if (!domainRes.domains.verified) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `Domain with ID ${updateData.domainId} is not verified`
+                )
+            );
+        }
+
+        let fullDomain = "";
+        if (domainRes.domains.type == "ns") {
+            if (updateData.subdomain) {
+                fullDomain = `${updateData.subdomain}.${domainRes.domains.baseDomain}`;
+            } else {
+                fullDomain = domainRes.domains.baseDomain;
+            }
+        } else if (domainRes.domains.type == "cname") {
+            fullDomain = domainRes.domains.baseDomain;
+        } else if (domainRes.domains.type == "wildcard") {
+            if (updateData.subdomain !== undefined) {
+                // the subdomain cant have a dot in it
+                const parsedSubdomain = subdomainSchema.safeParse(updateData.subdomain);
+                if (!parsedSubdomain.success) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            fromError(parsedSubdomain.error).toString()
+                        )
+                    );
+                }
+                if (parsedSubdomain.data.includes(".")) {
+                    return next(
+                        createHttpError(
+                            HttpCode.BAD_REQUEST,
+                            "Subdomain cannot contain a dot when using wildcard domains"
+                        )
+                    );
+                }
+                fullDomain = `${updateData.subdomain}.${domainRes.domains.baseDomain}`;
+            } else {
+                fullDomain = domainRes.domains.baseDomain;
+            }
+        }
+
+        fullDomain = fullDomain.toLowerCase();
+
+        logger.debug(`Full domain: ${fullDomain}`);
+
+        if (fullDomain) {
+            const [existingDomain] = await db
+                .select()
+                .from(resources)
+                .where(eq(resources.fullDomain, fullDomain));
+
+            if (
+                existingDomain &&
+                existingDomain.resourceId !== resource.resourceId
+            ) {
+                return next(
+                    createHttpError(
+                        HttpCode.CONFLICT,
+                        "Resource with that domain already exists"
+                    )
+                );
+            }
+        }
+
+        // update the full domain if it has changed
+        if (fullDomain && fullDomain !== resource.fullDomain) {
+            await db
+                .update(resources)
+                .set({ fullDomain })
+                .where(eq(resources.resourceId, resource.resourceId));
+        }
+
+        if (fullDomain === domainRes.domains.baseDomain) {
+            updateData.subdomain = null;
+        }
+    }
 
     const updatedResource = await db
         .update(resources)
-        .set({
-            name: updatePayload.name,
-            subdomain: updatePayload.subdomain,
-            ssl: updatePayload.ssl,
-            sso: updatePayload.sso,
-            blockAccess: updatePayload.blockAccess,
-            emailWhitelistEnabled: updatePayload.emailWhitelistEnabled,
-            isBaseDomain: updatePayload.isBaseDomain,
-            applyRules: updatePayload.applyRules,
-            domainId: updatePayload.domainId,
-            enabled: updatePayload.enabled,
-            stickySession: updatePayload.stickySession,
-            tlsServerName: updatePayload.tlsServerName,
-            setHostHeader: updatePayload.setHostHeader,
-            fullDomain: updatePayload.fullDomain
-        })
+        .set({...updateData, })
         .where(eq(resources.resourceId, resource.resourceId))
         .returning();
 
diff --git a/server/routers/site/createSite.ts b/server/routers/site/createSite.ts
index b950644a..56811c6e 100644
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -14,6 +14,9 @@ import { newts } from "@server/db";
 import moment from "moment";
 import { OpenAPITags, registry } from "@server/openApi";
 import { hashPassword } from "@server/auth/password";
+import { isValidIP } from "@server/lib/validators";
+import { isIpInCidr } from "@server/lib/ip";
+import config from "@server/lib/config";
 
 const createSiteParamsSchema = z
     .object({
@@ -35,9 +38,18 @@ const createSiteSchema = z
         subnet: z.string().optional(),
         newtId: z.string().optional(),
         secret: z.string().optional(),
+        address: z.string().optional(),
         type: z.enum(["newt", "wireguard", "local"])
     })
-    .strict();
+    .strict()
+    .refine((data) => {
+        if (data.type === "local") {
+            return !config.getRawConfig().flags?.disable_local_sites;
+        } else if (data.type === "wireguard") {
+            return !config.getRawConfig().flags?.disable_basic_wireguard_sites;
+        }
+        return true;
+    });
 
 export type CreateSiteBody = z.infer<typeof createSiteSchema>;
 
@@ -84,7 +96,8 @@ export async function createSite(
             pubKey,
             subnet,
             newtId,
-            secret
+            secret,
+            address
         } = parsedBody.data;
 
         const parsedParams = createSiteParamsSchema.safeParse(req.params);
@@ -116,6 +129,68 @@ export async function createSite(
             );
         }
 
+        if (!org.subnet) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    `Organization with ID ${orgId} has no subnet defined`
+                )
+            );
+        }
+
+        let updatedAddress = null;
+        if (address) {
+            if (!isValidIP(address)) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "Invalid subnet format. Please provide a valid CIDR notation."
+                    )
+                );
+            }
+        
+            if (!isIpInCidr(address, org.subnet)) {
+                return next(
+                    createHttpError(
+                        HttpCode.BAD_REQUEST,
+                        "IP is not in the CIDR range of the subnet."
+                    )
+                );
+            }
+        
+            updatedAddress = `${address}/${org.subnet.split("/")[1]}`; // we want the block size of the whole org
+        
+            // make sure the subnet is unique
+            const addressExistsSites = await db
+                .select()
+                .from(sites)
+                .where(eq(sites.address, updatedAddress))
+                .limit(1);
+        
+            if (addressExistsSites.length > 0) {
+                return next(
+                    createHttpError(
+                        HttpCode.CONFLICT,
+                        `Subnet ${subnet} already exists`
+                    )
+                );
+            }
+        
+            const addressExistsClients = await db
+                .select()
+                .from(sites)
+                .where(eq(sites.subnet, updatedAddress))
+                .limit(1);
+            if (addressExistsClients.length > 0) {
+                return next(
+                    createHttpError(
+                        HttpCode.CONFLICT,
+                        `Subnet ${subnet} already exists`
+                    )
+                );
+            }
+        }
+
         const niceId = await getUniqueSiteName(orgId);
 
         await db.transaction(async (trx) => {
@@ -139,6 +214,7 @@ export async function createSite(
                         exitNodeId,
                         name,
                         niceId,
+                        address: updatedAddress || null,
                         subnet,
                         type,
                         dockerSocketEnabled: type == "newt",
@@ -154,6 +230,7 @@ export async function createSite(
                         orgId,
                         name,
                         niceId,
+                        address: updatedAddress || null,
                         type,
                         dockerSocketEnabled: type == "newt",
                         subnet: "0.0.0.0/0"
diff --git a/server/routers/site/deleteSite.ts b/server/routers/site/deleteSite.ts
index 1554ad2b..4af2feae 100644
--- a/server/routers/site/deleteSite.ts
+++ b/server/routers/site/deleteSite.ts
@@ -62,6 +62,8 @@ export async function deleteSite(
             );
         }
 
+        let deletedNewtId: string | null = null;
+
         await db.transaction(async (trx) => {
             if (site.pubKey) {
                 if (site.type == "wireguard") {
@@ -73,11 +75,7 @@ export async function deleteSite(
                         .where(eq(newts.siteId, siteId))
                         .returning();
                     if (deletedNewt) {
-                        const payload = {
-                            type: `newt/terminate`,
-                            data: {}
-                        };
-                        sendToClient(deletedNewt.newtId, payload);
+                        deletedNewtId = deletedNewt.newtId;
 
                         // delete all of the sessions for the newt
                         await trx
@@ -90,6 +88,18 @@ export async function deleteSite(
             await trx.delete(sites).where(eq(sites.siteId, siteId));
         });
 
+        // Send termination message outside of transaction to prevent blocking
+        if (deletedNewtId) {
+            const payload = {
+                type: `newt/terminate`,
+                data: {}
+            };
+            // Don't await this to prevent blocking the response
+            sendToClient(deletedNewtId, payload).catch(error => {
+                logger.error("Failed to send termination message to newt:", error);
+            });
+        }
+
         return response(res, {
             data: null,
             success: true,
diff --git a/server/routers/site/listSites.ts b/server/routers/site/listSites.ts
index 9114c395..6227ef28 100644
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -1,4 +1,4 @@
-import { db } from "@server/db";
+import { db, newts } from "@server/db";
 import { orgs, roleSites, sites, userSites } from "@server/db";
 import logger from "@server/logger";
 import HttpCode from "@server/types/HttpCode";
@@ -9,6 +9,42 @@ import createHttpError from "http-errors";
 import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
+import NodeCache from "node-cache";
+import semver from "semver";
+
+const newtVersionCache = new NodeCache({ stdTTL: 3600 }); // 1 hours in seconds
+
+async function getLatestNewtVersion(): Promise<string | null> {
+    try {
+        const cachedVersion = newtVersionCache.get<string>("latestNewtVersion");
+        if (cachedVersion) {
+            return cachedVersion;
+        }
+
+        const response = await fetch(
+            "https://api.github.com/repos/fosrl/newt/tags"
+        );
+        if (!response.ok) {
+            logger.warn("Failed to fetch latest Newt version from GitHub");
+            return null;
+        }
+
+        const tags = await response.json();
+        if (!Array.isArray(tags) || tags.length === 0) {
+            logger.warn("No tags found for Newt repository");
+            return null;
+        }
+
+        const latestVersion = tags[0].name;
+
+        newtVersionCache.set("latestNewtVersion", latestVersion);
+
+        return latestVersion;
+    } catch (error) {
+        logger.error("Error fetching latest Newt version:", error);
+        return null;
+    }
+}
 
 const listSitesParamsSchema = z
     .object({
@@ -43,10 +79,13 @@ function querySites(orgId: string, accessibleSiteIds: number[]) {
             megabytesOut: sites.megabytesOut,
             orgName: orgs.name,
             type: sites.type,
-            online: sites.online
+            online: sites.online,
+            address: sites.address,
+            newtVersion: newts.version
         })
         .from(sites)
         .leftJoin(orgs, eq(sites.orgId, orgs.orgId))
+        .leftJoin(newts, eq(newts.siteId, sites.siteId))
         .where(
             and(
                 inArray(sites.siteId, accessibleSiteIds),
@@ -55,8 +94,12 @@ function querySites(orgId: string, accessibleSiteIds: number[]) {
         );
 }
 
+type SiteWithUpdateAvailable = Awaited<ReturnType<typeof querySites>>[0] & {
+    newtUpdateAvailable?: boolean;
+};
+
 export type ListSitesResponse = {
-    sites: Awaited<ReturnType<typeof querySites>>;
+    sites: SiteWithUpdateAvailable[];
     pagination: { total: number; limit: number; offset: number };
 };
 
@@ -147,9 +190,36 @@ export async function listSites(
         const totalCountResult = await countQuery;
         const totalCount = totalCountResult[0].count;
 
+        const latestNewtVersion = await getLatestNewtVersion();
+
+        const sitesWithUpdates: SiteWithUpdateAvailable[] = sitesList.map(
+            (site) => {
+                const siteWithUpdate: SiteWithUpdateAvailable = { ...site };
+
+                if (
+                    site.type === "newt" &&
+                    site.newtVersion &&
+                    latestNewtVersion
+                ) {
+                    try {
+                        siteWithUpdate.newtUpdateAvailable = semver.lt(
+                            site.newtVersion,
+                            latestNewtVersion
+                        );
+                    } catch (error) {
+                        siteWithUpdate.newtUpdateAvailable = false;
+                    }
+                } else {
+                    siteWithUpdate.newtUpdateAvailable = false;
+                }
+
+                return siteWithUpdate;
+            }
+        );
+
         return response<ListSitesResponse>(res, {
             data: {
-                sites: sitesList,
+                sites: sitesWithUpdates,
                 pagination: {
                     total: totalCount,
                     limit,
diff --git a/server/routers/site/pickSiteDefaults.ts b/server/routers/site/pickSiteDefaults.ts
index 00e0d58b..2ae25c11 100644
--- a/server/routers/site/pickSiteDefaults.ts
+++ b/server/routers/site/pickSiteDefaults.ts
@@ -6,10 +6,11 @@ import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
-import { findNextAvailableCidr } from "@server/lib/ip";
+import { findNextAvailableCidr, getNextAvailableClientSubnet } from "@server/lib/ip";
 import { generateId } from "@server/auth/sessions/app";
 import config from "@server/lib/config";
 import { OpenAPITags, registry } from "@server/openApi";
+import { fromError } from "zod-validation-error";
 import { z } from "zod";
 
 export type PickSiteDefaultsResponse = {
@@ -19,9 +20,10 @@ export type PickSiteDefaultsResponse = {
     name: string;
     listenPort: number;
     endpoint: string;
-    subnet: string;
+    subnet: string; // TODO: make optional?
     newtId: string;
     newtSecret: string;
+    clientAddress?: string;
 };
 
 registry.registerPath({
@@ -38,12 +40,29 @@ registry.registerPath({
     responses: {}
 });
 
+const pickSiteDefaultsSchema = z
+    .object({
+        orgId: z.string()
+    })
+    .strict();
+
 export async function pickSiteDefaults(
     req: Request,
     res: Response,
     next: NextFunction
 ): Promise<any> {
     try {
+        const parsedParams = pickSiteDefaultsSchema.safeParse(req.params);
+        if (!parsedParams.success) {
+            return next(
+                createHttpError(
+                    HttpCode.BAD_REQUEST,
+                    fromError(parsedParams.error).toString()
+                )
+            );
+        }
+
+        const { orgId } = parsedParams.data;
         // TODO: more intelligent way to pick the exit node
 
         // make sure there is an exit node by counting the exit nodes table
@@ -67,7 +86,7 @@ export async function pickSiteDefaults(
             .where(eq(sites.exitNodeId, exitNode.exitNodeId));
 
         // TODO: we need to lock this subnet for some time so someone else does not take it
-        let subnets = sitesQuery.map((site) => site.subnet);
+        let subnets = sitesQuery.map((site) => site.subnet).filter((subnet) => subnet !== null);
         // exclude the exit node address by replacing after the / with a site block size
         subnets.push(
             exitNode.address.replace(
@@ -89,6 +108,18 @@ export async function pickSiteDefaults(
             );
         }
 
+        const newClientAddress = await getNextAvailableClientSubnet(orgId);
+        if (!newClientAddress) {
+            return next(
+                createHttpError(
+                    HttpCode.INTERNAL_SERVER_ERROR,
+                    "No available subnet found"
+                )
+            );
+        }
+
+        const clientAddress = newClientAddress.split("/")[0];
+
         const newtId = generateId(15);
         const secret = generateId(48);
 
@@ -100,7 +131,9 @@ export async function pickSiteDefaults(
                 name: exitNode.name,
                 listenPort: exitNode.listenPort,
                 endpoint: exitNode.endpoint,
+                // subnet: `${newSubnet.split("/")[0]}/${config.getRawConfig().gerbil.block_size}`, // we want the block size of the whole subnet
                 subnet: newSubnet,
+                clientAddress: clientAddress,
                 newtId,
                 newtSecret: secret
             },
diff --git a/server/routers/traefik/getTraefikConfig.ts b/server/routers/traefik/getTraefikConfig.ts
index 7f70dbc7..c876de22 100644
--- a/server/routers/traefik/getTraefikConfig.ts
+++ b/server/routers/traefik/getTraefikConfig.ts
@@ -1,11 +1,12 @@
 import { Request, Response } from "express";
-import { db } from "@server/db";
-import { and, eq, inArray } from "drizzle-orm";
+import { db, exitNodes } from "@server/db";
+import { and, eq, inArray, or, isNull } from "drizzle-orm";
 import logger from "@server/logger";
 import HttpCode from "@server/types/HttpCode";
 import config from "@server/lib/config";
 import { orgs, resources, sites, Target, targets } from "@server/db";
-import { sql } from "drizzle-orm";
+
+let currentExitNodeId: number;
 
 export async function traefikConfigProvider(
     _: Request,
@@ -15,30 +16,52 @@ export async function traefikConfigProvider(
         // Get all resources with related data
         const allResources = await db.transaction(async (tx) => {
             // First query to get resources with site and org info
+            // Get the current exit node name from config
+            if (!currentExitNodeId) {
+                if (config.getRawConfig().gerbil.exit_node_name) {
+                    const exitNodeName =
+                        config.getRawConfig().gerbil.exit_node_name!;
+                    const [exitNode] = await tx
+                        .select({
+                            exitNodeId: exitNodes.exitNodeId
+                        })
+                        .from(exitNodes)
+                        .where(eq(exitNodes.name, exitNodeName));
+                    if (exitNode) {
+                        currentExitNodeId = exitNode.exitNodeId;
+                    }
+                } else {
+                    const [exitNode] = await tx
+                        .select({
+                            exitNodeId: exitNodes.exitNodeId
+                        })
+                        .from(exitNodes)
+                        .limit(1);
+
+                    if (exitNode) {
+                        currentExitNodeId = exitNode.exitNodeId;
+                    }
+                }
+            }
+
+            // Get the site(s) on this exit node
             const resourcesWithRelations = await tx
                 .select({
                     // Resource fields
                     resourceId: resources.resourceId,
-                    subdomain: resources.subdomain,
                     fullDomain: resources.fullDomain,
                     ssl: resources.ssl,
-                    blockAccess: resources.blockAccess,
-                    sso: resources.sso,
-                    emailWhitelistEnabled: resources.emailWhitelistEnabled,
                     http: resources.http,
                     proxyPort: resources.proxyPort,
                     protocol: resources.protocol,
-                    isBaseDomain: resources.isBaseDomain,
+                    subdomain: resources.subdomain,
                     domainId: resources.domainId,
                     // Site fields
                     site: {
                         siteId: sites.siteId,
                         type: sites.type,
-                        subnet: sites.subnet
-                    },
-                    // Org fields
-                    org: {
-                        orgId: orgs.orgId
+                        subnet: sites.subnet,
+                        exitNodeId: sites.exitNodeId
                     },
                     enabled: resources.enabled,
                     stickySession: resources.stickySession,
@@ -47,7 +70,12 @@ export async function traefikConfigProvider(
                 })
                 .from(resources)
                 .innerJoin(sites, eq(sites.siteId, resources.siteId))
-                .innerJoin(orgs, eq(resources.orgId, orgs.orgId));
+                .where(
+                    or(
+                        eq(sites.exitNodeId, currentExitNodeId),
+                        isNull(sites.exitNodeId)
+                    )
+                );
 
             // Get all resource IDs from the first query
             const resourceIds = resourcesWithRelations.map((r) => r.resourceId);
@@ -140,7 +168,6 @@ export async function traefikConfigProvider(
         for (const resource of allResources) {
             const targets = resource.targets as Target[];
             const site = resource.site;
-            const org = resource.org;
 
             const routerName = `${resource.resourceId}-router`;
             const serviceName = `${resource.resourceId}-service`;
@@ -164,11 +191,6 @@ export async function traefikConfigProvider(
                     continue;
                 }
 
-                // HTTP configuration remains the same
-                if (!resource.subdomain && !resource.isBaseDomain) {
-                    continue;
-                }
-
                 // add routers and services empty objects if they don't exist
                 if (!config_output.http.routers) {
                     config_output.http.routers = {};
@@ -186,22 +208,25 @@ export async function traefikConfigProvider(
                     wildCard = `*.${domainParts.slice(1).join(".")}`;
                 }
 
-                if (resource.isBaseDomain) {
+                if (!resource.subdomain) {
                     wildCard = resource.fullDomain;
                 }
 
                 const configDomain = config.getDomain(resource.domainId);
 
+                let certResolver: string, preferWildcardCert: boolean;
                 if (!configDomain) {
-                    logger.error(
-                        `Failed to get domain from config for resource ${resource.resourceId}`
-                    );
-                    continue;
+                    certResolver = config.getRawConfig().traefik.cert_resolver;
+                    preferWildcardCert =
+                        config.getRawConfig().traefik.prefer_wildcard_cert;
+                } else {
+                    certResolver = configDomain.cert_resolver;
+                    preferWildcardCert = configDomain.prefer_wildcard_cert;
                 }
 
                 const tls = {
-                    certResolver: configDomain.cert_resolver,
-                    ...(configDomain.prefer_wildcard_cert
+                    certResolver: certResolver,
+                    ...(preferWildcardCert
                         ? {
                               domains: [
                                   {
@@ -227,6 +252,7 @@ export async function traefikConfigProvider(
                     ],
                     service: serviceName,
                     rule: `Host(\`${fullDomain}\`)`,
+                    priority: 100,
                     ...(resource.ssl ? { tls } : {})
                 };
 
@@ -237,7 +263,8 @@ export async function traefikConfigProvider(
                         ],
                         middlewares: [redirectHttpsMiddlewareName],
                         service: serviceName,
-                        rule: `Host(\`${fullDomain}\`)`
+                        rule: `Host(\`${fullDomain}\`)`,
+                        priority: 100
                     };
                 }
 
@@ -262,7 +289,8 @@ export async function traefikConfigProvider(
                                 } else if (site.type === "newt") {
                                     if (
                                         !target.internalPort ||
-                                        !target.method
+                                        !target.method ||
+                                        !site.subnet
                                     ) {
                                         return false;
                                     }
@@ -278,7 +306,7 @@ export async function traefikConfigProvider(
                                         url: `${target.method}://${target.ip}:${target.port}`
                                     };
                                 } else if (site.type === "newt") {
-                                    const ip = site.subnet.split("/")[0];
+                                    const ip = site.subnet!.split("/")[0];
                                     return {
                                         url: `${target.method}://${ip}:${target.internalPort}`
                                     };
@@ -309,7 +337,9 @@ export async function traefikConfigProvider(
                         // if defined in the static config and here. if not set, self-signed certs won't work
                         insecureSkipVerify: true
                     };
-                    config_output.http.services![serviceName].loadBalancer.serversTransport = transportName;
+                    config_output.http.services![
+                        serviceName
+                    ].loadBalancer.serversTransport = transportName;
                 }
 
                 // Add the host header middleware
@@ -317,23 +347,22 @@ export async function traefikConfigProvider(
                     if (!config_output.http.middlewares) {
                         config_output.http.middlewares = {};
                     }
-                    config_output.http.middlewares[hostHeaderMiddlewareName] =
-                        {
-                            headers: {
-                                customRequestHeaders: {
-                                    Host: resource.setHostHeader
-                                }
+                    config_output.http.middlewares[hostHeaderMiddlewareName] = {
+                        headers: {
+                            customRequestHeaders: {
+                                Host: resource.setHostHeader
                             }
-                        };
+                        }
+                    };
                     if (!config_output.http.routers![routerName].middlewares) {
-                        config_output.http.routers![routerName].middlewares = [];
+                        config_output.http.routers![routerName].middlewares =
+                            [];
                     }
                     config_output.http.routers![routerName].middlewares = [
                         ...config_output.http.routers![routerName].middlewares,
                         hostHeaderMiddlewareName
                     ];
                 }
-
             } else {
                 // Non-HTTP (TCP/UDP) configuration
                 const protocol = resource.protocol.toLowerCase();
@@ -371,7 +400,7 @@ export async function traefikConfigProvider(
                                         return false;
                                     }
                                 } else if (site.type === "newt") {
-                                    if (!target.internalPort) {
+                                    if (!target.internalPort || !site.subnet) {
                                         return false;
                                     }
                                 }
@@ -386,7 +415,7 @@ export async function traefikConfigProvider(
                                         address: `${target.ip}:${target.port}`
                                     };
                                 } else if (site.type === "newt") {
-                                    const ip = site.subnet.split("/")[0];
+                                    const ip = site.subnet!.split("/")[0];
                                     return {
                                         address: `${ip}:${target.internalPort}`
                                     };
diff --git a/server/routers/user/acceptInvite.ts b/server/routers/user/acceptInvite.ts
index 115168b9..73bed018 100644
--- a/server/routers/user/acceptInvite.ts
+++ b/server/routers/user/acceptInvite.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db } from "@server/db";
+import { db, UserOrg } from "@server/db";
 import { roles, userInvites, userOrgs, users } from "@server/db";
 import { eq } from "drizzle-orm";
 import response from "@server/lib/response";
@@ -92,6 +92,7 @@ export async function acceptInvite(
         }
 
         let roleId: number;
+        let totalUsers: UserOrg[] | undefined;
         // get the role to make sure it exists
         const existingRole = await db
             .select()
@@ -122,6 +123,12 @@ export async function acceptInvite(
             await trx
                 .delete(userInvites)
                 .where(eq(userInvites.inviteId, inviteId));
+
+            // Get the total number of users in the org now
+            totalUsers = await db
+                .select()
+                .from(userOrgs)
+                .where(eq(userOrgs.orgId, existingInvite.orgId));
         });
 
         return response<AcceptInviteResponse>(res, {
diff --git a/server/routers/user/createOrgUser.ts b/server/routers/user/createOrgUser.ts
index 264ea3d9..4419772a 100644
--- a/server/routers/user/createOrgUser.ts
+++ b/server/routers/user/createOrgUser.ts
@@ -6,7 +6,7 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
-import { db } from "@server/db";
+import { db, UserOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import { idp, idpOidcConfig, roles, userOrgs, users } from "@server/db";
 import { generateId } from "@server/auth/sessions/app";
@@ -135,65 +135,76 @@ export async function createOrgUser(
                 );
             }
 
-            const [existingUser] = await db
-                .select()
-                .from(users)
-                .where(eq(users.username, username));
+            let orgUsers: UserOrg[] | undefined;
 
-            if (existingUser) {
-                const [existingOrgUser] = await db
+            await db.transaction(async (trx) => {
+                const [existingUser] = await trx
                     .select()
-                    .from(userOrgs)
-                    .where(
-                        and(
-                            eq(userOrgs.orgId, orgId),
-                            eq(userOrgs.userId, existingUser.userId)
-                        )
-                    );
+                    .from(users)
+                    .where(eq(users.username, username));
 
-                if (existingOrgUser) {
-                    return next(
-                        createHttpError(
-                            HttpCode.BAD_REQUEST,
-                            "User already exists in this organization"
-                        )
-                    );
+                if (existingUser) {
+                    const [existingOrgUser] = await trx
+                        .select()
+                        .from(userOrgs)
+                        .where(
+                            and(
+                                eq(userOrgs.orgId, orgId),
+                                eq(userOrgs.userId, existingUser.userId)
+                            )
+                        );
+
+                    if (existingOrgUser) {
+                        return next(
+                            createHttpError(
+                                HttpCode.BAD_REQUEST,
+                                "User already exists in this organization"
+                            )
+                        );
+                    }
+
+                    await trx
+                        .insert(userOrgs)
+                        .values({
+                            orgId,
+                            userId: existingUser.userId,
+                            roleId: role.roleId
+                        })
+                        .returning();
+                } else {
+                    const userId = generateId(15);
+
+                    const [newUser] = await trx
+                        .insert(users)
+                        .values({
+                            userId: userId,
+                            email,
+                            username,
+                            name,
+                            type: "oidc",
+                            idpId,
+                            dateCreated: new Date().toISOString(),
+                            emailVerified: true
+                        })
+                        .returning();
+
+                    await trx
+                        .insert(userOrgs)
+                        .values({
+                            orgId,
+                            userId: newUser.userId,
+                            roleId: role.roleId
+                        })
+                        .returning();
                 }
 
-                await db
-                    .insert(userOrgs)
-                    .values({
-                        orgId,
-                        userId: existingUser.userId,
-                        roleId: role.roleId
-                    })
-                    .returning();
-            } else {
-                const userId = generateId(15);
+                // List all of the users in the org
+                orgUsers = await trx
+                    .select()
+                    .from(userOrgs)
+                    .where(eq(userOrgs.orgId, orgId));
+            });
 
-                const [newUser] = await db
-                    .insert(users)
-                    .values({
-                        userId: userId,
-                        email,
-                        username,
-                        name,
-                        type: "oidc",
-                        idpId,
-                        dateCreated: new Date().toISOString(),
-                        emailVerified: true
-                    })
-                    .returning();
-
-                await db
-                    .insert(userOrgs)
-                    .values({
-                        orgId,
-                        userId: newUser.userId,
-                        roleId: role.roleId
-                    })
-                    .returning();
-            }
         } else {
             return next(
                 createHttpError(HttpCode.BAD_REQUEST, "User type is required")
diff --git a/server/routers/user/inviteUser.ts b/server/routers/user/inviteUser.ts
index 5b2e8d1e..837ef179 100644
--- a/server/routers/user/inviteUser.ts
+++ b/server/routers/user/inviteUser.ts
@@ -99,6 +99,7 @@ export async function inviteUser(
             regenerate
         } = parsedBody.data;
 
+
         // Check if the organization exists
         const org = await db
             .select()
diff --git a/server/routers/user/removeUserOrg.ts b/server/routers/user/removeUserOrg.ts
index 6e57a218..dcd8c6f2 100644
--- a/server/routers/user/removeUserOrg.ts
+++ b/server/routers/user/removeUserOrg.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, resources, sites } from "@server/db";
+import { db, resources, sites, UserOrg } from "@server/db";
 import { userOrgs, userResources, users, userSites } from "@server/db";
 import { and, eq, exists } from "drizzle-orm";
 import response from "@server/lib/response";
@@ -65,6 +65,8 @@ export async function removeUserOrg(
             );
         }
 
+        let userCount: UserOrg[] | undefined;
+
         await db.transaction(async (trx) => {
             await trx
                 .delete(userOrgs)
@@ -108,6 +110,11 @@ export async function removeUserOrg(
                     )
                 )
             );
+
+            userCount = await trx
+                .select()
+                .from(userOrgs)
+                .where(eq(userOrgs.orgId, orgId));
         });
 
         return response(res, {
diff --git a/server/routers/ws.ts b/server/routers/ws.ts
deleted file mode 100644
index 377047f1..00000000
--- a/server/routers/ws.ts
+++ /dev/null
@@ -1,253 +0,0 @@
-import { Router, Request, Response } from "express";
-import { Server as HttpServer } from "http";
-import { WebSocket, WebSocketServer } from "ws";
-import { IncomingMessage } from "http";
-import { Socket } from "net";
-import { Newt, newts, NewtSession } from "@server/db";
-import { eq } from "drizzle-orm";
-import { db } from "@server/db";
-import { validateNewtSessionToken } from "@server/auth/sessions/newt";
-import { messageHandlers } from "./messageHandlers";
-import logger from "@server/logger";
-
-// Custom interfaces
-interface WebSocketRequest extends IncomingMessage {
-    token?: string;
-}
-
-interface AuthenticatedWebSocket extends WebSocket {
-    newt?: Newt;
-}
-
-interface TokenPayload {
-    newt: Newt;
-    session: NewtSession;
-}
-
-interface WSMessage {
-    type: string;
-    data: any;
-}
-
-interface HandlerResponse {
-    message: WSMessage;
-    broadcast?: boolean;
-    excludeSender?: boolean;
-    targetNewtId?: string;
-}
-
-interface HandlerContext {
-    message: WSMessage;
-    senderWs: WebSocket;
-    newt: Newt | undefined;
-    sendToClient: (newtId: string, message: WSMessage) => boolean;
-    broadcastToAllExcept: (message: WSMessage, excludeNewtId?: string) => void;
-    connectedClients: Map<string, WebSocket[]>;
-}
-
-export type MessageHandler = (context: HandlerContext) => Promise<HandlerResponse | void>;
-
-const router: Router = Router();
-const wss: WebSocketServer = new WebSocketServer({ noServer: true });
-
-// Client tracking map
-let connectedClients: Map<string, AuthenticatedWebSocket[]> = new Map();
-
-// Helper functions for client management
-const addClient = (newtId: string, ws: AuthenticatedWebSocket): void => {
-    const existingClients = connectedClients.get(newtId) || [];
-    existingClients.push(ws);
-    connectedClients.set(newtId, existingClients);
-    logger.info(`Client added to tracking - Newt ID: ${newtId}, Total connections: ${existingClients.length}`);
-};
-
-const removeClient = (newtId: string, ws: AuthenticatedWebSocket): void => {
-    const existingClients = connectedClients.get(newtId) || [];
-    const updatedClients = existingClients.filter(client => client !== ws);
-
-    if (updatedClients.length === 0) {
-        connectedClients.delete(newtId);
-        logger.info(`All connections removed for Newt ID: ${newtId}`);
-    } else {
-        connectedClients.set(newtId, updatedClients);
-        logger.info(`Connection removed - Newt ID: ${newtId}, Remaining connections: ${updatedClients.length}`);
-    }
-};
-
-// Helper functions for sending messages
-const sendToClient = (newtId: string, message: WSMessage): boolean => {
-    const clients = connectedClients.get(newtId);
-    if (!clients || clients.length === 0) {
-        logger.info(`No active connections found for Newt ID: ${newtId}`);
-        return false;
-    }
-
-    const messageString = JSON.stringify(message);
-    clients.forEach(client => {
-        if (client.readyState === WebSocket.OPEN) {
-            client.send(messageString);
-        }
-    });
-    return true;
-};
-
-const broadcastToAllExcept = (message: WSMessage, excludeNewtId?: string): void => {
-    connectedClients.forEach((clients, newtId) => {
-        if (newtId !== excludeNewtId) {
-            clients.forEach(client => {
-                if (client.readyState === WebSocket.OPEN) {
-                    client.send(JSON.stringify(message));
-                }
-            });
-        }
-    });
-};
-
-// Token verification middleware (unchanged)
-const verifyToken = async (token: string): Promise<TokenPayload | null> => {
-    try {
-        const { session, newt } = await validateNewtSessionToken(token);
-
-        if (!session || !newt) {
-            return null;
-        }
-
-        const existingNewt = await db
-            .select()
-            .from(newts)
-            .where(eq(newts.newtId, newt.newtId));
-
-        if (!existingNewt || !existingNewt[0]) {
-            return null;
-        }
-
-        return { newt: existingNewt[0], session };
-    } catch (error) {
-        logger.error("Token verification failed:", error);
-        return null;
-    }
-};
-
-const setupConnection = (ws: AuthenticatedWebSocket, newt: Newt): void => {
-    logger.info("Establishing websocket connection");
-
-    if (!newt) {
-        logger.error("Connection attempt without newt");
-        return ws.terminate();
-    }
-
-    ws.newt = newt;
-
-    // Add client to tracking
-    addClient(newt.newtId, ws);
-
-    ws.on("message", async (data) => {
-        try {
-            const message: WSMessage = JSON.parse(data.toString());
-            // logger.info(`Message received from Newt ID ${newtId}:`, message);
-
-            // Validate message format
-            if (!message.type || typeof message.type !== "string") {
-                throw new Error("Invalid message format: missing or invalid type");
-            }
-
-            // Get the appropriate handler for the message type
-            const handler = messageHandlers[message.type];
-            if (!handler) {
-                throw new Error(`Unsupported message type: ${message.type}`);
-            }
-
-            // Process the message and get response
-            const response = await handler({
-                message,
-                senderWs: ws,
-                newt: ws.newt,
-                sendToClient,
-                broadcastToAllExcept,
-                connectedClients
-            });
-
-            // Send response if one was returned
-            if (response) {
-                if (response.broadcast) {
-                    // Broadcast to all clients except sender if specified
-                    broadcastToAllExcept(response.message, response.excludeSender ? newt.newtId : undefined);
-                } else if (response.targetNewtId) {
-                    // Send to specific client if targetNewtId is provided
-                    sendToClient(response.targetNewtId, response.message);
-                } else {
-                    // Send back to sender
-                    ws.send(JSON.stringify(response.message));
-                }
-            }
-
-        } catch (error) {
-            logger.error("Message handling error:", error);
-            ws.send(JSON.stringify({
-                type: "error",
-                data: {
-                    message: error instanceof Error ? error.message : "Unknown error occurred",
-                    originalMessage: data.toString()
-                }
-            }));
-        }
-    });
-
-    ws.on("close", () => {
-        removeClient(newt.newtId, ws);
-        logger.info(`Client disconnected - Newt ID: ${newt.newtId}`);
-    });
-
-    ws.on("error", (error: Error) => {
-        logger.error(`WebSocket error for Newt ID ${newt.newtId}:`, error);
-    });
-
-    logger.info(`WebSocket connection established - Newt ID: ${newt.newtId}`);
-};
-
-// Router endpoint (unchanged)
-router.get("/ws", (req: Request, res: Response) => {
-    res.status(200).send("WebSocket endpoint");
-});
-
-// WebSocket upgrade handler
-const handleWSUpgrade = (server: HttpServer): void => {
-    server.on("upgrade", async (request: WebSocketRequest, socket: Socket, head: Buffer) => {
-        try {
-            const token = request.url?.includes("?")
-                ? new URLSearchParams(request.url.split("?")[1]).get("token") || ""
-                : request.headers["sec-websocket-protocol"];
-
-            if (!token) {
-                logger.warn("Unauthorized connection attempt: no token...");
-                socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
-                socket.destroy();
-                return;
-            }
-
-            const tokenPayload = await verifyToken(token);
-            if (!tokenPayload) {
-                logger.warn("Unauthorized connection attempt: invalid token...");
-                socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
-                socket.destroy();
-                return;
-            }
-
-            wss.handleUpgrade(request, socket, head, (ws: AuthenticatedWebSocket) => {
-                setupConnection(ws, tokenPayload.newt);
-            });
-        } catch (error) {
-            logger.error("WebSocket upgrade error:", error);
-            socket.write("HTTP/1.1 500 Internal Server Error\r\n\r\n");
-            socket.destroy();
-        }
-    });
-};
-
-export {
-    router,
-    handleWSUpgrade,
-    sendToClient,
-    broadcastToAllExcept,
-    connectedClients
-};
diff --git a/server/routers/ws/index.ts b/server/routers/ws/index.ts
new file mode 100644
index 00000000..cf95932c
--- /dev/null
+++ b/server/routers/ws/index.ts
@@ -0,0 +1 @@
+export * from "./ws";
\ No newline at end of file
diff --git a/server/routers/ws/messageHandlers.ts b/server/routers/ws/messageHandlers.ts
new file mode 100644
index 00000000..d85cc277
--- /dev/null
+++ b/server/routers/ws/messageHandlers.ts
@@ -0,0 +1,29 @@
+import {
+    handleNewtRegisterMessage,
+    handleReceiveBandwidthMessage,
+    handleGetConfigMessage,
+    handleDockerStatusMessage,
+    handleDockerContainersMessage,
+    handleNewtPingRequestMessage
+} from "../newt";
+import {
+    handleOlmRegisterMessage,
+    handleOlmRelayMessage,
+    handleOlmPingMessage,
+    startOfflineChecker
+} from "../olm";
+import { MessageHandler } from "./ws";
+
+export const messageHandlers: Record<string, MessageHandler> = {
+    "newt/wg/register": handleNewtRegisterMessage,
+    "olm/wg/register": handleOlmRegisterMessage,
+    "newt/wg/get-config": handleGetConfigMessage,
+    "newt/receive-bandwidth": handleReceiveBandwidthMessage,
+    "olm/wg/relay": handleOlmRelayMessage,
+    "olm/ping": handleOlmPingMessage,
+    "newt/socket/status": handleDockerStatusMessage,
+    "newt/socket/containers": handleDockerContainersMessage,
+    "newt/ping/request": handleNewtPingRequestMessage,
+};
+
+startOfflineChecker(); // this is to handle the offline check for olms
diff --git a/server/routers/ws/ws.ts b/server/routers/ws/ws.ts
new file mode 100644
index 00000000..0d9f84d3
--- /dev/null
+++ b/server/routers/ws/ws.ts
@@ -0,0 +1,340 @@
+import { Router, Request, Response } from "express";
+import { Server as HttpServer } from "http";
+import { WebSocket, WebSocketServer } from "ws";
+import { IncomingMessage } from "http";
+import { Socket } from "net";
+import { Newt, newts, NewtSession, olms, Olm, OlmSession } from "@server/db";
+import { eq } from "drizzle-orm";
+import { db } from "@server/db";
+import { validateNewtSessionToken } from "@server/auth/sessions/newt";
+import { validateOlmSessionToken } from "@server/auth/sessions/olm";
+import { messageHandlers } from "./messageHandlers";
+import logger from "@server/logger";
+import { v4 as uuidv4 } from "uuid";
+
+// Custom interfaces
+interface WebSocketRequest extends IncomingMessage {
+    token?: string;
+}
+
+type ClientType = 'newt' | 'olm';
+
+interface AuthenticatedWebSocket extends WebSocket {
+    client?: Newt | Olm;
+    clientType?: ClientType;
+    connectionId?: string;
+}
+
+interface TokenPayload {
+    client: Newt | Olm;
+    session: NewtSession | OlmSession;
+    clientType: ClientType;
+}
+
+interface WSMessage {
+    type: string;
+    data: any;
+}
+
+interface HandlerResponse {
+    message: WSMessage;
+    broadcast?: boolean;
+    excludeSender?: boolean;
+    targetClientId?: string;
+}
+
+interface HandlerContext {
+    message: WSMessage;
+    senderWs: WebSocket;
+    client: Newt | Olm | undefined;
+    clientType: ClientType;
+    sendToClient: (clientId: string, message: WSMessage) => Promise<boolean>;
+    broadcastToAllExcept: (message: WSMessage, excludeClientId?: string) => Promise<void>;
+    connectedClients: Map<string, WebSocket[]>;
+}
+
+export type MessageHandler = (context: HandlerContext) => Promise<HandlerResponse | void>;
+
+const router: Router = Router();
+const wss: WebSocketServer = new WebSocketServer({ noServer: true });
+
+// Generate unique node ID for this instance
+const NODE_ID = uuidv4();
+
+// Client tracking map (local to this node)
+let connectedClients: Map<string, AuthenticatedWebSocket[]> = new Map();
+// Helper to get map key
+const getClientMapKey = (clientId: string) => clientId;
+
+// Helper functions for client management
+const addClient = async (clientType: ClientType, clientId: string, ws: AuthenticatedWebSocket): Promise<void> => {
+    // Generate unique connection ID
+    const connectionId = uuidv4();
+    ws.connectionId = connectionId;
+
+    // Add to local tracking
+    const mapKey = getClientMapKey(clientId);
+    const existingClients = connectedClients.get(mapKey) || [];
+    existingClients.push(ws);
+    connectedClients.set(mapKey, existingClients);
+
+    logger.info(`Client added to tracking - ${clientType.toUpperCase()} ID: ${clientId}, Connection ID: ${connectionId}, Total connections: ${existingClients.length}`);
+};
+
+const removeClient = async (clientType: ClientType, clientId: string, ws: AuthenticatedWebSocket): Promise<void> => {
+    const mapKey = getClientMapKey(clientId);
+    const existingClients = connectedClients.get(mapKey) || [];
+    const updatedClients = existingClients.filter(client => client !== ws);
+    if (updatedClients.length === 0) {
+        connectedClients.delete(mapKey);
+
+        logger.info(`All connections removed for ${clientType.toUpperCase()} ID: ${clientId}`);
+    } else {
+        connectedClients.set(mapKey, updatedClients);
+
+        logger.info(`Connection removed - ${clientType.toUpperCase()} ID: ${clientId}, Remaining connections: ${updatedClients.length}`);
+    }
+};
+
+// Local message sending (within this node)
+const sendToClientLocal = async (clientId: string, message: WSMessage): Promise<boolean> => {
+    const mapKey = getClientMapKey(clientId);
+    const clients = connectedClients.get(mapKey);
+    if (!clients || clients.length === 0) {
+        return false;
+    }
+    const messageString = JSON.stringify(message);
+    clients.forEach(client => {
+        if (client.readyState === WebSocket.OPEN) {
+            client.send(messageString);
+        }
+    });
+    return true;
+};
+
+const broadcastToAllExceptLocal = async (message: WSMessage, excludeClientId?: string): Promise<void> => {
+    connectedClients.forEach((clients, mapKey) => {
+        const [type, id] = mapKey.split(":");
+        if (!(excludeClientId && id === excludeClientId)) {
+            clients.forEach(client => {
+                if (client.readyState === WebSocket.OPEN) {
+                    client.send(JSON.stringify(message));
+                }
+            });
+        }
+    });
+};
+
+// Cross-node message sending
+const sendToClient = async (clientId: string, message: WSMessage): Promise<boolean> => {
+    // Try to send locally first
+    const localSent = await sendToClientLocal(clientId, message);
+
+    return localSent;
+};
+
+const broadcastToAllExcept = async (message: WSMessage, excludeClientId?: string): Promise<void> => {
+    // Broadcast locally
+    await broadcastToAllExceptLocal(message, excludeClientId);
+};
+
+// Check if a client has active connections across all nodes
+const hasActiveConnections = async (clientId: string): Promise<boolean> => {
+        const mapKey = getClientMapKey(clientId);
+        const clients = connectedClients.get(mapKey);
+        return !!(clients && clients.length > 0);
+};
+
+// Get all active nodes for a client
+const getActiveNodes = async (clientType: ClientType, clientId: string): Promise<string[]> => {
+        const mapKey = getClientMapKey(clientId);
+        const clients = connectedClients.get(mapKey);
+        return (clients && clients.length > 0) ? [NODE_ID] : [];
+};
+
+// Token verification middleware
+const verifyToken = async (token: string, clientType: ClientType): Promise<TokenPayload | null> => {
+
+try {
+        if (clientType === 'newt') {
+            const { session, newt } = await validateNewtSessionToken(token);
+            if (!session || !newt) {
+                return null;
+            }
+            const existingNewt = await db
+                .select()
+                .from(newts)
+                .where(eq(newts.newtId, newt.newtId));
+            if (!existingNewt || !existingNewt[0]) {
+                return null;
+            }
+            return { client: existingNewt[0], session, clientType };
+        } else {
+            const { session, olm } = await validateOlmSessionToken(token);
+            if (!session || !olm) {
+                return null;
+            }
+            const existingOlm = await db
+                .select()
+                .from(olms)
+                .where(eq(olms.olmId, olm.olmId));
+            if (!existingOlm || !existingOlm[0]) {
+                return null;
+            }
+            return { client: existingOlm[0], session, clientType };
+        }
+    } catch (error) {
+        logger.error("Token verification failed:", error);
+        return null;
+    }
+};
+
+const setupConnection = async (ws: AuthenticatedWebSocket, client: Newt | Olm, clientType: ClientType): Promise<void> => {
+    logger.info("Establishing websocket connection");
+    if (!client) {
+        logger.error("Connection attempt without client");
+        return ws.terminate();
+    }
+
+    ws.client = client;
+    ws.clientType = clientType;
+
+    // Add client to tracking
+    const clientId = clientType === 'newt' ? (client as Newt).newtId : (client as Olm).olmId;
+    await addClient(clientType, clientId, ws);
+
+    ws.on("message", async (data) => {
+        try {
+            const message: WSMessage = JSON.parse(data.toString());
+
+            if (!message.type || typeof message.type !== "string") {
+                throw new Error("Invalid message format: missing or invalid type");
+            }
+
+            const handler = messageHandlers[message.type];
+            if (!handler) {
+                throw new Error(`Unsupported message type: ${message.type}`);
+            }
+
+            const response = await handler({
+                message,
+                senderWs: ws,
+                client: ws.client,
+                clientType: ws.clientType!,
+                sendToClient,
+                broadcastToAllExcept,
+                connectedClients
+            });
+
+            if (response) {
+                if (response.broadcast) {
+                    await broadcastToAllExcept(
+                        response.message,
+                        response.excludeSender ? clientId : undefined
+                    );
+                } else if (response.targetClientId) {
+                    await sendToClient(response.targetClientId, response.message);
+                } else {
+                    ws.send(JSON.stringify(response.message));
+                }
+            }
+        } catch (error) {
+            logger.error("Message handling error:", error);
+            ws.send(JSON.stringify({
+                type: "error",
+                data: {
+                    message: error instanceof Error ? error.message : "Unknown error occurred",
+                    originalMessage: data.toString()
+                }
+            }));
+        }
+    });
+
+    ws.on("close", () => {
+        removeClient(clientType, clientId, ws);
+        logger.info(`Client disconnected - ${clientType.toUpperCase()} ID: ${clientId}`);
+    });
+
+    ws.on("error", (error: Error) => {
+        logger.error(`WebSocket error for ${clientType.toUpperCase()} ID ${clientId}:`, error);
+    });
+
+    logger.info(`WebSocket connection established - ${clientType.toUpperCase()} ID: ${clientId}`);
+};
+
+// Router endpoint
+router.get("/ws", (req: Request, res: Response) => {
+    res.status(200).send("WebSocket endpoint");
+});
+
+// WebSocket upgrade handler
+const handleWSUpgrade = (server: HttpServer): void => {
+    server.on("upgrade", async (request: WebSocketRequest, socket: Socket, head: Buffer) => {
+        try {
+            const url = new URL(request.url || '', `http://${request.headers.host}`);
+            const token = url.searchParams.get('token') || request.headers["sec-websocket-protocol"] || '';
+            let clientType = url.searchParams.get('clientType') as ClientType;
+
+            if (!clientType) {
+                clientType = "newt";
+            }
+
+            if (!token || !clientType || !['newt', 'olm'].includes(clientType)) {
+                logger.warn("Unauthorized connection attempt: invalid token or client type...");
+                socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+                socket.destroy();
+                return;
+            }
+
+            const tokenPayload = await verifyToken(token, clientType);
+            if (!tokenPayload) {
+                logger.warn("Unauthorized connection attempt: invalid token...");
+                socket.write("HTTP/1.1 401 Unauthorized\r\n\r\n");
+                socket.destroy();
+                return;
+            }
+
+            wss.handleUpgrade(request, socket, head, (ws: AuthenticatedWebSocket) => {
+                setupConnection(ws, tokenPayload.client, tokenPayload.clientType);
+            });
+        } catch (error) {
+            logger.error("WebSocket upgrade error:", error);
+            socket.write("HTTP/1.1 500 Internal Server Error\r\n\r\n");
+            socket.destroy();
+        }
+    });
+};
+
+// Cleanup function for graceful shutdown
+const cleanup = async (): Promise<void> => {
+    try {
+        // Close all WebSocket connections
+        connectedClients.forEach((clients) => {
+            clients.forEach(client => {
+                if (client.readyState === WebSocket.OPEN) {
+                    client.terminate();
+                }
+            });
+        });
+
+        logger.info('WebSocket cleanup completed');
+    } catch (error) {
+        logger.error('Error during WebSocket cleanup:', error);
+    }
+};
+
+// Handle process termination
+process.on('SIGTERM', cleanup);
+process.on('SIGINT', cleanup);
+
+export {
+    router,
+    handleWSUpgrade,
+    sendToClient,
+    broadcastToAllExcept,
+    connectedClients,
+    hasActiveConnections,
+    getActiveNodes,
+    NODE_ID,
+    cleanup
+};
diff --git a/server/setup/copyInConfig.ts b/server/setup/copyInConfig.ts
index 6ab8d446..eccee475 100644
--- a/server/setup/copyInConfig.ts
+++ b/server/setup/copyInConfig.ts
@@ -8,8 +8,31 @@ export async function copyInConfig() {
     const endpoint = config.getRawConfig().gerbil.base_endpoint;
     const listenPort = config.getRawConfig().gerbil.start_port;
 
+    if (!config.getRawConfig().flags?.disable_config_managed_domains) {
+        await copyInDomains();
+    }
+
+    const exitNodeName = config.getRawConfig().gerbil.exit_node_name;
+    if (exitNodeName) {
+        await db
+            .update(exitNodes)
+            .set({ endpoint, listenPort })
+            .where(eq(exitNodes.name, exitNodeName));
+    } else {
+        await db
+            .update(exitNodes)
+            .set({ endpoint })
+            .where(ne(exitNodes.endpoint, endpoint));
+        await db
+            .update(exitNodes)
+            .set({ listenPort })
+            .where(ne(exitNodes.listenPort, listenPort));
+    }
+}
+
+async function copyInDomains() {
     await db.transaction(async (trx) => {
-        const rawDomains = config.getRawConfig().domains;
+        const rawDomains = config.getRawConfig().domains!; // always defined if disable flag is not set
 
         const configDomains = Object.entries(rawDomains).map(
             ([key, value]) => ({
@@ -40,13 +63,19 @@ export async function copyInConfig() {
             if (existingDomainKeys.has(domainId)) {
                 await trx
                     .update(domains)
-                    .set({ baseDomain })
+                    .set({ baseDomain, verified: true, type: "wildcard" })
                     .where(eq(domains.domainId, domainId))
                     .execute();
             } else {
                 await trx
                     .insert(domains)
-                    .values({ domainId, baseDomain, configManaged: true })
+                    .values({
+                        domainId,
+                        baseDomain,
+                        configManaged: true,
+                        type: "wildcard",
+                        verified: true
+                    })
                     .execute();
             }
         }
@@ -92,7 +121,7 @@ export async function copyInConfig() {
             }
 
             let fullDomain = "";
-            if (resource.isBaseDomain) {
+            if (!resource.subdomain) {
                 fullDomain = domain.baseDomain;
             } else {
                 fullDomain = `${resource.subdomain}.${domain.baseDomain}`;
@@ -104,15 +133,4 @@ export async function copyInConfig() {
                 .where(eq(resources.resourceId, resource.resourceId));
         }
     });
-
-    // TODO: eventually each exit node could have a different endpoint
-    await db
-        .update(exitNodes)
-        .set({ endpoint })
-        .where(ne(exitNodes.endpoint, endpoint));
-    // TODO: eventually each exit node could have a different port
-    await db
-        .update(exitNodes)
-        .set({ listenPort })
-        .where(ne(exitNodes.listenPort, listenPort));
 }
diff --git a/server/setup/index.ts b/server/setup/index.ts
index 05971893..d126869a 100644
--- a/server/setup/index.ts
+++ b/server/setup/index.ts
@@ -1,15 +1,9 @@
 import { ensureActions } from "./ensureActions";
 import { copyInConfig } from "./copyInConfig";
-import logger from "@server/logger";
 import { clearStaleData } from "./clearStaleData";
 
 export async function runSetupFunctions() {
-    try {
-        await copyInConfig(); // copy in the config to the db as needed
-        await ensureActions(); // make sure all of the actions are in the db and the roles
-        await clearStaleData();
-    } catch (error) {
-        logger.error("Error running setup functions:", error);
-        process.exit(1);
-    }
+    await copyInConfig(); // copy in the config to the db as needed
+    await ensureActions(); // make sure all of the actions are in the db and the roles
+    await clearStaleData();
 }
diff --git a/server/setup/migrationsPg.ts b/server/setup/migrationsPg.ts
index 075c7d1b..bf9e75ef 100644
--- a/server/setup/migrationsPg.ts
+++ b/server/setup/migrationsPg.ts
@@ -30,6 +30,10 @@ async function run() {
 }
 
 export async function runMigrations() {
+    if (process.env.DISABLE_MIGRATIONS) {
+        console.log("Migrations are disabled. Skipping...");
+        return;
+    }
     try {
         const appVersion = APP_VERSION;
 
diff --git a/server/setup/migrationsSqlite.ts b/server/setup/migrationsSqlite.ts
index aa6649ea..68da0a27 100644
--- a/server/setup/migrationsSqlite.ts
+++ b/server/setup/migrationsSqlite.ts
@@ -23,7 +23,6 @@ import m19 from "./scriptsSqlite/1.3.0";
 import m20 from "./scriptsSqlite/1.5.0";
 import m21 from "./scriptsSqlite/1.6.0";
 import m22 from "./scriptsSqlite/1.7.0";
-import m23 from "./scriptsSqlite/1.8.0";
 
 // THIS CANNOT IMPORT ANYTHING FROM THE SERVER
 // EXCEPT FOR THE DATABASE AND THE SCHEMA
@@ -47,7 +46,6 @@ const migrations = [
     { version: "1.5.0", run: m20 },
     { version: "1.6.0", run: m21 },
     { version: "1.7.0", run: m22 },
-    { version: "1.8.0", run: m23 }
     // Add new migrations here as they are created
 ] as const;
 
@@ -80,24 +78,24 @@ function backupDb() {
 }
 
 export async function runMigrations() {
+    if (process.env.DISABLE_MIGRATIONS) {
+        console.log("Migrations are disabled. Skipping...");
+        return;
+    }
     try {
         const appVersion = APP_VERSION;
 
-        // Check if the database file exists and has tables
-        const hasTables = await db.select().from(versionMigrations).limit(1).catch(() => false);
-
-        if (hasTables) {
+        if (exists) {
             await executeScripts();
         } else {
-            console.log("Running initial migrations...");
+            console.log("Running migrations...");
             try {
                 migrate(db, {
-                    migrationsFolder: path.join(APP_PATH, "server", "migrations")
+                    migrationsFolder: path.join(__DIRNAME, "init") // put here during the docker build
                 });
-                console.log("Initial migrations completed successfully.");
+                console.log("Migrations completed successfully.");
             } catch (error) {
-                console.error("Error running initial migrations:", error);
-                throw error;
+                console.error("Error running migrations:", error);
             }
 
             await db
diff --git a/server/setup/scriptsPg/1.7.0.ts b/server/setup/scriptsPg/1.7.0.ts
index 432ab1c1..c0245871 100644
--- a/server/setup/scriptsPg/1.7.0.ts
+++ b/server/setup/scriptsPg/1.7.0.ts
@@ -1,21 +1,163 @@
 import { db } from "@server/db/pg";
-
+import { db } from "@server/db/pg/driver";
+import { sql } from "drizzle-orm";
 const version = "1.7.0";
 
 export default async function migration() {
-    console.log(`Running PostgreSQL setup script ${version}...`);
+    console.log(`Running setup script ${version}...`);
 
     try {
-        // Add passwordResetTokenExpiryHours column to orgs table with default value of 1
-        await db.execute(`
-            ALTER TABLE orgs ADD COLUMN passwordResetTokenExpiryHours INTEGER NOT NULL DEFAULT 1;
+        await db.execute(sql`
+            BEGIN;
+            
+            CREATE TABLE "clientSites" (
+                "clientId" integer NOT NULL,
+                "siteId" integer NOT NULL,
+                "isRelayed" boolean DEFAULT false NOT NULL
+            );
+            
+            CREATE TABLE "clients" (
+                "id" serial PRIMARY KEY NOT NULL,
+                "orgId" varchar NOT NULL,
+                "exitNode" integer,
+                "name" varchar NOT NULL,
+                "pubKey" varchar,
+                "subnet" varchar NOT NULL,
+                "bytesIn" integer,
+                "bytesOut" integer,
+                "lastBandwidthUpdate" varchar,
+                "lastPing" varchar,
+                "type" varchar NOT NULL,
+                "online" boolean DEFAULT false NOT NULL,
+                "endpoint" varchar,
+                "lastHolePunch" integer,
+                "maxConnections" integer
+            );
+            
+            CREATE TABLE "clientSession" (
+                "id" varchar PRIMARY KEY NOT NULL,
+                "olmId" varchar NOT NULL,
+                "expiresAt" integer NOT NULL
+            );
+            
+            CREATE TABLE "olms" (
+                "id" varchar PRIMARY KEY NOT NULL,
+                "secretHash" varchar NOT NULL,
+                "dateCreated" varchar NOT NULL,
+                "clientId" integer
+            );
+            
+            CREATE TABLE "roleClients" (
+                "roleId" integer NOT NULL,
+                "clientId" integer NOT NULL
+            );
+            
+            CREATE TABLE "webauthnCredentials" (
+                "credentialId" varchar PRIMARY KEY NOT NULL,
+                "userId" varchar NOT NULL,
+                "publicKey" varchar NOT NULL,
+                "signCount" integer NOT NULL,
+                "transports" varchar,
+                "name" varchar,
+                "lastUsed" varchar NOT NULL,
+                "dateCreated" varchar NOT NULL,
+                "securityKeyName" varchar
+            );
+            
+            CREATE TABLE "userClients" (
+                "userId" varchar NOT NULL,
+                "clientId" integer NOT NULL
+            );
+            
+            CREATE TABLE "webauthnChallenge" (
+                "sessionId" varchar PRIMARY KEY NOT NULL,
+                "challenge" varchar NOT NULL,
+                "securityKeyName" varchar,
+                "userId" varchar,
+                "expiresAt" bigint NOT NULL
+            );
+            
+            ALTER TABLE "limits" DISABLE ROW LEVEL SECURITY;
+            DROP TABLE "limits" CASCADE;
+            ALTER TABLE "sites" ALTER COLUMN "subnet" DROP NOT NULL;
+            ALTER TABLE "sites" ALTER COLUMN "bytesIn" SET DEFAULT 0;
+            ALTER TABLE "sites" ALTER COLUMN "bytesOut" SET DEFAULT 0;
+            ALTER TABLE "domains" ADD COLUMN "type" varchar;
+            ALTER TABLE "domains" ADD COLUMN "verified" boolean DEFAULT false NOT NULL;
+            ALTER TABLE "domains" ADD COLUMN "failed" boolean DEFAULT false NOT NULL;
+            ALTER TABLE "domains" ADD COLUMN "tries" integer DEFAULT 0 NOT NULL;
+            ALTER TABLE "exitNodes" ADD COLUMN "maxConnections" integer;
+            ALTER TABLE "newt" ADD COLUMN "version" varchar;
+            ALTER TABLE "orgs" ADD COLUMN "subnet" varchar;
+            ALTER TABLE "sites" ADD COLUMN "address" varchar;
+            ALTER TABLE "sites" ADD COLUMN "endpoint" varchar;
+            ALTER TABLE "sites" ADD COLUMN "publicKey" varchar;
+            ALTER TABLE "sites" ADD COLUMN "lastHolePunch" bigint;
+            ALTER TABLE "sites" ADD COLUMN "listenPort" integer;
+            ALTER TABLE "user" ADD COLUMN "twoFactorSetupRequested" boolean DEFAULT false;
+            ALTER TABLE "clientSites" ADD CONSTRAINT "clientSites_clientId_clients_id_fk" FOREIGN KEY ("clientId") REFERENCES "public"."clients"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "clientSites" ADD CONSTRAINT "clientSites_siteId_sites_siteId_fk" FOREIGN KEY ("siteId") REFERENCES "public"."sites"("siteId") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "clients" ADD CONSTRAINT "clients_orgId_orgs_orgId_fk" FOREIGN KEY ("orgId") REFERENCES "public"."orgs"("orgId") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "clients" ADD CONSTRAINT "clients_exitNode_exitNodes_exitNodeId_fk" FOREIGN KEY ("exitNode") REFERENCES "public"."exitNodes"("exitNodeId") ON DELETE set null ON UPDATE no action;
+            ALTER TABLE "clientSession" ADD CONSTRAINT "clientSession_olmId_olms_id_fk" FOREIGN KEY ("olmId") REFERENCES "public"."olms"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "olms" ADD CONSTRAINT "olms_clientId_clients_id_fk" FOREIGN KEY ("clientId") REFERENCES "public"."clients"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "roleClients" ADD CONSTRAINT "roleClients_roleId_roles_roleId_fk" FOREIGN KEY ("roleId") REFERENCES "public"."roles"("roleId") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "roleClients" ADD CONSTRAINT "roleClients_clientId_clients_id_fk" FOREIGN KEY ("clientId") REFERENCES "public"."clients"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "webauthnCredentials" ADD CONSTRAINT "webauthnCredentials_userId_user_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "userClients" ADD CONSTRAINT "userClients_userId_user_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "userClients" ADD CONSTRAINT "userClients_clientId_clients_id_fk" FOREIGN KEY ("clientId") REFERENCES "public"."clients"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "webauthnChallenge" ADD CONSTRAINT "webauthnChallenge_userId_user_id_fk" FOREIGN KEY ("userId") REFERENCES "public"."user"("id") ON DELETE cascade ON UPDATE no action;
+            ALTER TABLE "resources" DROP COLUMN "isBaseDomain";
+            
+            COMMIT;
         `);
-        console.log(`Added passwordResetTokenExpiryHours column to orgs table`);
+
+        console.log(`Migrated database schema`);
     } catch (e) {
-        console.log("Error adding passwordResetTokenExpiryHours column to orgs table:");
+        console.log("Unable to migrate database schema");
         console.log(e);
         throw e;
     }
 
-    console.log(`${version} PostgreSQL migration complete`);
-} 
\ No newline at end of file
+    try {
+        await db.execute(sql`BEGIN`);
+        
+        // Update all existing orgs to have the default subnet
+        await db.execute(sql`UPDATE "orgs" SET "subnet" = '100.90.128.0/24'`);
+
+        // Get all orgs and their sites to assign sequential IP addresses
+        const orgsQuery = await db.execute(sql`SELECT "orgId" FROM "orgs"`);
+
+        const orgs = orgsQuery.rows as { orgId: string }[];
+
+        for (const org of orgs) {
+            const sitesQuery = await db.execute(sql`
+                SELECT "siteId" FROM "sites" 
+                WHERE "orgId" = ${org.orgId} 
+                ORDER BY "siteId"
+            `);
+
+            const sites = sitesQuery.rows as { siteId: number }[];
+
+            let ipIndex = 1;
+            for (const site of sites) {
+                const address = `100.90.128.${ipIndex}/24`;
+                await db.execute(sql`
+                    UPDATE "sites" SET "address" = ${address} 
+                    WHERE "siteId" = ${site.siteId}
+                `);
+                ipIndex++;
+            }
+        }
+
+        await db.execute(sql`COMMIT`);
+        console.log(`Updated org subnets and site addresses`);
+    } catch (e) {
+        await db.execute(sql`ROLLBACK`);
+        console.log("Unable to update org subnets");
+        console.log(e);
+        throw e;
+    }
+
+    console.log(`${version} migration complete`);
+}
diff --git a/server/setup/scriptsSqlite/1.4.0.ts b/server/setup/scriptsSqlite/1.4.0.ts
deleted file mode 100644
index 3885b4bf..00000000
--- a/server/setup/scriptsSqlite/1.4.0.ts
+++ /dev/null
@@ -1,31 +0,0 @@
-import { db } from "../../db/sqlite";
-import { sql } from "drizzle-orm";
-
-const version = "1.4.0";
-
-export default async function migration() {
-    console.log(`Running setup script ${version}...`);
-
-    try {
-        db.transaction((trx) => {
-            trx.run(sql`CREATE TABLE 'securityKey' (
-                'credentialId' text PRIMARY KEY NOT NULL,
-                'userId' text NOT NULL,
-                'publicKey' text NOT NULL,
-                'signCount' integer NOT NULL,
-                'transports' text,
-                'name' text,
-                'lastUsed' text NOT NULL,
-                'dateCreated' text NOT NULL,
-                FOREIGN KEY ('userId') REFERENCES 'user'('id') ON DELETE CASCADE
-            );`);
-        });
-
-        console.log(`Migrated database schema`);
-    } catch (e) {
-        console.log("Unable to migrate database schema");
-        throw e;
-    }
-
-    console.log(`${version} migration complete`);
-} 
\ No newline at end of file
diff --git a/server/setup/scriptsSqlite/1.7.0.ts b/server/setup/scriptsSqlite/1.7.0.ts
index d597196b..4a7ef9cc 100644
--- a/server/setup/scriptsSqlite/1.7.0.ts
+++ b/server/setup/scriptsSqlite/1.7.0.ts
@@ -12,6 +12,7 @@ export default async function migration() {
 
     try {
         db.pragma("foreign_keys = OFF");
+
         db.transaction(() => {
             // Add passwordResetTokenExpiryHours column to orgs table with default value of 1
             db.exec(`
@@ -29,26 +30,173 @@ export default async function migration() {
         db.pragma("foreign_keys = OFF");
         db.transaction(() => {
             db.exec(`
-                CREATE TABLE IF NOT EXISTS securityKey (
-                    credentialId TEXT PRIMARY KEY,
-                    userId TEXT NOT NULL,
-                    publicKey TEXT NOT NULL,
-                    signCount INTEGER NOT NULL,
-                    transports TEXT,
-                    name TEXT,
-                    lastUsed TEXT NOT NULL,
-                    dateCreated TEXT NOT NULL,
-                    FOREIGN KEY (userId) REFERENCES user(id) ON DELETE CASCADE
+                CREATE TABLE 'clientSites' (
+                    'clientId' integer NOT NULL,
+                    'siteId' integer NOT NULL,
+                    'isRelayed' integer DEFAULT 0 NOT NULL,
+                    FOREIGN KEY ('clientId') REFERENCES 'clients'('id') ON UPDATE no action ON DELETE cascade,
+                    FOREIGN KEY ('siteId') REFERENCES 'sites'('siteId') ON UPDATE no action ON DELETE cascade
                 );
+
+                CREATE TABLE 'clients' (
+                    'id' integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+                    'orgId' text NOT NULL,
+                    'exitNode' integer,
+                    'name' text NOT NULL,
+                    'pubKey' text,
+                    'subnet' text NOT NULL,
+                    'bytesIn' integer,
+                    'bytesOut' integer,
+                    'lastBandwidthUpdate' text,
+                    'lastPing' text,
+                    'type' text NOT NULL,
+                    'online' integer DEFAULT 0 NOT NULL,
+                    'endpoint' text,
+                    'lastHolePunch' integer,
+                    FOREIGN KEY ('orgId') REFERENCES 'orgs'('orgId') ON UPDATE no action ON DELETE cascade,
+                    FOREIGN KEY ('exitNode') REFERENCES 'exitNodes'('exitNodeId') ON UPDATE no action ON DELETE set null
+                );
+
+                CREATE TABLE 'clientSession' (
+                    'id' text PRIMARY KEY NOT NULL,
+                    'olmId' text NOT NULL,
+                    'expiresAt' integer NOT NULL,
+                    FOREIGN KEY ('olmId') REFERENCES 'olms'('id') ON UPDATE no action ON DELETE cascade
+                );
+
+                CREATE TABLE 'olms' (
+                    'id' text PRIMARY KEY NOT NULL,
+                    'secretHash' text NOT NULL,
+                    'dateCreated' text NOT NULL,
+                    'clientId' integer,
+                    FOREIGN KEY ('clientId') REFERENCES 'clients'('id') ON UPDATE no action ON DELETE cascade
+                );
+
+                CREATE TABLE 'roleClients' (
+                    'roleId' integer NOT NULL,
+                    'clientId' integer NOT NULL,
+                    FOREIGN KEY ('roleId') REFERENCES 'roles'('roleId') ON UPDATE no action ON DELETE cascade,
+                    FOREIGN KEY ('clientId') REFERENCES 'clients'('id') ON UPDATE no action ON DELETE cascade
+                );
+
+                CREATE TABLE 'webauthnCredentials' (
+                    'credentialId' text PRIMARY KEY NOT NULL,
+                    'userId' text NOT NULL,
+                    'publicKey' text NOT NULL,
+                    'signCount' integer NOT NULL,
+                    'transports' text,
+                    'name' text,
+                    'lastUsed' text NOT NULL,
+                    'dateCreated' text NOT NULL,
+                    FOREIGN KEY ('userId') REFERENCES 'user'('id') ON UPDATE no action ON DELETE cascade
+                );
+
+                CREATE TABLE 'userClients' (
+                    'userId' text NOT NULL,
+                    'clientId' integer NOT NULL,
+                    FOREIGN KEY ('userId') REFERENCES 'user'('id') ON UPDATE no action ON DELETE cascade,
+                    FOREIGN KEY ('clientId') REFERENCES 'clients'('id') ON UPDATE no action ON DELETE cascade
+                );
+
+                CREATE TABLE 'userDomains' (
+                    'userId' text NOT NULL,
+                    'domainId' text NOT NULL,
+                    FOREIGN KEY ('userId') REFERENCES 'user'('id') ON UPDATE no action ON DELETE cascade,
+                    FOREIGN KEY ('domainId') REFERENCES 'domains'('domainId') ON UPDATE no action ON DELETE cascade
+                );
+
+                CREATE TABLE 'webauthnChallenge' (
+                    'sessionId' text PRIMARY KEY NOT NULL,
+                    'challenge' text NOT NULL,
+                    'securityKeyName' text,
+                    'userId' text,
+                    'expiresAt' integer NOT NULL,
+                    FOREIGN KEY ('userId') REFERENCES 'user'('id') ON UPDATE no action ON DELETE cascade
+                );
+
             `);
-        })(); // executes the transaction immediately
+
+            db.exec(`
+                CREATE TABLE '__new_sites' (
+                    'siteId' integer PRIMARY KEY AUTOINCREMENT NOT NULL,
+                    'orgId' text NOT NULL,
+                    'niceId' text NOT NULL,
+                    'exitNode' integer,
+                    'name' text NOT NULL,
+                    'pubKey' text,
+                    'subnet' text,
+                    'bytesIn' integer DEFAULT 0,
+                    'bytesOut' integer DEFAULT 0,
+                    'lastBandwidthUpdate' text,
+                    'type' text NOT NULL,
+                    'online' integer DEFAULT 0 NOT NULL,
+                    'address' text,
+                    'endpoint' text,
+                    'publicKey' text,
+                    'lastHolePunch' integer,
+                    'listenPort' integer,
+                    'dockerSocketEnabled' integer DEFAULT 1 NOT NULL,
+                    FOREIGN KEY ('orgId') REFERENCES 'orgs'('orgId') ON UPDATE no action ON DELETE cascade,
+                    FOREIGN KEY ('exitNode') REFERENCES 'exitNodes'('exitNodeId') ON UPDATE no action ON DELETE set null
+                );
+
+                INSERT INTO '__new_sites' (
+                    'siteId', 'orgId', 'niceId', 'exitNode', 'name', 'pubKey', 'subnet', 'bytesIn', 'bytesOut', 'lastBandwidthUpdate', 'type', 'online', 'address', 'endpoint', 'publicKey', 'lastHolePunch', 'listenPort', 'dockerSocketEnabled'
+                )
+                SELECT siteId, orgId, niceId, exitNode, name, pubKey, subnet, bytesIn, bytesOut, lastBandwidthUpdate, type, online, NULL, NULL, NULL, NULL, NULL, dockerSocketEnabled
+                FROM sites;
+
+                DROP TABLE 'sites';
+                ALTER TABLE '__new_sites' RENAME TO 'sites';
+            `);
+
+            db.exec(`
+                ALTER TABLE 'domains' ADD 'type' text;
+                ALTER TABLE 'domains' ADD 'verified' integer DEFAULT 0 NOT NULL;
+                ALTER TABLE 'domains' ADD 'failed' integer DEFAULT 0 NOT NULL;
+                ALTER TABLE 'domains' ADD 'tries' integer DEFAULT 0 NOT NULL;
+                ALTER TABLE 'exitNodes' ADD 'maxConnections' integer;
+                ALTER TABLE 'newt' ADD 'version' text;
+                ALTER TABLE 'orgs' ADD 'subnet' text;
+                ALTER TABLE 'user' ADD 'twoFactorSetupRequested' integer DEFAULT 0;
+                ALTER TABLE 'resources' DROP COLUMN 'isBaseDomain';
+            `);
+        })();
+
         db.pragma("foreign_keys = ON");
-        console.log(`Created securityKey table`);
+
+        console.log(`Migrated database schema`);
     } catch (e) {
-        console.error("Unable to create securityKey table");
-        console.error(e);
+        console.log("Unable to migrate database schema");
         throw e;
     }
 
+    db.transaction(() => {
+        // Update all existing orgs to have the default subnet
+        db.exec(`UPDATE 'orgs' SET 'subnet' = '100.90.128.0/24'`);
+
+        // Get all orgs and their sites to assign sequential IP addresses
+        const orgs = db.prepare(`SELECT orgId FROM 'orgs'`).all() as {
+            orgId: string;
+        }[];
+
+        for (const org of orgs) {
+            const sites = db
+                .prepare(
+                    `SELECT siteId FROM 'sites' WHERE orgId = ? ORDER BY siteId`
+                )
+                .all(org.orgId) as { siteId: number }[];
+
+            let ipIndex = 1;
+            for (const site of sites) {
+                const address = `100.90.128.${ipIndex}/24`;
+                db.prepare(
+                    `UPDATE 'sites' SET 'address' = ? WHERE siteId = ?`
+                ).run(address, site.siteId);
+                ipIndex++;
+            }
+        }
+    })();
+
     console.log(`${version} migration complete`);
-} 
\ No newline at end of file
+}
diff --git a/server/setup/scriptsSqlite/1.8.0.ts b/server/setup/scriptsSqlite/1.8.0.ts
deleted file mode 100644
index 7777d50e..00000000
--- a/server/setup/scriptsSqlite/1.8.0.ts
+++ /dev/null
@@ -1,38 +0,0 @@
-import { APP_PATH } from "@server/lib/consts";
-import Database from "better-sqlite3";
-import path from "path";
-
-const version = "1.8.0";
-
-export default async function migration() {
-    console.log(`Running setup script ${version}...`);
-
-    const location = path.join(APP_PATH, "db", "db.sqlite");
-    const db = new Database(location);
-
-    try {
-        db.pragma("foreign_keys = OFF");
-        db.transaction(() => {
-            db.exec(`
-                CREATE TABLE IF NOT EXISTS securityKeyChallenge (
-                    sessionId TEXT PRIMARY KEY,
-                    challenge TEXT NOT NULL,
-                    securityKeyName TEXT,
-                    userId TEXT,
-                    expiresAt INTEGER NOT NULL,
-                    FOREIGN KEY (userId) REFERENCES user(id) ON DELETE CASCADE
-                );
-                
-                CREATE INDEX IF NOT EXISTS idx_securityKeyChallenge_expiresAt ON securityKeyChallenge(expiresAt);
-            `);
-        })(); // executes the transaction immediately
-        db.pragma("foreign_keys = ON");
-        console.log(`Created securityKeyChallenge table`);
-    } catch (e) {
-        console.error("Unable to create securityKeyChallenge table");
-        console.error(e);
-        throw e;
-    }
-
-    console.log(`${version} migration complete`);
-} 
\ No newline at end of file
diff --git a/src/app/[orgId]/layout.tsx b/src/app/[orgId]/layout.tsx
index fa41beb2..3ab0b92e 100644
--- a/src/app/[orgId]/layout.tsx
+++ b/src/app/[orgId]/layout.tsx
@@ -8,6 +8,7 @@ import { GetOrgUserResponse } from "@server/routers/user";
 import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { cache } from "react";
+import SetLastOrgCookie from "@app/components/SetLastOrgCookie";
 
 export default async function OrgLayout(props: {
     children: React.ReactNode;
@@ -52,6 +53,7 @@ export default async function OrgLayout(props: {
     return (
         <>
             {props.children}
+            <SetLastOrgCookie orgId={orgId} />
         </>
     );
 }
diff --git a/src/app/[orgId]/page.tsx b/src/app/[orgId]/page.tsx
index d3e60bd9..da24eca2 100644
--- a/src/app/[orgId]/page.tsx
+++ b/src/app/[orgId]/page.tsx
@@ -9,7 +9,6 @@ import { AxiosResponse } from "axios";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { redirect } from "next/navigation";
 import { Layout } from "@app/components/Layout";
-import { orgLangingNavItems, orgNavItems, rootNavItems } from "../navigation";
 import { ListUserOrgsResponse } from "@server/routers/org";
 import { pullEnv } from "@app/lib/pullEnv";
 import EnvProvider from "@app/providers/EnvProvider";
@@ -100,11 +99,26 @@ export default async function OrgPage(props: OrgPageProps) {
 
     return (
         <UserProvider user={user}>
-            <EnvProvider env={env}>
-                <Layout orgId={orgId} navItems={orgLangingNavItems} orgs={orgs}>
-                    <MemberResourcesPortal orgId={orgId} />
-                </Layout>
-            </EnvProvider>
+            <Layout orgId={orgId} navItems={[]} orgs={orgs}>
+                {overview && (
+                    <div className="w-full max-w-4xl mx-auto md:mt-32 mt-4">
+                        <OrganizationLandingCard
+                            overview={{
+                                orgId: overview.orgId,
+                                orgName: overview.orgName,
+                                stats: {
+                                    users: overview.numUsers,
+                                    sites: overview.numSites,
+                                    resources: overview.numResources
+                                },
+                                isAdmin: overview.isAdmin,
+                                isOwner: overview.isOwner,
+                                userRole: overview.userRoleName
+                            }}
+                        />
+                    </div>
+                )}
+            </Layout>
         </UserProvider>
     );
 }
diff --git a/src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx b/src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx
index 322d67fa..dfb3d263 100644
--- a/src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx
+++ b/src/app/[orgId]/settings/access/invitations/InvitationsTable.tsx
@@ -18,6 +18,7 @@ import { toast } from "@app/hooks/useToast";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useTranslations } from "next-intl";
+import moment from "moment";
 
 export type InvitationRow = {
     id: string;
@@ -46,63 +47,69 @@ export default function InvitationsTable({
     const { org } = useOrgContext();
 
     const columns: ColumnDef<InvitationRow>[] = [
-        {
-            id: "dots",
-            cell: ({ row }) => {
-                const invitation = row.original;
-                return (
-                    <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <span className="sr-only">{t('openMenu')}</span>
-                                <MoreHorizontal className="h-4 w-4" />
-                            </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setIsRegenerateModalOpen(true);
-                                    setSelectedInvitation(invitation);
-                                }}
-                            >
-                                <span>{t('inviteRegenerate')}</span>
-                            </DropdownMenuItem>
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setIsDeleteModalOpen(true);
-                                    setSelectedInvitation(invitation);
-                                }}
-                            >
-                                <span className="text-red-500">
-                                    {t('inviteRemove')}
-                                </span>
-                            </DropdownMenuItem>
-                        </DropdownMenuContent>
-                    </DropdownMenu>
-                );
-            }
-        },
         {
             accessorKey: "email",
-            header: t('email')
+            header: t("email")
         },
         {
             accessorKey: "expiresAt",
-            header: t('expiresAt'),
+            header: t("expiresAt"),
             cell: ({ row }) => {
                 const expiresAt = new Date(row.original.expiresAt);
                 const isExpired = expiresAt < new Date();
 
                 return (
                     <span className={isExpired ? "text-red-500" : ""}>
-                        {expiresAt.toLocaleString()}
+                        {moment(expiresAt).format("lll")}
                     </span>
                 );
             }
         },
         {
             accessorKey: "role",
-            header: t('role')
+            header: t("role")
+        },
+        {
+            id: "dots",
+            cell: ({ row }) => {
+                const invitation = row.original;
+                return (
+                    <div className="flex items-center justify-end gap-2">
+                        <DropdownMenu>
+                            <DropdownMenuTrigger asChild>
+                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                    <span className="sr-only">
+                                        {t("openMenu")}
+                                    </span>
+                                    <MoreHorizontal className="h-4 w-4" />
+                                </Button>
+                            </DropdownMenuTrigger>
+                            <DropdownMenuContent align="end">
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setIsDeleteModalOpen(true);
+                                        setSelectedInvitation(invitation);
+                                    }}
+                                >
+                                    <span className="text-red-500">
+                                        {t("inviteRemove")}
+                                    </span>
+                                </DropdownMenuItem>
+                            </DropdownMenuContent>
+                        </DropdownMenu>
+
+                        <Button
+                            variant={"secondary"}
+                            onClick={() => {
+                                setIsRegenerateModalOpen(true);
+                                setSelectedInvitation(invitation);
+                            }}
+                        >
+                            <span>{t("inviteRegenerate")}</span>
+                        </Button>
+                    </div>
+                );
+            }
         }
     ];
 
@@ -115,16 +122,18 @@ export default function InvitationsTable({
                 .catch((e) => {
                     toast({
                         variant: "destructive",
-                        title: t('inviteRemoveError'),
-                        description: t('inviteRemoveErrorDescription')
+                        title: t("inviteRemoveError"),
+                        description: t("inviteRemoveErrorDescription")
                     });
                 });
 
             if (res && res.status === 200) {
                 toast({
                     variant: "default",
-                    title: t('inviteRemoved'),
-                    description: t('inviteRemovedDescription', {email: selectedInvitation.email})
+                    title: t("inviteRemoved"),
+                    description: t("inviteRemovedDescription", {
+                        email: selectedInvitation.email
+                    })
                 });
 
                 setInvitations((prev) =>
@@ -148,20 +157,18 @@ export default function InvitationsTable({
                 dialog={
                     <div className="space-y-4">
                         <p>
-                            {t('inviteQuestionRemove', {email: selectedInvitation?.email || ""})}
-                        </p>
-                        <p>
-                            {t('inviteMessageRemove')}
-                        </p>
-                        <p>
-                            {t('inviteMessageConfirm')}
+                            {t("inviteQuestionRemove", {
+                                email: selectedInvitation?.email || ""
+                            })}
                         </p>
+                        <p>{t("inviteMessageRemove")}</p>
+                        <p>{t("inviteMessageConfirm")}</p>
                     </div>
                 }
-                buttonText={t('inviteRemoveConfirm')}
+                buttonText={t("inviteRemoveConfirm")}
                 onConfirm={removeInvitation}
                 string={selectedInvitation?.email ?? ""}
-                title={t('inviteRemove')}
+                title={t("inviteRemove")}
             />
             <RegenerateInvitationForm
                 open={isRegenerateModalOpen}
diff --git a/src/app/[orgId]/settings/access/invitations/RegenerateInvitationForm.tsx b/src/app/[orgId]/settings/access/invitations/RegenerateInvitationForm.tsx
index a5850b60..786d3ae7 100644
--- a/src/app/[orgId]/settings/access/invitations/RegenerateInvitationForm.tsx
+++ b/src/app/[orgId]/settings/access/invitations/RegenerateInvitationForm.tsx
@@ -201,7 +201,7 @@ export default function RegenerateInvitationForm({
                                         setValidHours(parseInt(value))
                                     }
                                 >
-                                    <SelectTrigger>
+                                    <SelectTrigger className="w-full">
                                         <SelectValue placeholder={t('inviteValidityPeriodSelect')} />
                                     </SelectTrigger>
                                     <SelectContent>
diff --git a/src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx b/src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx
index 1e910e29..f3042f71 100644
--- a/src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx
+++ b/src/app/[orgId]/settings/access/roles/DeleteRoleForm.tsx
@@ -159,7 +159,6 @@ export default function DeleteRoleForm({
                         </CredenzaDescription>
                     </CredenzaHeader>
                     <CredenzaBody>
-                        <div className="space-y-4">
                             <div className="space-y-4">
                                 <p>
                                     {t('accessRoleQuestionRemove', {name: roleToDelete.name})}
@@ -210,13 +209,13 @@ export default function DeleteRoleForm({
                                     />
                                 </form>
                             </Form>
-                        </div>
                     </CredenzaBody>
                     <CredenzaFooter>
                         <CredenzaClose asChild>
                             <Button variant="outline">{t('close')}</Button>
                         </CredenzaClose>
                         <Button
+                            variant="destructive"
                             type="submit"
                             form="remove-role-form"
                             loading={loading}
diff --git a/src/app/[orgId]/settings/access/roles/RolesTable.tsx b/src/app/[orgId]/settings/access/roles/RolesTable.tsx
index b1a897f0..40260fb7 100644
--- a/src/app/[orgId]/settings/access/roles/RolesTable.tsx
+++ b/src/app/[orgId]/settings/access/roles/RolesTable.tsx
@@ -19,7 +19,7 @@ import CreateRoleForm from "./CreateRoleForm";
 import DeleteRoleForm from "./DeleteRoleForm";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import { useTranslations } from 'next-intl';
+import { useTranslations } from "next-intl";
 
 export type RoleRow = Role;
 
@@ -42,49 +42,6 @@ export default function UsersTable({ roles: r }: RolesTableProps) {
     const t = useTranslations();
 
     const columns: ColumnDef<RoleRow>[] = [
-        {
-            id: "actions",
-            cell: ({ row }) => {
-                const roleRow = row.original;
-
-                return (
-                    <>
-                        <div>
-                            {roleRow.isAdmin && (
-                                <MoreHorizontal className="h-4 w-4 opacity-0" />
-                            )}
-                            {!roleRow.isAdmin && (
-                                <DropdownMenu>
-                                    <DropdownMenuTrigger asChild>
-                                        <Button
-                                            variant="ghost"
-                                            className="h-8 w-8 p-0"
-                                        >
-                                            <span className="sr-only">
-                                                {t('openMenu')}
-                                            </span>
-                                            <MoreHorizontal className="h-4 w-4" />
-                                        </Button>
-                                    </DropdownMenuTrigger>
-                                    <DropdownMenuContent align="end">
-                                        <DropdownMenuItem
-                                            onClick={() => {
-                                                setIsDeleteModalOpen(true);
-                                                setUserToRemove(roleRow);
-                                            }}
-                                        >
-                                            <span className="text-red-500">
-                                                {t('accessRoleDelete')}
-                                            </span>
-                                        </DropdownMenuItem>
-                                    </DropdownMenuContent>
-                                </DropdownMenu>
-                            )}
-                        </div>
-                    </>
-                );
-            }
-        },
         {
             accessorKey: "name",
             header: ({ column }) => {
@@ -95,7 +52,7 @@ export default function UsersTable({ roles: r }: RolesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('name')}
+                        {t("name")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -103,7 +60,29 @@ export default function UsersTable({ roles: r }: RolesTableProps) {
         },
         {
             accessorKey: "description",
-            header: t('description')
+            header: t("description")
+        },
+        {
+            id: "actions",
+            cell: ({ row }) => {
+                const roleRow = row.original;
+
+                return (
+                    <div className="flex items-center justify-end">
+                        <Button
+                            variant={"secondary"}
+                            size="sm"
+                            disabled={roleRow.isAdmin || false}
+                            onClick={() => {
+                                setIsDeleteModalOpen(true);
+                                setUserToRemove(roleRow);
+                            }}
+                        >
+                            {t("accessRoleDelete")}
+                        </Button>
+                    </div>
+                );
+            }
         }
     ];
 
diff --git a/src/app/[orgId]/settings/access/roles/page.tsx b/src/app/[orgId]/settings/access/roles/page.tsx
index fed52c26..8faedbf8 100644
--- a/src/app/[orgId]/settings/access/roles/page.tsx
+++ b/src/app/[orgId]/settings/access/roles/page.tsx
@@ -6,8 +6,6 @@ import { cache } from "react";
 import OrgProvider from "@app/providers/OrgProvider";
 import { ListRolesResponse } from "@server/routers/role";
 import RolesTable, { RoleRow } from "./RolesTable";
-import { SidebarSettings } from "@app/components/SidebarSettings";
-import AccessPageHeaderAndNav from "../AccessPageHeaderAndNav";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
 import { getTranslations } from 'next-intl/server';
 
diff --git a/src/app/[orgId]/settings/access/users/UsersTable.tsx b/src/app/[orgId]/settings/access/users/UsersTable.tsx
index 948b1749..44e606f1 100644
--- a/src/app/[orgId]/settings/access/users/UsersTable.tsx
+++ b/src/app/[orgId]/settings/access/users/UsersTable.tsx
@@ -20,7 +20,7 @@ import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useUserContext } from "@app/hooks/useUserContext";
-import { useTranslations } from 'next-intl';
+import { useTranslations } from "next-intl";
 
 export type UserRow = {
     id: string;
@@ -51,87 +51,6 @@ export default function UsersTable({ users: u }: UsersTableProps) {
     const t = useTranslations();
 
     const columns: ColumnDef<UserRow>[] = [
-        {
-            id: "dots",
-            cell: ({ row }) => {
-                const userRow = row.original;
-                return (
-                    <>
-                        <div>
-                            {userRow.isOwner && (
-                                <MoreHorizontal className="h-4 w-4 opacity-0" />
-                            )}
-                            {!userRow.isOwner && (
-                                <>
-                                    <DropdownMenu>
-                                        <DropdownMenuTrigger asChild>
-                                            <Button
-                                                variant="ghost"
-                                                className="h-8 w-8 p-0"
-                                            >
-                                                <span className="sr-only">
-                                                    {t('openMenu')}
-                                                </span>
-                                                <MoreHorizontal className="h-4 w-4" />
-                                            </Button>
-                                        </DropdownMenuTrigger>
-                                        <DropdownMenuContent align="end">
-                                            <Link
-                                                href={`/${org?.org.orgId}/settings/access/users/${userRow.id}`}
-                                                className="block w-full"
-                                            >
-                                                <DropdownMenuItem>
-                                                    {t('accessUsersManage')}
-                                                </DropdownMenuItem>
-                                            </Link>
-                                            {`${userRow.username}-${userRow.idpId}` !==
-                                                `${user?.username}-${userRow.idpId}` && (
-                                                <DropdownMenuItem
-                                                    onClick={() => {
-                                                        setIsDeleteModalOpen(
-                                                            true
-                                                        );
-                                                        setSelectedUser(
-                                                            userRow
-                                                        );
-                                                    }}
-                                                >
-                                                    <span className="text-red-500">
-                                                        {t('accessUserRemove')}
-                                                    </span>
-                                                </DropdownMenuItem>
-                                            )}
-                                        </DropdownMenuContent>
-                                    </DropdownMenu>
-                                </>
-                            )}
-                        </div>
-                    </>
-                );
-            }
-        },
-        {
-            accessorKey: "name",
-            header: ({ column }) => {
-                return (
-                    <Button
-                        variant="ghost"
-                        onClick={() =>
-                            column.toggleSorting(column.getIsSorted() === "asc")
-                        }
-                    >
-                        {t('name')}
-                        <ArrowUpDown className="ml-2 h-4 w-4" />
-                    </Button>
-                );
-            },
-            cell: ({ row }) => {
-                const userRow = row.original;
-                return (
-                    <span>{userRow.name || "-"}</span>
-                );
-            }
-        },
         {
             accessorKey: "displayUsername",
             header: ({ column }) => {
@@ -142,7 +61,7 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('email')}
+                        {t("username")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -158,7 +77,7 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('identityProvider')}
+                        {t("identityProvider")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -174,7 +93,7 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('role')}
+                        {t("role")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -198,12 +117,68 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                 const userRow = row.original;
                 return (
                     <div className="flex items-center justify-end">
+                        <>
+                            <div>
+                                {userRow.isOwner && (
+                                    <MoreHorizontal className="h-4 w-4 opacity-0" />
+                                )}
+                                {!userRow.isOwner && (
+                                    <>
+                                        <DropdownMenu>
+                                            <DropdownMenuTrigger asChild>
+                                                <Button
+                                                    variant="ghost"
+                                                    className="h-8 w-8 p-0"
+                                                >
+                                                    <span className="sr-only">
+                                                        {t("openMenu")}
+                                                    </span>
+                                                    <MoreHorizontal className="h-4 w-4" />
+                                                </Button>
+                                            </DropdownMenuTrigger>
+                                            <DropdownMenuContent align="end">
+                                                <Link
+                                                    href={`/${org?.org.orgId}/settings/access/users/${userRow.id}`}
+                                                    className="block w-full"
+                                                >
+                                                    <DropdownMenuItem>
+                                                        {t("accessUsersManage")}
+                                                    </DropdownMenuItem>
+                                                </Link>
+                                                {`${userRow.username}-${userRow.idpId}` !==
+                                                    `${user?.username}-${userRow.idpId}` && (
+                                                    <DropdownMenuItem
+                                                        onClick={() => {
+                                                            setIsDeleteModalOpen(
+                                                                true
+                                                            );
+                                                            setSelectedUser(
+                                                                userRow
+                                                            );
+                                                        }}
+                                                    >
+                                                        <span className="text-red-500">
+                                                            {t(
+                                                                "accessUserRemove"
+                                                            )}
+                                                        </span>
+                                                    </DropdownMenuItem>
+                                                )}
+                                            </DropdownMenuContent>
+                                        </DropdownMenu>
+                                    </>
+                                )}
+                            </div>
+                        </>
                         {userRow.isOwner && (
                             <Button
-                                variant="ghost"
-                                className="opacity-0 cursor-default"
+                                variant={"secondary"}
+                                className="ml-2"
+                                size="sm"
+                                disabled={true}
                             >
-                                {t('placeholder')}
+                                {t("manage")}
+                                <ArrowRight className="ml-2 w-4 h-4" />
                             </Button>
                         )}
                         {!userRow.isOwner && (
@@ -211,10 +186,12 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                                 href={`/${org?.org.orgId}/settings/access/users/${userRow.id}`}
                             >
                                 <Button
-                                    variant={"outlinePrimary"}
+                                    variant={"secondary"}
                                     className="ml-2"
+                                    size="sm"
+                                    disabled={userRow.isOwner}
                                 >
-                                    {t('manage')}
+                                    {t("manage")}
                                     <ArrowRight className="ml-2 w-4 h-4" />
                                 </Button>
                             </Link>
@@ -232,10 +209,10 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                 .catch((e) => {
                     toast({
                         variant: "destructive",
-                        title: t('userErrorOrgRemove'),
+                        title: t("userErrorOrgRemove"),
                         description: formatAxiosError(
                             e,
-                            t('userErrorOrgRemoveDescription')
+                            t("userErrorOrgRemoveDescription")
                         )
                     });
                 });
@@ -243,8 +220,10 @@ export default function UsersTable({ users: u }: UsersTableProps) {
             if (res && res.status === 200) {
                 toast({
                     variant: "default",
-                    title: t('userOrgRemoved'),
-                    description: t('userOrgRemovedDescription', {email: selectedUser.email || ""})
+                    title: t("userOrgRemoved"),
+                    description: t("userOrgRemovedDescription", {
+                        email: selectedUser.email || ""
+                    })
                 });
 
                 setUsers((prev) =>
@@ -266,19 +245,21 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                 dialog={
                     <div className="space-y-4">
                         <p>
-                            {t('userQuestionOrgRemove', {email: selectedUser?.email || selectedUser?.name || selectedUser?.username || ""})}
+                            {t("userQuestionOrgRemove", {
+                                email:
+                                    selectedUser?.email ||
+                                    selectedUser?.name ||
+                                    selectedUser?.username ||
+                                    ""
+                            })}
                         </p>
 
-                        <p>
-                            {t('userMessageOrgRemove')}
-                        </p>
+                        <p>{t("userMessageOrgRemove")}</p>
 
-                        <p>
-                            {t('userMessageOrgConfirm')}
-                        </p>
+                        <p>{t("userMessageOrgConfirm")}</p>
                     </div>
                 }
-                buttonText={t('userRemoveOrgConfirm')}
+                buttonText={t("userRemoveOrgConfirm")}
                 onConfirm={removeUser}
                 string={
                     selectedUser?.email ||
@@ -286,14 +267,16 @@ export default function UsersTable({ users: u }: UsersTableProps) {
                     selectedUser?.username ||
                     ""
                 }
-                title={t('userRemoveOrg')}
+                title={t("userRemoveOrg")}
             />
 
             <UsersDataTable
                 columns={columns}
                 data={users}
                 inviteUser={() => {
-                    router.push(`/${org?.org.orgId}/settings/access/users/create`);
+                    router.push(
+                        `/${org?.org.orgId}/settings/access/users/create`
+                    );
                 }}
             />
         </>
diff --git a/src/app/[orgId]/settings/access/users/[userId]/layout.tsx b/src/app/[orgId]/settings/access/users/[userId]/layout.tsx
index d9af9910..7d527f84 100644
--- a/src/app/[orgId]/settings/access/users/[userId]/layout.tsx
+++ b/src/app/[orgId]/settings/access/users/[userId]/layout.tsx
@@ -5,17 +5,9 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import { GetOrgUserResponse } from "@server/routers/user";
 import OrgUserProvider from "@app/providers/OrgUserProvider";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
-import Link from "next/link";
 import { cache } from "react";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import { getTranslations } from 'next-intl/server';
+import { getTranslations } from "next-intl/server";
 
 interface UserLayoutProps {
     children: React.ReactNode;
@@ -45,8 +37,8 @@ export default async function UserLayoutProps(props: UserLayoutProps) {
 
     const navItems = [
         {
-            title: t('accessControls'),
-            href: `/${params.orgId}/settings/access/users/${params.userId}/access-controls`
+            title: t("accessControls"),
+            href: "/{orgId}/settings/access/users/{userId}/access-controls"
         }
     ];
 
@@ -54,12 +46,10 @@ export default async function UserLayoutProps(props: UserLayoutProps) {
         <>
             <SettingsSectionTitle
                 title={`${user?.email}`}
-                description={t('userDescription2')}
+                description={t("userDescription2")}
             />
             <OrgUserProvider orgUser={user}>
-                <HorizontalTabs items={navItems}>
-                    {children}
-                </HorizontalTabs>
+                <HorizontalTabs items={navItems}>{children}</HorizontalTabs>
             </OrgUserProvider>
         </>
     );
diff --git a/src/app/[orgId]/settings/access/users/create/page.tsx b/src/app/[orgId]/settings/access/users/create/page.tsx
index 0804b22e..4d723e6f 100644
--- a/src/app/[orgId]/settings/access/users/create/page.tsx
+++ b/src/app/[orgId]/settings/access/users/create/page.tsx
@@ -78,40 +78,42 @@ export default function Page() {
     const [dataLoaded, setDataLoaded] = useState(false);
 
     const internalFormSchema = z.object({
-        email: z.string().email({ message: t('emailInvalid') }),
-        validForHours: z.string().min(1, { message: t('inviteValidityDuration') }),
-        roleId: z.string().min(1, { message: t('accessRoleSelectPlease') })
+        email: z.string().email({ message: t("emailInvalid") }),
+        validForHours: z
+            .string()
+            .min(1, { message: t("inviteValidityDuration") }),
+        roleId: z.string().min(1, { message: t("accessRoleSelectPlease") })
     });
 
     const externalFormSchema = z.object({
-        username: z.string().min(1, { message: t('usernameRequired') }),
+        username: z.string().min(1, { message: t("usernameRequired") }),
         email: z
             .string()
-            .email({ message: t('emailInvalid') })
+            .email({ message: t("emailInvalid") })
             .optional()
             .or(z.literal("")),
         name: z.string().optional(),
-        roleId: z.string().min(1, { message: t('accessRoleSelectPlease') }),
-        idpId: z.string().min(1, { message: t('idpSelectPlease') })
+        roleId: z.string().min(1, { message: t("accessRoleSelectPlease") }),
+        idpId: z.string().min(1, { message: t("idpSelectPlease") })
     });
 
     const formatIdpType = (type: string) => {
         switch (type.toLowerCase()) {
             case "oidc":
-                return t('idpGenericOidc');
+                return t("idpGenericOidc");
             default:
                 return type;
         }
     };
 
     const validFor = [
-        { hours: 24, name: t('day', {count: 1}) },
-        { hours: 48, name: t('day', {count: 2}) },
-        { hours: 72, name: t('day', {count: 3}) },
-        { hours: 96, name: t('day', {count: 4}) },
-        { hours: 120, name: t('day', {count: 5}) },
-        { hours: 144, name: t('day', {count: 6}) },
-        { hours: 168, name: t('day', {count: 7}) }
+        { hours: 24, name: t("day", { count: 1 }) },
+        { hours: 48, name: t("day", { count: 2 }) },
+        { hours: 72, name: t("day", { count: 3 }) },
+        { hours: 96, name: t("day", { count: 4 }) },
+        { hours: 120, name: t("day", { count: 5 }) },
+        { hours: 144, name: t("day", { count: 6 }) },
+        { hours: 168, name: t("day", { count: 7 }) }
     ];
 
     const internalForm = useForm<z.infer<typeof internalFormSchema>>({
@@ -145,6 +147,14 @@ export default function Page() {
         }
     }, [userType, env.email.emailEnabled, internalForm, externalForm]);
 
+    const userTypes: UserTypeOption[] = [
+        {
+            id: "internal",
+            title: t("userTypeInternal"),
+            description: t("userTypeInternalDescription")
+        }
+    ];
+
     useEffect(() => {
         if (!userType) {
             return;
@@ -157,10 +167,10 @@ export default function Page() {
                     console.error(e);
                     toast({
                         variant: "destructive",
-                        title: t('accessRoleErrorFetch'),
+                        title: t("accessRoleErrorFetch"),
                         description: formatAxiosError(
                             e,
-                            t('accessRoleErrorFetchDescription')
+                            t("accessRoleErrorFetchDescription")
                         )
                     });
                 });
@@ -180,10 +190,10 @@ export default function Page() {
                     console.error(e);
                     toast({
                         variant: "destructive",
-                        title: t('idpErrorFetch'),
+                        title: t("idpErrorFetch"),
                         description: formatAxiosError(
                             e,
-                            t('idpErrorFetchDescription')
+                            t("idpErrorFetchDescription")
                         )
                     });
                 });
@@ -191,6 +201,14 @@ export default function Page() {
             if (res?.status === 200) {
                 setIdps(res.data.data.idps);
                 setDataLoaded(true);
+
+                if (res.data.data.idps.length) {
+                    userTypes.push({
+                        id: "oidc",
+                        title: t("userTypeExternal"),
+                        description: t("userTypeExternalDescription")
+                    });
+                }
             }
         }
 
@@ -220,16 +238,16 @@ export default function Page() {
                 if (e.response?.status === 409) {
                     toast({
                         variant: "destructive",
-                        title: t('userErrorExists'),
-                        description: t('userErrorExistsDescription')
+                        title: t("userErrorExists"),
+                        description: t("userErrorExistsDescription")
                     });
                 } else {
                     toast({
                         variant: "destructive",
-                        title: t('inviteError'),
+                        title: t("inviteError"),
                         description: formatAxiosError(
                             e,
-                            t('inviteErrorDescription')
+                            t("inviteErrorDescription")
                         )
                     });
                 }
@@ -239,8 +257,8 @@ export default function Page() {
             setInviteLink(res.data.data.inviteLink);
             toast({
                 variant: "default",
-                title: t('userInvited'),
-                description: t('userInvitedDescription')
+                title: t("userInvited"),
+                description: t("userInvitedDescription")
             });
 
             setExpiresInDays(parseInt(values.validForHours) / 24);
@@ -266,10 +284,10 @@ export default function Page() {
             .catch((e) => {
                 toast({
                     variant: "destructive",
-                    title: t('userErrorCreate'),
+                    title: t("userErrorCreate"),
                     description: formatAxiosError(
                         e,
-                        t('userErrorCreateDescription')
+                        t("userErrorCreateDescription")
                     )
                 });
             });
@@ -277,8 +295,8 @@ export default function Page() {
         if (res && res.status === 201) {
             toast({
                 variant: "default",
-                title: t('userCreated'),
-                description: t('userCreatedDescription')
+                title: t("userCreated"),
+                description: t("userCreatedDescription")
             });
             router.push(`/${orgId}/settings/access/users`);
         }
@@ -286,25 +304,12 @@ export default function Page() {
         setLoading(false);
     }
 
-    const userTypes: ReadonlyArray<UserTypeOption> = [
-        {
-            id: "internal",
-            title: t('userTypeInternal'),
-            description: t('userTypeInternalDescription')
-        },
-        {
-            id: "oidc",
-            title: t('userTypeExternal'),
-            description: t('userTypeExternalDescription')
-        }
-    ];
-
     return (
         <>
             <div className="flex justify-between">
                 <HeaderTitle
-                    title={t('accessUserCreate')}
-                    description={t('accessUserCreateDescription')}
+                    title={t("accessUserCreate")}
+                    description={t("accessUserCreateDescription")}
                 />
                 <Button
                     variant="outline"
@@ -312,219 +317,243 @@ export default function Page() {
                         router.push(`/${orgId}/settings/access/users`);
                     }}
                 >
-                    {t('userSeeAll')}
+                    {t("userSeeAll")}
                 </Button>
             </div>
 
             <div>
                 <SettingsContainer>
-                    <SettingsSection>
-                        <SettingsSectionHeader>
-                            <SettingsSectionTitle>
-                                {t('userTypeTitle')}
-                            </SettingsSectionTitle>
-                            <SettingsSectionDescription>
-                                {t('userTypeDescription')}
-                            </SettingsSectionDescription>
-                        </SettingsSectionHeader>
-                        <SettingsSectionBody>
-                            <StrategySelect
-                                options={userTypes}
-                                defaultValue={userType || undefined}
-                                onChange={(value) => {
-                                    setUserType(value as UserType);
-                                    if (value === "internal") {
-                                        internalForm.reset();
-                                    } else if (value === "oidc") {
-                                        externalForm.reset();
-                                        setSelectedIdp(null);
-                                    }
-                                }}
-                                cols={2}
-                            />
-                        </SettingsSectionBody>
-                    </SettingsSection>
+                    {!inviteLink && userTypes.length > 1 ? (
+                        <SettingsSection>
+                            <SettingsSectionHeader>
+                                <SettingsSectionTitle>
+                                    {t("userTypeTitle")}
+                                </SettingsSectionTitle>
+                                <SettingsSectionDescription>
+                                    {t("userTypeDescription")}
+                                </SettingsSectionDescription>
+                            </SettingsSectionHeader>
+                            <SettingsSectionBody>
+                                <StrategySelect
+                                    options={userTypes}
+                                    defaultValue={userType || undefined}
+                                    onChange={(value) => {
+                                        setUserType(value as UserType);
+                                        if (value === "internal") {
+                                            internalForm.reset();
+                                        } else if (value === "oidc") {
+                                            externalForm.reset();
+                                            setSelectedIdp(null);
+                                        }
+                                    }}
+                                    cols={2}
+                                />
+                            </SettingsSectionBody>
+                        </SettingsSection>
+                    ) : null}
 
                     {userType === "internal" && dataLoaded && (
                         <>
-                            <SettingsSection>
-                                <SettingsSectionHeader>
-                                    <SettingsSectionTitle>
-                                        {t('userSettings')}
-                                    </SettingsSectionTitle>
-                                    <SettingsSectionDescription>
-                                        {t('userSettingsDescription')}
-                                    </SettingsSectionDescription>
-                                </SettingsSectionHeader>
-                                <SettingsSectionBody>
-                                    <SettingsSectionForm>
-                                        <Form {...internalForm}>
-                                            <form
-                                                onSubmit={internalForm.handleSubmit(
-                                                    onSubmitInternal
-                                                )}
-                                                className="space-y-4"
-                                                id="create-user-form"
-                                            >
-                                                <FormField
-                                                    control={
-                                                        internalForm.control
-                                                    }
-                                                    name="email"
-                                                    render={({ field }) => (
-                                                        <FormItem>
-                                                            <FormLabel>
-                                                                {t('email')}
-                                                            </FormLabel>
-                                                            <FormControl>
-                                                                <Input
-                                                                    {...field}
-                                                                />
-                                                            </FormControl>
-                                                            <FormMessage />
-                                                        </FormItem>
+                            {!inviteLink ? (
+                                <SettingsSection>
+                                    <SettingsSectionHeader>
+                                        <SettingsSectionTitle>
+                                            {t("userSettings")}
+                                        </SettingsSectionTitle>
+                                        <SettingsSectionDescription>
+                                            {t("userSettingsDescription")}
+                                        </SettingsSectionDescription>
+                                    </SettingsSectionHeader>
+                                    <SettingsSectionBody>
+                                        <SettingsSectionForm>
+                                            <Form {...internalForm}>
+                                                <form
+                                                    onSubmit={internalForm.handleSubmit(
+                                                        onSubmitInternal
                                                     )}
-                                                />
-
-                                                {env.email.emailEnabled && (
-                                                    <div className="flex items-center space-x-2">
-                                                        <Checkbox
-                                                            id="send-email"
-                                                            checked={sendEmail}
-                                                            onCheckedChange={(
-                                                                e
-                                                            ) =>
-                                                                setSendEmail(
-                                                                    e as boolean
-                                                                )
-                                                            }
-                                                        />
-                                                        <label
-                                                            htmlFor="send-email"
-                                                            className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                                                        >
-                                                            {t('inviteEmailSent')}
-                                                        </label>
-                                                    </div>
-                                                )}
-
-                                                <FormField
-                                                    control={
-                                                        internalForm.control
-                                                    }
-                                                    name="validForHours"
-                                                    render={({ field }) => (
-                                                        <FormItem>
-                                                            <FormLabel>
-                                                                {t('inviteValid')}
-                                                            </FormLabel>
-                                                            <Select
-                                                                onValueChange={
-                                                                    field.onChange
-                                                                }
-                                                                defaultValue={
-                                                                    field.value
-                                                                }
-                                                            >
+                                                    className="space-y-4"
+                                                    id="create-user-form"
+                                                >
+                                                    <FormField
+                                                        control={
+                                                            internalForm.control
+                                                        }
+                                                        name="email"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <FormLabel>
+                                                                    {t("email")}
+                                                                </FormLabel>
                                                                 <FormControl>
-                                                                    <SelectTrigger>
-                                                                        <SelectValue placeholder={t('selectDuration')} />
-                                                                    </SelectTrigger>
+                                                                    <Input
+                                                                        {...field}
+                                                                    />
                                                                 </FormControl>
-                                                                <SelectContent>
-                                                                    {validFor.map(
-                                                                        (
-                                                                            option
-                                                                        ) => (
-                                                                            <SelectItem
-                                                                                key={
-                                                                                    option.hours
-                                                                                }
-                                                                                value={option.hours.toString()}
-                                                                            >
-                                                                                {
-                                                                                    option.name
-                                                                                }
-                                                                            </SelectItem>
-                                                                        )
-                                                                    )}
-                                                                </SelectContent>
-                                                            </Select>
-                                                            <FormMessage />
-                                                        </FormItem>
-                                                    )}
-                                                />
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
 
-                                                <FormField
-                                                    control={
-                                                        internalForm.control
-                                                    }
-                                                    name="roleId"
-                                                    render={({ field }) => (
-                                                        <FormItem>
-                                                            <FormLabel>
-                                                                {t('role')}
-                                                            </FormLabel>
-                                                            <Select
-                                                                onValueChange={
-                                                                    field.onChange
+                                                    <FormField
+                                                        control={
+                                                            internalForm.control
+                                                        }
+                                                        name="validForHours"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <FormLabel>
+                                                                    {t(
+                                                                        "inviteValid"
+                                                                    )}
+                                                                </FormLabel>
+                                                                <Select
+                                                                    onValueChange={
+                                                                        field.onChange
+                                                                    }
+                                                                    defaultValue={
+                                                                        field.value
+                                                                    }
+                                                                >
+                                                                    <FormControl>
+                                                                        <SelectTrigger className="w-full">
+                                                                            <SelectValue
+                                                                                placeholder={t(
+                                                                                    "selectDuration"
+                                                                                )}
+                                                                            />
+                                                                        </SelectTrigger>
+                                                                    </FormControl>
+                                                                    <SelectContent>
+                                                                        {validFor.map(
+                                                                            (
+                                                                                option
+                                                                            ) => (
+                                                                                <SelectItem
+                                                                                    key={
+                                                                                        option.hours
+                                                                                    }
+                                                                                    value={option.hours.toString()}
+                                                                                >
+                                                                                    {
+                                                                                        option.name
+                                                                                    }
+                                                                                </SelectItem>
+                                                                            )
+                                                                        )}
+                                                                    </SelectContent>
+                                                                </Select>
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
+
+                                                    <FormField
+                                                        control={
+                                                            internalForm.control
+                                                        }
+                                                        name="roleId"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <FormLabel>
+                                                                    {t("role")}
+                                                                </FormLabel>
+                                                                <Select
+                                                                    onValueChange={
+                                                                        field.onChange
+                                                                    }
+                                                                >
+                                                                    <FormControl>
+                                                                        <SelectTrigger className="w-full">
+                                                                            <SelectValue
+                                                                                placeholder={t(
+                                                                                    "accessRoleSelect"
+                                                                                )}
+                                                                            />
+                                                                        </SelectTrigger>
+                                                                    </FormControl>
+                                                                    <SelectContent>
+                                                                        {roles.map(
+                                                                            (
+                                                                                role
+                                                                            ) => (
+                                                                                <SelectItem
+                                                                                    key={
+                                                                                        role.roleId
+                                                                                    }
+                                                                                    value={role.roleId.toString()}
+                                                                                >
+                                                                                    {
+                                                                                        role.name
+                                                                                    }
+                                                                                </SelectItem>
+                                                                            )
+                                                                        )}
+                                                                    </SelectContent>
+                                                                </Select>
+                                                                <FormMessage />
+                                                            </FormItem>
+                                                        )}
+                                                    />
+
+                                                    {env.email.emailEnabled && (
+                                                        <div className="flex items-center space-x-2">
+                                                            <Checkbox
+                                                                id="send-email"
+                                                                checked={
+                                                                    sendEmail
                                                                 }
+                                                                onCheckedChange={(
+                                                                    e
+                                                                ) =>
+                                                                    setSendEmail(
+                                                                        e as boolean
+                                                                    )
+                                                                }
+                                                            />
+                                                            <label
+                                                                htmlFor="send-email"
+                                                                className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
                                                             >
-                                                                <FormControl>
-                                                                    <SelectTrigger>
-                                                                        <SelectValue placeholder={t('accessRoleSelect')} />
-                                                                    </SelectTrigger>
-                                                                </FormControl>
-                                                                <SelectContent>
-                                                                    {roles.map(
-                                                                        (
-                                                                            role
-                                                                        ) => (
-                                                                            <SelectItem
-                                                                                key={
-                                                                                    role.roleId
-                                                                                }
-                                                                                value={role.roleId.toString()}
-                                                                            >
-                                                                                {
-                                                                                    role.name
-                                                                                }
-                                                                            </SelectItem>
-                                                                        )
-                                                                    )}
-                                                                </SelectContent>
-                                                            </Select>
-                                                            <FormMessage />
-                                                        </FormItem>
+                                                                {t(
+                                                                    "inviteEmailSent"
+                                                                )}
+                                                            </label>
+                                                        </div>
                                                     )}
-                                                />
-
-                                                {inviteLink && (
-                                                    <div className="max-w-md space-y-4">
-                                                        {sendEmail && (
-                                                            <p>
-                                                                {t('inviteEmailSentDescription')}
-                                                            </p>
-                                                        )}
-                                                        {!sendEmail && (
-                                                            <p>
-                                                                {t('inviteSentDescription')}
-                                                            </p>
-                                                        )}
-                                                        <p>
-                                                            {t('inviteExpiresIn', {days: expiresInDays})}
-                                                        </p>
-                                                        <CopyTextBox
-                                                            text={inviteLink}
-                                                            wrapText={false}
-                                                        />
-                                                    </div>
-                                                )}
-                                            </form>
-                                        </Form>
-                                    </SettingsSectionForm>
-                                </SettingsSectionBody>
-                            </SettingsSection>
+                                                </form>
+                                            </Form>
+                                        </SettingsSectionForm>
+                                    </SettingsSectionBody>
+                                </SettingsSection>
+                            ) : (
+                                <SettingsSection>
+                                    <SettingsSectionHeader>
+                                        <SettingsSectionTitle>
+                                            {t("userInvited")}
+                                        </SettingsSectionTitle>
+                                        <SettingsSectionDescription>
+                                            {sendEmail
+                                                ? t(
+                                                      "inviteEmailSentDescription"
+                                                  )
+                                                : t("inviteSentDescription")}
+                                        </SettingsSectionDescription>
+                                    </SettingsSectionHeader>
+                                    <SettingsSectionBody>
+                                        <div className="space-y-4">
+                                            <p>
+                                                {t("inviteExpiresIn", {
+                                                    days: expiresInDays
+                                                })}
+                                            </p>
+                                            <CopyTextBox
+                                                text={inviteLink}
+                                                wrapText={false}
+                                            />
+                                        </div>
+                                    </SettingsSectionBody>
+                                </SettingsSection>
+                            )}
                         </>
                     )}
 
@@ -533,16 +562,16 @@ export default function Page() {
                             <SettingsSection>
                                 <SettingsSectionHeader>
                                     <SettingsSectionTitle>
-                                        {t('idpTitle')}
+                                        {t("idpTitle")}
                                     </SettingsSectionTitle>
                                     <SettingsSectionDescription>
-                                        {t('idpSelect')}
+                                        {t("idpSelect")}
                                     </SettingsSectionDescription>
                                 </SettingsSectionHeader>
                                 <SettingsSectionBody>
                                     {idps.length === 0 ? (
                                         <p className="text-muted-foreground">
-                                            {t('idpNotConfigured')}
+                                            {t("idpNotConfigured")}
                                         </p>
                                     ) : (
                                         <Form {...externalForm}>
@@ -596,10 +625,10 @@ export default function Page() {
                                 <SettingsSection>
                                     <SettingsSectionHeader>
                                         <SettingsSectionTitle>
-                                            {t('userSettings')}
+                                            {t("userSettings")}
                                         </SettingsSectionTitle>
                                         <SettingsSectionDescription>
-                                            {t('userSettingsDescription')}
+                                            {t("userSettingsDescription")}
                                         </SettingsSectionDescription>
                                     </SettingsSectionHeader>
                                     <SettingsSectionBody>
@@ -620,7 +649,9 @@ export default function Page() {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('username')}
+                                                                    {t(
+                                                                        "username"
+                                                                    )}
                                                                 </FormLabel>
                                                                 <FormControl>
                                                                     <Input
@@ -628,7 +659,9 @@ export default function Page() {
                                                                     />
                                                                 </FormControl>
                                                                 <p className="text-sm text-muted-foreground mt-1">
-                                                                    {t('usernameUniq')}
+                                                                    {t(
+                                                                        "usernameUniq"
+                                                                    )}
                                                                 </p>
                                                                 <FormMessage />
                                                             </FormItem>
@@ -643,7 +676,9 @@ export default function Page() {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('nameOptional')}
+                                                                    {t(
+                                                                        "emailOptional"
+                                                                    )}
                                                                 </FormLabel>
                                                                 <FormControl>
                                                                     <Input
@@ -663,7 +698,8 @@ export default function Page() {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('emailOptional')}
+                                                                        "nameOptional"
+                                                                    )}
                                                                 </FormLabel>
                                                                 <FormControl>
                                                                     <Input
@@ -683,7 +719,7 @@ export default function Page() {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('role')}
+                                                                    {t("role")}
                                                                 </FormLabel>
                                                                 <Select
                                                                     onValueChange={
@@ -691,8 +727,12 @@ export default function Page() {
                                                                     }
                                                                 >
                                                                     <FormControl>
-                                                                        <SelectTrigger>
-                                                                            <SelectValue placeholder={t('accessRoleSelect')} />
+                                                                        <SelectTrigger className="w-full">
+                                                                            <SelectValue
+                                                                                placeholder={t(
+                                                                                    "accessRoleSelect"
+                                                                                )}
+                                                                            />
                                                                         </SelectTrigger>
                                                                     </FormControl>
                                                                     <SelectContent>
@@ -736,19 +776,24 @@ export default function Page() {
                             router.push(`/${orgId}/settings/access/users`);
                         }}
                     >
-                        {t('cancel')}
+                        {t("cancel")}
                     </Button>
                     {userType && dataLoaded && (
                         <Button
-                            type="submit"
-                            form="create-user-form"
+                            type={inviteLink ? "button" : "submit"}
+                            form={inviteLink ? undefined : "create-user-form"}
                             loading={loading}
-                            disabled={
-                                loading ||
-                                (userType === "internal" && inviteLink !== null)
+                            disabled={loading}
+                            onClick={
+                                inviteLink
+                                    ? () =>
+                                          router.push(
+                                              `/${orgId}/settings/access/users`
+                                          )
+                                    : undefined
                             }
                         >
-                            {t('accessUserCreate')}
+                            {inviteLink ? t("done") : t("accessUserCreate")}
                         </Button>
                     )}
                 </div>
diff --git a/src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx b/src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx
index b0e55c4b..b503241f 100644
--- a/src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx
+++ b/src/app/[orgId]/settings/api-keys/OrgApiKeysTable.tsx
@@ -50,11 +50,14 @@ export default function OrgApiKeysTable({
     const deleteSite = (apiKeyId: string) => {
         api.delete(`/org/${orgId}/api-key/${apiKeyId}`)
             .catch((e) => {
-                console.error(t('apiKeysErrorDelete'), e);
+                console.error(t("apiKeysErrorDelete"), e);
                 toast({
                     variant: "destructive",
-                    title: t('apiKeysErrorDelete'),
-                    description: formatAxiosError(e, t('apiKeysErrorDeleteMessage'))
+                    title: t("apiKeysErrorDelete"),
+                    description: formatAxiosError(
+                        e,
+                        t("apiKeysErrorDeleteMessage")
+                    )
                 });
             })
             .then(() => {
@@ -68,41 +71,6 @@ export default function OrgApiKeysTable({
     };
 
     const columns: ColumnDef<OrgApiKeyRow>[] = [
-        {
-            id: "dots",
-            cell: ({ row }) => {
-                const apiKeyROw = row.original;
-                const router = useRouter();
-
-                return (
-                    <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <span className="sr-only">{t('openMenu')}</span>
-                                <MoreHorizontal className="h-4 w-4" />
-                            </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelected(apiKeyROw);
-                                }}
-                            >
-                                <span>{t('viewSettings')}</span>
-                            </DropdownMenuItem>
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelected(apiKeyROw);
-                                    setIsDeleteModalOpen(true);
-                                }}
-                            >
-                                <span className="text-red-500">{t('delete')}</span>
-                            </DropdownMenuItem>
-                        </DropdownMenuContent>
-                    </DropdownMenu>
-                );
-            }
-        },
         {
             accessorKey: "name",
             header: ({ column }) => {
@@ -113,7 +81,7 @@ export default function OrgApiKeysTable({
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('name')}
+                        {t("name")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -121,7 +89,7 @@ export default function OrgApiKeysTable({
         },
         {
             accessorKey: "key",
-            header: t('key'),
+            header: t("key"),
             cell: ({ row }) => {
                 const r = row.original;
                 return <span className="font-mono">{r.key}</span>;
@@ -129,10 +97,10 @@ export default function OrgApiKeysTable({
         },
         {
             accessorKey: "createdAt",
-            header: t('createdAt'),
+            header: t("createdAt"),
             cell: ({ row }) => {
                 const r = row.original;
-                return <span>{moment(r.createdAt).format("lll")} </span>;
+                return <span>{moment(r.createdAt).format("lll")}</span>;
             }
         },
         {
@@ -141,9 +109,43 @@ export default function OrgApiKeysTable({
                 const r = row.original;
                 return (
                     <div className="flex items-center justify-end">
+                        <DropdownMenu>
+                            <DropdownMenuTrigger asChild>
+                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                    <span className="sr-only">
+                                        {t("openMenu")}
+                                    </span>
+                                    <MoreHorizontal className="h-4 w-4" />
+                                </Button>
+                            </DropdownMenuTrigger>
+                            <DropdownMenuContent align="end">
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelected(r);
+                                    }}
+                                >
+                                    <span>{t("viewSettings")}</span>
+                                </DropdownMenuItem>
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelected(r);
+                                        setIsDeleteModalOpen(true);
+                                    }}
+                                >
+                                    <span className="text-red-500">
+                                        {t("delete")}
+                                    </span>
+                                </DropdownMenuItem>
+                            </DropdownMenuContent>
+                        </DropdownMenu>
+
                         <Link href={`/${orgId}/settings/api-keys/${r.id}`}>
-                            <Button variant={"outlinePrimary"} className="ml-2">
-                                {t('edit')}
+                            <Button
+                                variant={"secondary"}
+                                className="ml-2"
+                                size="sm"
+                            >
+                                {t("edit")}
                                 <ArrowRight className="ml-2 w-4 h-4" />
                             </Button>
                         </Link>
@@ -165,24 +167,23 @@ export default function OrgApiKeysTable({
                     dialog={
                         <div className="space-y-4">
                             <p>
-                                {t('apiKeysQuestionRemove', {selectedApiKey: selected?.name || selected?.id})}
+                                {t("apiKeysQuestionRemove", {
+                                    selectedApiKey:
+                                        selected?.name || selected?.id
+                                })}
                             </p>
 
                             <p>
-                                <b>
-                                    {t('apiKeysMessageRemove')}
-                                </b>
+                                <b>{t("apiKeysMessageRemove")}</b>
                             </p>
 
-                            <p>
-                                {t('apiKeysMessageConfirm')}
-                            </p>
+                            <p>{t("apiKeysMessageConfirm")}</p>
                         </div>
                     }
-                    buttonText={t('apiKeysDeleteConfirm')}
+                    buttonText={t("apiKeysDeleteConfirm")}
                     onConfirm={async () => deleteSite(selected!.id)}
                     string={selected.name}
-                    title={t('apiKeysDelete')}
+                    title={t("apiKeysDelete")}
                 />
             )}
 
diff --git a/src/app/[orgId]/settings/api-keys/[apiKeyId]/layout.tsx b/src/app/[orgId]/settings/api-keys/[apiKeyId]/layout.tsx
index 8343249c..e012f332 100644
--- a/src/app/[orgId]/settings/api-keys/[apiKeyId]/layout.tsx
+++ b/src/app/[orgId]/settings/api-keys/[apiKeyId]/layout.tsx
@@ -2,16 +2,7 @@ import { internal } from "@app/lib/api";
 import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { authCookieHeader } from "@app/lib/api/cookies";
-import { SidebarSettings } from "@app/components/SidebarSettings";
-import Link from "next/link";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
 import { GetApiKeyResponse } from "@server/routers/apiKeys";
 import ApiKeyProvider from "@app/providers/ApiKeyProvider";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
diff --git a/src/app/[orgId]/settings/api-keys/create/page.tsx b/src/app/[orgId]/settings/api-keys/create/page.tsx
index 78971e54..2e40522e 100644
--- a/src/app/[orgId]/settings/api-keys/create/page.tsx
+++ b/src/app/[orgId]/settings/api-keys/create/page.tsx
@@ -25,21 +25,12 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { Input } from "@app/components/ui/input";
 import { InfoIcon } from "lucide-react";
 import { Button } from "@app/components/ui/button";
-import { Checkbox, CheckboxWithLabel } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
 import { AxiosResponse } from "axios";
 import { useParams, useRouter } from "next/navigation";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
-import Link from "next/link";
 import {
     CreateOrgApiKeyBody,
     CreateOrgApiKeyResponse
@@ -110,7 +101,7 @@ export default function Page() {
     const copiedForm = useForm<CopiedFormValues>({
         resolver: zodResolver(copiedFormSchema),
         defaultValues: {
-            copied: false
+            copied: true
         }
     });
 
@@ -308,54 +299,54 @@ export default function Page() {
                                         </AlertDescription>
                                     </Alert>
 
-                                    <h4 className="font-semibold">
-                                        {t('apiKeysInfo')}
-                                    </h4>
+                                    {/* <h4 className="font-semibold"> */}
+                                    {/*     {t('apiKeysInfo')} */}
+                                    {/* </h4> */}
 
                                     <CopyTextBox
                                         text={`${apiKey.apiKeyId}.${apiKey.apiKey}`}
                                     />
 
-                                    <Form {...copiedForm}>
-                                        <form
-                                            className="space-y-4"
-                                            id="copied-form"
-                                        >
-                                            <FormField
-                                                control={copiedForm.control}
-                                                name="copied"
-                                                render={({ field }) => (
-                                                    <FormItem>
-                                                        <div className="flex items-center space-x-2">
-                                                            <Checkbox
-                                                                id="terms"
-                                                                defaultChecked={
-                                                                    copiedForm.getValues(
-                                                                        "copied"
-                                                                    ) as boolean
-                                                                }
-                                                                onCheckedChange={(
-                                                                    e
-                                                                ) => {
-                                                                    copiedForm.setValue(
-                                                                        "copied",
-                                                                        e as boolean
-                                                                    );
-                                                                }}
-                                                            />
-                                                            <label
-                                                                htmlFor="terms"
-                                                                className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                                                            >
-                                                                {t('apiKeysConfirmCopy')}
-                                                            </label>
-                                                        </div>
-                                                        <FormMessage />
-                                                    </FormItem>
-                                                )}
-                                            />
-                                        </form>
-                                    </Form>
+                                    {/* <Form {...copiedForm}> */}
+                                    {/*     <form */}
+                                    {/*         className="space-y-4" */}
+                                    {/*         id="copied-form" */}
+                                    {/*     > */}
+                                    {/*         <FormField */}
+                                    {/*             control={copiedForm.control} */}
+                                    {/*             name="copied" */}
+                                    {/*             render={({ field }) => ( */}
+                                    {/*                 <FormItem> */}
+                                    {/*                     <div className="flex items-center space-x-2"> */}
+                                    {/*                         <Checkbox */}
+                                    {/*                             id="terms" */}
+                                    {/*                             defaultChecked={ */}
+                                    {/*                                 copiedForm.getValues( */}
+                                    {/*                                     "copied" */}
+                                    {/*                                 ) as boolean */}
+                                    {/*                             } */}
+                                    {/*                             onCheckedChange={( */}
+                                    {/*                                 e */}
+                                    {/*                             ) => { */}
+                                    {/*                                 copiedForm.setValue( */}
+                                    {/*                                     "copied", */}
+                                    {/*                                     e as boolean */}
+                                    {/*                                 ); */}
+                                    {/*                             }} */}
+                                    {/*                         /> */}
+                                    {/*                         <label */}
+                                    {/*                             htmlFor="terms" */}
+                                    {/*                             className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70" */}
+                                    {/*                         > */}
+                                    {/*                             {t('apiKeysConfirmCopy')} */}
+                                    {/*                         </label> */}
+                                    {/*                     </div> */}
+                                    {/*                     <FormMessage /> */}
+                                    {/*                 </FormItem> */}
+                                    {/*             )} */}
+                                    {/*         /> */}
+                                    {/*     </form> */}
+                                    {/* </Form> */}
                                 </SettingsSectionBody>
                             </SettingsSection>
                         )}
diff --git a/src/app/[orgId]/settings/clients/ClientsDataTable.tsx b/src/app/[orgId]/settings/clients/ClientsDataTable.tsx
new file mode 100644
index 00000000..4f4c3b36
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/ClientsDataTable.tsx
@@ -0,0 +1,30 @@
+"use client";
+
+import {
+    ColumnDef,
+} from "@tanstack/react-table";
+import { DataTable } from "@app/components/ui/data-table";
+
+interface DataTableProps<TData, TValue> {
+    columns: ColumnDef<TData, TValue>[];
+    data: TData[];
+    addClient?: () => void;
+}
+
+export function ClientsDataTable<TData, TValue>({
+    columns,
+    data,
+    addClient
+}: DataTableProps<TData, TValue>) {
+    return (
+        <DataTable
+            columns={columns}
+            data={data}
+            title="Clients"
+            searchPlaceholder="Search clients..."
+            searchColumn="name"
+            onAdd={addClient}
+            addButtonText="Add Client"
+        />
+    );
+}
diff --git a/src/app/[orgId]/settings/clients/ClientsTable.tsx b/src/app/[orgId]/settings/clients/ClientsTable.tsx
new file mode 100644
index 00000000..35ded645
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/ClientsTable.tsx
@@ -0,0 +1,317 @@
+"use client";
+
+import { ColumnDef } from "@tanstack/react-table";
+import { ClientsDataTable } from "./ClientsDataTable";
+import {
+    DropdownMenu,
+    DropdownMenuContent,
+    DropdownMenuItem,
+    DropdownMenuTrigger
+} from "@app/components/ui/dropdown-menu";
+import { Button } from "@app/components/ui/button";
+import {
+    ArrowRight,
+    ArrowUpDown,
+    ArrowUpRight,
+    Check,
+    MoreHorizontal,
+    X
+} from "lucide-react";
+import Link from "next/link";
+import { useRouter } from "next/navigation";
+import { useState } from "react";
+import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
+import { toast } from "@app/hooks/useToast";
+import { formatAxiosError } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import CreateClientFormModal from "./CreateClientsModal";
+
+export type ClientRow = {
+    id: number;
+    name: string;
+    subnet: string;
+    // siteIds: string;
+    mbIn: string;
+    mbOut: string;
+    orgId: string;
+    online: boolean;
+};
+
+type ClientTableProps = {
+    clients: ClientRow[];
+    orgId: string;
+};
+
+export default function ClientsTable({ clients, orgId }: ClientTableProps) {
+    const router = useRouter();
+
+    const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const [selectedClient, setSelectedClient] = useState<ClientRow | null>(
+        null
+    );
+    const [rows, setRows] = useState<ClientRow[]>(clients);
+
+    const api = createApiClient(useEnvContext());
+
+    const deleteClient = (clientId: number) => {
+        api.delete(`/client/${clientId}`)
+            .catch((e) => {
+                console.error("Error deleting client", e);
+                toast({
+                    variant: "destructive",
+                    title: "Error deleting client",
+                    description: formatAxiosError(e, "Error deleting client")
+                });
+            })
+            .then(() => {
+                router.refresh();
+                setIsDeleteModalOpen(false);
+
+                const newRows = rows.filter((row) => row.id !== clientId);
+
+                setRows(newRows);
+            });
+    };
+
+    const columns: ColumnDef<ClientRow>[] = [
+        {
+            id: "dots",
+            cell: ({ row }) => {
+                const clientRow = row.original;
+                const router = useRouter();
+
+                return (
+                    <DropdownMenu>
+                        <DropdownMenuTrigger asChild>
+                            <Button variant="ghost" className="h-8 w-8 p-0">
+                                <span className="sr-only">Open menu</span>
+                                <MoreHorizontal className="h-4 w-4" />
+                            </Button>
+                        </DropdownMenuTrigger>
+                        <DropdownMenuContent align="end">
+                            {/* <Link */}
+                            {/*     className="block w-full" */}
+                            {/*     href={`/${clientRow.orgId}/settings/sites/${clientRow.nice}`} */}
+                            {/* > */}
+                            {/*     <DropdownMenuItem> */}
+                            {/*         View settings */}
+                            {/*     </DropdownMenuItem> */}
+                            {/* </Link> */}
+                            <DropdownMenuItem
+                                onClick={() => {
+                                    setSelectedClient(clientRow);
+                                    setIsDeleteModalOpen(true);
+                                }}
+                            >
+                                <span className="text-red-500">Delete</span>
+                            </DropdownMenuItem>
+                        </DropdownMenuContent>
+                    </DropdownMenu>
+                );
+            }
+        },
+        {
+            accessorKey: "name",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        Name
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        // {
+        //     accessorKey: "siteName",
+        //     header: ({ column }) => {
+        //         return (
+        //             <Button
+        //                 variant="ghost"
+        //                 onClick={() =>
+        //                     column.toggleSorting(column.getIsSorted() === "asc")
+        //                 }
+        //             >
+        //                 Site
+        //                 <ArrowUpDown className="ml-2 h-4 w-4" />
+        //             </Button>
+        //         );
+        //     },
+        //     cell: ({ row }) => {
+        //         const r = row.original;
+        //         return (
+        //             <Link href={`/${r.orgId}/settings/sites/${r.siteId}`}>
+        //                 <Button variant="outline">
+        //                     {r.siteName}
+        //                     <ArrowUpRight className="ml-2 h-4 w-4" />
+        //                 </Button>
+        //             </Link>
+        //         );
+        //     }
+        // },
+        {
+            accessorKey: "online",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        Connectivity
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const originalRow = row.original;
+                if (originalRow.online) {
+                    return (
+                        <span className="text-green-500 flex items-center space-x-2">
+                            <div className="w-2 h-2 bg-green-500 rounded-full"></div>
+                            <span>Connected</span>
+                        </span>
+                    );
+                } else {
+                    return (
+                        <span className="text-neutral-500 flex items-center space-x-2">
+                            <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
+                            <span>Disconnected</span>
+                        </span>
+                    );
+                }
+            }
+        },
+        {
+            accessorKey: "mbIn",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        Data In
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "mbOut",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        Data Out
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "subnet",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        Address
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            id: "actions",
+            cell: ({ row }) => {
+                const clientRow = row.original;
+                return (
+                    <div className="flex items-center justify-end">
+                        <Link
+                            href={`/${clientRow.orgId}/settings/clients/${clientRow.id}`}
+                        >
+                            <Button variant={"secondary"} className="ml-2">
+                                Edit
+                                <ArrowRight className="ml-2 w-4 h-4" />
+                            </Button>
+                        </Link>
+                    </div>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            <CreateClientFormModal
+                open={isCreateModalOpen}
+                setOpen={setIsCreateModalOpen}
+                onCreate={(val) => {
+                    setRows([val, ...rows]);
+                }}
+                orgId={orgId}
+            />
+
+            {selectedClient && (
+                <ConfirmDeleteDialog
+                    open={isDeleteModalOpen}
+                    setOpen={(val) => {
+                        setIsDeleteModalOpen(val);
+                        setSelectedClient(null);
+                    }}
+                    dialog={
+                        <div className="space-y-4">
+                            <p>
+                                Are you sure you want to remove the client{" "}
+                                <b>
+                                    {selectedClient?.name || selectedClient?.id}
+                                </b>{" "}
+                                from the site and organization?
+                            </p>
+
+                            <p>
+                                <b>
+                                    Once removed, the client will no longer be
+                                    able to connect to the site.{" "}
+                                </b>
+                            </p>
+
+                            <p>
+                                To confirm, please type the name of the client
+                                below.
+                            </p>
+                        </div>
+                    }
+                    buttonText="Confirm Delete Client"
+                    onConfirm={async () => deleteClient(selectedClient!.id)}
+                    string={selectedClient.name}
+                    title="Delete Client"
+                />
+            )}
+
+            <ClientsDataTable
+                columns={columns}
+                data={rows}
+                addClient={() => {
+                    setIsCreateModalOpen(true);
+                }}
+            />
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/clients/CreateClientsForm.tsx b/src/app/[orgId]/settings/clients/CreateClientsForm.tsx
new file mode 100644
index 00000000..1c459ddb
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/CreateClientsForm.tsx
@@ -0,0 +1,349 @@
+"use client";
+
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@app/components/ui/form";
+import { Input } from "@app/components/ui/input";
+import { toast } from "@app/hooks/useToast";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useEffect, useState } from "react";
+import { useForm } from "react-hook-form";
+import { z } from "zod";
+import CopyTextBox from "@app/components/CopyTextBox";
+import { Checkbox } from "@app/components/ui/checkbox";
+import { formatAxiosError } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { AxiosResponse } from "axios";
+import { ClientRow } from "./ClientsTable";
+import {
+    CreateClientBody,
+    CreateClientResponse,
+    PickClientDefaultsResponse
+} from "@server/routers/client";
+import { ListSitesResponse } from "@server/routers/site";
+import {
+    Popover,
+    PopoverContent,
+    PopoverTrigger
+} from "@app/components/ui/popover";
+import { Button } from "@app/components/ui/button";
+import { cn } from "@app/lib/cn";
+import { CaretSortIcon, CheckIcon } from "@radix-ui/react-icons";
+import {
+    Command,
+    CommandEmpty,
+    CommandGroup,
+    CommandInput,
+    CommandItem,
+    CommandList
+} from "@app/components/ui/command";
+import { ScrollArea } from "@app/components/ui/scroll-area";
+import { Badge } from "@app/components/ui/badge";
+import { X } from "lucide-react";
+import { Tag, TagInput } from "@app/components/tags/tag-input";
+
+const createClientFormSchema = z.object({
+    name: z
+        .string()
+        .min(2, {
+            message: "Name must be at least 2 characters."
+        })
+        .max(30, {
+            message: "Name must not be longer than 30 characters."
+        }),
+    siteIds: z
+        .array(
+            z.object({
+                id: z.string(),
+                text: z.string()
+            })
+        )
+        .refine((val) => val.length > 0, {
+            message: "At least one site is required."
+        }),
+    subnet: z.string().min(1, {
+        message: "Subnet is required."
+    })
+});
+
+type CreateClientFormValues = z.infer<typeof createClientFormSchema>;
+
+const defaultValues: Partial<CreateClientFormValues> = {
+    name: "",
+    siteIds: [],
+    subnet: ""
+};
+
+type CreateClientFormProps = {
+    onCreate?: (client: ClientRow) => void;
+    setLoading?: (loading: boolean) => void;
+    setChecked?: (checked: boolean) => void;
+    orgId: string;
+};
+
+export default function CreateClientForm({
+    onCreate,
+    setLoading,
+    setChecked,
+    orgId
+}: CreateClientFormProps) {
+    const api = createApiClient(useEnvContext());
+    const { env } = useEnvContext();
+
+    const [sites, setSites] = useState<Tag[]>([]);
+    const [isLoading, setIsLoading] = useState(false);
+    const [isChecked, setIsChecked] = useState(false);
+    const [clientDefaults, setClientDefaults] =
+        useState<PickClientDefaultsResponse | null>(null);
+    const [olmCommand, setOlmCommand] = useState<string | null>(null);
+    const [selectedSites, setSelectedSites] = useState<
+        Array<{ id: number; name: string }>
+    >([]);
+    const [activeSitesTagIndex, setActiveSitesTagIndex] = useState<
+        number | null
+    >(null);
+
+    const handleCheckboxChange = (checked: boolean) => {
+        setIsChecked(checked);
+        if (setChecked) {
+            setChecked(checked);
+        }
+    };
+
+    const form = useForm<CreateClientFormValues>({
+        resolver: zodResolver(createClientFormSchema),
+        defaultValues
+    });
+
+    useEffect(() => {
+        if (!open) return;
+
+        // reset all values
+        setLoading?.(false);
+        setIsLoading(false);
+        form.reset();
+        setChecked?.(false);
+        setClientDefaults(null);
+        setSelectedSites([]);
+
+        const fetchSites = async () => {
+            const res = await api.get<AxiosResponse<ListSitesResponse>>(
+                `/org/${orgId}/sites/`
+            );
+            const sites = res.data.data.sites.filter(
+                (s) => s.type === "newt" && s.subnet
+            );
+            setSites(
+                sites.map((site) => ({
+                    id: site.siteId.toString(),
+                    text: site.name
+                }))
+            );
+        };
+
+        const fetchDefaults = async () => {
+            api.get(`/org/${orgId}/pick-client-defaults`)
+                .catch((e) => {
+                    toast({
+                        variant: "destructive",
+                        title: `Error fetching client defaults`,
+                        description: formatAxiosError(e)
+                    });
+                })
+                .then((res) => {
+                    if (res && res.status === 200) {
+                        const data = res.data.data;
+                        setClientDefaults(data);
+                        const olmConfig = `olm --id ${data?.olmId} --secret ${data?.olmSecret} --endpoint ${env.app.dashboardUrl}`;
+                        setOlmCommand(olmConfig);
+
+                        // Set the subnet value from client defaults
+                        if (data?.subnet) {
+                            form.setValue("subnet", data.subnet);
+                        }
+                    }
+                });
+        };
+        fetchSites();
+        fetchDefaults();
+    }, [open]);
+
+    async function onSubmit(data: CreateClientFormValues) {
+        setLoading?.(true);
+        setIsLoading(true);
+
+        if (!clientDefaults) {
+            toast({
+                variant: "destructive",
+                title: "Error creating client",
+                description: "Client defaults not found"
+            });
+            setLoading?.(false);
+            setIsLoading(false);
+            return;
+        }
+
+        const payload = {
+            name: data.name,
+            siteIds: data.siteIds.map((site) => parseInt(site.id)),
+            olmId: clientDefaults.olmId,
+            secret: clientDefaults.olmSecret,
+            subnet: data.subnet,
+            type: "olm"
+        } as CreateClientBody;
+
+        const res = await api
+            .put<
+                AxiosResponse<CreateClientResponse>
+            >(`/org/${orgId}/client`, payload)
+            .catch((e) => {
+                toast({
+                    variant: "destructive",
+                    title: "Error creating client",
+                    description: formatAxiosError(e)
+                });
+            });
+
+        if (res && res.status === 201) {
+            const data = res.data.data;
+
+            onCreate?.({
+                name: data.name,
+                id: data.clientId,
+                subnet: data.subnet,
+                mbIn: "0 MB",
+                mbOut: "0 MB",
+                orgId: orgId as string,
+                online: false
+            });
+        }
+
+        setLoading?.(false);
+        setIsLoading(false);
+    }
+
+    return (
+        <div className="space-y-4">
+            <Form {...form}>
+                <form
+                    onSubmit={form.handleSubmit(onSubmit)}
+                    className="space-y-4"
+                    id="create-client-form"
+                >
+                    <FormField
+                        control={form.control}
+                        name="name"
+                        render={({ field }) => (
+                            <FormItem>
+                                <FormLabel>Name</FormLabel>
+                                <FormControl>
+                                    <Input
+                                        autoComplete="off"
+                                        placeholder="Client name"
+                                        {...field}
+                                    />
+                                </FormControl>
+                                <FormMessage />
+                            </FormItem>
+                        )}
+                    />
+
+                    <FormField
+                        control={form.control}
+                        name="subnet"
+                        render={({ field }) => (
+                            <FormItem>
+                                <FormLabel>Address</FormLabel>
+                                <FormControl>
+                                    <Input
+                                        autoComplete="off"
+                                        placeholder="Subnet"
+                                        {...field}
+                                    />
+                                </FormControl>
+                                <FormDescription>
+                                    The address that this client will use for
+                                    connectivity.
+                                </FormDescription>
+                                <FormMessage />
+                            </FormItem>
+                        )}
+                    />
+
+                    <FormField
+                        control={form.control}
+                        name="siteIds"
+                        render={(field) => (
+                            <FormItem className="flex flex-col">
+                                <FormLabel>Sites</FormLabel>
+                                <TagInput
+                                    {...field}
+                                    activeTagIndex={activeSitesTagIndex}
+                                    setActiveTagIndex={setActiveSitesTagIndex}
+                                    placeholder="Select sites"
+                                    size="sm"
+                                    tags={form.getValues().siteIds}
+                                    setTags={(newTags) => {
+                                        form.setValue(
+                                            "siteIds",
+                                            newTags as [Tag, ...Tag[]]
+                                        );
+                                    }}
+                                    enableAutocomplete={true}
+                                    autocompleteOptions={sites}
+                                    allowDuplicates={false}
+                                    restrictTagsToAutocompleteOptions={true}
+                                    sortTags={true}
+                                />
+                                <FormDescription>
+                                    The client will have connectivity to the
+                                    selected sites. The sites must be configured
+                                    to accept client connections.
+                                </FormDescription>
+                                <FormMessage />
+                            </FormItem>
+                        )}
+                    />
+
+                    {olmCommand && (
+                        <div className="w-full">
+                            <div className="mb-2">
+                                <div className="mx-auto">
+                                    <CopyTextBox
+                                        text={olmCommand}
+                                        wrapText={false}
+                                    />
+                                </div>
+                            </div>
+                            <span className="text-sm text-muted-foreground">
+                                You will only be able to see the configuration
+                                once.
+                            </span>
+                        </div>
+                    )}
+
+                    <div className="flex items-center space-x-2">
+                        <Checkbox
+                            id="terms"
+                            checked={isChecked}
+                            onCheckedChange={handleCheckboxChange}
+                        />
+                        <label
+                            htmlFor="terms"
+                            className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
+                        >
+                            I have copied the config
+                        </label>
+                    </div>
+                </form>
+            </Form>
+        </div>
+    );
+}
diff --git a/src/app/[orgId]/settings/sites/CreateSiteModal.tsx b/src/app/[orgId]/settings/clients/CreateClientsModal.tsx
similarity index 75%
rename from src/app/[orgId]/settings/sites/CreateSiteModal.tsx
rename to src/app/[orgId]/settings/clients/CreateClientsModal.tsx
index 8ecee55c..a8921cb1 100644
--- a/src/app/[orgId]/settings/sites/CreateSiteModal.tsx
+++ b/src/app/[orgId]/settings/clients/CreateClientsModal.tsx
@@ -12,26 +12,24 @@ import {
     CredenzaHeader,
     CredenzaTitle
 } from "@app/components/Credenza";
-import { SiteRow } from "./SitesTable";
-import CreateSiteForm from "./CreateSiteForm";
-import { useTranslations } from "next-intl";
+import CreateClientForm from "./CreateClientsForm";
+import { ClientRow } from "./ClientsTable";
 
-type CreateSiteFormProps = {
+type CreateClientFormProps = {
     open: boolean;
     setOpen: (open: boolean) => void;
-    onCreate?: (site: SiteRow) => void;
+    onCreate?: (client: ClientRow) => void;
     orgId: string;
 };
 
-export default function CreateSiteFormModal({
+export default function CreateClientFormModal({
     open,
     setOpen,
     onCreate,
     orgId
-}: CreateSiteFormProps) {
+}: CreateClientFormProps) {
     const [loading, setLoading] = useState(false);
     const [isChecked, setIsChecked] = useState(false);
-    const t = useTranslations();
 
     return (
         <>
@@ -44,14 +42,14 @@ export default function CreateSiteFormModal({
             >
                 <CredenzaContent>
                     <CredenzaHeader>
-                        <CredenzaTitle>{t('siteCreate')}</CredenzaTitle>
+                        <CredenzaTitle>Create Client</CredenzaTitle>
                         <CredenzaDescription>
-                            {t('siteCreateDescription')}
+                            Create a new client to connect to your sites
                         </CredenzaDescription>
                     </CredenzaHeader>
                     <CredenzaBody>
                         <div className="max-w-md">
-                            <CreateSiteForm
+                            <CreateClientForm
                                 setLoading={(val) => setLoading(val)}
                                 setChecked={(val) => setIsChecked(val)}
                                 onCreate={onCreate}
@@ -60,20 +58,20 @@ export default function CreateSiteFormModal({
                         </div>
                     </CredenzaBody>
                     <CredenzaFooter>
-                        <CredenzaClose asChild>
-                            <Button variant="outline">{t('close')}</Button>
-                        </CredenzaClose>
                         <Button
                             type="submit"
-                            form="create-site-form"
+                            form="create-client-form"
                             loading={loading}
                             disabled={loading || !isChecked}
                             onClick={() => {
                                 setOpen(false);
                             }}
                         >
-                            {t('siteCreate')}
+                            Create Client
                         </Button>
+                        <CredenzaClose asChild>
+                            <Button variant="outline">Close</Button>
+                        </CredenzaClose>
                     </CredenzaFooter>
                 </CredenzaContent>
             </Credenza>
diff --git a/src/app/[orgId]/settings/clients/[clientId]/ClientInfoCard.tsx b/src/app/[orgId]/settings/clients/[clientId]/ClientInfoCard.tsx
new file mode 100644
index 00000000..7117b4d5
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/[clientId]/ClientInfoCard.tsx
@@ -0,0 +1,52 @@
+"use client";
+
+import { Alert, AlertDescription, AlertTitle } from "@/components/ui/alert";
+import { InfoIcon } from "lucide-react";
+import { useClientContext } from "@app/hooks/useClientContext";
+import {
+    InfoSection,
+    InfoSectionContent,
+    InfoSections,
+    InfoSectionTitle
+} from "@app/components/InfoSection";
+
+type ClientInfoCardProps = {};
+
+export default function SiteInfoCard({}: ClientInfoCardProps) {
+    const { client, updateClient } = useClientContext();
+
+    return (
+        <Alert>
+            <InfoIcon className="h-4 w-4" />
+            <AlertTitle className="font-semibold">Client Information</AlertTitle>
+            <AlertDescription className="mt-4">
+                <InfoSections cols={2}>
+                        <>
+                            <InfoSection>
+                                <InfoSectionTitle>Status</InfoSectionTitle>
+                                <InfoSectionContent>
+                                    {client.online ? (
+                                        <div className="text-green-500 flex items-center space-x-2">
+                                            <div className="w-2 h-2 bg-green-500 rounded-full"></div>
+                                            <span>Online</span>
+                                        </div>
+                                    ) : (
+                                        <div className="text-neutral-500 flex items-center space-x-2">
+                                            <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
+                                            <span>Offline</span>
+                                        </div>
+                                    )}
+                                </InfoSectionContent>
+                            </InfoSection>
+                        </>
+                    <InfoSection>
+                        <InfoSectionTitle>Address</InfoSectionTitle>
+                        <InfoSectionContent>
+                            {client.subnet.split("/")[0]}
+                        </InfoSectionContent>
+                    </InfoSection>
+                </InfoSections>
+            </AlertDescription>
+        </Alert>
+    );
+}
diff --git a/src/app/[orgId]/settings/clients/[clientId]/general/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/general/page.tsx
new file mode 100644
index 00000000..e02e3aaa
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/[clientId]/general/page.tsx
@@ -0,0 +1,231 @@
+"use client";
+
+import { zodResolver } from "@hookform/resolvers/zod";
+import { z } from "zod";
+import { Button } from "@/components/ui/button";
+import {
+    Form,
+    FormControl,
+    FormDescription,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@/components/ui/form";
+import { Input } from "@/components/ui/input";
+import { useClientContext } from "@app/hooks/useClientContext";
+import { useForm } from "react-hook-form";
+import { toast } from "@app/hooks/useToast";
+import { useRouter } from "next/navigation";
+import {
+    SettingsContainer,
+    SettingsSection,
+    SettingsSectionHeader,
+    SettingsSectionTitle,
+    SettingsSectionDescription,
+    SettingsSectionBody,
+    SettingsSectionForm,
+    SettingsSectionFooter
+} from "@app/components/Settings";
+import { formatAxiosError } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useEffect, useState } from "react";
+import { Tag, TagInput } from "@app/components/tags/tag-input";
+import { AxiosResponse } from "axios";
+import { ListSitesResponse } from "@server/routers/site";
+
+const GeneralFormSchema = z.object({
+    name: z.string().nonempty("Name is required"),
+    siteIds: z.array(
+        z.object({
+            id: z.string(),
+            text: z.string()
+        })
+    )
+});
+
+type GeneralFormValues = z.infer<typeof GeneralFormSchema>;
+
+export default function GeneralPage() {
+    const { client, updateClient } = useClientContext();
+    const api = createApiClient(useEnvContext());
+    const [loading, setLoading] = useState(false);
+    const router = useRouter();
+    const [sites, setSites] = useState<Tag[]>([]);
+    const [clientSites, setClientSites] = useState<Tag[]>([]);
+    const [activeSitesTagIndex, setActiveSitesTagIndex] = useState<number | null>(null);
+
+    const form = useForm<GeneralFormValues>({
+        resolver: zodResolver(GeneralFormSchema),
+        defaultValues: {
+            name: client?.name,
+            siteIds: []
+        },
+        mode: "onChange"
+    });
+
+    // Fetch available sites and client's assigned sites
+    useEffect(() => {
+        const fetchSites = async () => {
+            try {
+                // Fetch all available sites
+                const res = await api.get<AxiosResponse<ListSitesResponse>>(
+                    `/org/${client?.orgId}/sites/`
+                );
+                
+                const availableSites = res.data.data.sites
+                    .filter((s) => s.type === "newt" && s.subnet)
+                    .map((site) => ({
+                        id: site.siteId.toString(),
+                        text: site.name
+                    }));
+                
+                setSites(availableSites);
+
+                // Filter sites to only include those assigned to the client
+                const assignedSites = availableSites.filter((site) =>
+                    client?.siteIds?.includes(parseInt(site.id))
+                );
+                setClientSites(assignedSites);
+                // Set the default values for the form
+                form.setValue("siteIds", assignedSites);
+            } catch (e) {
+                toast({
+                    variant: "destructive",
+                    title: "Failed to fetch sites",
+                    description: formatAxiosError(
+                        e,
+                        "An error occurred while fetching sites."
+                    )
+                });
+            }
+        };
+
+        if (client?.clientId) {
+            fetchSites();
+        }
+    }, [client?.clientId, client?.orgId, api, form]);
+
+    async function onSubmit(data: GeneralFormValues) {
+        setLoading(true);
+
+        try {
+            await api.post(`/client/${client?.clientId}`, {
+                name: data.name,
+                siteIds: data.siteIds.map(site => site.id)
+            });
+
+            updateClient({ name: data.name });
+
+            toast({
+                title: "Client updated",
+                description: "The client has been updated."
+            });
+
+            router.refresh();
+        } catch (e) {
+            toast({
+                variant: "destructive",
+                title: "Failed to update client",
+                description: formatAxiosError(
+                    e,
+                    "An error occurred while updating the client."
+                )
+            });
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    return (
+        <SettingsContainer>
+            <SettingsSection>
+                <SettingsSectionHeader>
+                    <SettingsSectionTitle>
+                        General Settings
+                    </SettingsSectionTitle>
+                    <SettingsSectionDescription>
+                        Configure the general settings for this client
+                    </SettingsSectionDescription>
+                </SettingsSectionHeader>
+
+                <SettingsSectionBody>
+                    <SettingsSectionForm>
+                        <Form {...form}>
+                            <form
+                                onSubmit={form.handleSubmit(onSubmit)}
+                                className="space-y-4"
+                                id="general-settings-form"
+                            >
+                                <FormField
+                                    control={form.control}
+                                    name="name"
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <FormLabel>Name</FormLabel>
+                                            <FormControl>
+                                                <Input {...field} />
+                                            </FormControl>
+                                            <FormMessage />
+                                            <FormDescription>
+                                                This is the display name of the
+                                                client.
+                                            </FormDescription>
+                                        </FormItem>
+                                    )}
+                                />
+
+                                <FormField
+                                    control={form.control}
+                                    name="siteIds"
+                                    render={(field) => (
+                                        <FormItem className="flex flex-col">
+                                            <FormLabel>Sites</FormLabel>
+                                            <TagInput
+                                                {...field}
+                                                activeTagIndex={activeSitesTagIndex}
+                                                setActiveTagIndex={setActiveSitesTagIndex}
+                                                placeholder="Select sites"
+                                                size="sm"
+                                                tags={form.getValues().siteIds}
+                                                setTags={(newTags) => {
+                                                    form.setValue(
+                                                        "siteIds",
+                                                        newTags as [Tag, ...Tag[]]
+                                                    );
+                                                }}
+                                                enableAutocomplete={true}
+                                                autocompleteOptions={sites}
+                                                allowDuplicates={false}
+                                                restrictTagsToAutocompleteOptions={true}
+                                                sortTags={true}
+                                            />
+                                            <FormDescription>
+                                                The client will have connectivity to the
+                                                selected sites. The sites must be configured
+                                                to accept client connections.
+                                            </FormDescription>
+                                            <FormMessage />
+                                        </FormItem>
+                                    )}
+                                />
+                            </form>
+                        </Form>
+                    </SettingsSectionForm>
+                </SettingsSectionBody>
+
+                <SettingsSectionFooter>
+                    <Button
+                        type="submit"
+                        form="general-settings-form"
+                        loading={loading}
+                        disabled={loading}
+                    >
+                        Save Settings
+                    </Button>
+                </SettingsSectionFooter>
+            </SettingsSection>
+        </SettingsContainer>
+    );
+}
\ No newline at end of file
diff --git a/src/app/[orgId]/settings/clients/[clientId]/layout.tsx b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
new file mode 100644
index 00000000..804162a2
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/[clientId]/layout.tsx
@@ -0,0 +1,57 @@
+import { internal } from "@app/lib/api";
+import { AxiosResponse } from "axios";
+import { authCookieHeader } from "@app/lib/api/cookies";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import { GetClientResponse } from "@server/routers/client";
+import ClientInfoCard from "./ClientInfoCard";
+import ClientProvider from "@app/providers/ClientProvider";
+import { redirect } from "next/navigation";
+import { HorizontalTabs } from "@app/components/HorizontalTabs";
+
+type SettingsLayoutProps = {
+    children: React.ReactNode;
+    params: Promise<{ clientId: number; orgId: string }>;
+}
+
+export default async function SettingsLayout(props: SettingsLayoutProps) {
+    const params = await props.params;
+
+    const { children } = props;
+
+    let client = null;
+    try {
+        const res = await internal.get<AxiosResponse<GetClientResponse>>(
+            `/org/${params.orgId}/client/${params.clientId}`,
+            await authCookieHeader()
+        );
+        client = res.data.data;
+    } catch (error) {
+        console.error("Error fetching client data:", error);
+        redirect(`/${params.orgId}/settings/clients`);
+    }
+
+    const navItems = [
+        {
+            title: "General",
+            href: `/{orgId}/settings/clients/{clientId}/general`
+        }
+    ];
+
+    return (
+        <>
+            <SettingsSectionTitle
+                title={`${client?.name} Settings`}
+                description="Configure the settings on your site"
+            />
+
+            <ClientProvider client={client}>
+                <div className="space-y-6">
+                    <ClientInfoCard />
+                    <HorizontalTabs items={navItems}>
+                        {children}
+                    </HorizontalTabs>
+                </div>
+            </ClientProvider>
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/clients/[clientId]/page.tsx b/src/app/[orgId]/settings/clients/[clientId]/page.tsx
new file mode 100644
index 00000000..c484ec8c
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/[clientId]/page.tsx
@@ -0,0 +1,8 @@
+import { redirect } from "next/navigation";
+
+export default async function ClientPage(props: {
+    params: Promise<{ orgId: string; clientId: number }>;
+}) {
+    const params = await props.params;
+    redirect(`/${params.orgId}/settings/clients/${params.clientId}/general`);
+}
diff --git a/src/app/[orgId]/settings/clients/layout.tsx b/src/app/[orgId]/settings/clients/layout.tsx
new file mode 100644
index 00000000..59a46414
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/layout.tsx
@@ -0,0 +1,21 @@
+import { redirect } from "next/navigation";
+import { pullEnv } from "@app/lib/pullEnv";
+
+export const dynamic = "force-dynamic";
+
+interface SettingsLayoutProps {
+    children: React.ReactNode;
+    params: Promise<{ orgId: string }>;
+}
+
+export default async function SettingsLayout(props: SettingsLayoutProps) {
+    const params = await props.params;
+    const { children } = props;
+    const env = pullEnv();
+
+    if (!env.flags.enableClients) {
+        redirect(`/${params.orgId}/settings`);
+    }
+
+    return children;
+}
diff --git a/src/app/[orgId]/settings/clients/page.tsx b/src/app/[orgId]/settings/clients/page.tsx
new file mode 100644
index 00000000..b798bf93
--- /dev/null
+++ b/src/app/[orgId]/settings/clients/page.tsx
@@ -0,0 +1,58 @@
+import { internal } from "@app/lib/api";
+import { authCookieHeader } from "@app/lib/api/cookies";
+import { AxiosResponse } from "axios";
+import { ClientRow } from "./ClientsTable";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import { ListClientsResponse } from "@server/routers/client";
+import ClientsTable from "./ClientsTable";
+
+type ClientsPageProps = {
+    params: Promise<{ orgId: string }>;
+};
+
+export const dynamic = "force-dynamic";
+
+export default async function ClientsPage(props: ClientsPageProps) {
+    const params = await props.params;
+    let clients: ListClientsResponse["clients"] = [];
+    try {
+        const res = await internal.get<AxiosResponse<ListClientsResponse>>(
+            `/org/${params.orgId}/clients`,
+            await authCookieHeader()
+        );
+        clients = res.data.data.clients;
+    } catch (e) {}
+
+    function formatSize(mb: number): string {
+        if (mb >= 1024 * 1024) {
+            return `${(mb / (1024 * 1024)).toFixed(2)} TB`;
+        } else if (mb >= 1024) {
+            return `${(mb / 1024).toFixed(2)} GB`;
+        } else {
+            return `${mb.toFixed(2)} MB`;
+        }
+    }
+
+    const clientRows: ClientRow[] = clients.map((client) => {
+        return {
+            name: client.name,
+            id: client.clientId,
+            subnet: client.subnet.split("/")[0],
+            mbIn: formatSize(client.megabytesIn || 0),
+            mbOut: formatSize(client.megabytesOut || 0),
+            orgId: params.orgId,
+            online: client.online
+        };
+    });
+
+    return (
+        <>
+            <SettingsSectionTitle
+                title="Manage Clients"
+                description="Clients are devices that can connect to your sites"
+            />
+
+            <ClientsTable clients={clientRows} orgId={params.orgId} />
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/domains/CreateDomainForm.tsx b/src/app/[orgId]/settings/domains/CreateDomainForm.tsx
new file mode 100644
index 00000000..31bf82f1
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/CreateDomainForm.tsx
@@ -0,0 +1,516 @@
+"use client";
+
+import { Button } from "@app/components/ui/button";
+import {
+    Form,
+    FormControl,
+    FormField,
+    FormItem,
+    FormLabel,
+    FormMessage
+} from "@app/components/ui/form";
+import { Input } from "@app/components/ui/input";
+import { useToast } from "@app/hooks/useToast";
+import { zodResolver } from "@hookform/resolvers/zod";
+import { useState } from "react";
+import { useForm } from "react-hook-form";
+import { z } from "zod";
+import {
+    Credenza,
+    CredenzaBody,
+    CredenzaClose,
+    CredenzaContent,
+    CredenzaDescription,
+    CredenzaFooter,
+    CredenzaHeader,
+    CredenzaTitle
+} from "@app/components/Credenza";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useTranslations } from "next-intl";
+import { formatAxiosError } from "@app/lib/api";
+import { CreateDomainResponse } from "@server/routers/domain/createOrgDomain";
+import { StrategySelect } from "@app/components/StrategySelect";
+import { AxiosResponse } from "axios";
+import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
+import { InfoIcon, AlertTriangle } from "lucide-react";
+import CopyToClipboard from "@app/components/CopyToClipboard";
+import {
+    InfoSection,
+    InfoSectionContent,
+    InfoSections,
+    InfoSectionTitle
+} from "@app/components/InfoSection";
+import { useOrgContext } from "@app/hooks/useOrgContext";
+import { build } from "@server/build";
+
+const formSchema = z.object({
+    baseDomain: z.string().min(1, "Domain is required"),
+    type: z.enum(["ns", "cname", "wildcard"])
+});
+
+type FormValues = z.infer<typeof formSchema>;
+
+type CreateDomainFormProps = {
+    open: boolean;
+    setOpen: (open: boolean) => void;
+    onCreated?: (domain: CreateDomainResponse) => void;
+};
+
+export default function CreateDomainForm({
+    open,
+    setOpen,
+    onCreated
+}: CreateDomainFormProps) {
+    const [loading, setLoading] = useState(false);
+    const [createdDomain, setCreatedDomain] =
+        useState<CreateDomainResponse | null>(null);
+    const api = createApiClient(useEnvContext());
+    const t = useTranslations();
+    const { toast } = useToast();
+    const { org } = useOrgContext();
+
+    const form = useForm<FormValues>({
+        resolver: zodResolver(formSchema),
+        defaultValues: {
+            baseDomain: "",
+            type: build == "oss" ? "wildcard" : "ns"
+        }
+    });
+
+    function reset() {
+        form.reset();
+        setLoading(false);
+        setCreatedDomain(null);
+    }
+
+    async function onSubmit(values: FormValues) {
+        setLoading(true);
+        try {
+            const response = await api.put<AxiosResponse<CreateDomainResponse>>(
+                `/org/${org.org.orgId}/domain`,
+                values
+            );
+            const domainData = response.data.data;
+            setCreatedDomain(domainData);
+            toast({
+                title: t("success"),
+                description: t("domainCreatedDescription")
+            });
+            onCreated?.(domainData);
+        } catch (e) {
+            toast({
+                title: t("error"),
+                description: formatAxiosError(e),
+                variant: "destructive"
+            });
+        } finally {
+            setLoading(false);
+        }
+    }
+
+    const domainType = form.watch("type");
+    const baseDomain = form.watch("baseDomain");
+
+    let domainOptions: any = [];
+    if (build == "enterprise" || build == "saas") {
+        domainOptions = [
+            {
+                id: "ns",
+                title: t("selectDomainTypeNsName"),
+                description: t("selectDomainTypeNsDescription")
+            },
+            {
+                id: "cname",
+                title: t("selectDomainTypeCnameName"),
+                description: t("selectDomainTypeCnameDescription")
+            }
+        ];
+    } else if (build == "oss") {
+        domainOptions = [
+            {
+                id: "wildcard",
+                title: t("selectDomainTypeWildcardName"),
+                description: t("selectDomainTypeWildcardDescription")
+            }
+        ];
+    }
+
+    return (
+        <Credenza
+            open={open}
+            onOpenChange={(val) => {
+                setOpen(val);
+                reset();
+            }}
+        >
+            <CredenzaContent>
+                <CredenzaHeader>
+                    <CredenzaTitle>{t("domainAdd")}</CredenzaTitle>
+                    <CredenzaDescription>
+                        {t("domainAddDescription")}
+                    </CredenzaDescription>
+                </CredenzaHeader>
+                <CredenzaBody>
+                    {!createdDomain ? (
+                        <Form {...form}>
+                            <form
+                                onSubmit={form.handleSubmit(onSubmit)}
+                                className="space-y-4"
+                                id="create-domain-form"
+                            >
+                                <FormField
+                                    control={form.control}
+                                    name="type"
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <StrategySelect
+                                                options={domainOptions}
+                                                defaultValue={field.value}
+                                                onChange={field.onChange}
+                                                cols={1}
+                                            />
+                                            <FormMessage />
+                                        </FormItem>
+                                    )}
+                                />
+                                <FormField
+                                    control={form.control}
+                                    name="baseDomain"
+                                    render={({ field }) => (
+                                        <FormItem>
+                                            <FormLabel>{t("domain")}</FormLabel>
+                                            <FormControl>
+                                                <Input
+                                                    placeholder="example.com"
+                                                    {...field}
+                                                />
+                                            </FormControl>
+                                            <FormMessage />
+                                        </FormItem>
+                                    )}
+                                />
+                            </form>
+                        </Form>
+                    ) : (
+                        <div className="space-y-6">
+                            <Alert variant="default">
+                                <InfoIcon className="h-4 w-4" />
+                                <AlertTitle className="font-semibold">
+                                    {t("createDomainAddDnsRecords")}
+                                </AlertTitle>
+                                <AlertDescription>
+                                    {t("createDomainAddDnsRecordsDescription")}
+                                </AlertDescription>
+                            </Alert>
+
+                            <div className="space-y-4">
+                                {createdDomain.nsRecords &&
+                                createdDomain.nsRecords.length > 0 && (
+                                    <div>
+                                        <h3 className="font-medium mb-3">
+                                            {t("createDomainNsRecords")}
+                                        </h3>
+                                        <InfoSections cols={1}>
+                                            <InfoSection>
+                                                <InfoSectionTitle>
+                                                    {t("createDomainRecord")}
+                                                </InfoSectionTitle>
+                                                <InfoSectionContent>
+                                                    <div className="space-y-2">
+                                                        <div className="flex justify-between items-center">
+                                                            <span className="text-sm font-medium">
+                                                                {t(
+                                                                    "createDomainType"
+                                                                )}
+                                                            </span>
+                                                            <span className="text-sm font-mono">
+                                                                NS
+                                                            </span>
+                                                        </div>
+                                                        <div className="flex justify-between items-center">
+                                                            <span className="text-sm font-medium">
+                                                                {t(
+                                                                    "createDomainName"
+                                                                )}
+                                                            </span>
+                                                            <span className="text-sm font-mono">
+                                                                {baseDomain}
+                                                            </span>
+                                                        </div>
+                                                        <span className="text-sm font-medium">
+                                                            {t(
+                                                                "createDomainValue"
+                                                            )}
+                                                        </span>
+                                                        {createdDomain.nsRecords.map(
+                                                            (
+                                                                nsRecord,
+                                                                index
+                                                            ) => (
+                                                                <div
+                                                                    className="flex justify-between items-center"
+                                                                    key={index}
+                                                                >
+                                                                    <CopyToClipboard
+                                                                        text={
+                                                                            nsRecord
+                                                                        }
+                                                                    />
+                                                                </div>
+                                                            )
+                                                        )}
+                                                    </div>
+                                                </InfoSectionContent>
+                                            </InfoSection>
+                                        </InfoSections>
+                                    </div>
+                                )}
+
+                                {createdDomain.cnameRecords &&
+                                    createdDomain.cnameRecords.length > 0 && (
+                                        <div>
+                                            <h3 className="font-medium mb-3">
+                                                {t("createDomainCnameRecords")}
+                                            </h3>
+                                            <InfoSections cols={1}>
+                                                {createdDomain.cnameRecords.map(
+                                                    (cnameRecord, index) => (
+                                                        <InfoSection
+                                                            key={index}
+                                                        >
+                                                            <InfoSectionTitle>
+                                                                {t(
+                                                                    "createDomainRecordNumber",
+                                                                    {
+                                                                        number:
+                                                                            index +
+                                                                            1
+                                                                    }
+                                                                )}
+                                                            </InfoSectionTitle>
+                                                            <InfoSectionContent>
+                                                                <div className="space-y-2">
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainType"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            CNAME
+                                                                        </span>
+                                                                    </div>
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainName"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            {
+                                                                                cnameRecord.baseDomain
+                                                                            }
+                                                                        </span>
+                                                                    </div>
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainValue"
+                                                                            )}
+                                                                        </span>
+                                                                        <CopyToClipboard
+                                                                            text={
+                                                                                cnameRecord.value
+                                                                            }
+                                                                        />
+                                                                    </div>
+                                                                </div>
+                                                            </InfoSectionContent>
+                                                        </InfoSection>
+                                                    )
+                                                )}
+                                            </InfoSections>
+                                        </div>
+                                    )}
+
+                                {createdDomain.aRecords &&
+                                    createdDomain.aRecords.length > 0 && (
+                                        <div>
+                                            <h3 className="font-medium mb-3">
+                                                {t("createDomainARecords")}
+                                            </h3>
+                                            <InfoSections cols={1}>
+                                                {createdDomain.aRecords.map(
+                                                    (aRecord, index) => (
+                                                        <InfoSection
+                                                            key={index}
+                                                        >
+                                                            <InfoSectionTitle>
+                                                                {t(
+                                                                    "createDomainRecordNumber",
+                                                                    {
+                                                                        number:
+                                                                            index +
+                                                                            1
+                                                                    }
+                                                                )}
+                                                            </InfoSectionTitle>
+                                                            <InfoSectionContent>
+                                                                <div className="space-y-2">
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainType"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            A
+                                                                        </span>
+                                                                    </div>
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainName"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            {
+                                                                                aRecord.baseDomain
+                                                                            }
+                                                                        </span>
+                                                                    </div>
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainValue"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            {
+                                                                                aRecord.value
+                                                                            }
+                                                                       </span>
+                                                                    </div>
+                                                                </div>
+                                                            </InfoSectionContent>
+                                                        </InfoSection>
+                                                    )
+                                                )}
+                                            </InfoSections>
+                                        </div>
+                                    )}
+                                {createdDomain.txtRecords &&
+                                    createdDomain.txtRecords.length > 0 && (
+                                        <div>
+                                            <h3 className="font-medium mb-3">
+                                                {t("createDomainTxtRecords")}
+                                            </h3>
+                                            <InfoSections cols={1}>
+                                                {createdDomain.txtRecords.map(
+                                                    (txtRecord, index) => (
+                                                        <InfoSection
+                                                            key={index}
+                                                        >
+                                                            <InfoSectionTitle>
+                                                                {t(
+                                                                    "createDomainRecordNumber",
+                                                                    {
+                                                                        number:
+                                                                            index +
+                                                                            1
+                                                                    }
+                                                                )}
+                                                            </InfoSectionTitle>
+                                                            <InfoSectionContent>
+                                                                <div className="space-y-2">
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainType"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            TXT
+                                                                        </span>
+                                                                    </div>
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainName"
+                                                                            )}
+                                                                        </span>
+                                                                        <span className="text-sm font-mono">
+                                                                            {
+                                                                                txtRecord.baseDomain
+                                                                            }
+                                                                        </span>
+                                                                    </div>
+                                                                    <div className="flex justify-between items-center">
+                                                                        <span className="text-sm font-medium">
+                                                                            {t(
+                                                                                "createDomainValue"
+                                                                            )}
+                                                                        </span>
+                                                                        <CopyToClipboard
+                                                                            text={
+                                                                                txtRecord.value
+                                                                            }
+                                                                        />
+                                                                    </div>
+                                                                </div>
+                                                            </InfoSectionContent>
+                                                        </InfoSection>
+                                                    )
+                                                )}
+                                            </InfoSections>
+                                        </div>
+                                    )}
+                            </div>
+
+                            {build == "saas" ||
+                                (build == "enterprise" && (
+                                    <Alert variant="destructive">
+                                        <AlertTriangle className="h-4 w-4" />
+                                        <AlertTitle className="font-semibold">
+                                            {t("createDomainSaveTheseRecords")}
+                                        </AlertTitle>
+                                        <AlertDescription>
+                                            {t(
+                                                "createDomainSaveTheseRecordsDescription"
+                                            )}
+                                        </AlertDescription>
+                                    </Alert>
+                                ))}
+
+                            <Alert variant="info">
+                                <AlertTriangle className="h-4 w-4" />
+                                <AlertTitle className="font-semibold">
+                                    {t("createDomainDnsPropagation")}
+                                </AlertTitle>
+                                <AlertDescription>
+                                    {t("createDomainDnsPropagationDescription")}
+                                </AlertDescription>
+                            </Alert>
+                        </div>
+                    )}
+                </CredenzaBody>
+                <CredenzaFooter>
+                    <CredenzaClose asChild>
+                        <Button variant="outline">{t("close")}</Button>
+                    </CredenzaClose>
+                    {!createdDomain && (
+                        <Button
+                            type="submit"
+                            form="create-domain-form"
+                            loading={loading}
+                            disabled={loading}
+                        >
+                            {t("domainCreate")}
+                        </Button>
+                    )}
+                </CredenzaFooter>
+            </CredenzaContent>
+        </Credenza>
+    );
+}
diff --git a/src/app/[orgId]/settings/domains/DomainsDataTable.tsx b/src/app/[orgId]/settings/domains/DomainsDataTable.tsx
new file mode 100644
index 00000000..2008f0e8
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/DomainsDataTable.tsx
@@ -0,0 +1,37 @@
+"use client";
+
+import { ColumnDef } from "@tanstack/react-table";
+import { DataTable } from "@app/components/ui/data-table";
+import { useTranslations } from "next-intl";
+
+interface DataTableProps<TData, TValue> {
+    columns: ColumnDef<TData, TValue>[];
+    data: TData[];
+    onAdd?: () => void;
+    onRefresh?: () => void;
+    isRefreshing?: boolean;
+}
+
+export function DomainsDataTable<TData, TValue>({
+    columns,
+    data,
+    onAdd,
+    onRefresh,
+    isRefreshing
+}: DataTableProps<TData, TValue>) {
+    const t = useTranslations();
+
+    return (
+        <DataTable
+            columns={columns}
+            data={data}
+            title={t("domains")}
+            searchPlaceholder={t("domainsSearch")}
+            searchColumn="baseDomain"
+            addButtonText={t("domainAdd")}
+            onAdd={onAdd}
+            onRefresh={onRefresh}
+            isRefreshing={isRefreshing}
+        />
+    );
+}
diff --git a/src/app/[orgId]/settings/domains/DomainsTable.tsx b/src/app/[orgId]/settings/domains/DomainsTable.tsx
new file mode 100644
index 00000000..84bc8bc6
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/DomainsTable.tsx
@@ -0,0 +1,278 @@
+"use client";
+
+import { ColumnDef } from "@tanstack/react-table";
+import { DomainsDataTable } from "./DomainsDataTable";
+import { Button } from "@app/components/ui/button";
+import { ArrowUpDown } from "lucide-react";
+import { useState } from "react";
+import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
+import { formatAxiosError } from "@app/lib/api";
+import { createApiClient } from "@app/lib/api";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { Badge } from "@app/components/ui/badge";
+import { useRouter } from "next/navigation";
+import { useTranslations } from "next-intl";
+import CreateDomainForm from "./CreateDomainForm";
+import { useToast } from "@app/hooks/useToast";
+import { useOrgContext } from "@app/hooks/useOrgContext";
+
+export type DomainRow = {
+    domainId: string;
+    baseDomain: string;
+    type: string;
+    verified: boolean;
+    failed: boolean;
+    tries: number;
+    configManaged: boolean;
+};
+
+type Props = {
+    domains: DomainRow[];
+};
+
+export default function DomainsTable({ domains }: Props) {
+    const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
+    const [isCreateModalOpen, setIsCreateModalOpen] = useState(false);
+    const [selectedDomain, setSelectedDomain] = useState<DomainRow | null>(
+        null
+    );
+    const [isRefreshing, setIsRefreshing] = useState(false);
+    const [restartingDomains, setRestartingDomains] = useState<Set<string>>(
+        new Set()
+    );
+    const api = createApiClient(useEnvContext());
+    const router = useRouter();
+    const t = useTranslations();
+    const { toast } = useToast();
+    const { org } = useOrgContext();
+
+    const refreshData = async () => {
+        setIsRefreshing(true);
+        try {
+            await new Promise((resolve) => setTimeout(resolve, 200));
+            router.refresh();
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("refreshError"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsRefreshing(false);
+        }
+    };
+
+    const deleteDomain = async (domainId: string) => {
+        try {
+            await api.delete(`/org/${org.org.orgId}/domain/${domainId}`);
+            toast({
+                title: t("success"),
+                description: t("domainDeletedDescription")
+            });
+            setIsDeleteModalOpen(false);
+            refreshData();
+        } catch (e) {
+            toast({
+                title: t("error"),
+                description: formatAxiosError(e),
+                variant: "destructive"
+            });
+        }
+    };
+
+    const restartDomain = async (domainId: string) => {
+        setRestartingDomains((prev) => new Set(prev).add(domainId));
+        try {
+            await api.post(`/org/${org.org.orgId}/domain/${domainId}/restart`);
+            toast({
+                title: t("success"),
+                description: t("domainRestartedDescription", {
+                    fallback: "Domain verification restarted successfully"
+                })
+            });
+            refreshData();
+        } catch (e) {
+            toast({
+                title: t("error"),
+                description: formatAxiosError(e),
+                variant: "destructive"
+            });
+        } finally {
+            setRestartingDomains((prev) => {
+                const newSet = new Set(prev);
+                newSet.delete(domainId);
+                return newSet;
+            });
+        }
+    };
+
+    const getTypeDisplay = (type: string) => {
+        switch (type) {
+            case "ns":
+                return t("selectDomainTypeNsName");
+            case "cname":
+                return t("selectDomainTypeCnameName");
+            case "wildcard":
+                return t("selectDomainTypeWildcardName");
+            default:
+                return type;
+        }
+    };
+
+    const columns: ColumnDef<DomainRow>[] = [
+        {
+            accessorKey: "baseDomain",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("domain")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        },
+        {
+            accessorKey: "type",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("type")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const type = row.original.type;
+                return (
+                    <Badge variant="secondary">{getTypeDisplay(type)}</Badge>
+                );
+            }
+        },
+        {
+            accessorKey: "verified",
+            header: ({ column }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        {t("status")}
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            },
+            cell: ({ row }) => {
+                const { verified, failed } = row.original;
+                if (verified) {
+                    return <Badge variant="green">{t("verified")}</Badge>;
+                } else if (failed) {
+                    return (
+                        <Badge variant="destructive">
+                            {t("failed", { fallback: "Failed" })}
+                        </Badge>
+                    );
+                } else {
+                    return <Badge variant="yellow">{t("pending")}</Badge>;
+                }
+            }
+        },
+        {
+            id: "actions",
+            cell: ({ row }) => {
+                const domain = row.original;
+                const isRestarting = restartingDomains.has(domain.domainId);
+
+                return (
+                    <div className="flex items-center justify-end gap-2">
+                        {domain.failed && (
+                            <Button
+                                variant="outline"
+                                size="sm"
+                                onClick={() => restartDomain(domain.domainId)}
+                                disabled={isRestarting}
+                            >
+                                {isRestarting
+                                    ? t("restarting", {
+                                          fallback: "Restarting..."
+                                      })
+                                    : t("restart", { fallback: "Restart" })}
+                            </Button>
+                        )}
+                        <Button
+                            variant="secondary"
+                            size="sm"
+                            disabled={domain.configManaged}
+                            onClick={() => {
+                                setSelectedDomain(domain);
+                                setIsDeleteModalOpen(true);
+                            }}
+                        >
+                            {t("delete")}
+                        </Button>
+                    </div>
+                );
+            }
+        }
+    ];
+
+    return (
+        <>
+            {selectedDomain && (
+                <ConfirmDeleteDialog
+                    open={isDeleteModalOpen}
+                    setOpen={(val) => {
+                        setIsDeleteModalOpen(val);
+                        setSelectedDomain(null);
+                    }}
+                    dialog={
+                        <div className="space-y-4">
+                            <p>
+                                {t("domainQuestionRemove", {
+                                    domain: selectedDomain.baseDomain
+                                })}
+                            </p>
+                            <p>
+                                <b>{t("domainMessageRemove")}</b>
+                            </p>
+                            <p>{t("domainMessageConfirm")}</p>
+                        </div>
+                    }
+                    buttonText={t("domainConfirmDelete")}
+                    onConfirm={async () =>
+                        deleteDomain(selectedDomain.domainId)
+                    }
+                    string={selectedDomain.baseDomain}
+                    title={t("domainDelete")}
+                />
+            )}
+
+            <CreateDomainForm
+                open={isCreateModalOpen}
+                setOpen={setIsCreateModalOpen}
+                onCreated={(domain) => {
+                    refreshData();
+                }}
+            />
+
+            <DomainsDataTable
+                columns={columns}
+                data={domains}
+                onAdd={() => setIsCreateModalOpen(true)}
+                onRefresh={refreshData}
+                isRefreshing={isRefreshing}
+            />
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/domains/page.tsx b/src/app/[orgId]/settings/domains/page.tsx
new file mode 100644
index 00000000..d20e431f
--- /dev/null
+++ b/src/app/[orgId]/settings/domains/page.tsx
@@ -0,0 +1,60 @@
+import { internal } from "@app/lib/api";
+import { authCookieHeader } from "@app/lib/api/cookies";
+import { AxiosResponse } from "axios";
+import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
+import DomainsTable, { DomainRow } from "./DomainsTable";
+import { getTranslations } from "next-intl/server";
+import { cache } from "react";
+import { GetOrgResponse } from "@server/routers/org";
+import { redirect } from "next/navigation";
+import OrgProvider from "@app/providers/OrgProvider";
+import { ListDomainsResponse } from "@server/routers/domain";
+
+type Props = {
+    params: Promise<{ orgId: string }>;
+};
+
+export default async function DomainsPage(props: Props) {
+    const params = await props.params;
+
+    let domains: DomainRow[] = [];
+    try {
+        const res = await internal.get<
+            AxiosResponse<ListDomainsResponse>
+        >(`/org/${params.orgId}/domains`, await authCookieHeader());
+        domains = res.data.data.domains as DomainRow[];
+    } catch (e) {
+        console.error(e);
+    }
+
+    let org = null;
+    try {
+        const getOrg = cache(async () =>
+            internal.get<AxiosResponse<GetOrgResponse>>(
+                `/org/${params.orgId}`,
+                await authCookieHeader()
+            )
+        );
+        const res = await getOrg();
+        org = res.data.data;
+    } catch {
+        redirect(`/${params.orgId}`);
+    }
+
+    if (!org) {
+    }
+
+    const t = await getTranslations();
+
+    return (
+        <>
+            <OrgProvider org={org}>
+                <SettingsSectionTitle
+                    title={t("domains")}
+                    description={t("domainsDescription")}
+                />
+                <DomainsTable domains={domains} />
+            </OrgProvider>
+        </>
+    );
+}
diff --git a/src/app/[orgId]/settings/general/page.tsx b/src/app/[orgId]/settings/general/page.tsx
index 33f5a71a..8656a608 100644
--- a/src/app/[orgId]/settings/general/page.tsx
+++ b/src/app/[orgId]/settings/general/page.tsx
@@ -1,5 +1,4 @@
 "use client";
-
 import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { Button } from "@app/components/ui/button";
 import { useOrgContext } from "@app/hooks/useOrgContext";
@@ -22,6 +21,9 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { formatAxiosError } from "@app/lib/api";
+import { AxiosResponse } from "axios";
+import { DeleteOrgResponse, ListUserOrgsResponse } from "@server/routers/org";
+import { useRouter } from "next/navigation";
 import {
     SettingsContainer,
     SettingsSection,
@@ -37,22 +39,25 @@ import { useTranslations } from 'next-intl';
 import { AxiosResponse } from "axios";
 import { DeleteOrgResponse, ListUserOrgsResponse } from "@server/routers/org";
 import { useRouter } from "next/navigation";
+import { build } from "@server/build";
 
+// Updated schema to include subnet field
 const GeneralFormSchema = z.object({
-    name: z.string()
+    name: z.string(),
+    subnet: z.string().optional()
 });
 
 type GeneralFormValues = z.infer<typeof GeneralFormSchema>;
 
 export default function GeneralPage() {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
-
     const { orgUser } = userOrgUserContext();
     const router = useRouter();
     const { org } = useOrgContext();
     const api = createApiClient(useEnvContext());
     const { user } = useUserContext();
     const t = useTranslations();
+    const { env } = useEnvContext();
 
     const [loadingDelete, setLoadingDelete] = useState(false);
     const [loadingSave, setLoadingSave] = useState(false);
@@ -60,7 +65,8 @@ export default function GeneralPage() {
     const form = useForm<GeneralFormValues>({
         resolver: zodResolver(GeneralFormSchema),
         defaultValues: {
-            name: org?.org.name
+            name: org?.org.name,
+            subnet: org?.org.subnet || "" // Add default value for subnet
         },
         mode: "onChange"
     });
@@ -71,12 +77,10 @@ export default function GeneralPage() {
             const res = await api.delete<AxiosResponse<DeleteOrgResponse>>(
                 `/org/${org?.org.orgId}`
             );
-
             toast({
-                title: t('orgDeleted'),
-                description: t('orgDeletedMessage')
+                title: t("orgDeleted"),
+                description: t("orgDeletedMessage")
             });
-
             if (res.status === 200) {
                 pickNewOrgAndNavigate();
             }
@@ -84,8 +88,8 @@ export default function GeneralPage() {
             console.error(err);
             toast({
                 variant: "destructive",
-                title: t('orgErrorDelete'),
-                description: formatAxiosError(err, t('orgErrorDeleteMessage'))
+                title: t("orgErrorDelete"),
+                description: formatAxiosError(err, t("orgErrorDeleteMessage"))
             });
         } finally {
             setLoadingDelete(false);
@@ -110,8 +114,8 @@ export default function GeneralPage() {
             console.error(err);
             toast({
                 variant: "destructive",
-                title: t('orgErrorFetch'),
-                description: formatAxiosError(err, t('orgErrorFetchMessage'))
+                title: t("orgErrorFetch"),
+                description: formatAxiosError(err, t("orgErrorFetchMessage"))
             });
         }
     }
@@ -120,21 +124,21 @@ export default function GeneralPage() {
         setLoadingSave(true);
         await api
             .post(`/org/${org?.org.orgId}`, {
-                name: data.name
+                name: data.name,
+                // subnet: data.subnet // Include subnet in the API request
             })
             .then(() => {
                 toast({
-                    title: t('orgUpdated'),
-                    description: t('orgUpdatedDescription')
+                    title: t("orgUpdated"),
+                    description: t("orgUpdatedDescription")
                 });
-
                 router.refresh();
             })
             .catch((e) => {
                 toast({
                     variant: "destructive",
-                    title: t('orgErrorUpdate'),
-                    description: formatAxiosError(e, t('orgErrorUpdateMessage'))
+                    title: t("orgErrorUpdate"),
+                    description: formatAxiosError(e, t("orgErrorUpdateMessage"))
                 });
             })
             .finally(() => {
@@ -152,32 +156,28 @@ export default function GeneralPage() {
                 dialog={
                     <div>
                         <p className="mb-2">
-                            {t('orgQuestionRemove', {selectedOrg: org?.org.name})}
-                        </p>
-                        <p className="mb-2">
-                            {t('orgMessageRemove')}
-                        </p>
-                        <p>
-                            {t('orgMessageConfirm')}
+                            {t("orgQuestionRemove", {
+                                selectedOrg: org?.org.name
+                            })}
                         </p>
+                        <p className="mb-2">{t("orgMessageRemove")}</p>
+                        <p>{t("orgMessageConfirm")}</p>
                     </div>
                 }
-                buttonText={t('orgDeleteConfirm')}
+                buttonText={t("orgDeleteConfirm")}
                 onConfirm={deleteOrg}
                 string={org?.org.name || ""}
-                title={t('orgDelete')}
+                title={t("orgDelete")}
             />
-
             <SettingsSection>
                 <SettingsSectionHeader>
                     <SettingsSectionTitle>
-                        {t('orgGeneralSettings')}
+                        {t("orgGeneralSettings")}
                     </SettingsSectionTitle>
                     <SettingsSectionDescription>
-                        {t('orgGeneralSettingsDescription')}
+                        {t("orgGeneralSettingsDescription")}
                     </SettingsSectionDescription>
                 </SettingsSectionHeader>
-
                 <SettingsSectionBody>
                     <SettingsSectionForm>
                         <Form {...form}>
@@ -191,22 +191,44 @@ export default function GeneralPage() {
                                     name="name"
                                     render={({ field }) => (
                                         <FormItem>
-                                            <FormLabel>{t('name')}</FormLabel>
+                                            <FormLabel>{t("name")}</FormLabel>
                                             <FormControl>
                                                 <Input {...field} />
                                             </FormControl>
                                             <FormMessage />
                                             <FormDescription>
-                                                {t('orgDisplayName')}
+                                                {t("orgDisplayName")}
                                             </FormDescription>
                                         </FormItem>
                                     )}
                                 />
+                                {env.flags.enableClients && (
+                                    <FormField
+                                        control={form.control}
+                                        name="subnet"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>Subnet</FormLabel>
+                                                <FormControl>
+                                                    <Input
+                                                        {...field}
+                                                        disabled={true}
+                                                    />
+                                                </FormControl>
+                                                <FormMessage />
+                                                <FormDescription>
+                                                    The subnet for this
+                                                    organization's network
+                                                    configuration.
+                                                </FormDescription>
+                                            </FormItem>
+                                        )}
+                                    />
+                                )}
                             </form>
                         </Form>
                     </SettingsSectionForm>
                 </SettingsSectionBody>
-
                 <SettingsSectionFooter>
                     <Button
                         type="submit"
@@ -214,31 +236,33 @@ export default function GeneralPage() {
                         loading={loadingSave}
                         disabled={loadingSave}
                     >
-                        {t('saveGeneralSettings')}
-                    </Button>
-                </SettingsSectionFooter>
-            </SettingsSection>
-
-            <SettingsSection>
-                <SettingsSectionHeader>
-                    <SettingsSectionTitle>{t('orgDangerZone')}</SettingsSectionTitle>
-                    <SettingsSectionDescription>
-                        {t('orgDangerZoneDescription')}
-                    </SettingsSectionDescription>
-                </SettingsSectionHeader>
-
-                <SettingsSectionFooter>
-                    <Button
-                        variant="destructive"
-                        onClick={() => setIsDeleteModalOpen(true)}
-                        className="flex items-center gap-2"
-                        loading={loadingDelete}
-                        disabled={loadingDelete}
-                    >
-                        {t('orgDelete')}
+                        {t("saveGeneralSettings")}
                     </Button>
                 </SettingsSectionFooter>
             </SettingsSection>
+            {build === "oss" && (
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            {t("orgDangerZone")}
+                        </SettingsSectionTitle>
+                        <SettingsSectionDescription>
+                            {t("orgDangerZoneDescription")}
+                        </SettingsSectionDescription>
+                    </SettingsSectionHeader>
+                    <SettingsSectionFooter>
+                        <Button
+                            variant="destructive"
+                            onClick={() => setIsDeleteModalOpen(true)}
+                            className="flex items-center gap-2"
+                            loading={loadingDelete}
+                            disabled={loadingDelete}
+                        >
+                            {t("orgDelete")}
+                        </Button>
+                    </SettingsSectionFooter>
+                </SettingsSection>
+            )}
         </SettingsContainer>
     );
 }
diff --git a/src/app/[orgId]/settings/layout.tsx b/src/app/[orgId]/settings/layout.tsx
index 215f554f..7db530dd 100644
--- a/src/app/[orgId]/settings/layout.tsx
+++ b/src/app/[orgId]/settings/layout.tsx
@@ -1,16 +1,18 @@
 import { Metadata } from "next";
 import {
-    Cog,
     Combine,
+    KeyRound,
     LinkIcon,
     Settings,
     Users,
-    Waypoints
+    Waypoints,
+    Workflow
 } from "lucide-react";
 import { verifySession } from "@app/lib/auth/verifySession";
 import { redirect } from "next/navigation";
 import { internal } from "@app/lib/api";
 import { AxiosResponse } from "axios";
+import { ListOrgsResponse } from "@server/routers/org";
 import { GetOrgResponse, ListUserOrgsResponse } from "@server/routers/org";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { cache } from "react";
@@ -18,8 +20,9 @@ import { GetOrgUserResponse } from "@server/routers/user";
 import UserProvider from "@app/providers/UserProvider";
 import { Layout } from "@app/components/Layout";
 import { SidebarNavItem, SidebarNavProps } from "@app/components/SidebarNav";
-import { orgNavItems } from "@app/app/navigation";
-import { getTranslations } from 'next-intl/server';
+import { getTranslations } from "next-intl/server";
+import { pullEnv } from "@app/lib/pullEnv";
+import { orgNavSections } from "@app/app/navigation";
 
 export const dynamic = "force-dynamic";
 
@@ -41,6 +44,8 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
     const getUser = cache(verifySession);
     const user = await getUser();
 
+    const env = pullEnv();
+
     if (!user) {
         redirect(`/`);
     }
@@ -59,7 +64,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
         const orgUser = await getOrgUser();
 
         if (!orgUser.data.data.isAdmin && !orgUser.data.data.isOwner) {
-            throw new Error(t('userErrorNotAdminOrOwner'));
+            throw new Error(t("userErrorNotAdminOrOwner"));
         }
     } catch {
         redirect(`/${params.orgId}`);
@@ -81,7 +86,7 @@ export default async function SettingsLayout(props: SettingsLayoutProps) {
 
     return (
         <UserProvider user={user}>
-            <Layout orgId={params.orgId} orgs={orgs} navItems={orgNavItems}>
+            <Layout orgId={params.orgId} orgs={orgs} navItems={orgNavSections(env.flags.enableClients)}>
                 {children}
             </Layout>
         </UserProvider>
diff --git a/src/app/[orgId]/settings/resources/ResourcesTable.tsx b/src/app/[orgId]/settings/resources/ResourcesTable.tsx
index 7c6f4340..e64fb4e3 100644
--- a/src/app/[orgId]/settings/resources/ResourcesTable.tsx
+++ b/src/app/[orgId]/settings/resources/ResourcesTable.tsx
@@ -31,7 +31,9 @@ import CopyToClipboard from "@app/components/CopyToClipboard";
 import { Switch } from "@app/components/ui/switch";
 import { AxiosResponse } from "axios";
 import { UpdateResourceResponse } from "@server/routers/resource";
-import { useTranslations } from 'next-intl';
+import { useTranslations } from "next-intl";
+import { InfoPopup } from "@app/components/ui/info-popup";
+import { Badge } from "@app/components/ui/badge";
 
 export type ResourceRow = {
     id: number;
@@ -45,6 +47,7 @@ export type ResourceRow = {
     protocol: string;
     proxyPort: number | null;
     enabled: boolean;
+    domainId?: string;
 };
 
 type ResourcesTableProps = {
@@ -65,11 +68,11 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
     const deleteResource = (resourceId: number) => {
         api.delete(`/resource/${resourceId}`)
             .catch((e) => {
-                console.error(t('resourceErrorDelte'), e);
+                console.error(t("resourceErrorDelte"), e);
                 toast({
                     variant: "destructive",
-                    title: t('resourceErrorDelte'),
-                    description: formatAxiosError(e, t('resourceErrorDelte'))
+                    title: t("resourceErrorDelte"),
+                    description: formatAxiosError(e, t("resourceErrorDelte"))
                 });
             })
             .then(() => {
@@ -89,50 +92,16 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
             .catch((e) => {
                 toast({
                     variant: "destructive",
-                    title: t('resourcesErrorUpdate'),
-                    description: formatAxiosError(e, t('resourcesErrorUpdateDescription'))
+                    title: t("resourcesErrorUpdate"),
+                    description: formatAxiosError(
+                        e,
+                        t("resourcesErrorUpdateDescription")
+                    )
                 });
             });
     }
 
     const columns: ColumnDef<ResourceRow>[] = [
-        {
-            accessorKey: "dots",
-            header: "",
-            cell: ({ row }) => {
-                const resourceRow = row.original;
-                const router = useRouter();
-
-                return (
-                    <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <span className="sr-only">{t('openMenu')}</span>
-                                <MoreHorizontal className="h-4 w-4" />
-                            </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                            <Link
-                                className="block w-full"
-                                href={`/${resourceRow.orgId}/settings/resources/${resourceRow.id}`}
-                            >
-                                <DropdownMenuItem>
-                                    {t('viewSettings')}
-                                </DropdownMenuItem>
-                            </Link>
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelectedResource(resourceRow);
-                                    setIsDeleteModalOpen(true);
-                                }}
-                            >
-                                <span className="text-red-500">{t('delete')}</span>
-                            </DropdownMenuItem>
-                        </DropdownMenuContent>
-                    </DropdownMenu>
-                );
-            }
-        },
         {
             accessorKey: "name",
             header: ({ column }) => {
@@ -143,7 +112,7 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('name')}
+                        {t("name")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -159,7 +128,7 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('site')}
+                        {t("site")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -170,7 +139,7 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                     <Link
                         href={`/${resourceRow.orgId}/settings/sites/${resourceRow.siteId}`}
                     >
-                        <Button variant="outline">
+                        <Button variant="outline" size="sm">
                             {resourceRow.site}
                             <ArrowUpRight className="ml-2 h-4 w-4" />
                         </Button>
@@ -180,7 +149,7 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
         },
         {
             accessorKey: "protocol",
-            header: t('protocol'),
+            header: t("protocol"),
             cell: ({ row }) => {
                 const resourceRow = row.original;
                 return <span>{resourceRow.protocol.toUpperCase()}</span>;
@@ -188,16 +157,21 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
         },
         {
             accessorKey: "domain",
-            header: t('access'),
+            header: t("access"),
             cell: ({ row }) => {
                 const resourceRow = row.original;
                 return (
-                    <div>
+                    <div className="flex items-center space-x-2">
                         {!resourceRow.http ? (
                             <CopyToClipboard
                                 text={resourceRow.proxyPort!.toString()}
                                 isLink={false}
                             />
+                        ) : !resourceRow.domainId ? (
+                            <InfoPopup
+                                info={t("domainNotFoundDescription")}
+                                text={t("domainNotFound")}
+                            />
                         ) : (
                             <CopyToClipboard
                                 text={resourceRow.domain}
@@ -218,7 +192,7 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('authentication')}
+                        {t("authentication")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -230,12 +204,12 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                         {resourceRow.authState === "protected" ? (
                             <span className="text-green-500 flex items-center space-x-2">
                                 <ShieldCheck className="w-4 h-4" />
-                                <span>{t('protected')}</span>
+                                <span>{t("protected")}</span>
                             </span>
                         ) : resourceRow.authState === "not_protected" ? (
                             <span className="text-yellow-500 flex items-center space-x-2">
                                 <ShieldOff className="w-4 h-4" />
-                                <span>{t('notProtected')}</span>
+                                <span>{t("notProtected")}</span>
                             </span>
                         ) : (
                             <span>-</span>
@@ -246,10 +220,15 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
         },
         {
             accessorKey: "enabled",
-            header: t('enabled'),
+            header: t("enabled"),
             cell: ({ row }) => (
                 <Switch
-                    defaultChecked={row.original.enabled}
+                    defaultChecked={
+                        row.original.http
+                            ? (!!row.original.domainId && row.original.enabled)
+                            : row.original.enabled
+                    }
+                    disabled={row.original.http ? !row.original.domainId : false}
                     onCheckedChange={(val) =>
                         toggleResourceEnabled(val, row.original.id)
                     }
@@ -262,11 +241,45 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                 const resourceRow = row.original;
                 return (
                     <div className="flex items-center justify-end">
+                        <DropdownMenu>
+                            <DropdownMenuTrigger asChild>
+                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                    <span className="sr-only">
+                                        {t("openMenu")}
+                                    </span>
+                                    <MoreHorizontal className="h-4 w-4" />
+                                </Button>
+                            </DropdownMenuTrigger>
+                            <DropdownMenuContent align="end">
+                                <Link
+                                    className="block w-full"
+                                    href={`/${resourceRow.orgId}/settings/resources/${resourceRow.id}`}
+                                >
+                                    <DropdownMenuItem>
+                                        {t("viewSettings")}
+                                    </DropdownMenuItem>
+                                </Link>
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelectedResource(resourceRow);
+                                        setIsDeleteModalOpen(true);
+                                    }}
+                                >
+                                    <span className="text-red-500">
+                                        {t("delete")}
+                                    </span>
+                                </DropdownMenuItem>
+                            </DropdownMenuContent>
+                        </DropdownMenu>
                         <Link
                             href={`/${resourceRow.orgId}/settings/resources/${resourceRow.id}`}
                         >
-                            <Button variant={"outlinePrimary"} className="ml-2">
-                                {t('edit')}
+                            <Button
+                                variant={"secondary"}
+                                className="ml-2"
+                                size="sm"
+                            >
+                                {t("edit")}
                                 <ArrowRight className="ml-2 w-4 h-4" />
                             </Button>
                         </Link>
@@ -288,22 +301,22 @@ export default function SitesTable({ resources, orgId }: ResourcesTableProps) {
                     dialog={
                         <div>
                             <p className="mb-2">
-                                {t('resourceQuestionRemove', {selectedResource: selectedResource?.name || selectedResource?.id})}
+                                {t("resourceQuestionRemove", {
+                                    selectedResource:
+                                        selectedResource?.name ||
+                                        selectedResource?.id
+                                })}
                             </p>
 
-                            <p className="mb-2">
-                                {t('resourceMessageRemove')}
-                            </p>
+                            <p className="mb-2">{t("resourceMessageRemove")}</p>
 
-                            <p>
-                                {t('resourceMessageConfirm')}
-                            </p>
+                            <p>{t("resourceMessageConfirm")}</p>
                         </div>
                     }
-                    buttonText={t('resourceDeleteConfirm')}
+                    buttonText={t("resourceDeleteConfirm")}
                     onConfirm={async () => deleteResource(selectedResource!.id)}
                     string={selectedResource.name}
-                    title={t('resourceDelete')}
+                    title={t("resourceDelete")}
                 />
             )}
 
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx b/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx
index 7ccc5e50..717e4d49 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/ResourceInfoBox.tsx
@@ -10,10 +10,14 @@ import {
     InfoSections,
     InfoSectionTitle
 } from "@app/components/InfoSection";
-import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useDockerSocket } from "@app/hooks/useDockerSocket";
 import { useTranslations } from "next-intl";
+import { AxiosResponse } from "axios";
+import { useEffect, useState } from "react";
+import { Button } from "@/components/ui/button";
+import { RotateCw } from "lucide-react";
+import { createApiClient } from "@app/lib/api";
 
 type ResourceInfoBoxType = {};
 
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
index 6182c04a..c8f6255c 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/authentication/page.tsx
@@ -205,10 +205,10 @@ export default function ResourceAuthenticationPage() {
                 console.error(e);
                 toast({
                     variant: "destructive",
-                    title: t('resourceErrorAuthFetch'),
+                    title: t("resourceErrorAuthFetch"),
                     description: formatAxiosError(
                         e,
-                        t('resourceErrorAuthFetchDescription')
+                        t("resourceErrorAuthFetchDescription")
                     )
                 });
             }
@@ -235,18 +235,18 @@ export default function ResourceAuthenticationPage() {
             });
 
             toast({
-                title: t('resourceWhitelistSave'),
-                description: t('resourceWhitelistSaveDescription')
+                title: t("resourceWhitelistSave"),
+                description: t("resourceWhitelistSaveDescription")
             });
             router.refresh();
         } catch (e) {
             console.error(e);
             toast({
                 variant: "destructive",
-                title: t('resourceErrorWhitelistSave'),
+                title: t("resourceErrorWhitelistSave"),
                 description: formatAxiosError(
                     e,
-                    t('resourceErrorWhitelistSaveDescription')
+                    t("resourceErrorWhitelistSaveDescription")
                 )
             });
         } finally {
@@ -283,18 +283,18 @@ export default function ResourceAuthenticationPage() {
             });
 
             toast({
-                title: t('resourceAuthSettingsSave'),
-                description: t('resourceAuthSettingsSaveDescription')
+                title: t("resourceAuthSettingsSave"),
+                description: t("resourceAuthSettingsSaveDescription")
             });
             router.refresh();
         } catch (e) {
             console.error(e);
             toast({
                 variant: "destructive",
-                title: t('resourceErrorUsersRolesSave'),
+                title: t("resourceErrorUsersRolesSave"),
                 description: formatAxiosError(
                     e,
-                    t('resourceErrorUsersRolesSaveDescription')
+                    t("resourceErrorUsersRolesSaveDescription")
                 )
             });
         } finally {
@@ -310,8 +310,8 @@ export default function ResourceAuthenticationPage() {
         })
             .then(() => {
                 toast({
-                    title: t('resourcePasswordRemove'),
-                    description: t('resourcePasswordRemoveDescription')
+                    title: t("resourcePasswordRemove"),
+                    description: t("resourcePasswordRemoveDescription")
                 });
 
                 updateAuthInfo({
@@ -322,10 +322,10 @@ export default function ResourceAuthenticationPage() {
             .catch((e) => {
                 toast({
                     variant: "destructive",
-                    title: t('resourceErrorPasswordRemove'),
+                    title: t("resourceErrorPasswordRemove"),
                     description: formatAxiosError(
                         e,
-                        t('resourceErrorPasswordRemoveDescription')
+                        t("resourceErrorPasswordRemoveDescription")
                     )
                 });
             })
@@ -340,8 +340,8 @@ export default function ResourceAuthenticationPage() {
         })
             .then(() => {
                 toast({
-                    title: t('resourcePincodeRemove'),
-                    description: t('resourcePincodeRemoveDescription')
+                    title: t("resourcePincodeRemove"),
+                    description: t("resourcePincodeRemoveDescription")
                 });
 
                 updateAuthInfo({
@@ -352,10 +352,10 @@ export default function ResourceAuthenticationPage() {
             .catch((e) => {
                 toast({
                     variant: "destructive",
-                    title: t('resourceErrorPincodeRemove'),
+                    title: t("resourceErrorPincodeRemove"),
                     description: formatAxiosError(
                         e,
-                        t('resourceErrorPincodeRemoveDescription')
+                        t("resourceErrorPincodeRemoveDescription")
                     )
                 });
             })
@@ -400,140 +400,151 @@ export default function ResourceAuthenticationPage() {
                 <SettingsSection>
                     <SettingsSectionHeader>
                         <SettingsSectionTitle>
-                            {t('resourceUsersRoles')}
+                            {t("resourceUsersRoles")}
                         </SettingsSectionTitle>
                         <SettingsSectionDescription>
-                            {t('resourceUsersRolesDescription')}
+                            {t("resourceUsersRolesDescription")}
                         </SettingsSectionDescription>
                     </SettingsSectionHeader>
                     <SettingsSectionBody>
-                        <SwitchInput
-                            id="sso-toggle"
-                            label={t('ssoUse')}
-                            description={t('ssoUseDescription')}
-                            defaultChecked={resource.sso}
-                            onCheckedChange={(val) => setSsoEnabled(val)}
-                        />
+                        <SettingsSectionForm>
+                            <SwitchInput
+                                id="sso-toggle"
+                                label={t("ssoUse")}
+                                defaultChecked={resource.sso}
+                                onCheckedChange={(val) => setSsoEnabled(val)}
+                            />
 
-                        <Form {...usersRolesForm}>
-                            <form
-                                onSubmit={usersRolesForm.handleSubmit(
-                                    onSubmitUsersRoles
-                                )}
-                                id="users-roles-form"
-                                className="space-y-4"
-                            >
-                                {ssoEnabled && (
-                                    <>
-                                        <FormField
-                                            control={usersRolesForm.control}
-                                            name="roles"
-                                            render={({ field }) => (
-                                                <FormItem className="flex flex-col items-start">
-                                                    <FormLabel>{t('roles')}</FormLabel>
-                                                    <FormControl>
-                                                        <TagInput
-                                                            {...field}
-                                                            activeTagIndex={
-                                                                activeRolesTagIndex
-                                                            }
-                                                            setActiveTagIndex={
-                                                                setActiveRolesTagIndex
-                                                            }
-                                                            placeholder={t('accessRoleSelect2')}
-                                                            size="sm"
-                                                            tags={
-                                                                usersRolesForm.getValues()
-                                                                    .roles
-                                                            }
-                                                            setTags={(
-                                                                newRoles
-                                                            ) => {
-                                                                usersRolesForm.setValue(
-                                                                    "roles",
-                                                                    newRoles as [
-                                                                        Tag,
-                                                                        ...Tag[]
-                                                                    ]
-                                                                );
-                                                            }}
-                                                            enableAutocomplete={
-                                                                true
-                                                            }
-                                                            autocompleteOptions={
-                                                                allRoles
-                                                            }
-                                                            allowDuplicates={
-                                                                false
-                                                            }
-                                                            restrictTagsToAutocompleteOptions={
-                                                                true
-                                                            }
-                                                            sortTags={true}
-                                                        />
-                                                    </FormControl>
-                                                    <FormMessage />
-                                                    <FormDescription>
-                                                        {t('resourceRoleDescription')}
-                                                    </FormDescription>
-                                                </FormItem>
-                                            )}
-                                        />
-                                        <FormField
-                                            control={usersRolesForm.control}
-                                            name="users"
-                                            render={({ field }) => (
-                                                <FormItem className="flex flex-col items-start">
-                                                    <FormLabel>{t('users')}</FormLabel>
-                                                    <FormControl>
-                                                        <TagInput
-                                                            {...field}
-                                                            activeTagIndex={
-                                                                activeUsersTagIndex
-                                                            }
-                                                            setActiveTagIndex={
-                                                                setActiveUsersTagIndex
-                                                            }
-                                                            placeholder={t('accessUserSelect')}
-                                                            tags={
-                                                                usersRolesForm.getValues()
-                                                                    .users
-                                                            }
-                                                            size="sm"
-                                                            setTags={(
-                                                                newUsers
-                                                            ) => {
-                                                                usersRolesForm.setValue(
-                                                                    "users",
-                                                                    newUsers as [
-                                                                        Tag,
-                                                                        ...Tag[]
-                                                                    ]
-                                                                );
-                                                            }}
-                                                            enableAutocomplete={
-                                                                true
-                                                            }
-                                                            autocompleteOptions={
-                                                                allUsers
-                                                            }
-                                                            allowDuplicates={
-                                                                false
-                                                            }
-                                                            restrictTagsToAutocompleteOptions={
-                                                                true
-                                                            }
-                                                            sortTags={true}
-                                                        />
-                                                    </FormControl>
-                                                    <FormMessage />
-                                                </FormItem>
-                                            )}
-                                        />
-                                    </>
-                                )}
-                            </form>
-                        </Form>
+                            <Form {...usersRolesForm}>
+                                <form
+                                    onSubmit={usersRolesForm.handleSubmit(
+                                        onSubmitUsersRoles
+                                    )}
+                                    id="users-roles-form"
+                                    className="space-y-4"
+                                >
+                                    {ssoEnabled && (
+                                        <>
+                                            <FormField
+                                                control={usersRolesForm.control}
+                                                name="roles"
+                                                render={({ field }) => (
+                                                    <FormItem className="flex flex-col items-start">
+                                                        <FormLabel>
+                                                            {t("roles")}
+                                                        </FormLabel>
+                                                        <FormControl>
+                                                            <TagInput
+                                                                {...field}
+                                                                activeTagIndex={
+                                                                    activeRolesTagIndex
+                                                                }
+                                                                setActiveTagIndex={
+                                                                    setActiveRolesTagIndex
+                                                                }
+                                                                placeholder={t(
+                                                                    "accessRoleSelect2"
+                                                                )}
+                                                                size="sm"
+                                                                tags={
+                                                                    usersRolesForm.getValues()
+                                                                        .roles
+                                                                }
+                                                                setTags={(
+                                                                    newRoles
+                                                                ) => {
+                                                                    usersRolesForm.setValue(
+                                                                        "roles",
+                                                                        newRoles as [
+                                                                            Tag,
+                                                                            ...Tag[]
+                                                                        ]
+                                                                    );
+                                                                }}
+                                                                enableAutocomplete={
+                                                                    true
+                                                                }
+                                                                autocompleteOptions={
+                                                                    allRoles
+                                                                }
+                                                                allowDuplicates={
+                                                                    false
+                                                                }
+                                                                restrictTagsToAutocompleteOptions={
+                                                                    true
+                                                                }
+                                                                sortTags={true}
+                                                            />
+                                                        </FormControl>
+                                                        <FormMessage />
+                                                        <FormDescription>
+                                                            {t(
+                                                                "resourceRoleDescription"
+                                                            )}
+                                                        </FormDescription>
+                                                    </FormItem>
+                                                )}
+                                            />
+                                            <FormField
+                                                control={usersRolesForm.control}
+                                                name="users"
+                                                render={({ field }) => (
+                                                    <FormItem className="flex flex-col items-start">
+                                                        <FormLabel>
+                                                            {t("users")}
+                                                        </FormLabel>
+                                                        <FormControl>
+                                                            <TagInput
+                                                                {...field}
+                                                                activeTagIndex={
+                                                                    activeUsersTagIndex
+                                                                }
+                                                                setActiveTagIndex={
+                                                                    setActiveUsersTagIndex
+                                                                }
+                                                                placeholder={t(
+                                                                    "accessUserSelect"
+                                                                )}
+                                                                tags={
+                                                                    usersRolesForm.getValues()
+                                                                        .users
+                                                                }
+                                                                size="sm"
+                                                                setTags={(
+                                                                    newUsers
+                                                                ) => {
+                                                                    usersRolesForm.setValue(
+                                                                        "users",
+                                                                        newUsers as [
+                                                                            Tag,
+                                                                            ...Tag[]
+                                                                        ]
+                                                                    );
+                                                                }}
+                                                                enableAutocomplete={
+                                                                    true
+                                                                }
+                                                                autocompleteOptions={
+                                                                    allUsers
+                                                                }
+                                                                allowDuplicates={
+                                                                    false
+                                                                }
+                                                                restrictTagsToAutocompleteOptions={
+                                                                    true
+                                                                }
+                                                                sortTags={true}
+                                                            />
+                                                        </FormControl>
+                                                        <FormMessage />
+                                                    </FormItem>
+                                                )}
+                                            />
+                                        </>
+                                    )}
+                                </form>
+                            </Form>
+                        </SettingsSectionForm>
                     </SettingsSectionBody>
                     <SettingsSectionFooter>
                         <Button
@@ -542,7 +553,7 @@ export default function ResourceAuthenticationPage() {
                             disabled={loadingSaveUsersRoles}
                             form="users-roles-form"
                         >
-                            {t('resourceUsersRolesSubmit')}
+                            {t("resourceUsersRolesSubmit")}
                         </Button>
                     </SettingsSectionFooter>
                 </SettingsSection>
@@ -550,170 +561,195 @@ export default function ResourceAuthenticationPage() {
                 <SettingsSection>
                     <SettingsSectionHeader>
                         <SettingsSectionTitle>
-                            {t('resourceAuthMethods')}
+                            {t("resourceAuthMethods")}
                         </SettingsSectionTitle>
                         <SettingsSectionDescription>
-                            {t('resourceAuthMethodsDescriptions')}
+                            {t("resourceAuthMethodsDescriptions")}
                         </SettingsSectionDescription>
                     </SettingsSectionHeader>
                     <SettingsSectionBody>
-                        {/* Password Protection */}
-                        <div className="flex items-center justify-between">
-                            <div
-                                className={`flex items-center text-${!authInfo.password ? "neutral" : "green"}-500 space-x-2`}
-                            >
-                                <Key />
-                                <span>
-                                    {t('resourcePasswordProtection', {status: authInfo.password? t('enabled') : t('disabled')})}
-                                </span>
+                        <SettingsSectionForm>
+                            {/* Password Protection */}
+                            <div className="flex items-center justify-between border rounded-md p-2 mb-4">
+                                <div
+                                    className={`flex items-center ${!authInfo.password ? "text-muted-foreground" : "text-green-500"} text-sm space-x-2`}
+                                >
+                                    <Key size="14" />
+                                    <span>
+                                        {t("resourcePasswordProtection", {
+                                            status: authInfo.password
+                                                ? t("enabled")
+                                                : t("disabled")
+                                        })}
+                                    </span>
+                                </div>
+                                <Button
+                                    variant="secondary"
+                                    size="sm"
+                                    onClick={
+                                        authInfo.password
+                                            ? removeResourcePassword
+                                            : () => setIsSetPasswordOpen(true)
+                                    }
+                                    loading={loadingRemoveResourcePassword}
+                                >
+                                    {authInfo.password
+                                        ? t("passwordRemove")
+                                        : t("passwordAdd")}
+                                </Button>
                             </div>
-                            <Button
-                                variant="outlinePrimary"
-                                onClick={
-                                    authInfo.password
-                                        ? removeResourcePassword
-                                        : () => setIsSetPasswordOpen(true)
-                                }
-                                loading={loadingRemoveResourcePassword}
-                            >
-                                {authInfo.password
-                                    ? t('passwordRemove')
-                                    : t('passwordAdd')}
-                            </Button>
-                        </div>
 
-                        {/* PIN Code Protection */}
-                        <div className="flex items-center justify-between">
-                            <div
-                                className={`flex items-center text-${!authInfo.pincode ? "neutral" : "green"}-500 space-x-2`}
-                            >
-                                <Binary />
-                                <span>
-                                    {t('resourcePincodeProtection', {status: authInfo.pincode ? t('enabled') : t('disabled')})}
-                                </span>
+                            {/* PIN Code Protection */}
+                            <div className="flex items-center justify-between border rounded-md p-2">
+                                <div
+                                    className={`flex items-center ${!authInfo.pincode ? "text-muted-foreground" : "text-green-500"} space-x-2 text-sm`}
+                                >
+                                    <Binary size="14" />
+                                    <span>
+                                        {t("resourcePincodeProtection", {
+                                            status: authInfo.pincode
+                                                ? t("enabled")
+                                                : t("disabled")
+                                        })}
+                                    </span>
+                                </div>
+                                <Button
+                                    variant="secondary"
+                                    size="sm"
+                                    onClick={
+                                        authInfo.pincode
+                                            ? removeResourcePincode
+                                            : () => setIsSetPincodeOpen(true)
+                                    }
+                                    loading={loadingRemoveResourcePincode}
+                                >
+                                    {authInfo.pincode
+                                        ? t("pincodeRemove")
+                                        : t("pincodeAdd")}
+                                </Button>
                             </div>
-                            <Button
-                                variant="outlinePrimary"
-                                onClick={
-                                    authInfo.pincode
-                                        ? removeResourcePincode
-                                        : () => setIsSetPincodeOpen(true)
-                                }
-                                loading={loadingRemoveResourcePincode}
-                            >
-                                {authInfo.pincode
-                                    ? t('pincodeRemove')
-                                    : t('pincodeAdd')}
-                            </Button>
-                        </div>
+                        </SettingsSectionForm>
                     </SettingsSectionBody>
                 </SettingsSection>
 
                 <SettingsSection>
                     <SettingsSectionHeader>
                         <SettingsSectionTitle>
-                            {t('otpEmailTitle')}
+                            {t("otpEmailTitle")}
                         </SettingsSectionTitle>
                         <SettingsSectionDescription>
-                            {t('otpEmailTitleDescription')}
+                            {t("otpEmailTitleDescription")}
                         </SettingsSectionDescription>
                     </SettingsSectionHeader>
                     <SettingsSectionBody>
-                        {!env.email.emailEnabled && (
-                            <Alert variant="neutral" className="mb-4">
-                                <InfoIcon className="h-4 w-4" />
-                                <AlertTitle className="font-semibold">
-                                    {t('otpEmailSmtpRequired')}
-                                </AlertTitle>
-                                <AlertDescription>
-                                    {t('otpEmailSmtpRequiredDescription')}
-                                </AlertDescription>
-                            </Alert>
-                        )}
-                        <SwitchInput
-                            id="whitelist-toggle"
-                            label={t('otpEmailWhitelist')}
-                            defaultChecked={resource.emailWhitelistEnabled}
-                            onCheckedChange={setWhitelistEnabled}
-                            disabled={!env.email.emailEnabled}
-                        />
+                        <SettingsSectionForm>
+                            {!env.email.emailEnabled && (
+                                <Alert variant="neutral" className="mb-4">
+                                    <InfoIcon className="h-4 w-4" />
+                                    <AlertTitle className="font-semibold">
+                                        {t("otpEmailSmtpRequired")}
+                                    </AlertTitle>
+                                    <AlertDescription>
+                                        {t("otpEmailSmtpRequiredDescription")}
+                                    </AlertDescription>
+                                </Alert>
+                            )}
+                            <SwitchInput
+                                id="whitelist-toggle"
+                                label={t("otpEmailWhitelist")}
+                                defaultChecked={resource.emailWhitelistEnabled}
+                                onCheckedChange={setWhitelistEnabled}
+                                disabled={!env.email.emailEnabled}
+                            />
 
-                        {whitelistEnabled && env.email.emailEnabled && (
-                            <Form {...whitelistForm}>
-                                <form id="whitelist-form">
-                                    <FormField
-                                        control={whitelistForm.control}
-                                        name="emails"
-                                        render={({ field }) => (
-                                            <FormItem>
-                                                <FormLabel>
-                                                    <InfoPopup
-                                                        text={t('otpEmailWhitelistList')}
-                                                        info={t('otpEmailWhitelistListDescription')}
-                                                    />
-                                                </FormLabel>
-                                                <FormControl>
-                                                    {/* @ts-ignore */}
-                                                    <TagInput
-                                                        {...field}
-                                                        activeTagIndex={
-                                                            activeEmailTagIndex
-                                                        }
-                                                        size={"sm"}
-                                                        validateTag={(
-                                                            tag
-                                                        ) => {
-                                                            return z
-                                                                .string()
-                                                                .email()
-                                                                .or(
-                                                                    z
-                                                                        .string()
-                                                                        .regex(
-                                                                            /^\*@[\w.-]+\.[a-zA-Z]{2,}$/,
-                                                                            {
-                                                                                message: t('otpEmailErrorInvalid')
-                                                                            }
-                                                                        )
-                                                                )
-                                                                .safeParse(
-                                                                    tag
-                                                                ).success;
-                                                        }}
-                                                        setActiveTagIndex={
-                                                            setActiveEmailTagIndex
-                                                        }
-                                                        placeholder={t('otpEmailEnter')}
-                                                        tags={
-                                                            whitelistForm.getValues()
-                                                                .emails
-                                                        }
-                                                        setTags={(
-                                                            newRoles
-                                                        ) => {
-                                                            whitelistForm.setValue(
-                                                                "emails",
-                                                                newRoles as [
-                                                                    Tag,
-                                                                    ...Tag[]
-                                                                ]
-                                                            );
-                                                        }}
-                                                        allowDuplicates={
-                                                            false
-                                                        }
-                                                        sortTags={true}
-                                                    />
-                                                </FormControl>
-                                                <FormDescription>
-                                                    {t('otpEmailEnterDescription')}
-                                                </FormDescription>
-                                            </FormItem>
-                                        )}
-                                    />
-                                </form>
-                            </Form>
-                        )}
+                            {whitelistEnabled && env.email.emailEnabled && (
+                                <Form {...whitelistForm}>
+                                    <form id="whitelist-form">
+                                        <FormField
+                                            control={whitelistForm.control}
+                                            name="emails"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        <InfoPopup
+                                                            text={t(
+                                                                "otpEmailWhitelistList"
+                                                            )}
+                                                            info={t(
+                                                                "otpEmailWhitelistListDescription"
+                                                            )}
+                                                        />
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        {/* @ts-ignore */}
+                                                        <TagInput
+                                                            {...field}
+                                                            activeTagIndex={
+                                                                activeEmailTagIndex
+                                                            }
+                                                            size={"sm"}
+                                                            validateTag={(
+                                                                tag
+                                                            ) => {
+                                                                return z
+                                                                    .string()
+                                                                    .email()
+                                                                    .or(
+                                                                        z
+                                                                            .string()
+                                                                            .regex(
+                                                                                /^\*@[\w.-]+\.[a-zA-Z]{2,}$/,
+                                                                                {
+                                                                                    message:
+                                                                                        t(
+                                                                                            "otpEmailErrorInvalid"
+                                                                                        )
+                                                                                }
+                                                                            )
+                                                                    )
+                                                                    .safeParse(
+                                                                        tag
+                                                                    ).success;
+                                                            }}
+                                                            setActiveTagIndex={
+                                                                setActiveEmailTagIndex
+                                                            }
+                                                            placeholder={t(
+                                                                "otpEmailEnter"
+                                                            )}
+                                                            tags={
+                                                                whitelistForm.getValues()
+                                                                    .emails
+                                                            }
+                                                            setTags={(
+                                                                newRoles
+                                                            ) => {
+                                                                whitelistForm.setValue(
+                                                                    "emails",
+                                                                    newRoles as [
+                                                                        Tag,
+                                                                        ...Tag[]
+                                                                    ]
+                                                                );
+                                                            }}
+                                                            allowDuplicates={
+                                                                false
+                                                            }
+                                                            sortTags={true}
+                                                        />
+                                                    </FormControl>
+                                                    <FormDescription>
+                                                        {t(
+                                                            "otpEmailEnterDescription"
+                                                        )}
+                                                    </FormDescription>
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </form>
+                                </Form>
+                            )}
+                        </SettingsSectionForm>
                     </SettingsSectionBody>
                     <SettingsSectionFooter>
                         <Button
@@ -722,7 +758,7 @@ export default function ResourceAuthenticationPage() {
                             loading={loadingSaveWhitelist}
                             disabled={loadingSaveWhitelist}
                         >
-                            {t('otpEmailWhitelistSave')}
+                            {t("otpEmailWhitelistSave")}
                         </Button>
                     </SettingsSectionFooter>
                 </SettingsSection>
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
index a0c89773..efda61c3 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/general/page.tsx
@@ -66,6 +66,18 @@ import {
 } from "@server/routers/resource";
 import { SwitchInput } from "@app/components/SwitchInput";
 import { useTranslations } from "next-intl";
+import {
+    Credenza,
+    CredenzaBody,
+    CredenzaClose,
+    CredenzaContent,
+    CredenzaDescription,
+    CredenzaFooter,
+    CredenzaHeader,
+    CredenzaTitle
+} from "@app/components/Credenza";
+import DomainPicker from "@app/components/DomainPicker";
+import { Globe } from "lucide-react";
 
 const TransferFormSchema = z.object({
     siteId: z.number()
@@ -80,6 +92,7 @@ export default function GeneralForm() {
     const { org } = useOrgContext();
     const router = useRouter();
     const t = useTranslations();
+    const [editDomainOpen, setEditDomainOpen] = useState(false);
 
     const { env } = useEnvContext();
 
@@ -96,60 +109,45 @@ export default function GeneralForm() {
     >([]);
 
     const [loadingPage, setLoadingPage] = useState(true);
-    const [domainType, setDomainType] = useState<"subdomain" | "basedomain">(
-        resource.isBaseDomain ? "basedomain" : "subdomain"
+    const [resourceFullDomain, setResourceFullDomain] = useState(
+        `${resource.ssl ? "https" : "http"}://${resource.fullDomain}`
     );
+    const [selectedDomain, setSelectedDomain] = useState<{
+        domainId: string;
+        subdomain?: string;
+        fullDomain: string;
+    } | null>(null);
 
-    const GeneralFormSchema = z
-        .object({
-            subdomain: z.string().optional(),
-            name: z.string().min(1).max(255),
-            proxyPort: z.number().optional(),
-            http: z.boolean(),
-            isBaseDomain: z.boolean().optional(),
-            domainId: z.string().optional()
-        })
-        .refine(
-            (data) => {
-                if (!data.http) {
-                    return z
-                        .number()
-                        .int()
-                        .min(1)
-                        .max(65535)
-                        .safeParse(data.proxyPort).success;
-                }
-                return true;
-            },
-            {
-                message: t("proxyErrorInvalidPort"),
-                path: ["proxyPort"]
-            }
-        )
-        .refine(
-            (data) => {
-                if (data.http && !data.isBaseDomain) {
-                    return subdomainSchema.safeParse(data.subdomain).success;
-                }
-                return true;
-            },
-            {
-                message: t("subdomainErrorInvalid"),
-                path: ["subdomain"]
-            }
-        );
+    const GeneralFormSchema = z.object({
+        enabled: z.boolean(),
+        subdomain: z.string().optional(),
+        name: z.string().min(1).max(255),
+        domainId: z.string().optional(),
+        proxyPort: z.number().int().min(1).max(65535).optional()
+    }).refine((data) => {
+        // For non-HTTP resources, proxyPort should be defined
+        if (!resource.http) {
+            return data.proxyPort !== undefined;
+        }
+        // For HTTP resources, proxyPort should be undefined
+        return data.proxyPort === undefined;
+    }, {
+        message: !resource.http 
+            ? "Port number is required for non-HTTP resources" 
+            : "Port number should not be set for HTTP resources",
+        path: ["proxyPort"]
+    });
 
     type GeneralFormValues = z.infer<typeof GeneralFormSchema>;
 
     const form = useForm<GeneralFormValues>({
         resolver: zodResolver(GeneralFormSchema),
         defaultValues: {
+            enabled: resource.enabled,
             name: resource.name,
             subdomain: resource.subdomain ? resource.subdomain : undefined,
-            proxyPort: resource.proxyPort ? resource.proxyPort : undefined,
-            http: resource.http,
-            isBaseDomain: resource.isBaseDomain ? true : false,
-            domainId: resource.domainId || undefined
+            domainId: resource.domainId || undefined,
+            proxyPort: resource.proxyPort || undefined
         },
         mode: "onChange"
     });
@@ -209,11 +207,11 @@ export default function GeneralForm() {
             .post<AxiosResponse<UpdateResourceResponse>>(
                 `resource/${resource?.resourceId}`,
                 {
+                    enabled: data.enabled,
                     name: data.name,
-                    subdomain: data.http ? data.subdomain : undefined,
-                    proxyPort: data.proxyPort,
-                    isBaseDomain: data.http ? data.isBaseDomain : undefined,
-                    domainId: data.http ? data.domainId : undefined
+                    subdomain: data.subdomain,
+                    domainId: data.domainId,
+                    proxyPort: data.proxyPort
                 }
             )
             .catch((e) => {
@@ -236,11 +234,11 @@ export default function GeneralForm() {
             const resource = res.data.data;
 
             updateResource({
+                enabled: data.enabled,
                 name: data.name,
                 subdomain: data.subdomain,
-                proxyPort: data.proxyPort,
-                isBaseDomain: data.isBaseDomain,
-                fullDomain: resource.fullDomain
+                fullDomain: resource.fullDomain,
+                proxyPort: data.proxyPort
             });
 
             router.refresh();
@@ -282,469 +280,338 @@ export default function GeneralForm() {
         setTransferLoading(false);
     }
 
-    async function toggleResourceEnabled(val: boolean) {
-        const res = await api
-            .post<AxiosResponse<UpdateResourceResponse>>(
-                `resource/${resource.resourceId}`,
-                {
-                    enabled: val
-                }
-            )
-            .catch((e) => {
-                toast({
-                    variant: "destructive",
-                    title: t("resourceErrorToggle"),
-                    description: formatAxiosError(
-                        e,
-                        t("resourceErrorToggleDescription")
-                    )
-                });
-            });
-
-        updateResource({
-            enabled: val
-        });
-    }
-
     return (
         !loadingPage && (
-            <SettingsContainer>
-                <SettingsSection>
-                    <SettingsSectionHeader>
-                        <SettingsSectionTitle>
-                            {t("resourceVisibilityTitle")}
-                        </SettingsSectionTitle>
-                        <SettingsSectionDescription>
-                            {t("resourceVisibilityTitleDescription")}
-                        </SettingsSectionDescription>
-                    </SettingsSectionHeader>
-                    <SettingsSectionBody>
-                        <SwitchInput
-                            id="enable-resource"
-                            label={t("resourceEnable")}
-                            defaultChecked={resource.enabled}
-                            onCheckedChange={async (val) => {
-                                await toggleResourceEnabled(val);
-                            }}
-                        />
-                    </SettingsSectionBody>
-                </SettingsSection>
+            <>
+                <SettingsContainer>
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t("resourceGeneral")}
+                            </SettingsSectionTitle>
+                            <SettingsSectionDescription>
+                                {t("resourceGeneralDescription")}
+                            </SettingsSectionDescription>
+                        </SettingsSectionHeader>
 
-                <SettingsSection>
-                    <SettingsSectionHeader>
-                        <SettingsSectionTitle>
-                            {t("resourceGeneral")}
-                        </SettingsSectionTitle>
-                        <SettingsSectionDescription>
-                            {t("resourceGeneralDescription")}
-                        </SettingsSectionDescription>
-                    </SettingsSectionHeader>
-
-                    <SettingsSectionBody>
-                        <SettingsSectionForm>
-                            <Form {...form} key={formKey}>
-                                <form
-                                    onSubmit={form.handleSubmit(onSubmit)}
-                                    className="grid grid-cols-1 md:grid-cols-2 gap-4"
-                                    id="general-settings-form"
-                                >
-                                    <FormField
-                                        control={form.control}
-                                        name="name"
-                                        render={({ field }) => (
-                                            <FormItem>
-                                                <FormLabel>
-                                                    {t("name")}
-                                                </FormLabel>
-                                                <FormControl>
-                                                    <Input {...field} />
-                                                </FormControl>
-                                                <FormMessage />
-                                            </FormItem>
-                                        )}
-                                    />
-
-                                    {resource.http && (
-                                        <>
-                                            {env.flags
-                                                .allowBaseDomainResources && (
-                                                <FormField
-                                                    control={form.control}
-                                                    name="isBaseDomain"
-                                                    render={({ field }) => (
-                                                        <FormItem>
-                                                            <FormLabel>
-                                                                {t(
-                                                                    "domainType"
-                                                                )}
-                                                            </FormLabel>
-                                                            <Select
-                                                                value={
-                                                                    domainType
-                                                                }
-                                                                onValueChange={(
-                                                                    val
-                                                                ) => {
-                                                                    setDomainType(
-                                                                        val ===
-                                                                            "basedomain"
-                                                                            ? "basedomain"
-                                                                            : "subdomain"
-                                                                    );
-                                                                    form.setValue(
-                                                                        "isBaseDomain",
-                                                                        val ===
-                                                                            "basedomain"
-                                                                            ? true
-                                                                            : false
-                                                                    );
-                                                                }}
-                                                            >
-                                                                <FormControl>
-                                                                    <SelectTrigger>
-                                                                        <SelectValue />
-                                                                    </SelectTrigger>
-                                                                </FormControl>
-                                                                <SelectContent>
-                                                                    <SelectItem value="subdomain">
-                                                                        {t(
-                                                                            "subdomain"
-                                                                        )}
-                                                                    </SelectItem>
-                                                                    <SelectItem value="basedomain">
-                                                                        {t(
-                                                                            "baseDomain"
-                                                                        )}
-                                                                    </SelectItem>
-                                                                </SelectContent>
-                                                            </Select>
-                                                            <FormMessage />
-                                                        </FormItem>
-                                                    )}
-                                                />
-                                            )}
-
-                                            <div className="col-span-2">
-                                                {domainType === "subdomain" ? (
-                                                    <div className="w-fill space-y-2">
-                                                        <FormLabel>
-                                                            {t("subdomain")}
-                                                        </FormLabel>
-                                                        <div className="flex">
-                                                            <div className="w-1/2">
-                                                                <FormField
-                                                                    control={
-                                                                        form.control
-                                                                    }
-                                                                    name="subdomain"
-                                                                    render={({
-                                                                        field
-                                                                    }) => (
-                                                                        <FormItem>
-                                                                            <FormControl>
-                                                                                <Input
-                                                                                    {...field}
-                                                                                    className="border-r-0 rounded-r-none"
-                                                                                />
-                                                                            </FormControl>
-                                                                            <FormMessage />
-                                                                        </FormItem>
-                                                                    )}
-                                                                />
-                                                            </div>
-                                                            <div className="w-1/2">
-                                                                <FormField
-                                                                    control={
-                                                                        form.control
-                                                                    }
-                                                                    name="domainId"
-                                                                    render={({
-                                                                        field
-                                                                    }) => (
-                                                                        <FormItem>
-                                                                            <Select
-                                                                                onValueChange={
-                                                                                    field.onChange
-                                                                                }
-                                                                                defaultValue={
-                                                                                    field.value
-                                                                                }
-                                                                                value={
-                                                                                    field.value
-                                                                                }
-                                                                            >
-                                                                                <FormControl>
-                                                                                    <SelectTrigger className="rounded-l-none">
-                                                                                        <SelectValue />
-                                                                                    </SelectTrigger>
-                                                                                </FormControl>
-                                                                                <SelectContent>
-                                                                                    {baseDomains.map(
-                                                                                        (
-                                                                                            option
-                                                                                        ) => (
-                                                                                            <SelectItem
-                                                                                                key={
-                                                                                                    option.domainId
-                                                                                                }
-                                                                                                value={
-                                                                                                    option.domainId
-                                                                                                }
-                                                                                            >
-                                                                                                .
-                                                                                                {
-                                                                                                    option.baseDomain
-                                                                                                }
-                                                                                            </SelectItem>
-                                                                                        )
-                                                                                    )}
-                                                                                </SelectContent>
-                                                                            </Select>
-                                                                            <FormMessage />
-                                                                        </FormItem>
-                                                                    )}
-                                                                />
-                                                            </div>
-                                                        </div>
-                                                    </div>
-                                                ) : (
-                                                    <FormField
-                                                        control={form.control}
-                                                        name="domainId"
-                                                        render={({ field }) => (
-                                                            <FormItem>
-                                                                <FormLabel>
-                                                                    {t(
-                                                                        "baseDomain"
-                                                                    )}
-                                                                </FormLabel>
-                                                                <Select
-                                                                    onValueChange={
-                                                                        field.onChange
-                                                                    }
-                                                                    defaultValue={
-                                                                        field.value ||
-                                                                        baseDomains[0]
-                                                                            ?.domainId
-                                                                    }
-                                                                >
-                                                                    <FormControl>
-                                                                        <SelectTrigger>
-                                                                            <SelectValue />
-                                                                        </SelectTrigger>
-                                                                    </FormControl>
-                                                                    <SelectContent>
-                                                                        {baseDomains.map(
-                                                                            (
-                                                                                option
-                                                                            ) => (
-                                                                                <SelectItem
-                                                                                    key={
-                                                                                        option.domainId
-                                                                                    }
-                                                                                    value={
-                                                                                        option.domainId
-                                                                                    }
-                                                                                >
-                                                                                    {
-                                                                                        option.baseDomain
-                                                                                    }
-                                                                                </SelectItem>
-                                                                            )
-                                                                        )}
-                                                                    </SelectContent>
-                                                                </Select>
-                                                                <FormMessage />
-                                                            </FormItem>
-                                                        )}
-                                                    />
-                                                )}
-                                            </div>
-                                        </>
-                                    )}
-
-                                    {!resource.http && (
+                        <SettingsSectionBody>
+                            <SettingsSectionForm>
+                                <Form {...form} key={formKey}>
+                                    <form
+                                        onSubmit={form.handleSubmit(onSubmit)}
+                                        className="space-y-4"
+                                        id="general-settings-form"
+                                    >
                                         <FormField
                                             control={form.control}
-                                            name="proxyPort"
+                                            name="enabled"
+                                            render={({ field }) => (
+                                                <FormItem className="col-span-2">
+                                                    <div className="flex items-center space-x-2">
+                                                        <FormControl>
+                                                            <SwitchInput
+                                                                id="enable-resource"
+                                                                defaultChecked={
+                                                                    resource.enabled
+                                                                }
+                                                                label={t(
+                                                                    "resourceEnable"
+                                                                )}
+                                                                onCheckedChange={(
+                                                                    val
+                                                                ) =>
+                                                                    form.setValue(
+                                                                        "enabled",
+                                                                        val
+                                                                    )
+                                                                }
+                                                            />
+                                                        </FormControl>
+                                                    </div>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+
+                                        <FormField
+                                            control={form.control}
+                                            name="name"
                                             render={({ field }) => (
                                                 <FormItem>
                                                     <FormLabel>
-                                                        {t(
-                                                            "resourcePortNumber"
-                                                        )}
+                                                        {t("name")}
                                                     </FormLabel>
                                                     <FormControl>
-                                                        <Input
-                                                            type="number"
-                                                            value={
-                                                                field.value ??
-                                                                ""
-                                                            }
-                                                            onChange={(e) =>
-                                                                field.onChange(
-                                                                    e.target
-                                                                        .value
-                                                                        ? parseInt(
-                                                                              e
-                                                                                  .target
-                                                                                  .value
-                                                                          )
-                                                                        : null
-                                                                )
-                                                            }
-                                                        />
+                                                        <Input {...field} />
                                                     </FormControl>
                                                     <FormMessage />
                                                 </FormItem>
                                             )}
                                         />
-                                    )}
-                                </form>
-                            </Form>
-                        </SettingsSectionForm>
-                    </SettingsSectionBody>
 
-                    <SettingsSectionFooter>
-                        <Button
-                            type="submit"
-                            loading={saveLoading}
-                            disabled={saveLoading}
-                            form="general-settings-form"
-                        >
-                            {t("saveGeneralSettings")}
-                        </Button>
-                    </SettingsSectionFooter>
-                </SettingsSection>
-
-                <SettingsSection>
-                    <SettingsSectionHeader>
-                        <SettingsSectionTitle>
-                            {t("resourceTransfer")}
-                        </SettingsSectionTitle>
-                        <SettingsSectionDescription>
-                            {t("resourceTransferDescription")}
-                        </SettingsSectionDescription>
-                    </SettingsSectionHeader>
-
-                    <SettingsSectionBody>
-                        <SettingsSectionForm>
-                            <Form {...transferForm}>
-                                <form
-                                    onSubmit={transferForm.handleSubmit(
-                                        onTransfer
-                                    )}
-                                    className="space-y-4"
-                                    id="transfer-form"
-                                >
-                                    <FormField
-                                        control={transferForm.control}
-                                        name="siteId"
-                                        render={({ field }) => (
-                                            <FormItem>
-                                                <FormLabel>
-                                                    {t("siteDestination")}
-                                                </FormLabel>
-                                                <Popover
-                                                    open={open}
-                                                    onOpenChange={setOpen}
-                                                >
-                                                    <PopoverTrigger asChild>
-                                                        <FormControl>
-                                                            <Button
-                                                                variant="outline"
-                                                                role="combobox"
-                                                                className={cn(
-                                                                    "w-full justify-between",
-                                                                    !field.value &&
-                                                                        "text-muted-foreground"
-                                                                )}
-                                                            >
-                                                                {field.value
-                                                                    ? sites.find(
-                                                                          (
-                                                                              site
-                                                                          ) =>
-                                                                              site.siteId ===
-                                                                              field.value
-                                                                      )?.name
-                                                                    : t(
-                                                                          "siteSelect"
-                                                                      )}
-                                                                <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
-                                                            </Button>
-                                                        </FormControl>
-                                                    </PopoverTrigger>
-                                                    <PopoverContent className="w-full p-0">
-                                                        <Command>
-                                                            <CommandInput
-                                                                placeholder={t(
-                                                                    "searchSites"
-                                                                )}
-                                                            />
-                                                            <CommandEmpty>
-                                                                {t(
-                                                                    "sitesNotFound"
-                                                                )}
-                                                            </CommandEmpty>
-                                                            <CommandGroup>
-                                                                {sites.map(
-                                                                    (site) => (
-                                                                        <CommandItem
-                                                                            value={`${site.name}:${site.siteId}`}
-                                                                            key={
-                                                                                site.siteId
-                                                                            }
-                                                                            onSelect={() => {
-                                                                                transferForm.setValue(
-                                                                                    "siteId",
-                                                                                    site.siteId
-                                                                                );
-                                                                                setOpen(
-                                                                                    false
-                                                                                );
-                                                                            }}
-                                                                        >
-                                                                            {
-                                                                                site.name
-                                                                            }
-                                                                            <CheckIcon
-                                                                                className={cn(
-                                                                                    "ml-auto h-4 w-4",
-                                                                                    site.siteId ===
-                                                                                        field.value
-                                                                                        ? "opacity-100"
-                                                                                        : "opacity-0"
-                                                                                )}
-                                                                            />
-                                                                        </CommandItem>
-                                                                    )
-                                                                )}
-                                                            </CommandGroup>
-                                                        </Command>
-                                                    </PopoverContent>
-                                                </Popover>
-                                                <FormMessage />
-                                            </FormItem>
+                                        {!resource.http && (
+                                            <>
+                                                <FormField
+                                                    control={form.control}
+                                                    name="proxyPort"
+                                                    render={({ field }) => (
+                                                        <FormItem>
+                                                            <FormLabel>
+                                                                {t("resourcePortNumber")}
+                                                            </FormLabel>
+                                                            <FormControl>
+                                                                <Input
+                                                                    type="number"
+                                                                    value={field.value ?? ""}
+                                                                    onChange={(e) =>
+                                                                        field.onChange(
+                                                                            e.target.value
+                                                                                ? parseInt(e.target.value)
+                                                                                : undefined
+                                                                        )
+                                                                    }
+                                                                />
+                                                            </FormControl>
+                                                            <FormMessage />
+                                                            <FormDescription>
+                                                                {t("resourcePortNumberDescription")}
+                                                            </FormDescription>
+                                                        </FormItem>
+                                                    )}
+                                                />
+                                            </>
                                         )}
-                                    />
-                                </form>
-                            </Form>
-                        </SettingsSectionForm>
-                    </SettingsSectionBody>
 
-                    <SettingsSectionFooter>
-                        <Button
-                            type="submit"
-                            loading={transferLoading}
-                            disabled={transferLoading}
-                            form="transfer-form"
-                        >
-                            {t("resourceTransferSubmit")}
-                        </Button>
-                    </SettingsSectionFooter>
-                </SettingsSection>
-            </SettingsContainer>
+                                        {resource.http && (
+                                            <div className="space-y-2">
+                                                <Label>Domain</Label>
+                                                <div className="border p-2 rounded-md flex items-center justify-between">
+                                                    <span className="text-sm text-muted-foreground flex items-center gap-2">
+                                                        <Globe size="14" />
+                                                        {resourceFullDomain}
+                                                    </span>
+                                                    <Button
+                                                        variant="secondary"
+                                                        type="button"
+                                                        size="sm"
+                                                        onClick={() =>
+                                                            setEditDomainOpen(
+                                                                true
+                                                            )
+                                                        }
+                                                    >
+                                                        Edit Domain
+                                                    </Button>
+                                                </div>
+                                            </div>
+                                        )}
+                                    </form>
+                                </Form>
+                            </SettingsSectionForm>
+                        </SettingsSectionBody>
+
+                        <SettingsSectionFooter>
+                            <Button
+                                type="submit"
+                                onClick={() => {
+                                    console.log(form.getValues());
+                                }}
+                                loading={saveLoading}
+                                disabled={saveLoading}
+                                form="general-settings-form"
+                            >
+                                {t("saveSettings")}
+                            </Button>
+                        </SettingsSectionFooter>
+                    </SettingsSection>
+
+                    <SettingsSection>
+                        <SettingsSectionHeader>
+                            <SettingsSectionTitle>
+                                {t("resourceTransfer")}
+                            </SettingsSectionTitle>
+                            <SettingsSectionDescription>
+                                {t("resourceTransferDescription")}
+                            </SettingsSectionDescription>
+                        </SettingsSectionHeader>
+
+                        <SettingsSectionBody>
+                            <SettingsSectionForm>
+                                <Form {...transferForm}>
+                                    <form
+                                        onSubmit={transferForm.handleSubmit(
+                                            onTransfer
+                                        )}
+                                        className="space-y-4"
+                                        id="transfer-form"
+                                    >
+                                        <FormField
+                                            control={transferForm.control}
+                                            name="siteId"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t("siteDestination")}
+                                                    </FormLabel>
+                                                    <Popover
+                                                        open={open}
+                                                        onOpenChange={setOpen}
+                                                    >
+                                                        <PopoverTrigger asChild>
+                                                            <FormControl>
+                                                                <Button
+                                                                    variant="outline"
+                                                                    role="combobox"
+                                                                    className={cn(
+                                                                        "w-full justify-between",
+                                                                        !field.value &&
+                                                                            "text-muted-foreground"
+                                                                    )}
+                                                                >
+                                                                    {field.value
+                                                                        ? sites.find(
+                                                                              (
+                                                                                  site
+                                                                              ) =>
+                                                                                  site.siteId ===
+                                                                                  field.value
+                                                                          )
+                                                                              ?.name
+                                                                        : t(
+                                                                              "siteSelect"
+                                                                          )}
+                                                                    <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
+                                                                </Button>
+                                                            </FormControl>
+                                                        </PopoverTrigger>
+                                                        <PopoverContent
+                                                            className="w-full p-0"
+                                                            align="start"
+                                                        >
+                                                            <Command>
+                                                                <CommandInput
+                                                                    placeholder={t(
+                                                                        "searchSites"
+                                                                    )}
+                                                                />
+                                                                <CommandEmpty>
+                                                                    {t(
+                                                                        "sitesNotFound"
+                                                                    )}
+                                                                </CommandEmpty>
+                                                                <CommandGroup>
+                                                                    {sites.map(
+                                                                        (
+                                                                            site
+                                                                        ) => (
+                                                                            <CommandItem
+                                                                                value={`${site.name}:${site.siteId}`}
+                                                                                key={
+                                                                                    site.siteId
+                                                                                }
+                                                                                onSelect={() => {
+                                                                                    transferForm.setValue(
+                                                                                        "siteId",
+                                                                                        site.siteId
+                                                                                    );
+                                                                                    setOpen(
+                                                                                        false
+                                                                                    );
+                                                                                }}
+                                                                            >
+                                                                                {
+                                                                                    site.name
+                                                                                }
+                                                                                <CheckIcon
+                                                                                    className={cn(
+                                                                                        "ml-auto h-4 w-4",
+                                                                                        site.siteId ===
+                                                                                            field.value
+                                                                                            ? "opacity-100"
+                                                                                            : "opacity-0"
+                                                                                    )}
+                                                                                />
+                                                                            </CommandItem>
+                                                                        )
+                                                                    )}
+                                                                </CommandGroup>
+                                                            </Command>
+                                                        </PopoverContent>
+                                                    </Popover>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </form>
+                                </Form>
+                            </SettingsSectionForm>
+                        </SettingsSectionBody>
+
+                        <SettingsSectionFooter>
+                            <Button
+                                type="submit"
+                                loading={transferLoading}
+                                disabled={transferLoading}
+                                form="transfer-form"
+                            >
+                                {t("resourceTransferSubmit")}
+                            </Button>
+                        </SettingsSectionFooter>
+                    </SettingsSection>
+                </SettingsContainer>
+
+                <Credenza
+                    open={editDomainOpen}
+                    onOpenChange={(setOpen) => setEditDomainOpen(setOpen)}
+                >
+                    <CredenzaContent>
+                        <CredenzaHeader>
+                            <CredenzaTitle>Edit Domain</CredenzaTitle>
+                            <CredenzaDescription>
+                                Select a domain for your resource
+                            </CredenzaDescription>
+                        </CredenzaHeader>
+                        <CredenzaBody>
+                            <DomainPicker
+                                orgId={orgId as string}
+                                onDomainChange={(res) => {
+                                    const selected = {
+                                        domainId: res.domainId,
+                                        subdomain: res.subdomain,
+                                        fullDomain: res.fullDomain
+                                    };
+                                    setSelectedDomain(selected);
+                                }}
+                            />
+                        </CredenzaBody>
+                        <CredenzaFooter>
+                            <CredenzaClose asChild>
+                                <Button variant="outline">{t("cancel")}</Button>
+                            </CredenzaClose>
+                            <Button
+                                onClick={() => {
+                                    if (selectedDomain) {
+                                        setResourceFullDomain(
+                                            selectedDomain.fullDomain
+                                        );
+                                        form.setValue(
+                                            "domainId",
+                                            selectedDomain.domainId
+                                        );
+                                        form.setValue(
+                                            "subdomain",
+                                            selectedDomain.subdomain
+                                        );
+                                        setEditDomainOpen(false);
+                                    }
+                                }}
+                            >
+                                Select Domain
+                            </Button>
+                        </CredenzaFooter>
+                    </CredenzaContent>
+                </Credenza>
+            </>
         )
     );
 }
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx
index c9c5eea6..dee0dd66 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/proxy/page.tsx
@@ -75,6 +75,7 @@ import {
 } from "@app/components/ui/collapsible";
 import { ContainersSelector } from "@app/components/ContainersSelector";
 import { useTranslations } from "next-intl";
+import { build } from "@server/build";
 
 const addTargetSchema = z.object({
     ip: z.string().refine(isTargetValid),
@@ -319,10 +320,13 @@ export default function ReverseProxyTargets(props: {
         );
     }
 
-    async function saveTargets() {
+    async function saveAllSettings() {
         try {
             setTargetsLoading(true);
+            setHttpsTlsLoading(true);
+            setProxySettingsLoading(true);
 
+            // Save targets
             for (let target of targets) {
                 const data = {
                     ip: target.ip,
@@ -347,16 +351,36 @@ export default function ReverseProxyTargets(props: {
                 await api.delete(`/target/${targetId}`);
             }
 
-            // Save sticky session setting
-            const stickySessionData = targetsSettingsForm.getValues();
-            await api.post(`/resource/${params.resourceId}`, {
-                stickySession: stickySessionData.stickySession
-            });
-            updateResource({ stickySession: stickySessionData.stickySession });
+            if (resource.http) {
+                // Gather all settings
+                const stickySessionData = targetsSettingsForm.getValues();
+                const tlsData = tlsSettingsForm.getValues();
+                const proxyData = proxySettingsForm.getValues();
+
+                // Combine into one payload
+                const payload = {
+                    stickySession: stickySessionData.stickySession,
+                    ssl: tlsData.ssl,
+                    tlsServerName: tlsData.tlsServerName || null,
+                    setHostHeader: proxyData.setHostHeader || null
+                };
+
+                // Single API call to update all settings
+                await api.post(`/resource/${params.resourceId}`, payload);
+
+                // Update local resource context
+                updateResource({
+                    ...resource,
+                    stickySession: stickySessionData.stickySession,
+                    ssl: tlsData.ssl,
+                    tlsServerName: tlsData.tlsServerName || null,
+                    setHostHeader: proxyData.setHostHeader || null
+                });
+            }
 
             toast({
-                title: t("targetsUpdated"),
-                description: t("targetsUpdatedDescription")
+                title: t("settingsUpdated"),
+                description: t("settingsUpdatedDescription")
             });
 
             setTargetsToRemove([]);
@@ -365,73 +389,15 @@ export default function ReverseProxyTargets(props: {
             console.error(err);
             toast({
                 variant: "destructive",
-                title: t("targetsErrorUpdate"),
+                title: t("settingsErrorUpdate"),
                 description: formatAxiosError(
                     err,
-                    t("targetsErrorUpdateDescription")
+                    t("settingsErrorUpdateDescription")
                 )
             });
         } finally {
             setTargetsLoading(false);
-        }
-    }
-
-    async function saveTlsSettings(data: TlsSettingsValues) {
-        try {
-            setHttpsTlsLoading(true);
-            await api.post(`/resource/${params.resourceId}`, {
-                ssl: data.ssl,
-                tlsServerName: data.tlsServerName || null
-            });
-            updateResource({
-                ...resource,
-                ssl: data.ssl,
-                tlsServerName: data.tlsServerName || null
-            });
-            toast({
-                title: t("targetTlsUpdate"),
-                description: t("targetTlsUpdateDescription")
-            });
-        } catch (err) {
-            console.error(err);
-            toast({
-                variant: "destructive",
-                title: t("targetErrorTlsUpdate"),
-                description: formatAxiosError(
-                    err,
-                    t("targetErrorTlsUpdateDescription")
-                )
-            });
-        } finally {
             setHttpsTlsLoading(false);
-        }
-    }
-
-    async function saveProxySettings(data: ProxySettingsValues) {
-        try {
-            setProxySettingsLoading(true);
-            await api.post(`/resource/${params.resourceId}`, {
-                setHostHeader: data.setHostHeader || null
-            });
-            updateResource({
-                ...resource,
-                setHostHeader: data.setHostHeader || null
-            });
-            toast({
-                title: t("proxyUpdated"),
-                description: t("proxyUpdatedDescription")
-            });
-        } catch (err) {
-            console.error(err);
-            toast({
-                variant: "destructive",
-                title: t("proxyErrorUpdate"),
-                description: formatAxiosError(
-                    err,
-                    t("proxyErrorUpdateDescription")
-                )
-            });
-        } finally {
             setProxySettingsLoading(false);
         }
     }
@@ -583,7 +549,7 @@ export default function ReverseProxyTargets(props: {
                         <Form {...targetsSettingsForm}>
                             <form
                                 onSubmit={targetsSettingsForm.handleSubmit(
-                                    saveTargets
+                                    saveAllSettings
                                 )}
                                 className="space-y-4"
                                 id="targets-settings-form"
@@ -651,7 +617,10 @@ export default function ReverseProxyTargets(props: {
                                                             );
                                                         }}
                                                     >
-                                                        <SelectTrigger id="method">
+                                                        <SelectTrigger
+                                                            id="method"
+                                                            className="w-full"
+                                                        >
                                                             <SelectValue
                                                                 placeholder={t(
                                                                     "methodSelect"
@@ -734,7 +703,7 @@ export default function ReverseProxyTargets(props: {
                                 />
                                 <Button
                                     type="submit"
-                                    variant="outlinePrimary"
+                                    variant="secondary"
                                     className="mt-6"
                                     disabled={!(watchedIp && watchedPort)}
                                 >
@@ -787,44 +756,34 @@ export default function ReverseProxyTargets(props: {
                                 </TableRow>
                             )}
                         </TableBody>
-                        <TableCaption>
-                            {t("targetNoOneDescription")}
-                        </TableCaption>
+                        {/* <TableCaption> */}
+                        {/*     {t('targetNoOneDescription')} */}
+                        {/* </TableCaption> */}
                     </Table>
                 </SettingsSectionBody>
-                <SettingsSectionFooter>
-                    <Button
-                        onClick={saveTargets}
-                        loading={targetsLoading}
-                        disabled={targetsLoading}
-                        form="targets-settings-form"
-                    >
-                        {t("targetsSubmit")}
-                    </Button>
-                </SettingsSectionFooter>
             </SettingsSection>
 
             {resource.http && (
-                <SettingsSectionGrid cols={2}>
-                    <SettingsSection>
-                        <SettingsSectionHeader>
-                            <SettingsSectionTitle>
-                                {t("targetTlsSettings")}
-                            </SettingsSectionTitle>
-                            <SettingsSectionDescription>
-                                {t("targetTlsSettingsDescription")}
-                            </SettingsSectionDescription>
-                        </SettingsSectionHeader>
-                        <SettingsSectionBody>
-                            <SettingsSectionForm>
-                                <Form {...tlsSettingsForm}>
-                                    <form
-                                        onSubmit={tlsSettingsForm.handleSubmit(
-                                            saveTlsSettings
-                                        )}
-                                        className="space-y-4"
-                                        id="tls-settings-form"
-                                    >
+                <SettingsSection>
+                    <SettingsSectionHeader>
+                        <SettingsSectionTitle>
+                            {t("proxyAdditional")}
+                        </SettingsSectionTitle>
+                        <SettingsSectionDescription>
+                            {t("proxyAdditionalDescription")}
+                        </SettingsSectionDescription>
+                    </SettingsSectionHeader>
+                    <SettingsSectionBody>
+                        <SettingsSectionForm>
+                            <Form {...tlsSettingsForm}>
+                                <form
+                                    onSubmit={tlsSettingsForm.handleSubmit(
+                                        saveAllSettings
+                                    )}
+                                    className="space-y-4"
+                                    id="tls-settings-form"
+                                >
+                                    {build == "oss" && (
                                         <FormField
                                             control={tlsSettingsForm.control}
                                             name="ssl"
@@ -851,130 +810,84 @@ export default function ReverseProxyTargets(props: {
                                                 </FormItem>
                                             )}
                                         />
-                                        <Collapsible
-                                            open={isAdvancedOpen}
-                                            onOpenChange={setIsAdvancedOpen}
-                                            className="space-y-2"
-                                        >
-                                            <div className="flex items-center justify-between space-x-4">
-                                                <CollapsibleTrigger asChild>
-                                                    <Button
-                                                        variant="text"
-                                                        size="sm"
-                                                        className="p-0 flex items-center justify-start gap-2 w-full"
-                                                    >
-                                                        <p className="text-sm text-muted-foreground">
-                                                            {t(
-                                                                "targetTlsSettingsAdvanced"
-                                                            )}
-                                                        </p>
-                                                        <div>
-                                                            <ChevronsUpDown className="h-4 w-4" />
-                                                            <span className="sr-only">
-                                                                Toggle
-                                                            </span>
-                                                        </div>
-                                                    </Button>
-                                                </CollapsibleTrigger>
-                                            </div>
-                                            <CollapsibleContent className="space-y-2">
-                                                <FormField
-                                                    control={
-                                                        tlsSettingsForm.control
-                                                    }
-                                                    name="tlsServerName"
-                                                    render={({ field }) => (
-                                                        <FormItem>
-                                                            <FormLabel>
-                                                                {t(
-                                                                    "targetTlsSni"
-                                                                )}
-                                                            </FormLabel>
-                                                            <FormControl>
-                                                                <Input
-                                                                    {...field}
-                                                                />
-                                                            </FormControl>
-                                                            <FormDescription>
-                                                                {t(
-                                                                    "targetTlsSniDescription"
-                                                                )}
-                                                            </FormDescription>
-                                                            <FormMessage />
-                                                        </FormItem>
+                                    )}
+                                    <FormField
+                                        control={tlsSettingsForm.control}
+                                        name="tlsServerName"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t("targetTlsSni")}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t(
+                                                        "targetTlsSniDescription"
                                                     )}
-                                                />
-                                            </CollapsibleContent>
-                                        </Collapsible>
-                                    </form>
-                                </Form>
-                            </SettingsSectionForm>
-                        </SettingsSectionBody>
-                        <SettingsSectionFooter>
-                            <Button
-                                type="submit"
-                                loading={httpsTlsLoading}
-                                form="tls-settings-form"
-                            >
-                                {t("targetTlsSubmit")}
-                            </Button>
-                        </SettingsSectionFooter>
-                    </SettingsSection>
-                    <SettingsSection>
-                        <SettingsSectionHeader>
-                            <SettingsSectionTitle>
-                                {t("proxyAdditional")}
-                            </SettingsSectionTitle>
-                            <SettingsSectionDescription>
-                                {t("proxyAdditionalDescription")}
-                            </SettingsSectionDescription>
-                        </SettingsSectionHeader>
-                        <SettingsSectionBody>
-                            <SettingsSectionForm>
-                                <Form {...proxySettingsForm}>
-                                    <form
-                                        onSubmit={proxySettingsForm.handleSubmit(
-                                            saveProxySettings
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
                                         )}
-                                        className="space-y-4"
-                                        id="proxy-settings-form"
-                                    >
-                                        <FormField
-                                            control={proxySettingsForm.control}
-                                            name="setHostHeader"
-                                            render={({ field }) => (
-                                                <FormItem>
-                                                    <FormLabel>
-                                                        {t("proxyCustomHeader")}
-                                                    </FormLabel>
-                                                    <FormControl>
-                                                        <Input {...field} />
-                                                    </FormControl>
-                                                    <FormDescription>
-                                                        {t(
-                                                            "proxyCustomHeaderDescription"
-                                                        )}
-                                                    </FormDescription>
-                                                    <FormMessage />
-                                                </FormItem>
-                                            )}
-                                        />
-                                    </form>
-                                </Form>
-                            </SettingsSectionForm>
-                        </SettingsSectionBody>
-                        <SettingsSectionFooter>
-                            <Button
-                                type="submit"
-                                loading={proxySettingsLoading}
-                                form="proxy-settings-form"
-                            >
-                                {t("targetTlsSubmit")}
-                            </Button>
-                        </SettingsSectionFooter>
-                    </SettingsSection>
-                </SettingsSectionGrid>
+                                    />
+                                </form>
+                            </Form>
+                        </SettingsSectionForm>
+
+                        <SettingsSectionForm>
+                            <Form {...proxySettingsForm}>
+                                <form
+                                    onSubmit={proxySettingsForm.handleSubmit(
+                                        saveAllSettings
+                                    )}
+                                    className="space-y-4"
+                                    id="proxy-settings-form"
+                                >
+                                    <FormField
+                                        control={proxySettingsForm.control}
+                                        name="setHostHeader"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>
+                                                    {t("proxyCustomHeader")}
+                                                </FormLabel>
+                                                <FormControl>
+                                                    <Input {...field} />
+                                                </FormControl>
+                                                <FormDescription>
+                                                    {t(
+                                                        "proxyCustomHeaderDescription"
+                                                    )}
+                                                </FormDescription>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                </form>
+                            </Form>
+                        </SettingsSectionForm>
+                    </SettingsSectionBody>
+                </SettingsSection>
             )}
+
+            <div className="flex justify-end mt-6">
+                <Button
+                    onClick={saveAllSettings}
+                    loading={
+                        targetsLoading ||
+                        httpsTlsLoading ||
+                        proxySettingsLoading
+                    }
+                    disabled={
+                        targetsLoading ||
+                        httpsTlsLoading ||
+                        proxySettingsLoading
+                    }
+                >
+                    {t("saveAllSettings")}
+                </Button>
+            </div>
         </SettingsContainer>
     );
 }
diff --git a/src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx b/src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx
index 90c86aea..2f7d03ee 100644
--- a/src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx
+++ b/src/app/[orgId]/settings/resources/[resourceId]/rules/page.tsx
@@ -36,7 +36,6 @@ import {
     TableBody,
     TableCaption,
     TableCell,
-    TableContainer,
     TableHead,
     TableHeader,
     TableRow
@@ -234,35 +233,6 @@ export default function ResourceRules(props: {
         );
     }
 
-    async function saveApplyRules(val: boolean) {
-        const res = await api
-            .post(`/resource/${params.resourceId}`, {
-                applyRules: val
-            })
-            .catch((err) => {
-                console.error(err);
-                toast({
-                    variant: "destructive",
-                    title: t('rulesErrorUpdate'),
-                    description: formatAxiosError(
-                        err,
-                        t('rulesErrorUpdateDescription')
-                    )
-                });
-            });
-
-        if (res && res.status === 200) {
-            setRulesEnabled(val);
-            updateResource({ applyRules: val });
-
-            toast({
-                title: t('rulesUpdated'),
-                description: t('rulesUpdatedDescription')
-            });
-            router.refresh();
-        }
-    }
-
     function getValueHelpText(type: string) {
         switch (type) {
             case "CIDR":
@@ -274,9 +244,33 @@ export default function ResourceRules(props: {
         }
     }
 
-    async function saveRules() {
+    async function saveAllSettings() {
         try {
             setLoading(true);
+
+            // Save rules enabled state
+            const res = await api
+                .post(`/resource/${params.resourceId}`, {
+                    applyRules: rulesEnabled
+                })
+                .catch((err) => {
+                    console.error(err);
+                    toast({
+                        variant: "destructive",
+                        title: t('rulesErrorUpdate'),
+                        description: formatAxiosError(
+                            err,
+                            t('rulesErrorUpdateDescription')
+                        )
+                    });
+                    throw err;
+                });
+
+            if (res && res.status === 200) {
+                updateResource({ applyRules: rulesEnabled });
+            }
+
+            // Save rules
             for (let rule of rules) {
                 const data = {
                     action: rule.action,
@@ -543,67 +537,48 @@ export default function ResourceRules(props: {
 
     return (
         <SettingsContainer>
-            <Alert className="hidden md:block">
-                <InfoIcon className="h-4 w-4" />
-                <AlertTitle className="font-semibold">{t('rulesAbout')}</AlertTitle>
-                <AlertDescription className="mt-4">
-                    <div className="space-y-1 mb-4">
-                        <p>
-                            {t('rulesAboutDescription')}
-                        </p>
-                    </div>
-                    <InfoSections cols={2}>
-                        <InfoSection>
-                            <InfoSectionTitle>{t('rulesActions')}</InfoSectionTitle>
-                            <ul className="text-sm text-muted-foreground space-y-1">
-                                <li className="flex items-center gap-2">
-                                    <Check className="text-green-500 w-4 h-4" />
-                                    {t('rulesActionAlwaysAllow')}
-                                </li>
-                                <li className="flex items-center gap-2">
-                                    <X className="text-red-500 w-4 h-4" />
-                                    {t('rulesActionAlwaysDeny')}
-                                </li>
-                            </ul>
-                        </InfoSection>
-                        <InfoSection>
-                            <InfoSectionTitle>
-                                {t('rulesMatchCriteria')}
-                            </InfoSectionTitle>
-                            <ul className="text-sm text-muted-foreground space-y-1">
-                                <li className="flex items-center gap-2">
-                                    {t('rulesMatchCriteriaIpAddress')}
-                                </li>
-                                <li className="flex items-center gap-2">
-                                    {t('rulesMatchCriteriaIpAddressRange')}
-                                </li>
-                                <li className="flex items-center gap-2">
-                                    {t('rulesMatchCriteriaUrl')}
-                                </li>
-                            </ul>
-                        </InfoSection>
-                    </InfoSections>
-                </AlertDescription>
-            </Alert>
-
-            <SettingsSection>
-                <SettingsSectionHeader>
-                    <SettingsSectionTitle>{t('rulesEnable')}</SettingsSectionTitle>
-                    <SettingsSectionDescription>
-                        {t('rulesEnableDescription')}
-                    </SettingsSectionDescription>
-                </SettingsSectionHeader>
-                <SettingsSectionBody>
-                    <SwitchInput
-                        id="rules-toggle"
-                        label={t('rulesEnable')}
-                        defaultChecked={rulesEnabled}
-                        onCheckedChange={async (val) => {
-                            await saveApplyRules(val);
-                        }}
-                    />
-                </SettingsSectionBody>
-            </SettingsSection>
+            {/* <Alert className="hidden md:block"> */}
+            {/*     <InfoIcon className="h-4 w-4" /> */}
+            {/*     <AlertTitle className="font-semibold">{t('rulesAbout')}</AlertTitle> */}
+            {/*     <AlertDescription className="mt-4"> */}
+            {/*         <div className="space-y-1 mb-4"> */}
+            {/*             <p> */}
+            {/*                 {t('rulesAboutDescription')} */}
+            {/*             </p> */}
+            {/*         </div> */}
+            {/*         <InfoSections cols={2}> */}
+            {/*             <InfoSection> */}
+            {/*                 <InfoSectionTitle>{t('rulesActions')}</InfoSectionTitle> */}
+            {/*                 <ul className="text-sm text-muted-foreground space-y-1"> */}
+            {/*                     <li className="flex items-center gap-2"> */}
+            {/*                         <Check className="text-green-500 w-4 h-4" /> */}
+            {/*                         {t('rulesActionAlwaysAllow')} */}
+            {/*                     </li> */}
+            {/*                     <li className="flex items-center gap-2"> */}
+            {/*                         <X className="text-red-500 w-4 h-4" /> */}
+            {/*                         {t('rulesActionAlwaysDeny')} */}
+            {/*                     </li> */}
+            {/*                 </ul> */}
+            {/*             </InfoSection> */}
+            {/*             <InfoSection> */}
+            {/*                 <InfoSectionTitle> */}
+            {/*                     {t('rulesMatchCriteria')} */}
+            {/*                 </InfoSectionTitle> */}
+            {/*                 <ul className="text-sm text-muted-foreground space-y-1"> */}
+            {/*                     <li className="flex items-center gap-2"> */}
+            {/*                         {t('rulesMatchCriteriaIpAddress')} */}
+            {/*                     </li> */}
+            {/*                     <li className="flex items-center gap-2"> */}
+            {/*                         {t('rulesMatchCriteriaIpAddressRange')} */}
+            {/*                     </li> */}
+            {/*                     <li className="flex items-center gap-2"> */}
+            {/*                         {t('rulesMatchCriteriaUrl')} */}
+            {/*                     </li> */}
+            {/*                 </ul> */}
+            {/*             </InfoSection> */}
+            {/*         </InfoSections> */}
+            {/*     </AlertDescription> */}
+            {/* </Alert> */}
 
             <SettingsSection>
                 <SettingsSectionHeader>
@@ -615,168 +590,179 @@ export default function ResourceRules(props: {
                     </SettingsSectionDescription>
                 </SettingsSectionHeader>
                 <SettingsSectionBody>
-                    <Form {...addRuleForm}>
-                        <form
-                            onSubmit={addRuleForm.handleSubmit(addRule)}
-                            className="space-y-4"
-                        >
-                            <div className="grid grid-cols-2 md:grid-cols-4 gap-4 items-end">
-                                <FormField
-                                    control={addRuleForm.control}
-                                    name="action"
-                                    render={({ field }) => (
-                                        <FormItem>
-                                            <FormLabel>{t('rulesAction')}</FormLabel>
-                                            <FormControl>
-                                                <Select
-                                                    value={field.value}
-                                                    onValueChange={
-                                                        field.onChange
-                                                    }
-                                                >
-                                                    <SelectTrigger>
-                                                        <SelectValue />
-                                                    </SelectTrigger>
-                                                    <SelectContent>
-                                                        <SelectItem value="ACCEPT">
-                                                            {RuleAction.ACCEPT}
-                                                        </SelectItem>
-                                                        <SelectItem value="DROP">
-                                                            {RuleAction.DROP}
-                                                        </SelectItem>
-                                                    </SelectContent>
-                                                </Select>
-                                            </FormControl>
-                                            <FormMessage />
-                                        </FormItem>
-                                    )}
-                                />
-                                <FormField
-                                    control={addRuleForm.control}
-                                    name="match"
-                                    render={({ field }) => (
-                                        <FormItem>
-                                            <FormLabel>{t('rulesMatchType')}</FormLabel>
-                                            <FormControl>
-                                                <Select
-                                                    value={field.value}
-                                                    onValueChange={
-                                                        field.onChange
-                                                    }
-                                                >
-                                                    <SelectTrigger>
-                                                        <SelectValue />
-                                                    </SelectTrigger>
-                                                    <SelectContent>
-                                                        {resource.http && (
-                                                            <SelectItem value="PATH">
-                                                                {RuleMatch.PATH}
+                    <div className="space-y-6">
+                        <div className="flex items-center space-x-2">
+                            <SwitchInput
+                                id="rules-toggle"
+                                label={t('rulesEnable')}
+                                defaultChecked={rulesEnabled}
+                                onCheckedChange={(val) => setRulesEnabled(val)}
+                            />
+                        </div>
+
+                        <Form {...addRuleForm}>
+                            <form
+                                onSubmit={addRuleForm.handleSubmit(addRule)}
+                                className="space-y-4"
+                            >
+                                <div className="grid grid-cols-2 md:grid-cols-4 gap-4 items-end">
+                                    <FormField
+                                        control={addRuleForm.control}
+                                        name="action"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>{t('rulesAction')}</FormLabel>
+                                                <FormControl>
+                                                    <Select
+                                                        value={field.value}
+                                                        onValueChange={
+                                                            field.onChange
+                                                        }
+                                                    >
+                                                        <SelectTrigger className="w-full">
+                                                            <SelectValue />
+                                                        </SelectTrigger>
+                                                        <SelectContent>
+                                                            <SelectItem value="ACCEPT">
+                                                                {RuleAction.ACCEPT}
                                                             </SelectItem>
-                                                        )}
-                                                        <SelectItem value="IP">
-                                                            {RuleMatch.IP}
-                                                        </SelectItem>
-                                                        <SelectItem value="CIDR">
-                                                            {RuleMatch.CIDR}
-                                                        </SelectItem>
-                                                    </SelectContent>
-                                                </Select>
-                                            </FormControl>
-                                            <FormMessage />
-                                        </FormItem>
-                                    )}
-                                />
-                                <FormField
-                                    control={addRuleForm.control}
-                                    name="value"
-                                    render={({ field }) => (
-                                        <FormItem className="space-y-0 mb-2">
-                                            <InfoPopup
-                                                text={t('value')}
-                                                info={
-                                                    getValueHelpText(
-                                                        addRuleForm.watch(
-                                                            "match"
-                                                        )
-                                                    ) || ""
-                                                }
-                                            />
-                                            <FormControl>
-                                                <Input {...field} />
-                                            </FormControl>
-                                            <FormMessage />
-                                        </FormItem>
-                                    )}
-                                />
-                                <Button
-                                    type="submit"
-                                    variant="outlinePrimary"
-                                    className="mb-2"
-                                    disabled={!rulesEnabled}
-                                >
-                                    {t('ruleSubmit')}
-                                </Button>
-                            </div>
-                        </form>
-                    </Form>
-                    <Table>
-                        <TableHeader>
-                            {table.getHeaderGroups().map((headerGroup) => (
-                                <TableRow key={headerGroup.id}>
-                                    {headerGroup.headers.map((header) => (
-                                        <TableHead key={header.id}>
-                                            {header.isPlaceholder
-                                                ? null
-                                                : flexRender(
-                                                      header.column.columnDef
-                                                          .header,
-                                                      header.getContext()
-                                                  )}
-                                        </TableHead>
-                                    ))}
-                                </TableRow>
-                            ))}
-                        </TableHeader>
-                        <TableBody>
-                            {table.getRowModel().rows?.length ? (
-                                table.getRowModel().rows.map((row) => (
-                                    <TableRow key={row.id}>
-                                        {row.getVisibleCells().map((cell) => (
-                                            <TableCell key={cell.id}>
-                                                {flexRender(
-                                                    cell.column.columnDef.cell,
-                                                    cell.getContext()
-                                                )}
-                                            </TableCell>
+                                                            <SelectItem value="DROP">
+                                                                {RuleAction.DROP}
+                                                            </SelectItem>
+                                                        </SelectContent>
+                                                    </Select>
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                    <FormField
+                                        control={addRuleForm.control}
+                                        name="match"
+                                        render={({ field }) => (
+                                            <FormItem>
+                                                <FormLabel>{t('rulesMatchType')}</FormLabel>
+                                                <FormControl>
+                                                    <Select
+                                                        value={field.value}
+                                                        onValueChange={
+                                                            field.onChange
+                                                        }
+                                                    >
+                                                        <SelectTrigger className="w-full">
+                                                            <SelectValue />
+                                                        </SelectTrigger>
+                                                        <SelectContent>
+                                                            {resource.http && (
+                                                                <SelectItem value="PATH">
+                                                                    {RuleMatch.PATH}
+                                                                </SelectItem>
+                                                            )}
+                                                            <SelectItem value="IP">
+                                                                {RuleMatch.IP}
+                                                            </SelectItem>
+                                                            <SelectItem value="CIDR">
+                                                                {RuleMatch.CIDR}
+                                                            </SelectItem>
+                                                        </SelectContent>
+                                                    </Select>
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                    <FormField
+                                        control={addRuleForm.control}
+                                        name="value"
+                                        render={({ field }) => (
+                                            <FormItem className="gap-1">
+                                                <InfoPopup
+                                                    text={t('value')}
+                                                    info={
+                                                        getValueHelpText(
+                                                            addRuleForm.watch(
+                                                                "match"
+                                                            )
+                                                        ) || ""
+                                                    }
+                                                />
+                                                <FormControl>
+                                                    <Input {...field}/>
+                                                </FormControl>
+                                                <FormMessage />
+                                            </FormItem>
+                                        )}
+                                    />
+                                    <Button
+                                        type="submit"
+                                        variant="secondary"
+                                        disabled={!rulesEnabled}
+                                    >
+                                        {t('ruleSubmit')}
+                                    </Button>
+                                </div>
+                            </form>
+                        </Form>
+                        <Table>
+                            <TableHeader>
+                                {table.getHeaderGroups().map((headerGroup) => (
+                                    <TableRow key={headerGroup.id}>
+                                        {headerGroup.headers.map((header) => (
+                                            <TableHead key={header.id}>
+                                                {header.isPlaceholder
+                                                    ? null
+                                                    : flexRender(
+                                                          header.column.columnDef
+                                                              .header,
+                                                          header.getContext()
+                                                      )}
+                                            </TableHead>
                                         ))}
                                     </TableRow>
-                                ))
-                            ) : (
-                                <TableRow>
-                                    <TableCell
-                                        colSpan={columns.length}
-                                        className="h-24 text-center"
-                                    >
-                                        {t('rulesNoOne')}
-                                    </TableCell>
-                                </TableRow>
-                            )}
-                        </TableBody>
-                        <TableCaption>
-                            {t('rulesOrder')}
-                        </TableCaption>
-                    </Table>
+                                ))}
+                            </TableHeader>
+                            <TableBody>
+                                {table.getRowModel().rows?.length ? (
+                                    table.getRowModel().rows.map((row) => (
+                                        <TableRow key={row.id}>
+                                            {row.getVisibleCells().map((cell) => (
+                                                <TableCell key={cell.id}>
+                                                    {flexRender(
+                                                        cell.column.columnDef.cell,
+                                                        cell.getContext()
+                                                    )}
+                                                </TableCell>
+                                            ))}
+                                        </TableRow>
+                                    ))
+                                ) : (
+                                    <TableRow>
+                                        <TableCell
+                                            colSpan={columns.length}
+                                            className="h-24 text-center"
+                                        >
+                                            {t('rulesNoOne')}
+                                        </TableCell>
+                                    </TableRow>
+                                )}
+                            </TableBody>
+                            {/* <TableCaption> */}
+                            {/*     {t('rulesOrder')} */}
+                            {/* </TableCaption> */}
+                        </Table>
+                    </div>
                 </SettingsSectionBody>
-                <SettingsSectionFooter>
-                    <Button
-                        onClick={saveRules}
-                        loading={loading}
-                        disabled={loading}
-                    >
-                        {t('rulesSubmit')}
-                    </Button>
-                </SettingsSectionFooter>
             </SettingsSection>
+
+            <div className="flex justify-end">
+                <Button
+                    onClick={saveAllSettings}
+                    loading={loading}
+                    disabled={loading}
+                >
+                    {t('saveAllSettings')}
+                </Button>
+            </div>
         </SettingsContainer>
     );
 }
diff --git a/src/app/[orgId]/settings/resources/create/page.tsx b/src/app/[orgId]/settings/resources/create/page.tsx
index 72d4a4d6..22e9d90c 100644
--- a/src/app/[orgId]/settings/resources/create/page.tsx
+++ b/src/app/[orgId]/settings/resources/create/page.tsx
@@ -63,6 +63,7 @@ import { SquareArrowOutUpRight } from "lucide-react";
 import CopyTextBox from "@app/components/CopyTextBox";
 import Link from "next/link";
 import { useTranslations } from "next-intl";
+import DomainPicker from "@app/components/DomainPicker";
 
 const baseResourceFormSchema = z.object({
     name: z.string().min(1).max(255),
@@ -70,17 +71,10 @@ const baseResourceFormSchema = z.object({
     http: z.boolean()
 });
 
-const httpResourceFormSchema = z.discriminatedUnion("isBaseDomain", [
-    z.object({
-        isBaseDomain: z.literal(true),
-        domainId: z.string().min(1)
-    }),
-    z.object({
-        isBaseDomain: z.literal(false),
-        domainId: z.string().min(1),
-        subdomain: z.string().pipe(subdomainSchema)
-    })
-]);
+const httpResourceFormSchema = z.object({
+    domainId: z.string().optional(),
+    subdomain: z.string().optional()
+});
 
 const tcpUdpResourceFormSchema = z.object({
     protocol: z.string(),
@@ -119,15 +113,18 @@ export default function Page() {
     const resourceTypes: ReadonlyArray<ResourceTypeOption> = [
         {
             id: "http",
-            title: t('resourceHTTP'),
-            description: t('resourceHTTPDescription')
+            title: t("resourceHTTP"),
+            description: t("resourceHTTPDescription")
         },
-        {
-            id: "raw",
-            title: t('resourceRaw'),
-            description: t('resourceRawDescription'),
-            disabled: !env.flags.allowRawResources
-        }
+        ...(!env.flags.allowRawResources
+            ? []
+            : [
+                  {
+                      id: "raw" as ResourceType,
+                      title: t("resourceRaw"),
+                      description: t("resourceRawDescription")
+                  }
+              ])
     ];
 
     const baseForm = useForm<BaseResourceFormValues>({
@@ -140,11 +137,7 @@ export default function Page() {
 
     const httpForm = useForm<HttpResourceFormValues>({
         resolver: zodResolver(httpResourceFormSchema),
-        defaultValues: {
-            subdomain: "",
-            domainId: "",
-            isBaseDomain: false
-        }
+        defaultValues: {}
     });
 
     const tcpUdpForm = useForm<TcpUdpResourceFormValues>({
@@ -170,20 +163,11 @@ export default function Page() {
 
             if (isHttp) {
                 const httpData = httpForm.getValues();
-                if (httpData.isBaseDomain) {
-                    Object.assign(payload, {
-                        domainId: httpData.domainId,
-                        isBaseDomain: true,
-                        protocol: "tcp"
-                    });
-                } else {
                     Object.assign(payload, {
                         subdomain: httpData.subdomain,
                         domainId: httpData.domainId,
-                        isBaseDomain: false,
-                        protocol: "tcp"
+                        protocol: "tcp",
                     });
-                }
             } else {
                 const tcpUdpData = tcpUdpForm.getValues();
                 Object.assign(payload, {
@@ -199,10 +183,10 @@ export default function Page() {
                 .catch((e) => {
                     toast({
                         variant: "destructive",
-                        title: t('resourceErrorCreate'),
+                        title: t("resourceErrorCreate"),
                         description: formatAxiosError(
                             e,
-                            t('resourceErrorCreateDescription')
+                            t("resourceErrorCreateDescription")
                         )
                     });
                 });
@@ -219,11 +203,11 @@ export default function Page() {
                 }
             }
         } catch (e) {
-            console.error(t('resourceErrorCreateMessage'), e);
+            console.error(t("resourceErrorCreateMessage"), e);
             toast({
                 variant: "destructive",
-                title: t('resourceErrorCreate'),
-                description:t('resourceErrorCreateMessageDescription')
+                title: t("resourceErrorCreate"),
+                description: t("resourceErrorCreateMessageDescription")
             });
         }
 
@@ -242,10 +226,10 @@ export default function Page() {
                     .catch((e) => {
                         toast({
                             variant: "destructive",
-                            title: t('sitesErrorFetch'),
+                            title: t("sitesErrorFetch"),
                             description: formatAxiosError(
                                 e,
-                                t('sitesErrorFetchDescription')
+                                t("sitesErrorFetchDescription")
                             )
                         });
                     });
@@ -270,10 +254,10 @@ export default function Page() {
                     .catch((e) => {
                         toast({
                             variant: "destructive",
-                            title: t('domainsErrorFetch'),
+                            title: t("domainsErrorFetch"),
                             description: formatAxiosError(
                                 e,
-                                t('domainsErrorFetchDescription')
+                                t("domainsErrorFetchDescription")
                             )
                         });
                     });
@@ -300,8 +284,8 @@ export default function Page() {
         <>
             <div className="flex justify-between">
                 <HeaderTitle
-                    title={t('resourceCreate')}
-                    description={t('resourceCreateDescription')}
+                    title={t("resourceCreate")}
+                    description={t("resourceCreateDescription")}
                 />
                 <Button
                     variant="outline"
@@ -309,7 +293,7 @@ export default function Page() {
                         router.push(`/${orgId}/settings/resources`);
                     }}
                 >
-                    {t('resourceSeeAll')}
+                    {t("resourceSeeAll")}
                 </Button>
             </div>
 
@@ -320,7 +304,7 @@ export default function Page() {
                             <SettingsSection>
                                 <SettingsSectionHeader>
                                     <SettingsSectionTitle>
-                                        {t('resourceInfo')}
+                                        {t("resourceInfo")}
                                     </SettingsSectionTitle>
                                 </SettingsSectionHeader>
                                 <SettingsSectionBody>
@@ -336,7 +320,7 @@ export default function Page() {
                                                     render={({ field }) => (
                                                         <FormItem>
                                                             <FormLabel>
-                                                                {t('name')}
+                                                                {t("name")}
                                                             </FormLabel>
                                                             <FormControl>
                                                                 <Input
@@ -345,7 +329,9 @@ export default function Page() {
                                                             </FormControl>
                                                             <FormMessage />
                                                             <FormDescription>
-                                                                {t('resourceNameDescription')}
+                                                                {t(
+                                                                    "resourceNameDescription"
+                                                                )}
                                                             </FormDescription>
                                                         </FormItem>
                                                     )}
@@ -357,7 +343,7 @@ export default function Page() {
                                                     render={({ field }) => (
                                                         <FormItem className="flex flex-col">
                                                             <FormLabel>
-                                                                {t('site')}
+                                                                {t("site")}
                                                             </FormLabel>
                                                             <Popover>
                                                                 <PopoverTrigger
@@ -382,17 +368,25 @@ export default function Page() {
                                                                                           field.value
                                                                                   )
                                                                                       ?.name
-                                                                                : t('siteSelect')}
+                                                                                : t(
+                                                                                      "siteSelect"
+                                                                                  )}
                                                                             <CaretSortIcon className="ml-2 h-4 w-4 shrink-0 opacity-50" />
                                                                         </Button>
                                                                     </FormControl>
                                                                 </PopoverTrigger>
                                                                 <PopoverContent className="p-0">
                                                                     <Command>
-                                                                        <CommandInput placeholder={t('siteSearch')} />
+                                                                        <CommandInput
+                                                                            placeholder={t(
+                                                                                "siteSearch"
+                                                                            )}
+                                                                        />
                                                                         <CommandList>
                                                                             <CommandEmpty>
-                                                                                {t('siteNotFound')}
+                                                                                {t(
+                                                                                    "siteNotFound"
+                                                                                )}
                                                                             </CommandEmpty>
                                                                             <CommandGroup>
                                                                                 {sites.map(
@@ -433,7 +427,9 @@ export default function Page() {
                                                             </Popover>
                                                             <FormMessage />
                                                             <FormDescription>
-                                                                {t('siteSelectionDescription')}
+                                                                {t(
+                                                                    "siteSelectionDescription"
+                                                                )}
                                                             </FormDescription>
                                                         </FormItem>
                                                     )}
@@ -444,253 +440,74 @@ export default function Page() {
                                 </SettingsSectionBody>
                             </SettingsSection>
 
-                            <SettingsSection>
-                                <SettingsSectionHeader>
-                                    <SettingsSectionTitle>
-                                        {t('resourceType')}
-                                    </SettingsSectionTitle>
-                                    <SettingsSectionDescription>
-                                        {t('resourceTypeDescription')}
-                                    </SettingsSectionDescription>
-                                </SettingsSectionHeader>
-                                <SettingsSectionBody>
-                                    <StrategySelect
-                                        options={resourceTypes}
-                                        defaultValue="http"
-                                        onChange={(value) => {
-                                            baseForm.setValue(
-                                                "http",
-                                                value === "http"
-                                            );
-                                        }}
-                                        cols={2}
-                                    />
-                                </SettingsSectionBody>
-                            </SettingsSection>
+                            {resourceTypes.length > 1 && (
+                                <SettingsSection>
+                                    <SettingsSectionHeader>
+                                        <SettingsSectionTitle>
+                                            {t("resourceType")}
+                                        </SettingsSectionTitle>
+                                        <SettingsSectionDescription>
+                                            {t("resourceTypeDescription")}
+                                        </SettingsSectionDescription>
+                                    </SettingsSectionHeader>
+                                    <SettingsSectionBody>
+                                        <StrategySelect
+                                            options={resourceTypes}
+                                            defaultValue="http"
+                                            onChange={(value) => {
+                                                baseForm.setValue(
+                                                    "http",
+                                                    value === "http"
+                                                );
+                                            }}
+                                            cols={2}
+                                        />
+                                    </SettingsSectionBody>
+                                </SettingsSection>
+                            )}
 
                             {baseForm.watch("http") ? (
                                 <SettingsSection>
                                     <SettingsSectionHeader>
                                         <SettingsSectionTitle>
-                                            {t('resourceHTTPSSettings')}
+                                            {t("resourceHTTPSSettings")}
                                         </SettingsSectionTitle>
                                         <SettingsSectionDescription>
-                                            {t('resourceHTTPSSettingsDescription')}
+                                            {t(
+                                                "resourceHTTPSSettingsDescription"
+                                            )}
                                         </SettingsSectionDescription>
                                     </SettingsSectionHeader>
                                     <SettingsSectionBody>
-                                        <SettingsSectionForm>
-                                            <Form {...httpForm}>
-                                                <form
-                                                    className="space-y-4"
-                                                    id="http-settings-form"
-                                                >
-                                                    {env.flags
-                                                        .allowBaseDomainResources && (
-                                                        <FormField
-                                                            control={
-                                                                httpForm.control
-                                                            }
-                                                            name="isBaseDomain"
-                                                            render={({
-                                                                field
-                                                            }) => (
-                                                                <FormItem>
-                                                                    <FormLabel>
-                                                                        {t('domainType')}
-                                                                    </FormLabel>
-                                                                    <Select
-                                                                        value={
-                                                                            field.value
-                                                                                ? "basedomain"
-                                                                                : "subdomain"
-                                                                        }
-                                                                        onValueChange={(
-                                                                            value
-                                                                        ) => {
-                                                                            field.onChange(
-                                                                                value ===
-                                                                                    "basedomain"
-                                                                            );
-                                                                        }}
-                                                                    >
-                                                                        <FormControl>
-                                                                            <SelectTrigger>
-                                                                                <SelectValue />
-                                                                            </SelectTrigger>
-                                                                        </FormControl>
-                                                                        <SelectContent>
-                                                                            <SelectItem value="subdomain">
-                                                                                {t('subdomain')}
-                                                                            </SelectItem>
-                                                                            <SelectItem value="basedomain">
-                                                                                {t('baseDomain')}
-                                                                            </SelectItem>
-                                                                        </SelectContent>
-                                                                    </Select>
-                                                                    <FormMessage />
-                                                                </FormItem>
-                                                            )}
-                                                        />
-                                                    )}
-
-                                                    {!httpForm.watch(
-                                                        "isBaseDomain"
-                                                    ) && (
-                                                        <FormItem>
-                                                            <FormLabel>
-                                                                {t('subdomain')}
-                                                            </FormLabel>
-                                                            <div className="flex space-x-0">
-                                                                <div className="w-1/2">
-                                                                    <FormField
-                                                                        control={
-                                                                            httpForm.control
-                                                                        }
-                                                                        name="subdomain"
-                                                                        render={({
-                                                                            field
-                                                                        }) => (
-                                                                            <FormItem>
-                                                                                <FormControl>
-                                                                                    <Input
-                                                                                        {...field}
-                                                                                        className="border-r-0 rounded-r-none"
-                                                                                    />
-                                                                                </FormControl>
-                                                                                <FormMessage />
-                                                                            </FormItem>
-                                                                        )}
-                                                                    />
-                                                                </div>
-                                                                <div className="w-1/2">
-                                                                    <FormField
-                                                                        control={
-                                                                            httpForm.control
-                                                                        }
-                                                                        name="domainId"
-                                                                        render={({
-                                                                            field
-                                                                        }) => (
-                                                                            <FormItem>
-                                                                                <Select
-                                                                                    onValueChange={
-                                                                                        field.onChange
-                                                                                    }
-                                                                                    value={
-                                                                                        field.value
-                                                                                    }
-                                                                                    defaultValue={
-                                                                                        field.value
-                                                                                    }
-                                                                                >
-                                                                                    <FormControl>
-                                                                                        <SelectTrigger className="rounded-l-none">
-                                                                                            <SelectValue />
-                                                                                        </SelectTrigger>
-                                                                                    </FormControl>
-                                                                                    <SelectContent>
-                                                                                        {baseDomains.map(
-                                                                                            (
-                                                                                                option
-                                                                                            ) => (
-                                                                                                <SelectItem
-                                                                                                    key={
-                                                                                                        option.domainId
-                                                                                                    }
-                                                                                                    value={
-                                                                                                        option.domainId
-                                                                                                    }
-                                                                                                >
-                                                                                                    .
-                                                                                                    {
-                                                                                                        option.baseDomain
-                                                                                                    }
-                                                                                                </SelectItem>
-                                                                                            )
-                                                                                        )}
-                                                                                    </SelectContent>
-                                                                                </Select>
-                                                                                <FormMessage />
-                                                                            </FormItem>
-                                                                        )}
-                                                                    />
-                                                                </div>
-                                                            </div>
-                                                            <FormDescription>
-                                                                {t('subdomnainDescription')}
-                                                            </FormDescription>
-                                                        </FormItem>
-                                                    )}
-
-                                                    {httpForm.watch(
-                                                        "isBaseDomain"
-                                                    ) && (
-                                                        <FormField
-                                                            control={
-                                                                httpForm.control
-                                                            }
-                                                            name="domainId"
-                                                            render={({
-                                                                field
-                                                            }) => (
-                                                                <FormItem>
-                                                                    <FormLabel>
-                                                                        {t('baseDomain')}
-                                                                    </FormLabel>
-                                                                    <Select
-                                                                        onValueChange={
-                                                                            field.onChange
-                                                                        }
-                                                                        defaultValue={
-                                                                            field.value
-                                                                        }
-                                                                        {...field}
-                                                                    >
-                                                                        <FormControl>
-                                                                            <SelectTrigger>
-                                                                                <SelectValue />
-                                                                            </SelectTrigger>
-                                                                        </FormControl>
-                                                                        <SelectContent>
-                                                                            {baseDomains.map(
-                                                                                (
-                                                                                    option
-                                                                                ) => (
-                                                                                    <SelectItem
-                                                                                        key={
-                                                                                            option.domainId
-                                                                                        }
-                                                                                        value={
-                                                                                            option.domainId
-                                                                                        }
-                                                                                    >
-                                                                                        {
-                                                                                            option.baseDomain
-                                                                                        }
-                                                                                    </SelectItem>
-                                                                                )
-                                                                            )}
-                                                                        </SelectContent>
-                                                                    </Select>
-                                                                    <FormMessage />
-                                                                </FormItem>
-                                                            )}
-                                                        />
-                                                    )}
-                                                </form>
-                                            </Form>
-                                        </SettingsSectionForm>
+                                        <DomainPicker
+                                            orgId={orgId as string}
+                                            onDomainChange={(res) => {
+                                                httpForm.setValue(
+                                                    "subdomain",
+                                                    res.subdomain
+                                                );
+                                                httpForm.setValue(
+                                                    "domainId",
+                                                    res.domainId
+                                                );
+                                                console.log(
+                                                    "Domain changed:",
+                                                    res
+                                                );
+                                            }}
+                                        />
                                     </SettingsSectionBody>
                                 </SettingsSection>
                             ) : (
                                 <SettingsSection>
                                     <SettingsSectionHeader>
                                         <SettingsSectionTitle>
-                                            {t('resourceRawSettings')}
+                                            {t("resourceRawSettings")}
                                         </SettingsSectionTitle>
                                         <SettingsSectionDescription>
-                                            {t('resourceRawSettingsDescription')}
+                                            {t(
+                                                "resourceRawSettingsDescription"
+                                            )}
                                         </SettingsSectionDescription>
                                     </SettingsSectionHeader>
                                     <SettingsSectionBody>
@@ -708,7 +525,9 @@ export default function Page() {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('protocol')}
+                                                                    {t(
+                                                                        "protocol"
+                                                                    )}
                                                                 </FormLabel>
                                                                 <Select
                                                                     onValueChange={
@@ -718,7 +537,11 @@ export default function Page() {
                                                                 >
                                                                     <FormControl>
                                                                         <SelectTrigger>
-                                                                            <SelectValue placeholder={t('protocolSelect')} />
+                                                                            <SelectValue
+                                                                                placeholder={t(
+                                                                                    "protocolSelect"
+                                                                                )}
+                                                                            />
                                                                         </SelectTrigger>
                                                                     </FormControl>
                                                                     <SelectContent>
@@ -743,7 +566,9 @@ export default function Page() {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('resourcePortNumber')}
+                                                                    {t(
+                                                                        "resourcePortNumber"
+                                                                    )}
                                                                 </FormLabel>
                                                                 <FormControl>
                                                                     <Input
@@ -771,7 +596,9 @@ export default function Page() {
                                                                 </FormControl>
                                                                 <FormMessage />
                                                                 <FormDescription>
-                                                                    {t('resourcePortNumberDescription')}
+                                                                    {t(
+                                                                        "resourcePortNumberDescription"
+                                                                    )}
                                                                 </FormDescription>
                                                             </FormItem>
                                                         )}
@@ -788,16 +615,19 @@ export default function Page() {
                                     type="button"
                                     variant="outline"
                                     onClick={() =>
-                                        router.push(`/${orgId}/settings/resources`)
+                                        router.push(
+                                            `/${orgId}/settings/resources`
+                                        )
                                     }
                                 >
-                                    {t('cancel')}
+                                    {t("cancel")}
                                 </Button>
                                 <Button
                                     type="button"
                                     onClick={async () => {
                                         const isHttp = baseForm.watch("http");
-                                        const baseValid = await baseForm.trigger();
+                                        const baseValid =
+                                            await baseForm.trigger();
                                         const settingsValid = isHttp
                                             ? await httpForm.trigger()
                                             : await tcpUdpForm.trigger();
@@ -808,7 +638,7 @@ export default function Page() {
                                     }}
                                     loading={createLoading}
                                 >
-                                    {t('resourceCreate')}
+                                    {t("resourceCreate")}
                                 </Button>
                             </div>
                         </SettingsContainer>
@@ -817,17 +647,17 @@ export default function Page() {
                             <SettingsSection>
                                 <SettingsSectionHeader>
                                     <SettingsSectionTitle>
-                                        {t('resourceConfig')}
+                                        {t("resourceConfig")}
                                     </SettingsSectionTitle>
                                     <SettingsSectionDescription>
-                                        {t('resourceConfigDescription')}
+                                        {t("resourceConfigDescription")}
                                     </SettingsSectionDescription>
                                 </SettingsSectionHeader>
                                 <SettingsSectionBody>
                                     <div className="space-y-6">
                                         <div className="space-y-4">
                                             <h3 className="text-lg font-semibold">
-                                                {t('resourceAddEntrypoints')}
+                                                {t("resourceAddEntrypoints")}
                                             </h3>
                                             <CopyTextBox
                                                 text={`entryPoints:
@@ -839,7 +669,7 @@ export default function Page() {
 
                                         <div className="space-y-4">
                                             <h3 className="text-lg font-semibold">
-                                                {t('resourceExposePorts')}
+                                                {t("resourceExposePorts")}
                                             </h3>
                                             <CopyTextBox
                                                 text={`ports:
@@ -854,9 +684,7 @@ export default function Page() {
                                             target="_blank"
                                             rel="noopener noreferrer"
                                         >
-                                            <span>
-                                                {t('resourceLearnRaw')}
-                                            </span>
+                                            <span>{t("resourceLearnRaw")}</span>
                                             <SquareArrowOutUpRight size={14} />
                                         </Link>
                                     </div>
@@ -868,20 +696,22 @@ export default function Page() {
                                     type="button"
                                     variant="outline"
                                     onClick={() =>
-                                        router.push(`/${orgId}/settings/resources`)
+                                        router.push(
+                                            `/${orgId}/settings/resources`
+                                        )
                                     }
                                 >
-                                    {t('resourceBack')}
+                                    {t("resourceBack")}
                                 </Button>
                                 <Button
                                     type="button"
                                     onClick={() =>
                                         router.push(
-                                            `/${orgId}/settings/resources/${resourceId}`
+                                            `/${orgId}/settings/resources/${resourceId}/proxy`
                                         )
                                     }
                                 >
-                                    {t('resourceGoTo')}
+                                    {t("resourceGoTo")}
                                 </Button>
                             </div>
                         </SettingsContainer>
diff --git a/src/app/[orgId]/settings/resources/page.tsx b/src/app/[orgId]/settings/resources/page.tsx
index bbd2a582..371b4404 100644
--- a/src/app/[orgId]/settings/resources/page.tsx
+++ b/src/app/[orgId]/settings/resources/page.tsx
@@ -67,7 +67,8 @@ export default async function ResourcesPage(props: ResourcesPageProps) {
                     resource.whitelist
                   ? "protected"
                   : "not_protected",
-            enabled: resource.enabled
+            enabled: resource.enabled,
+            domainId: resource.domainId || undefined
         };
     });
 
diff --git a/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx b/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
index cce81da7..b4b03fc5 100644
--- a/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
+++ b/src/app/[orgId]/settings/share-links/CreateShareLinkForm.tsx
@@ -392,7 +392,7 @@ export default function CreateShareLinkForm({
                                                                     defaultValue={field.value.toString()}
                                                                 >
                                                                     <FormControl>
-                                                                        <SelectTrigger>
+                                                                        <SelectTrigger className="w-full">
                                                                             <SelectValue placeholder={t('selectDuration')} />
                                                                         </SelectTrigger>
                                                                     </FormControl>
diff --git a/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx b/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
index de419319..5c6ace73 100644
--- a/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
+++ b/src/app/[orgId]/settings/share-links/ShareLinksTable.tsx
@@ -69,11 +69,8 @@ export default function ShareLinksTable({
     async function deleteSharelink(id: string) {
         await api.delete(`/access-token/${id}`).catch((e) => {
             toast({
-                title: t('shareErrorDelete'),
-                description: formatAxiosError(
-                    e,
-                    t('shareErrorDeleteMessage')
-                )
+                title: t("shareErrorDelete"),
+                description: formatAxiosError(e, t("shareErrorDeleteMessage"))
             });
         });
 
@@ -81,53 +78,12 @@ export default function ShareLinksTable({
         setRows(newRows);
 
         toast({
-            title: t('shareDeleted'),
-            description: t('shareDeletedDescription')
+            title: t("shareDeleted"),
+            description: t("shareDeletedDescription")
         });
     }
 
     const columns: ColumnDef<ShareLinkRow>[] = [
-        {
-            id: "actions",
-            cell: ({ row }) => {
-                const router = useRouter();
-
-                const resourceRow = row.original;
-
-                return (
-                    <>
-                        <div>
-                            <DropdownMenu>
-                                <DropdownMenuTrigger asChild>
-                                    <Button
-                                        variant="ghost"
-                                        className="h-8 w-8 p-0"
-                                    >
-                                        <span className="sr-only">
-                                            {t('openMenu')}
-                                        </span>
-                                        <MoreHorizontal className="h-4 w-4" />
-                                    </Button>
-                                </DropdownMenuTrigger>
-                                <DropdownMenuContent align="end">
-                                    <DropdownMenuItem
-                                        onClick={() => {
-                                            deleteSharelink(
-                                                resourceRow.accessTokenId
-                                            );
-                                        }}
-                                    >
-                                        <button className="text-red-500">
-                                            {t('delete')}
-                                        </button>
-                                    </DropdownMenuItem>
-                                </DropdownMenuContent>
-                            </DropdownMenu>
-                        </div>
-                    </>
-                );
-            }
-        },
         {
             accessorKey: "resourceName",
             header: ({ column }) => {
@@ -138,7 +94,7 @@ export default function ShareLinksTable({
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('resource')}
+                        {t("resource")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -147,7 +103,7 @@ export default function ShareLinksTable({
                 const r = row.original;
                 return (
                     <Link href={`/${orgId}/settings/resources/${r.resourceId}`}>
-                        <Button variant="outline">
+                        <Button variant="outline" size="sm">
                             {r.resourceName}{" "}
                             {r.siteName ? `(${r.siteName})` : ""}
                             <ArrowUpRight className="ml-2 h-4 w-4" />
@@ -166,7 +122,7 @@ export default function ShareLinksTable({
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('title')}
+                        {t("title")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -245,7 +201,7 @@ export default function ShareLinksTable({
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('created')}
+                        {t("created")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -265,7 +221,7 @@ export default function ShareLinksTable({
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('expires')}
+                        {t("expires")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -275,23 +231,50 @@ export default function ShareLinksTable({
                 if (r.expiresAt) {
                     return moment(r.expiresAt).format("lll");
                 }
-                return t('never');
+                return t("never");
             }
         },
         {
             id: "delete",
-            cell: ({ row }) => (
-                <div className="flex items-center justify-end space-x-2">
-                    <Button
-                        variant="outlinePrimary"
-                        onClick={() =>
-                            deleteSharelink(row.original.accessTokenId)
-                        }
-                    >
-                        {t('delete')}
-                    </Button>
-                </div>
-            )
+            cell: ({ row }) => {
+                const resourceRow = row.original;
+                return (
+                    <div className="flex items-center justify-end space-x-2">
+                        {/* <DropdownMenu> */}
+                        {/*     <DropdownMenuTrigger asChild> */}
+                        {/*         <Button variant="ghost" className="h-8 w-8 p-0"> */}
+                        {/*             <span className="sr-only"> */}
+                        {/*                 {t("openMenu")} */}
+                        {/*             </span> */}
+                        {/*             <MoreHorizontal className="h-4 w-4" /> */}
+                        {/*         </Button> */}
+                        {/*     </DropdownMenuTrigger> */}
+                        {/*     <DropdownMenuContent align="end"> */}
+                        {/*         <DropdownMenuItem */}
+                        {/*             onClick={() => { */}
+                        {/*                 deleteSharelink( */}
+                        {/*                     resourceRow.accessTokenId */}
+                        {/*                 ); */}
+                        {/*             }} */}
+                        {/*         > */}
+                        {/*             <button className="text-red-500"> */}
+                        {/*                 {t("delete")} */}
+                        {/*             </button> */}
+                        {/*         </DropdownMenuItem> */}
+                        {/*     </DropdownMenuContent> */}
+                        {/* </DropdownMenu> */}
+                        <Button
+                            variant="secondary"
+                            size="sm"
+                            onClick={() =>
+                                deleteSharelink(row.original.accessTokenId)
+                            }
+                        >
+                            {t("delete")}
+                        </Button>
+                    </div>
+                );
+            }
         }
     ];
 
diff --git a/src/app/[orgId]/settings/sites/CreateSiteForm.tsx b/src/app/[orgId]/settings/sites/CreateSiteForm.tsx
deleted file mode 100644
index b5633268..00000000
--- a/src/app/[orgId]/settings/sites/CreateSiteForm.tsx
+++ /dev/null
@@ -1,461 +0,0 @@
-"use client";
-
-import {
-    Form,
-    FormControl,
-    FormDescription,
-    FormField,
-    FormItem,
-    FormLabel,
-    FormMessage
-} from "@app/components/ui/form";
-import { Input } from "@app/components/ui/input";
-import { toast } from "@app/hooks/useToast";
-import { zodResolver } from "@hookform/resolvers/zod";
-import { useEffect, useState } from "react";
-import { useForm } from "react-hook-form";
-import { z } from "zod";
-import { useParams, useRouter } from "next/navigation";
-import {
-    CreateSiteBody,
-    CreateSiteResponse,
-    PickSiteDefaultsResponse
-} from "@server/routers/site";
-import { generateKeypair } from "./[niceId]/wireguardConfig";
-import CopyTextBox from "@app/components/CopyTextBox";
-import { Checkbox } from "@app/components/ui/checkbox";
-import {
-    Select,
-    SelectContent,
-    SelectItem,
-    SelectTrigger,
-    SelectValue
-} from "@app/components/ui/select";
-import { formatAxiosError } from "@app/lib/api";
-import { createApiClient } from "@app/lib/api";
-import { useEnvContext } from "@app/hooks/useEnvContext";
-import { SiteRow } from "./SitesTable";
-import { AxiosResponse } from "axios";
-import { Button } from "@app/components/ui/button";
-import Link from "next/link";
-import {
-    ArrowUpRight,
-    ChevronsUpDown,
-    Loader2,
-    SquareArrowOutUpRight
-} from "lucide-react";
-import {
-    Collapsible,
-    CollapsibleContent,
-    CollapsibleTrigger
-} from "@app/components/ui/collapsible";
-import LoaderPlaceholder from "@app/components/PlaceHolderLoader";
-import { useTranslations } from "next-intl";
-
-type CreateSiteFormProps = {
-    onCreate?: (site: SiteRow) => void;
-    setLoading?: (loading: boolean) => void;
-    setChecked?: (checked: boolean) => void;
-    orgId: string;
-};
-
-export default function CreateSiteForm({
-    onCreate,
-    setLoading,
-    setChecked,
-    orgId
-}: CreateSiteFormProps) {
-    const api = createApiClient(useEnvContext());
-    const { env } = useEnvContext();
-
-    const [isLoading, setIsLoading] = useState(false);
-    const [isChecked, setIsChecked] = useState(false);
-
-    const [isOpen, setIsOpen] = useState(false);
-
-    const [keypair, setKeypair] = useState<{
-        publicKey: string;
-        privateKey: string;
-    } | null>(null);
-
-    const t = useTranslations();
-
-    const createSiteFormSchema = z.object({
-        name: z
-            .string()
-            .min(2, {
-                message: t('nameMin', {len: 2})
-            })
-            .max(30, {
-                message: t('nameMax', {len: 30})
-            }),
-        method: z.enum(["wireguard", "newt", "local"])
-    });
-
-    type CreateSiteFormValues = z.infer<typeof createSiteFormSchema>;
-
-    const defaultValues: Partial<CreateSiteFormValues> = {
-        name: "",
-        method: "newt"
-    };
-
-    const [siteDefaults, setSiteDefaults] =
-        useState<PickSiteDefaultsResponse | null>(null);
-
-    const [loadingPage, setLoadingPage] = useState(true);
-
-    const handleCheckboxChange = (checked: boolean) => {
-        // setChecked?.(checked);
-        setIsChecked(checked);
-    };
-
-    const form = useForm<CreateSiteFormValues>({
-        resolver: zodResolver(createSiteFormSchema),
-        defaultValues
-    });
-
-    const nameField = form.watch("name");
-    const methodField = form.watch("method");
-
-    useEffect(() => {
-        const nameIsValid = nameField?.length >= 2 && nameField?.length <= 30;
-        const isFormValid = methodField === "local" || isChecked;
-
-        // Only set checked to true if name is valid AND (method is local OR checkbox is checked)
-        setChecked?.(nameIsValid && isFormValid);
-    }, [nameField, methodField, isChecked, setChecked]);
-
-    useEffect(() => {
-        if (!open) return;
-
-        const load = async () => {
-            setLoadingPage(true);
-            // reset all values
-            setLoading?.(false);
-            setIsLoading(false);
-            form.reset();
-            setChecked?.(false);
-            setKeypair(null);
-            setSiteDefaults(null);
-
-            const generatedKeypair = generateKeypair();
-            setKeypair(generatedKeypair);
-
-            await api
-                .get(`/org/${orgId}/pick-site-defaults`)
-                .catch((e) => {
-                    // update the default value of the form to be local method
-                    form.setValue("method", "local");
-                })
-                .then((res) => {
-                    if (res && res.status === 200) {
-                        setSiteDefaults(res.data.data);
-                    }
-                });
-            await new Promise((resolve) => setTimeout(resolve, 200));
-
-            setLoadingPage(false);
-        };
-
-        load();
-    }, [open]);
-
-    async function onSubmit(data: CreateSiteFormValues) {
-        setLoading?.(true);
-        setIsLoading(true);
-        let payload: CreateSiteBody = {
-            name: data.name,
-            type: data.method
-        };
-
-        if (data.method == "wireguard") {
-            if (!keypair || !siteDefaults) {
-                toast({
-                    variant: "destructive",
-                    title: t('siteErrorCreate'),
-                    description: t('siteErrorCreateKeyPair')
-                });
-                setLoading?.(false);
-                setIsLoading(false);
-                return;
-            }
-
-            payload = {
-                ...payload,
-                subnet: siteDefaults.subnet,
-                exitNodeId: siteDefaults.exitNodeId,
-                pubKey: keypair.publicKey
-            };
-        }
-        if (data.method === "newt") {
-            if (!siteDefaults) {
-                toast({
-                    variant: "destructive",
-                    title: t('siteErrorCreate'),
-                    description: t('siteErrorCreateDefaults')
-                });
-                setLoading?.(false);
-                setIsLoading(false);
-                return;
-            }
-
-            payload = {
-                ...payload,
-                subnet: siteDefaults.subnet,
-                exitNodeId: siteDefaults.exitNodeId,
-                secret: siteDefaults.newtSecret,
-                newtId: siteDefaults.newtId
-            };
-        }
-
-        const res = await api
-            .put<
-                AxiosResponse<CreateSiteResponse>
-            >(`/org/${orgId}/site/`, payload)
-            .catch((e) => {
-                toast({
-                    variant: "destructive",
-                    title: t('siteErrorCreate'),
-                    description: formatAxiosError(e)
-                });
-            });
-
-        if (res && res.status === 201) {
-            const data = res.data.data;
-
-            onCreate?.({
-                name: data.name,
-                id: data.siteId,
-                nice: data.niceId.toString(),
-                mbIn:
-                    data.type == "wireguard" || data.type == "newt"
-                        ? t('megabytes', {count: 0})
-                        : "-",
-                mbOut:
-                    data.type == "wireguard" || data.type == "newt"
-                        ? t('megabytes', {count: 0})
-                        : "-",
-                orgId: orgId as string,
-                type: data.type as any,
-                online: false
-            });
-        }
-
-        setLoading?.(false);
-        setIsLoading(false);
-    }
-
-    const wgConfig =
-        keypair && siteDefaults
-            ? `[Interface]
-Address = ${siteDefaults.subnet}
-ListenPort = 51820
-PrivateKey = ${keypair.privateKey}
-
-[Peer]
-PublicKey = ${siteDefaults.publicKey}
-AllowedIPs = ${siteDefaults.address.split("/")[0]}/32
-Endpoint = ${siteDefaults.endpoint}:${siteDefaults.listenPort}
-PersistentKeepalive = 5`
-            : "";
-
-    const newtConfig = `newt --id ${siteDefaults?.newtId} --secret ${siteDefaults?.newtSecret} --endpoint ${env.app.dashboardUrl}`;
-
-    const newtConfigDockerCompose = `services:
-    newt:
-        image: fosrl/newt
-        container_name: newt
-        restart: unless-stopped
-        environment:
-            - PANGOLIN_ENDPOINT=${env.app.dashboardUrl}
-            - NEWT_ID=${siteDefaults?.newtId}
-            - NEWT_SECRET=${siteDefaults?.newtSecret}`;
-
-    const newtConfigDockerRun = `docker run -dit fosrl/newt --id ${siteDefaults?.newtId} --secret ${siteDefaults?.newtSecret} --endpoint ${env.app.dashboardUrl}`;
-
-    return loadingPage ? (
-        <LoaderPlaceholder height="300px" />
-    ) : (
-        <div className="space-y-4">
-            <Form {...form}>
-                <form
-                    onSubmit={form.handleSubmit(onSubmit)}
-                    className="space-y-4"
-                    id="create-site-form"
-                >
-                    <FormField
-                        control={form.control}
-                        name="name"
-                        render={({ field }) => (
-                            <FormItem>
-                                <FormLabel>{t('name')}</FormLabel>
-                                <FormControl>
-                                    <Input autoComplete="off" {...field} />
-                                </FormControl>
-                                <FormMessage />
-                                <FormDescription>
-                                    {t('siteNameDescription')}
-                                </FormDescription>
-                            </FormItem>
-                        )}
-                    />
-                    <FormField
-                        control={form.control}
-                        name="method"
-                        render={({ field }) => (
-                            <FormItem>
-                                <FormLabel>{t('method')}</FormLabel>
-                                <FormControl>
-                                    <Select
-                                        value={field.value}
-                                        onValueChange={field.onChange}
-                                    >
-                                        <SelectTrigger>
-                                            <SelectValue placeholder={t('methodSelect')} />
-                                        </SelectTrigger>
-                                        <SelectContent>
-                                            <SelectItem value="local">
-                                                {t('local')}
-                                            </SelectItem>
-                                            <SelectItem
-                                                value="newt"
-                                                disabled={!siteDefaults}
-                                            >
-                                                Newt
-                                            </SelectItem>
-                                            <SelectItem
-                                                value="wireguard"
-                                                disabled={!siteDefaults}
-                                            >
-                                                WireGuard
-                                            </SelectItem>
-                                        </SelectContent>
-                                    </Select>
-                                </FormControl>
-                                <FormMessage />
-                                <FormDescription>
-                                    {t('siteMethodDescription')}
-                                </FormDescription>
-                            </FormItem>
-                        )}
-                    />
-
-                    {form.watch("method") === "newt" && (
-                        <Link
-                            className="text-sm text-primary flex items-center gap-1"
-                            href="https://docs.fossorial.io/Newt/install"
-                            target="_blank"
-                            rel="noopener noreferrer"
-                        >
-                            <span>
-                                {t('siteLearnNewt')}
-                            </span>
-                            <SquareArrowOutUpRight size={14} />
-                        </Link>
-                    )}
-
-                    <div className="w-full">
-                        {form.watch("method") === "wireguard" && !isLoading ? (
-                            <>
-                                <CopyTextBox text={wgConfig} />
-                                <span className="text-sm text-muted-foreground mt-2">
-                                    {t('siteSeeConfigOnce')}
-                                </span>
-                            </>
-                        ) : form.watch("method") === "wireguard" &&
-                          isLoading ? (
-                            <p>{t('siteLoadWGConfig')}</p>
-                        ) : form.watch("method") === "newt" && siteDefaults ? (
-                            <>
-                                <div className="mb-2">
-                                    <Collapsible
-                                        open={isOpen}
-                                        onOpenChange={setIsOpen}
-                                        className="space-y-2"
-                                    >
-                                        <div className="mx-auto mb-2">
-                                            <CopyTextBox
-                                                text={newtConfig}
-                                                wrapText={false}
-                                            />
-                                        </div>
-                                        <span className="text-sm text-muted-foreground">
-                                            {t('siteSeeConfigOnce')}
-                                        </span>
-                                        <div className="flex items-center justify-between space-x-4">
-                                            <CollapsibleTrigger asChild>
-                                                <Button
-                                                    variant="text"
-                                                    size="sm"
-                                                    className="p-0 flex items-center justify-between w-full"
-                                                >
-                                                    <h4 className="text-sm font-semibold">
-                                                        {t('siteDocker')}
-                                                    </h4>
-                                                    <div>
-                                                        <ChevronsUpDown className="h-4 w-4" />
-                                                        <span className="sr-only">
-                                                            {t('toggle')}
-                                                        </span>
-                                                    </div>
-                                                </Button>
-                                            </CollapsibleTrigger>
-                                        </div>
-                                        <CollapsibleContent className="space-y-4">
-                                            <div className="space-y-2">
-                                                <b>{t('dockerCompose')}</b>
-                                                <CopyTextBox
-                                                    text={
-                                                        newtConfigDockerCompose
-                                                    }
-                                                    wrapText={false}
-                                                />
-                                            </div>
-                                            <div className="space-y-2">
-                                                <b>{t('dockerRun')}</b>
-
-                                                <CopyTextBox
-                                                    text={newtConfigDockerRun}
-                                                    wrapText={false}
-                                                />
-                                            </div>
-                                        </CollapsibleContent>
-                                    </Collapsible>
-                                </div>
-                            </>
-                        ) : null}
-                    </div>
-
-                    {form.watch("method") === "local" && (
-                        <Link
-                            className="text-sm text-primary flex items-center gap-1"
-                            href="https://docs.fossorial.io/Pangolin/without-tunneling"
-                            target="_blank"
-                            rel="noopener noreferrer"
-                        >
-                            <span>{t('siteLearnLocal')}</span>
-                            <SquareArrowOutUpRight size={14} />
-                        </Link>
-                    )}
-
-                    {(form.watch("method") === "newt" ||
-                        form.watch("method") === "wireguard") && (
-                        <div className="flex items-center space-x-2">
-                            <Checkbox
-                                id="terms"
-                                checked={isChecked}
-                                onCheckedChange={handleCheckboxChange}
-                            />
-                            <label
-                                htmlFor="terms"
-                                className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                            >
-                                {t('siteConfirmCopy')}
-                            </label>
-                        </div>
-                    )}
-                </form>
-            </Form>
-        </div>
-    );
-}
diff --git a/src/app/[orgId]/settings/sites/SitesDataTable.tsx b/src/app/[orgId]/settings/sites/SitesDataTable.tsx
index 99445dea..60c395c7 100644
--- a/src/app/[orgId]/settings/sites/SitesDataTable.tsx
+++ b/src/app/[orgId]/settings/sites/SitesDataTable.tsx
@@ -8,12 +8,16 @@ interface DataTableProps<TData, TValue> {
     columns: ColumnDef<TData, TValue>[];
     data: TData[];
     createSite?: () => void;
+    onRefresh?: () => void;
+    isRefreshing?: boolean;
 }
 
 export function SitesDataTable<TData, TValue>({
     columns,
     data,
-    createSite
+    createSite,
+    onRefresh,
+    isRefreshing
 }: DataTableProps<TData, TValue>) {
 
     const t = useTranslations();
@@ -27,6 +31,8 @@ export function SitesDataTable<TData, TValue>({
             searchColumn="name"
             onAdd={createSite}
             addButtonText={t('siteAdd')}
+            onRefresh={onRefresh}
+            isRefreshing={isRefreshing}
             defaultSort={{
                 id: "name",
                 desc: false
diff --git a/src/app/[orgId]/settings/sites/SitesSplashCard.tsx b/src/app/[orgId]/settings/sites/SitesSplashCard.tsx
index 7484a15c..8bab93e6 100644
--- a/src/app/[orgId]/settings/sites/SitesSplashCard.tsx
+++ b/src/app/[orgId]/settings/sites/SitesSplashCard.tsx
@@ -5,10 +5,12 @@ import { Card, CardContent } from "@/components/ui/card";
 import { Button } from "@/components/ui/button";
 import { ArrowRight, DockIcon as Docker, Globe, Server, X } from "lucide-react";
 import Link from "next/link";
+import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useTranslations } from 'next-intl';
 
 export const SitesSplashCard = () => {
     const [isDismissed, setIsDismissed] = useState(true);
+    const { env } = useEnvContext();
 
     const key = "sites-splash-card-dismissed";
     const t = useTranslations();
diff --git a/src/app/[orgId]/settings/sites/SitesTable.tsx b/src/app/[orgId]/settings/sites/SitesTable.tsx
index 06ecadcb..8387ab7c 100644
--- a/src/app/[orgId]/settings/sites/SitesTable.tsx
+++ b/src/app/[orgId]/settings/sites/SitesTable.tsx
@@ -1,6 +1,6 @@
 "use client";
 
-import { ColumnDef } from "@tanstack/react-table";
+import { Column, ColumnDef } from "@tanstack/react-table";
 import { SitesDataTable } from "./SitesDataTable";
 import {
     DropdownMenu,
@@ -19,16 +19,16 @@ import {
 import Link from "next/link";
 import { useRouter } from "next/navigation";
 import { AxiosResponse } from "axios";
-import { useState } from "react";
-import CreateSiteForm from "./CreateSiteForm";
+import { useState, useEffect } from "react";
 import ConfirmDeleteDialog from "@app/components/ConfirmDeleteDialog";
 import { toast } from "@app/hooks/useToast";
 import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
-import CreateSiteFormModal from "./CreateSiteModal";
 import { useTranslations } from "next-intl";
-import { parseDataSize } from '@app/lib/dataSize';
+import { parseDataSize } from "@app/lib/dataSize";
+import { Badge } from "@app/components/ui/badge";
+import { InfoPopup } from "@app/components/ui/info-popup";
 
 export type SiteRow = {
     id: number;
@@ -38,7 +38,10 @@ export type SiteRow = {
     mbOut: string;
     orgId: string;
     type: "newt" | "wireguard";
+    newtVersion?: string;
+    newtUpdateAvailable?: boolean;
     online: boolean;
+    address?: string;
 };
 
 type SitesTableProps = {
@@ -52,18 +55,42 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
     const [isDeleteModalOpen, setIsDeleteModalOpen] = useState(false);
     const [selectedSite, setSelectedSite] = useState<SiteRow | null>(null);
     const [rows, setRows] = useState<SiteRow[]>(sites);
+    const [isRefreshing, setIsRefreshing] = useState(false);
 
     const api = createApiClient(useEnvContext());
     const t = useTranslations();
+    const { env } = useEnvContext();
+
+    // Update local state when props change (e.g., after refresh)
+    useEffect(() => {
+        setRows(sites);
+    }, [sites]);
+
+    const refreshData = async () => {
+        console.log("Data refreshed");
+        setIsRefreshing(true);
+        try {
+            await new Promise((resolve) => setTimeout(resolve, 200));
+            router.refresh();
+        } catch (error) {
+            toast({
+                title: t("error"),
+                description: t("refreshError"),
+                variant: "destructive"
+            });
+        } finally {
+            setIsRefreshing(false);
+        }
+    };
 
     const deleteSite = (siteId: number) => {
         api.delete(`/site/${siteId}`)
             .catch((e) => {
-                console.error(t('siteErrorDelete'), e);
+                console.error(t("siteErrorDelete"), e);
                 toast({
                     variant: "destructive",
-                    title: t('siteErrorDelete'),
-                    description: formatAxiosError(e, t('siteErrorDelete'))
+                    title: t("siteErrorDelete"),
+                    description: formatAxiosError(e, t("siteErrorDelete"))
                 });
             })
             .then(() => {
@@ -77,42 +104,6 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
     };
 
     const columns: ColumnDef<SiteRow>[] = [
-        {
-            id: "dots",
-            cell: ({ row }) => {
-                const siteRow = row.original;
-                const router = useRouter();
-
-                return (
-                    <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <span className="sr-only">Open menu</span>
-                                <MoreHorizontal className="h-4 w-4" />
-                            </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                            <Link
-                                className="block w-full"
-                                href={`/${siteRow.orgId}/settings/sites/${siteRow.nice}`}
-                            >
-                                <DropdownMenuItem>
-                                    {t('viewSettings')}
-                                </DropdownMenuItem>
-                            </Link>
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelectedSite(siteRow);
-                                    setIsDeleteModalOpen(true);
-                                }}
-                            >
-                                <span className="text-red-500">{t('delete')}</span>
-                            </DropdownMenuItem>
-                        </DropdownMenuContent>
-                    </DropdownMenu>
-                );
-            }
-        },
         {
             accessorKey: "name",
             header: ({ column }) => {
@@ -123,7 +114,7 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('name')}
+                        {t("name")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -139,7 +130,7 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('online')}
+                        {t("online")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -154,14 +145,14 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                         return (
                             <span className="text-green-500 flex items-center space-x-2">
                                 <div className="w-2 h-2 bg-green-500 rounded-full"></div>
-                                <span>{t('online')}</span>
+                                <span>{t("online")}</span>
                             </span>
                         );
                     } else {
                         return (
                             <span className="text-neutral-500 flex items-center space-x-2">
                                 <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
-                                <span>{t('offline')}</span>
+                                <span>{t("offline")}</span>
                             </span>
                         );
                     }
@@ -179,11 +170,19 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                         onClick={() =>
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
+                        className="hidden md:flex whitespace-nowrap"
                     >
-                        {t('site')}
+                        {t("site")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
+            },
+            cell: ({ row }) => {
+                return (
+                    <div className="hidden md:block whitespace-nowrap">
+                        {row.original.nice}
+                    </div>
+                );
             }
         },
         {
@@ -196,13 +195,14 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('dataIn')}
+                        {t("dataIn")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
             },
-            sortingFn: (rowA, rowB) => 
-                parseDataSize(rowA.original.mbIn) - parseDataSize(rowB.original.mbIn)
+            sortingFn: (rowA, rowB) =>
+                parseDataSize(rowA.original.mbIn) -
+                parseDataSize(rowB.original.mbIn)
         },
         {
             accessorKey: "mbOut",
@@ -214,13 +214,14 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('dataOut')}
+                        {t("dataOut")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
             },
             sortingFn: (rowA, rowB) =>
-                parseDataSize(rowA.original.mbOut) - parseDataSize(rowB.original.mbOut),
+                parseDataSize(rowA.original.mbOut) -
+                parseDataSize(rowB.original.mbOut)
         },
         {
             accessorKey: "type",
@@ -232,7 +233,7 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('connectionType')}
+                        {t("connectionType")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -242,8 +243,22 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
 
                 if (originalRow.type === "newt") {
                     return (
-                        <div className="flex items-center space-x-2">
-                            <span>Newt</span>
+                        <div className="flex items-center space-x-1">
+                            <Badge variant="secondary">
+                                <div className="flex items-center space-x-2">
+                                    <span>Newt</span>
+                                    {originalRow.newtVersion && (
+                                        <span className="text-xs text-gray-500">
+                                            v{originalRow.newtVersion}
+                                        </span>
+                                    )}
+                                </div>
+                            </Badge>
+                            {originalRow.newtUpdateAvailable && (
+                                <InfoPopup
+                                    info={t("newtUpdateAvailableInfo")}
+                                />
+                            )}
                         </div>
                     );
                 }
@@ -259,23 +274,68 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                 if (originalRow.type === "local") {
                     return (
                         <div className="flex items-center space-x-2">
-                            <span>{t('local')}</span>
+                            <span>{t("local")}</span>
                         </div>
                     );
                 }
             }
         },
+        ...(env.flags.enableClients ? [{
+            accessorKey: "address",
+            header: ({ column }: { column: Column<SiteRow, unknown> }) => {
+                return (
+                    <Button
+                        variant="ghost"
+                        onClick={() =>
+                            column.toggleSorting(column.getIsSorted() === "asc")
+                        }
+                    >
+                        Address
+                        <ArrowUpDown className="ml-2 h-4 w-4" />
+                    </Button>
+                );
+            }
+        }] : []),
         {
             id: "actions",
             cell: ({ row }) => {
                 const siteRow = row.original;
                 return (
-                    <div className="flex items-center justify-end">
+                    <div className="flex items-center justify-end gap-2">
+                        <DropdownMenu>
+                            <DropdownMenuTrigger asChild>
+                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                    <span className="sr-only">Open menu</span>
+                                    <MoreHorizontal className="h-4 w-4" />
+                                </Button>
+                            </DropdownMenuTrigger>
+                            <DropdownMenuContent align="end">
+                                <Link
+                                    className="block w-full"
+                                    href={`/${siteRow.orgId}/settings/sites/${siteRow.nice}`}
+                                >
+                                    <DropdownMenuItem>
+                                        {t("viewSettings")}
+                                    </DropdownMenuItem>
+                                </Link>
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelectedSite(siteRow);
+                                        setIsDeleteModalOpen(true);
+                                    }}
+                                >
+                                    <span className="text-red-500">
+                                        {t("delete")}
+                                    </span>
+                                </DropdownMenuItem>
+                            </DropdownMenuContent>
+                        </DropdownMenu>
+
                         <Link
                             href={`/${siteRow.orgId}/settings/sites/${siteRow.nice}`}
                         >
-                            <Button variant={"outlinePrimary"} className="ml-2">
-                                {t('edit')}
+                            <Button variant={"secondary"} size="sm">
+                                {t("edit")}
                                 <ArrowRight className="ml-2 w-4 h-4" />
                             </Button>
                         </Link>
@@ -297,22 +357,21 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                     dialog={
                         <div className="space-y-4">
                             <p>
-                                {t('siteQuestionRemove', {selectedSite: selectedSite?.name || selectedSite?.id})}
+                                {t("siteQuestionRemove", {
+                                    selectedSite:
+                                        selectedSite?.name || selectedSite?.id
+                                })}
                             </p>
 
-                            <p>  
-                                {t('siteMessageRemove')}
-                            </p>
+                            <p>{t("siteMessageRemove")}</p>
 
-                            <p>
-                                {t('siteMessageConfirm')}
-                            </p>
+                            <p>{t("siteMessageConfirm")}</p>
                         </div>
                     }
-                    buttonText={t('siteConfirmDelete')}
+                    buttonText={t("siteConfirmDelete")}
                     onConfirm={async () => deleteSite(selectedSite!.id)}
                     string={selectedSite.name}
-                    title={t('siteDelete')}
+                    title={t("siteDelete")}
                 />
             )}
 
@@ -322,6 +381,8 @@ export default function SitesTable({ sites, orgId }: SitesTableProps) {
                 createSite={() =>
                     router.push(`/${orgId}/settings/sites/create`)
                 }
+                onRefresh={refreshData}
+                isRefreshing={isRefreshing}
             />
         </>
     );
diff --git a/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx b/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx
index 2803e987..6094f167 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/SiteInfoCard.tsx
@@ -10,12 +10,14 @@ import {
     InfoSectionTitle
 } from "@app/components/InfoSection";
 import { useTranslations } from "next-intl";
+import { useEnvContext } from "@app/hooks/useEnvContext";
 
 type SiteInfoCardProps = {};
 
 export default function SiteInfoCard({}: SiteInfoCardProps) {
     const { site, updateSite } = useSiteContext();
     const t = useTranslations();
+    const { env } = useEnvContext();
 
     const getConnectionTypeString = (type: string) => {
         if (type === "newt") {
@@ -23,32 +25,34 @@ export default function SiteInfoCard({}: SiteInfoCardProps) {
         } else if (type === "wireguard") {
             return "WireGuard";
         } else if (type === "local") {
-            return t('local');
+            return t("local");
         } else {
-            return t('unknown');
+            return t("unknown");
         }
     };
 
     return (
         <Alert>
             <InfoIcon className="h-4 w-4" />
-            <AlertTitle className="font-semibold">{t('siteInfo')}</AlertTitle>
+            <AlertTitle className="font-semibold">{t("siteInfo")}</AlertTitle>
             <AlertDescription className="mt-4">
-                <InfoSections cols={2}>
+                <InfoSections cols={env.flags.enableClients ? 3 : 2}>
                     {(site.type == "newt" || site.type == "wireguard") && (
                         <>
                             <InfoSection>
-                                <InfoSectionTitle>{t('status')}</InfoSectionTitle>
+                                <InfoSectionTitle>
+                                    {t("status")}
+                                </InfoSectionTitle>
                                 <InfoSectionContent>
                                     {site.online ? (
                                         <div className="text-green-500 flex items-center space-x-2">
                                             <div className="w-2 h-2 bg-green-500 rounded-full"></div>
-                                            <span>{t('online')}</span>
+                                            <span>{t("online")}</span>
                                         </div>
                                     ) : (
                                         <div className="text-neutral-500 flex items-center space-x-2">
                                             <div className="w-2 h-2 bg-gray-500 rounded-full"></div>
-                                            <span>{t('offline')}</span>
+                                            <span>{t("offline")}</span>
                                         </div>
                                     )}
                                 </InfoSectionContent>
@@ -56,11 +60,22 @@ export default function SiteInfoCard({}: SiteInfoCardProps) {
                         </>
                     )}
                     <InfoSection>
-                        <InfoSectionTitle>{t('connectionType')}</InfoSectionTitle>
+                        <InfoSectionTitle>
+                            {t("connectionType")}
+                        </InfoSectionTitle>
                         <InfoSectionContent>
                             {getConnectionTypeString(site.type)}
                         </InfoSectionContent>
                     </InfoSection>
+
+                    {env.flags.enableClients && (
+                        <InfoSection>
+                            <InfoSectionTitle>Address</InfoSectionTitle>
+                            <InfoSectionContent>
+                                {site.address?.split("/")[0]}
+                            </InfoSectionContent>
+                        </InfoSection>
+                    )}
                 </InfoSections>
             </AlertDescription>
         </Alert>
diff --git a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
index 7b97f99f..ba1f877c 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/general/page.tsx
@@ -24,8 +24,7 @@ import {
     SettingsSectionTitle,
     SettingsSectionDescription,
     SettingsSectionBody,
-    SettingsSectionForm,
-    SettingsSectionFooter
+    SettingsSectionForm
 } from "@app/components/Settings";
 import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
@@ -177,18 +176,18 @@ export default function GeneralPage() {
                         </Form>
                     </SettingsSectionForm>
                 </SettingsSectionBody>
-
-                <SettingsSectionFooter>
-                    <Button
-                        type="submit"
-                        form="general-settings-form"
-                        loading={loading}
-                        disabled={loading}
-                    >
-                        {t("saveGeneralSettings")}
-                    </Button>
-                </SettingsSectionFooter>
             </SettingsSection>
+
+            <div className="flex justify-end mt-6">
+                <Button
+                    type="submit"
+                    form="general-settings-form"
+                    loading={loading}
+                    disabled={loading}
+                >
+                    Save All Settings
+                </Button>
+            </div>
         </SettingsContainer>
     );
 }
diff --git a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
index 2eb3bd13..597cc852 100644
--- a/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
+++ b/src/app/[orgId]/settings/sites/[niceId]/layout.tsx
@@ -5,16 +5,7 @@ import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
-import Link from "next/link";
-import { ArrowLeft } from "lucide-react";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
 import SiteInfoCard from "./SiteInfoCard";
 import { getTranslations } from "next-intl/server";
 
diff --git a/src/app/[orgId]/settings/sites/create/page.tsx b/src/app/[orgId]/settings/sites/create/page.tsx
index 7cca7454..454f609e 100644
--- a/src/app/[orgId]/settings/sites/create/page.tsx
+++ b/src/app/[orgId]/settings/sites/create/page.tsx
@@ -21,7 +21,7 @@ import {
 } from "@app/components/ui/form";
 import HeaderTitle from "@app/components/SettingsSectionTitle";
 import { z } from "zod";
-import { useEffect, useState } from "react";
+import { createElement, useEffect, useState } from "react";
 import { useForm } from "react-hook-form";
 import { zodResolver } from "@hookform/resolvers/zod";
 import { Input } from "@app/components/ui/input";
@@ -55,15 +55,8 @@ import {
 import { toast } from "@app/hooks/useToast";
 import { AxiosResponse } from "axios";
 import { useParams, useRouter } from "next/navigation";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
-import Link from "next/link";
 import { QRCodeCanvas } from "qrcode.react";
+
 import { useTranslations } from "next-intl";
 
 type SiteType = "newt" | "wireguard" | "local";
@@ -105,22 +98,24 @@ export default function Page() {
         .object({
             name: z
                 .string()
-                .min(2, { message: t('nameMin', {len: 2}) })
+                .min(2, { message: t("nameMin", { len: 2 }) })
                 .max(30, {
-                    message: t('nameMax', {len: 30})
+                    message: t("nameMax", { len: 30 })
                 }),
             method: z.enum(["newt", "wireguard", "local"]),
-            copied: z.boolean()
+            copied: z.boolean(),
+            clientAddress: z.string().optional()
         })
         .refine(
             (data) => {
                 if (data.method !== "local") {
-                    return data.copied;
+                    // return data.copied;
+                    return true;
                 }
                 return true;
             },
             {
-                message: t('sitesConfirmCopy'),
+                message: t("sitesConfirmCopy"),
                 path: ["copied"]
             }
         );
@@ -132,21 +127,29 @@ export default function Page() {
     >([
         {
             id: "newt",
-            title: t('siteNewtTunnel'),
-            description: t('siteNewtTunnelDescription'),
+            title: t("siteNewtTunnel"),
+            description: t("siteNewtTunnelDescription"),
             disabled: true
         },
-        {
-            id: "wireguard",
-            title: t('siteWg'),
-            description: t('siteWgDescription'),
-            disabled: true
-        },
-        {
-            id: "local",
-            title: t('local'),
-            description: t('siteLocalDescription')
-        }
+        ...(env.flags.disableBasicWireguardSites
+            ? []
+            : [
+                  {
+                      id: "wireguard" as SiteType,
+                      title: t("siteWg"),
+                      description: t("siteWgDescription"),
+                      disabled: true
+                  }
+              ]),
+        ...(env.flags.disableLocalSites
+            ? []
+            : [
+                  {
+                      id: "local" as SiteType,
+                      title: t("local"),
+                      description: t("siteLocalDescription")
+                  }
+              ])
     ]);
 
     const [loadingPage, setLoadingPage] = useState(true);
@@ -158,7 +161,7 @@ export default function Page() {
     const [newtId, setNewtId] = useState("");
     const [newtSecret, setNewtSecret] = useState("");
     const [newtEndpoint, setNewtEndpoint] = useState("");
-
+    const [clientAddress, setClientAddress] = useState("");
     const [publicKey, setPublicKey] = useState("");
     const [privateKey, setPrivateKey] = useState("");
     const [wgConfig, setWgConfig] = useState("");
@@ -324,7 +327,7 @@ WantedBy=default.target`
     };
 
     const getCommand = () => {
-        const placeholder = [t('unknownCommand')];
+        const placeholder = [t("unknownCommand")];
         if (!commands) {
             return placeholder;
         }
@@ -369,20 +372,28 @@ WantedBy=default.target`
 
     const form = useForm<CreateSiteFormValues>({
         resolver: zodResolver(createSiteFormSchema),
-        defaultValues: { name: "", copied: false, method: "newt" }
+        defaultValues: {
+            name: "",
+            copied: false,
+            method: "newt",
+            clientAddress: ""
+        }
     });
 
     async function onSubmit(data: CreateSiteFormValues) {
         setCreateLoading(true);
 
-        let payload: CreateSiteBody = { name: data.name, type: data.method };
+        let payload: CreateSiteBody = {
+            name: data.name,
+            type: data.method as "newt" | "wireguard" | "local"
+        };
 
         if (data.method == "wireguard") {
             if (!siteDefaults || !wgConfig) {
                 toast({
                     variant: "destructive",
-                    title: t('siteErrorCreate'),
-                    description: t('siteErrorCreateKeyPair')
+                    title: t("siteErrorCreate"),
+                    description: t("siteErrorCreateKeyPair")
                 });
                 setCreateLoading(false);
                 return;
@@ -399,8 +410,8 @@ WantedBy=default.target`
             if (!siteDefaults) {
                 toast({
                     variant: "destructive",
-                    title: t('siteErrorCreate'),
-                    description: t('siteErrorCreateDefaults')
+                    title: t("siteErrorCreate"),
+                    description: t("siteErrorCreateDefaults")
                 });
                 setCreateLoading(false);
                 return;
@@ -411,7 +422,8 @@ WantedBy=default.target`
                 subnet: siteDefaults.subnet,
                 exitNodeId: siteDefaults.exitNodeId,
                 secret: siteDefaults.newtSecret,
-                newtId: siteDefaults.newtId
+                newtId: siteDefaults.newtId,
+                address: clientAddress
             };
         }
 
@@ -422,7 +434,7 @@ WantedBy=default.target`
             .catch((e) => {
                 toast({
                     variant: "destructive",
-                    title: t('siteErrorCreate'),
+                    title: t("siteErrorCreate"),
                     description: formatAxiosError(e)
                 });
             });
@@ -448,14 +460,23 @@ WantedBy=default.target`
                 );
                 if (!response.ok) {
                     throw new Error(
-                        t('newtErrorFetchReleases', {err: response.statusText})
+                        t("newtErrorFetchReleases", {
+                            err: response.statusText
+                        })
                     );
                 }
                 const data = await response.json();
                 const latestVersion = data.tag_name;
                 newtVersion = latestVersion;
             } catch (error) {
-                console.error(t('newtErrorFetchLatest', {err: error instanceof Error ? error.message : String(error)}));
+                console.error(
+                    t("newtErrorFetchLatest", {
+                        err:
+                            error instanceof Error
+                                ? error.message
+                                : String(error)
+                    })
+                );
             }
 
             const generatedKeypair = generateKeypair();
@@ -481,10 +502,12 @@ WantedBy=default.target`
                         const newtId = data.newtId;
                         const newtSecret = data.newtSecret;
                         const newtEndpoint = data.endpoint;
+                        const clientAddress = data.clientAddress;
 
                         setNewtId(newtId);
                         setNewtSecret(newtSecret);
                         setNewtEndpoint(newtEndpoint);
+                        setClientAddress(clientAddress);
 
                         hydrateCommands(
                             newtId,
@@ -520,8 +543,8 @@ WantedBy=default.target`
         <>
             <div className="flex justify-between">
                 <HeaderTitle
-                    title={t('siteCreate')}
-                    description={t('siteCreateDescription2')}
+                    title={t("siteCreate")}
+                    description={t("siteCreateDescription2")}
                 />
                 <Button
                     variant="outline"
@@ -529,7 +552,7 @@ WantedBy=default.target`
                         router.push(`/${orgId}/settings/sites`);
                     }}
                 >
-                    {t('siteSeeAll')}
+                    {t("siteSeeAll")}
                 </Button>
             </div>
 
@@ -539,7 +562,7 @@ WantedBy=default.target`
                         <SettingsSection>
                             <SettingsSectionHeader>
                                 <SettingsSectionTitle>
-                                    {t('siteInfo')}
+                                    {t("siteInfo")}
                                 </SettingsSectionTitle>
                             </SettingsSectionHeader>
                             <SettingsSectionBody>
@@ -555,7 +578,7 @@ WantedBy=default.target`
                                                 render={({ field }) => (
                                                     <FormItem>
                                                         <FormLabel>
-                                                            {t('name')}
+                                                            {t("name")}
                                                         </FormLabel>
                                                         <FormControl>
                                                             <Input
@@ -565,54 +588,106 @@ WantedBy=default.target`
                                                         </FormControl>
                                                         <FormMessage />
                                                         <FormDescription>
-                                                            {t('siteNameDescription')}
+                                                            {t(
+                                                                "siteNameDescription"
+                                                            )}
                                                         </FormDescription>
                                                     </FormItem>
                                                 )}
                                             />
+                                            {env.flags.enableClients &&
+                                                form.watch("method") ===
+                                                    "newt" && (
+                                                    <FormField
+                                                        control={form.control}
+                                                        name="clientAddress"
+                                                        render={({ field }) => (
+                                                            <FormItem>
+                                                                <FormLabel>
+                                                                    Site Address
+                                                                </FormLabel>
+                                                                <FormControl>
+                                                                    <Input
+                                                                        autoComplete="off"
+                                                                        value={
+                                                                            clientAddress
+                                                                        }
+                                                                        onChange={(
+                                                                            e
+                                                                        ) => {
+                                                                            setClientAddress(
+                                                                                e
+                                                                                    .target
+                                                                                    .value
+                                                                            );
+                                                                            field.onChange(
+                                                                                e
+                                                                                    .target
+                                                                                    .value
+                                                                            );
+                                                                        }}
+                                                                    />
+                                                                </FormControl>
+                                                                <FormMessage />
+                                                                <FormDescription>
+                                                                    Specify the
+                                                                    IP address
+                                                                    of the host
+                                                                    for clients
+                                                                    to connect
+                                                                    to.
+                                                                </FormDescription>
+                                                            </FormItem>
+                                                        )}
+                                                    />
+                                                )}
                                         </form>
                                     </Form>
                                 </SettingsSectionForm>
                             </SettingsSectionBody>
                         </SettingsSection>
 
-                        <SettingsSection>
-                            <SettingsSectionHeader>
-                                <SettingsSectionTitle>
-                                    {t('tunnelType')}
-                                </SettingsSectionTitle>
-                                <SettingsSectionDescription>
-                                    {t('siteTunnelDescription')}
-                                </SettingsSectionDescription>
-                            </SettingsSectionHeader>
-                            <SettingsSectionBody>
-                                <StrategySelect
-                                    options={tunnelTypes}
-                                    defaultValue={form.getValues("method")}
-                                    onChange={(value) => {
-                                        form.setValue("method", value);
-                                    }}
-                                    cols={3}
-                                />
-                            </SettingsSectionBody>
-                        </SettingsSection>
+                        {tunnelTypes.length > 1 && (
+                            <SettingsSection>
+                                <SettingsSectionHeader>
+                                    <SettingsSectionTitle>
+                                        {t("tunnelType")}
+                                    </SettingsSectionTitle>
+                                    <SettingsSectionDescription>
+                                        {t("siteTunnelDescription")}
+                                    </SettingsSectionDescription>
+                                </SettingsSectionHeader>
+                                <SettingsSectionBody>
+                                    <StrategySelect
+                                        options={tunnelTypes}
+                                        defaultValue={form.getValues("method")}
+                                        onChange={(value) => {
+                                            form.setValue("method", value);
+                                        }}
+                                        cols={3}
+                                    />
+                                </SettingsSectionBody>
+                            </SettingsSection>
+                        )}
 
                         {form.watch("method") === "newt" && (
                             <>
                                 <SettingsSection>
                                     <SettingsSectionHeader>
                                         <SettingsSectionTitle>
-                                            {t('siteNewtCredentials')}
+                                            {t("siteNewtCredentials")}
                                         </SettingsSectionTitle>
                                         <SettingsSectionDescription>
-                                            {t('siteNewtCredentialsDescription')}
+                                            {t(
+                                                "siteNewtCredentialsDescription"
+                                            )}
                                         </SettingsSectionDescription>
                                     </SettingsSectionHeader>
                                     <SettingsSectionBody>
                                         <InfoSections cols={3}>
                                             <InfoSection>
                                                 <InfoSectionTitle>
-                                                    {t('newtEndpoint')}
+                                                    {t("newtEndpoint")}
                                                 </InfoSectionTitle>
                                                 <InfoSectionContent>
                                                     <CopyToClipboard
@@ -624,7 +699,7 @@ WantedBy=default.target`
                                             </InfoSection>
                                             <InfoSection>
                                                 <InfoSectionTitle>
-                                                    {t('newtId')}
+                                                    {t("newtId")}
                                                 </InfoSectionTitle>
                                                 <InfoSectionContent>
                                                     <CopyToClipboard
@@ -634,7 +709,7 @@ WantedBy=default.target`
                                             </InfoSection>
                                             <InfoSection>
                                                 <InfoSectionTitle>
-                                                    {t('newtSecretKey')}
+                                                    {t("newtSecretKey")}
                                                 </InfoSectionTitle>
                                                 <InfoSectionContent>
                                                     <CopyToClipboard
@@ -647,69 +722,70 @@ WantedBy=default.target`
                                         <Alert variant="neutral" className="">
                                             <InfoIcon className="h-4 w-4" />
                                             <AlertTitle className="font-semibold">
-                                                {t('siteCredentialsSave')}
+                                                {t("siteCredentialsSave")}
                                             </AlertTitle>
                                             <AlertDescription>
-                                                {t('siteCredentialsSaveDescription')}
+                                                {t(
+                                                    "siteCredentialsSaveDescription"
+                                                )}
                                             </AlertDescription>
                                         </Alert>
 
-                                        <Form {...form}>
-                                            <form
-                                                className="space-y-4"
-                                                id="create-site-form"
-                                            >
-                                                <FormField
-                                                    control={form.control}
-                                                    name="copied"
-                                                    render={({ field }) => (
-                                                        <FormItem>
-                                                            <div className="flex items-center space-x-2">
-                                                                <Checkbox
-                                                                    id="terms"
-                                                                    defaultChecked={
-                                                                        form.getValues(
-                                                                            "copied"
-                                                                        ) as boolean
-                                                                    }
-                                                                    onCheckedChange={(
-                                                                        e
-                                                                    ) => {
-                                                                        form.setValue(
-                                                                            "copied",
-                                                                            e as boolean
-                                                                        );
-                                                                    }}
-                                                                />
-                                                                <label
-                                                                    htmlFor="terms"
-                                                                    className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                                                                >
-                                                                    {t('siteConfirmCopy')}
-                                                                </label>
-                                                            </div>
-                                                            <FormMessage />
-                                                        </FormItem>
-                                                    )}
-                                                />
-                                            </form>
-                                        </Form>
+                                        {/* <Form {...form}> */}
+                                        {/*     <form */}
+                                        {/*         className="space-y-4" */}
+                                        {/*         id="create-site-form" */}
+                                        {/*     > */}
+                                        {/*         <FormField */}
+                                        {/*             control={form.control} */}
+                                        {/*             name="copied" */}
+                                        {/*             render={({ field }) => ( */}
+                                        {/*                 <FormItem> */}
+                                        {/*                     <div className="flex items-center space-x-2"> */}
+                                        {/*                         <Checkbox */}
+                                        {/*                             id="terms" */}
+                                        {/*                             defaultChecked={ */}
+                                        {/*                                 form.getValues( */}
+                                        {/*                                     "copied" */}
+                                        {/*                                 ) as boolean */}
+                                        {/*                             } */}
+                                        {/*                             onCheckedChange={( */}
+                                        {/*                                 e */}
+                                        {/*                             ) => { */}
+                                        {/*                                 form.setValue( */}
+                                        {/*                                     "copied", */}
+                                        {/*                                     e as boolean */}
+                                        {/*                                 ); */}
+                                        {/*                             }} */}
+                                        {/*                         /> */}
+                                        {/*                         <label */}
+                                        {/*                             htmlFor="terms" */}
+                                        {/*                             className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70" */}
+                                        {/*                         > */}
+                                        {/*                             {t('siteConfirmCopy')} */}
+                                        {/*                         </label> */}
+                                        {/*                     </div> */}
+                                        {/*                     <FormMessage /> */}
+                                        {/*                 </FormItem> */}
+                                        {/*             )} */}
+                                        {/*         /> */}
+                                        {/*     </form> */}
+                                        {/* </Form> */}
                                     </SettingsSectionBody>
                                 </SettingsSection>
-
                                 <SettingsSection>
                                     <SettingsSectionHeader>
                                         <SettingsSectionTitle>
-                                            {t('siteInstallNewt')}
+                                            {t("siteInstallNewt")}
                                         </SettingsSectionTitle>
                                         <SettingsSectionDescription>
-                                            {t('siteInstallNewtDescription')}
+                                            {t("siteInstallNewtDescription")}
                                         </SettingsSectionDescription>
                                     </SettingsSectionHeader>
                                     <SettingsSectionBody>
                                         <div>
                                             <p className="font-bold mb-3">
-                                                {t('operatingSystem')}
+                                                {t("operatingSystem")}
                                             </p>
                                             <div className="grid grid-cols-2 md:grid-cols-5 gap-2">
                                                 {platforms.map((os) => (
@@ -720,7 +796,7 @@ WantedBy=default.target`
                                                                 ? "squareOutlinePrimary"
                                                                 : "squareOutline"
                                                         }
-                                                        className={`flex-1 min-w-[120px] ${platform === os ? "bg-primary/10" : ""}`}
+                                                        className={`flex-1 min-w-[120px] ${platform === os ? "bg-primary/10" : ""} shadow-none`}
                                                         onClick={() => {
                                                             setPlatform(os);
                                                         }}
@@ -737,8 +813,8 @@ WantedBy=default.target`
                                                 {["docker", "podman"].includes(
                                                     platform
                                                 )
-                                                    ? t('method')
-                                                    : t('architecture')}
+                                                    ? t("method")
+                                                    : t("architecture")}
                                             </p>
                                             <div className="grid grid-cols-2 md:grid-cols-5 gap-2">
                                                 {getArchitectures().map(
@@ -751,7 +827,7 @@ WantedBy=default.target`
                                                                     ? "squareOutlinePrimary"
                                                                     : "squareOutline"
                                                             }
-                                                            className={`flex-1 min-w-[120px] ${architecture === arch ? "bg-primary/10" : ""}`}
+                                                            className={`flex-1 min-w-[120px] ${architecture === arch ? "bg-primary/10" : ""} shadow-none`}
                                                             onClick={() =>
                                                                 setArchitecture(
                                                                     arch
@@ -765,7 +841,7 @@ WantedBy=default.target`
                                             </div>
                                             <div className="pt-4">
                                                 <p className="font-bold mb-3">
-                                                    {t('commands')}
+                                                    {t("commands")}
                                                 </p>
                                                 <div className="mt-2">
                                                     <CopyTextBox
@@ -786,10 +862,10 @@ WantedBy=default.target`
                             <SettingsSection>
                                 <SettingsSectionHeader>
                                     <SettingsSectionTitle>
-                                        {t('WgConfiguration')}
+                                        {t("WgConfiguration")}
                                     </SettingsSectionTitle>
                                     <SettingsSectionDescription>
-                                        {t('WgConfigurationDescription')}
+                                        {t("WgConfigurationDescription")}
                                     </SettingsSectionDescription>
                                 </SettingsSectionHeader>
                                 <SettingsSectionBody>
@@ -810,53 +886,14 @@ WantedBy=default.target`
                                     <Alert variant="neutral">
                                         <InfoIcon className="h-4 w-4" />
                                         <AlertTitle className="font-semibold">
-                                            {t('siteCredentialsSave')}
+                                            {t("siteCredentialsSave")}
                                         </AlertTitle>
                                         <AlertDescription>
-                                            {t('siteCredentialsSaveDescription')}
+                                            {t(
+                                                "siteCredentialsSaveDescription"
+                                            )}
                                         </AlertDescription>
                                     </Alert>
-
-                                    <Form {...form}>
-                                        <form
-                                            className="space-y-4"
-                                            id="create-site-form"
-                                        >
-                                            <FormField
-                                                control={form.control}
-                                                name="copied"
-                                                render={({ field }) => (
-                                                    <FormItem>
-                                                        <div className="flex items-center space-x-2">
-                                                            <Checkbox
-                                                                id="terms"
-                                                                defaultChecked={
-                                                                    form.getValues(
-                                                                        "copied"
-                                                                    ) as boolean
-                                                                }
-                                                                onCheckedChange={(
-                                                                    e
-                                                                ) => {
-                                                                    form.setValue(
-                                                                        "copied",
-                                                                        e as boolean
-                                                                    );
-                                                                }}
-                                                            />
-                                                            <label
-                                                                htmlFor="terms"
-                                                                className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                                                            >
-                                                                {t('siteConfirmCopy')}
-                                                            </label>
-                                                        </div>
-                                                        <FormMessage />
-                                                    </FormItem>
-                                                )}
-                                            />
-                                        </form>
-                                    </Form>
                                 </SettingsSectionBody>
                             </SettingsSection>
                         )}
@@ -870,15 +907,17 @@ WantedBy=default.target`
                                 router.push(`/${orgId}/settings/sites`);
                             }}
                         >
-                            {t('cancel')}
+                            {t("cancel")}
                         </Button>
                         <Button
                             type="button"
+                            loading={createLoading}
+                            disabled={createLoading}
                             onClick={() => {
                                 form.handleSubmit(onSubmit)();
                             }}
                         >
-                            {t('siteCreate')}
+                            {t("siteCreate")}
                         </Button>
                     </div>
                 </div>
diff --git a/src/app/[orgId]/settings/sites/page.tsx b/src/app/[orgId]/settings/sites/page.tsx
index 401fb2e5..10bcad53 100644
--- a/src/app/[orgId]/settings/sites/page.tsx
+++ b/src/app/[orgId]/settings/sites/page.tsx
@@ -44,11 +44,14 @@ export default async function SitesPage(props: SitesPageProps) {
             name: site.name,
             id: site.siteId,
             nice: site.niceId.toString(),
+            address: site.address?.split("/")[0],
             mbIn: formatSize(site.megabytesIn || 0, site.type),
             mbOut: formatSize(site.megabytesOut || 0, site.type),
             orgId: params.orgId,
             type: site.type as any,
-            online: site.online
+            online: site.online,
+            newtVersion: site.newtVersion || undefined,
+            newtUpdateAvailable: site.newtUpdateAvailable || false,
         };
     });
 
diff --git a/src/app/admin/api-keys/ApiKeysTable.tsx b/src/app/admin/api-keys/ApiKeysTable.tsx
index 517505ef..02aead9e 100644
--- a/src/app/admin/api-keys/ApiKeysTable.tsx
+++ b/src/app/admin/api-keys/ApiKeysTable.tsx
@@ -46,11 +46,14 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
     const deleteSite = (apiKeyId: string) => {
         api.delete(`/api-key/${apiKeyId}`)
             .catch((e) => {
-                console.error(t('apiKeysErrorDelete'), e);
+                console.error(t("apiKeysErrorDelete"), e);
                 toast({
                     variant: "destructive",
-                    title: t('apiKeysErrorDelete'),
-                    description: formatAxiosError(e, t('apiKeysErrorDeleteMessage'))
+                    title: t("apiKeysErrorDelete"),
+                    description: formatAxiosError(
+                        e,
+                        t("apiKeysErrorDeleteMessage")
+                    )
                 });
             })
             .then(() => {
@@ -64,41 +67,6 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
     };
 
     const columns: ColumnDef<ApiKeyRow>[] = [
-        {
-            id: "dots",
-            cell: ({ row }) => {
-                const apiKeyROw = row.original;
-                const router = useRouter();
-
-                return (
-                    <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <span className="sr-only">{t('openMenu')}</span>
-                                <MoreHorizontal className="h-4 w-4" />
-                            </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelected(apiKeyROw);
-                                }}
-                            >
-                                <span>{t('viewSettings')}</span>
-                            </DropdownMenuItem>
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelected(apiKeyROw);
-                                    setIsDeleteModalOpen(true);
-                                }}
-                            >
-                                <span className="text-red-500">{t('delete')}</span>
-                            </DropdownMenuItem>
-                        </DropdownMenuContent>
-                    </DropdownMenu>
-                );
-            }
-        },
         {
             accessorKey: "name",
             header: ({ column }) => {
@@ -109,7 +77,7 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('name')}
+                        {t("name")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -117,7 +85,7 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
         },
         {
             accessorKey: "key",
-            header: t('key'),
+            header: t("key"),
             cell: ({ row }) => {
                 const r = row.original;
                 return <span className="font-mono">{r.key}</span>;
@@ -125,7 +93,7 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
         },
         {
             accessorKey: "createdAt",
-            header: t('createdAt'),
+            header: t("createdAt"),
             cell: ({ row }) => {
                 const r = row.original;
                 return <span>{moment(r.createdAt).format("lll")} </span>;
@@ -136,13 +104,44 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
             cell: ({ row }) => {
                 const r = row.original;
                 return (
-                    <div className="flex items-center justify-end">
-                        <Link href={`/admin/api-keys/${r.id}`}>
-                            <Button variant={"outlinePrimary"} className="ml-2">
-                                {t('edit')}
-                                <ArrowRight className="ml-2 w-4 h-4" />
-                            </Button>
-                        </Link>
+                    <div className="flex items-center justify-end gap-2">
+                        <DropdownMenu>
+                            <DropdownMenuTrigger asChild>
+                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                    <span className="sr-only">
+                                        {t("openMenu")}
+                                    </span>
+                                    <MoreHorizontal className="h-4 w-4" />
+                                </Button>
+                            </DropdownMenuTrigger>
+                            <DropdownMenuContent align="end">
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelected(r);
+                                    }}
+                                >
+                                    <span>{t("viewSettings")}</span>
+                                </DropdownMenuItem>
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelected(r);
+                                        setIsDeleteModalOpen(true);
+                                    }}
+                                >
+                                    <span className="text-red-500">
+                                        {t("delete")}
+                                    </span>
+                                </DropdownMenuItem>
+                            </DropdownMenuContent>
+                        </DropdownMenu>
+                        <div className="flex items-center justify-end">
+                            <Link href={`/admin/api-keys/${r.id}`}>
+                                <Button variant={"secondary"} className="ml-2" size="sm">
+                                    {t("edit")}
+                                    <ArrowRight className="ml-2 w-4 h-4" />
+                                </Button>
+                            </Link>
+                        </div>
                     </div>
                 );
             }
@@ -161,24 +160,23 @@ export default function ApiKeysTable({ apiKeys }: ApiKeyTableProps) {
                     dialog={
                         <div className="space-y-4">
                             <p>
-                                {t('apiKeysQuestionRemove', {selectedApiKey: selected?.name || selected?.id})}
+                                {t("apiKeysQuestionRemove", {
+                                    selectedApiKey:
+                                        selected?.name || selected?.id
+                                })}
                             </p>
 
                             <p>
-                                <b>
-                                    {t('apiKeysMessageRemove')}
-                                </b>
+                                <b>{t("apiKeysMessageRemove")}</b>
                             </p>
 
-                            <p>
-                                {t('apiKeysMessageConfirm')}
-                            </p>
+                            <p>{t("apiKeysMessageConfirm")}</p>
                         </div>
                     }
-                    buttonText={t('apiKeysDeleteConfirm')}
+                    buttonText={t("apiKeysDeleteConfirm")}
                     onConfirm={async () => deleteSite(selected!.id)}
                     string={selected.name}
-                    title={t('apiKeysDelete')}
+                    title={t("apiKeysDelete")}
                 />
             )}
 
diff --git a/src/app/admin/api-keys/[apiKeyId]/layout.tsx b/src/app/admin/api-keys/[apiKeyId]/layout.tsx
index 0d6f7bdb..7e9e579f 100644
--- a/src/app/admin/api-keys/[apiKeyId]/layout.tsx
+++ b/src/app/admin/api-keys/[apiKeyId]/layout.tsx
@@ -2,16 +2,7 @@ import { internal } from "@app/lib/api";
 import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { authCookieHeader } from "@app/lib/api/cookies";
-import { SidebarSettings } from "@app/components/SidebarSettings";
-import Link from "next/link";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
 import { GetApiKeyResponse } from "@server/routers/apiKeys";
 import ApiKeyProvider from "@app/providers/ApiKeyProvider";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
diff --git a/src/app/admin/api-keys/create/page.tsx b/src/app/admin/api-keys/create/page.tsx
index 5ca647c5..3b6aac82 100644
--- a/src/app/admin/api-keys/create/page.tsx
+++ b/src/app/admin/api-keys/create/page.tsx
@@ -25,21 +25,12 @@ import { zodResolver } from "@hookform/resolvers/zod";
 import { Input } from "@app/components/ui/input";
 import { InfoIcon } from "lucide-react";
 import { Button } from "@app/components/ui/button";
-import { Checkbox, CheckboxWithLabel } from "@app/components/ui/checkbox";
 import { Alert, AlertDescription, AlertTitle } from "@app/components/ui/alert";
 import { createApiClient, formatAxiosError } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
 import { AxiosResponse } from "axios";
-import { useParams, useRouter } from "next/navigation";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
-import Link from "next/link";
+import {  useRouter } from "next/navigation";
 import {
     CreateOrgApiKeyBody,
     CreateOrgApiKeyResponse
@@ -108,7 +99,7 @@ export default function Page() {
     const copiedForm = useForm<CopiedFormValues>({
         resolver: zodResolver(copiedFormSchema),
         defaultValues: {
-            copied: false
+            copied: true
         }
     });
 
@@ -299,54 +290,54 @@ export default function Page() {
                                         </AlertDescription>
                                     </Alert>
 
-                                    <h4 className="font-semibold">
-                                        {t('apiKeysInfo')}
-                                    </h4>
+                                    {/* <h4 className="font-semibold"> */}
+                                    {/*     {t('apiKeysInfo')} */}
+                                    {/* </h4> */}
 
                                     <CopyTextBox
                                         text={`${apiKey.apiKeyId}.${apiKey.apiKey}`}
                                     />
 
-                                    <Form {...copiedForm}>
-                                        <form
-                                            className="space-y-4"
-                                            id="copied-form"
-                                        >
-                                            <FormField
-                                                control={copiedForm.control}
-                                                name="copied"
-                                                render={({ field }) => (
-                                                    <FormItem>
-                                                        <div className="flex items-center space-x-2">
-                                                            <Checkbox
-                                                                id="terms"
-                                                                defaultChecked={
-                                                                    copiedForm.getValues(
-                                                                        "copied"
-                                                                    ) as boolean
-                                                                }
-                                                                onCheckedChange={(
-                                                                    e
-                                                                ) => {
-                                                                    copiedForm.setValue(
-                                                                        "copied",
-                                                                        e as boolean
-                                                                    );
-                                                                }}
-                                                            />
-                                                            <label
-                                                                htmlFor="terms"
-                                                                className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-                                                            >
-                                                                {t('apiKeysConfirmCopy')}
-                                                            </label>
-                                                        </div>
-                                                        <FormMessage />
-                                                    </FormItem>
-                                                )}
-                                            />
-                                        </form>
-                                    </Form>
+                                    {/* <Form {...copiedForm}> */}
+                                    {/*     <form */}
+                                    {/*         className="space-y-4" */}
+                                    {/*         id="copied-form" */}
+                                    {/*     > */}
+                                    {/*         <FormField */}
+                                    {/*             control={copiedForm.control} */}
+                                    {/*             name="copied" */}
+                                    {/*             render={({ field }) => ( */}
+                                    {/*                 <FormItem> */}
+                                    {/*                     <div className="flex items-center space-x-2"> */}
+                                    {/*                         <Checkbox */}
+                                    {/*                             id="terms" */}
+                                    {/*                             defaultChecked={ */}
+                                    {/*                                 copiedForm.getValues( */}
+                                    {/*                                     "copied" */}
+                                    {/*                                 ) as boolean */}
+                                    {/*                             } */}
+                                    {/*                             onCheckedChange={( */}
+                                    {/*                                 e */}
+                                    {/*                             ) => { */}
+                                    {/*                                 copiedForm.setValue( */}
+                                    {/*                                     "copied", */}
+                                    {/*                                     e as boolean */}
+                                    {/*                                 ); */}
+                                    {/*                             }} */}
+                                    {/*                         /> */}
+                                    {/*                         <label */}
+                                    {/*                             htmlFor="terms" */}
+                                    {/*                             className="text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70" */}
+                                    {/*                         > */}
+                                    {/*                             {t('apiKeysConfirmCopy')} */}
+                                    {/*                         </label> */}
+                                    {/*                     </div> */}
+                                    {/*                     <FormMessage /> */}
+                                    {/*                 </FormItem> */}
+                                    {/*             )} */}
+                                    {/*         /> */}
+                                    {/*     </form> */}
+                                    {/* </Form> */}
                                 </SettingsSectionBody>
                             </SettingsSection>
                         )}
diff --git a/src/app/admin/idp/AdminIdpTable.tsx b/src/app/admin/idp/AdminIdpTable.tsx
index c55a2b35..fa7de6da 100644
--- a/src/app/admin/idp/AdminIdpTable.tsx
+++ b/src/app/admin/idp/AdminIdpTable.tsx
@@ -43,14 +43,14 @@ export default function IdpTable({ idps }: Props) {
         try {
             await api.delete(`/idp/${idpId}`);
             toast({
-                title: t('success'),
-                description: t('idpDeletedDescription')
+                title: t("success"),
+                description: t("idpDeletedDescription")
             });
             setIsDeleteModalOpen(false);
             router.refresh();
         } catch (e) {
             toast({
-                title: t('error'),
+                title: t("error"),
                 description: formatAxiosError(e),
                 variant: "destructive"
             });
@@ -67,41 +67,6 @@ export default function IdpTable({ idps }: Props) {
     };
 
     const columns: ColumnDef<IdpRow>[] = [
-        {
-            id: "dots",
-            cell: ({ row }) => {
-                const r = row.original;
-
-                return (
-                    <DropdownMenu>
-                        <DropdownMenuTrigger asChild>
-                            <Button variant="ghost" className="h-8 w-8 p-0">
-                                <span className="sr-only">{t('openMenu')}</span>
-                                <MoreHorizontal className="h-4 w-4" />
-                            </Button>
-                        </DropdownMenuTrigger>
-                        <DropdownMenuContent align="end">
-                            <Link
-                                className="block w-full"
-                                href={`/admin/idp/${r.idpId}/general`}
-                            >
-                                <DropdownMenuItem>
-                                    {t('viewSettings')}
-                                </DropdownMenuItem>
-                            </Link>
-                            <DropdownMenuItem
-                                onClick={() => {
-                                    setSelectedIdp(r);
-                                    setIsDeleteModalOpen(true);
-                                }}
-                            >
-                                <span className="text-red-500">{t('delete')}</span>
-                            </DropdownMenuItem>
-                        </DropdownMenuContent>
-                    </DropdownMenu>
-                );
-            }
-        },
         {
             accessorKey: "idpId",
             header: ({ column }) => {
@@ -128,7 +93,7 @@ export default function IdpTable({ idps }: Props) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('name')}
+                        {t("name")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -144,7 +109,7 @@ export default function IdpTable({ idps }: Props) {
                             column.toggleSorting(column.getIsSorted() === "asc")
                         }
                     >
-                        {t('type')}
+                        {t("type")}
                         <ArrowUpDown className="ml-2 h-4 w-4" />
                     </Button>
                 );
@@ -162,9 +127,43 @@ export default function IdpTable({ idps }: Props) {
                 const siteRow = row.original;
                 return (
                     <div className="flex items-center justify-end">
+                        <DropdownMenu>
+                            <DropdownMenuTrigger asChild>
+                                <Button variant="ghost" className="h-8 w-8 p-0">
+                                    <span className="sr-only">
+                                        {t("openMenu")}
+                                    </span>
+                                    <MoreHorizontal className="h-4 w-4" />
+                                </Button>
+                            </DropdownMenuTrigger>
+                            <DropdownMenuContent align="end">
+                                <Link
+                                    className="block w-full"
+                                    href={`/admin/idp/${siteRow.idpId}/general`}
+                                >
+                                    <DropdownMenuItem>
+                                        {t("viewSettings")}
+                                    </DropdownMenuItem>
+                                </Link>
+                                <DropdownMenuItem
+                                    onClick={() => {
+                                        setSelectedIdp(siteRow);
+                                        setIsDeleteModalOpen(true);
+                                    }}
+                                >
+                                    <span className="text-red-500">
+                                        {t("delete")}
+                                    </span>
+                                </DropdownMenuItem>
+                            </DropdownMenuContent>
+                        </DropdownMenu>
                         <Link href={`/admin/idp/${siteRow.idpId}/general`}>
-                            <Button variant={"outlinePrimary"} className="ml-2">
-                                {t('edit')}
+                            <Button
+                                variant={"secondary"}
+                                className="ml-2"
+                                size="sm"
+                            >
+                                {t("edit")}
                                 <ArrowRight className="ml-2 w-4 h-4" />
                             </Button>
                         </Link>
@@ -186,22 +185,20 @@ export default function IdpTable({ idps }: Props) {
                     dialog={
                         <div className="space-y-4">
                             <p>
-                                {t('idpQuestionRemove', {name: selectedIdp.name})}
+                                {t("idpQuestionRemove", {
+                                    name: selectedIdp.name
+                                })}
                             </p>
                             <p>
-                                <b>
-                                    {t('idpMessageRemove')}
-                                </b>
-                            </p>
-                            <p>
-                                {t('idpMessageConfirm')}
+                                <b>{t("idpMessageRemove")}</b>
                             </p>
+                            <p>{t("idpMessageConfirm")}</p>
                         </div>
                     }
-                    buttonText={t('idpConfirmDelete')}
+                    buttonText={t("idpConfirmDelete")}
                     onConfirm={async () => deleteIdp(selectedIdp.idpId)}
                     string={selectedIdp.name}
-                    title={t('idpDelete')}
+                    title={t("idpDelete")}
                 />
             )}
 
diff --git a/src/app/admin/idp/[idpId]/layout.tsx b/src/app/admin/idp/[idpId]/layout.tsx
index 79b1e196..af64e440 100644
--- a/src/app/admin/idp/[idpId]/layout.tsx
+++ b/src/app/admin/idp/[idpId]/layout.tsx
@@ -4,17 +4,7 @@ import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { HorizontalTabs } from "@app/components/HorizontalTabs";
-import { ProfessionalContentOverlay } from "@app/components/ProfessionalContentOverlay";
-import Link from "next/link";
-import { ArrowLeft } from "lucide-react";
 import SettingsSectionTitle from "@app/components/SettingsSectionTitle";
-import {
-    Breadcrumb,
-    BreadcrumbItem,
-    BreadcrumbList,
-    BreadcrumbPage,
-    BreadcrumbSeparator
-} from "@app/components/ui/breadcrumb";
 import { getTranslations } from "next-intl/server";
 
 interface SettingsLayoutProps {
diff --git a/src/app/admin/idp/[idpId]/policies/PolicyTable.tsx b/src/app/admin/idp/[idpId]/policies/PolicyTable.tsx
index 9c11f9b9..f68a00c7 100644
--- a/src/app/admin/idp/[idpId]/policies/PolicyTable.tsx
+++ b/src/app/admin/idp/[idpId]/policies/PolicyTable.tsx
@@ -140,7 +140,7 @@ export default function PolicyTable({ policies, onDelete, onAdd, onEdit }: Props
                 return (
                     <div className="flex items-center justify-end">
                         <Button
-                            variant={"outlinePrimary"}
+                            variant={"secondary"}
                             className="ml-2"
                             onClick={() => onEdit(policy)}
                         >
diff --git a/src/app/admin/layout.tsx b/src/app/admin/layout.tsx
index fdc6c8e7..060f18ac 100644
--- a/src/app/admin/layout.tsx
+++ b/src/app/admin/layout.tsx
@@ -1,5 +1,6 @@
 import { Metadata } from "next";
-import { Users } from "lucide-react";
+import { TopbarNav } from "@app/components/TopbarNav";
+import { KeyRound, Users } from "lucide-react";
 import { verifySession } from "@app/lib/auth/verifySession";
 import { redirect } from "next/navigation";
 import { cache } from "react";
@@ -9,7 +10,7 @@ import { internal } from "@app/lib/api";
 import { AxiosResponse } from "axios";
 import { authCookieHeader } from "@app/lib/api/cookies";
 import { Layout } from "@app/components/Layout";
-import { adminNavItems } from "../navigation";
+import { adminNavSections } from "../navigation";
 
 export const dynamic = "force-dynamic";
 
@@ -47,7 +48,7 @@ export default async function AdminLayout(props: LayoutProps) {
 
     return (
         <UserProvider user={user}>
-            <Layout orgs={orgs} navItems={adminNavItems}>
+            <Layout orgs={orgs} navItems={adminNavSections}>
                 {props.children}
             </Layout>
         </UserProvider>
diff --git a/src/app/admin/license/LicenseKeysDataTable.tsx b/src/app/admin/license/LicenseKeysDataTable.tsx
index d9ace464..ae6206e0 100644
--- a/src/app/admin/license/LicenseKeysDataTable.tsx
+++ b/src/app/admin/license/LicenseKeysDataTable.tsx
@@ -122,7 +122,7 @@ export function LicenseKeysDataTable({
             cell: ({ row }) => (
                 <div className="flex items-center justify-end space-x-2">
                     <Button
-                        variant="outlinePrimary"
+                        variant="secondary"
                         onClick={() => onDelete(row.original)}
                     >
                         {t('delete')}
diff --git a/src/app/auth/layout.tsx b/src/app/auth/layout.tsx
index 05a65fce..d8763ba5 100644
--- a/src/app/auth/layout.tsx
+++ b/src/app/auth/layout.tsx
@@ -1,4 +1,5 @@
 import ProfileIcon from "@app/components/ProfileIcon";
+import ThemeSwitcher from "@app/components/ThemeSwitcher";
 import { Separator } from "@app/components/ui/separator";
 import { priv } from "@app/lib/api";
 import { verifySession } from "@app/lib/auth/verifySession";
@@ -23,6 +24,7 @@ export default async function AuthLayout({ children }: AuthLayoutProps) {
     const getUser = cache(verifySession);
     const user = await getUser();
     const t = await getTranslations();
+    const hideFooter = true;
 
     const licenseStatusRes = await cache(
         async () =>
@@ -34,20 +36,18 @@ export default async function AuthLayout({ children }: AuthLayoutProps) {
 
     return (
         <div className="h-full flex flex-col">
-            {user && (
-                <UserProvider user={user}>
-                    <div className="p-3 ml-auto">
-                        <ProfileIcon />
-                    </div>
-                </UserProvider>
-            )}
+            <div className="flex justify-end items-center p-3 space-x-2">
+                <ThemeSwitcher />
+            </div>
 
             <div className="flex-1 flex items-center justify-center">
                 <div className="w-full max-w-md p-3">{children}</div>
             </div>
 
             {!(
-                licenseStatus.isHostLicensed && licenseStatus.isLicenseValid
+                hideFooter || (
+                licenseStatus.isHostLicensed &&
+                licenseStatus.isLicenseValid)
             ) && (
                 <footer className="hidden md:block w-full mt-12 py-3 mb-6 px-4">
                     <div className="container mx-auto flex flex-wrap justify-center items-center h-3 space-x-4 text-sm text-neutral-400 dark:text-neutral-600">
@@ -73,7 +73,7 @@ export default async function AuthLayout({ children }: AuthLayoutProps) {
                             aria-label="GitHub"
                             className="flex items-center space-x-2 whitespace-nowrap"
                         >
-                            <span>{t('communityEdition')}</span>
+                            <span>{t("communityEdition")}</span>
                             <svg
                                 xmlns="http://www.w3.org/2000/svg"
                                 viewBox="0 0 24 24"
diff --git a/src/app/auth/login/DashboardLoginForm.tsx b/src/app/auth/login/DashboardLoginForm.tsx
index 1dcdff4a..2a98ab0b 100644
--- a/src/app/auth/login/DashboardLoginForm.tsx
+++ b/src/app/auth/login/DashboardLoginForm.tsx
@@ -14,6 +14,7 @@ import { useRouter } from "next/navigation";
 import { useEffect } from "react";
 import Image from "next/image";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
+import BrandingLogo from "@app/components/BrandingLogo";
 import { useTranslations } from "next-intl";
 
 type DashboardLoginFormProps = {
@@ -26,42 +27,24 @@ export default function DashboardLoginForm({
     idps
 }: DashboardLoginFormProps) {
     const router = useRouter();
-    // const api = createApiClient(useEnvContext());
-    //
-    // useEffect(() => {
-    //     const logout = async () => {
-    //         try {
-    //             await api.post("/auth/logout");
-    //             console.log("user logged out");
-    //         } catch (e) {}
-    //     };
-    //
-    //     logout();
-    // });
-
+    const { env } = useEnvContext();
     const t = useTranslations();
 
+    function getSubtitle() {
+        return t("loginStart");
+    }
+
     return (
-        <Card className="w-full max-w-md">
-            <CardHeader>
+        <Card className="shadow-md w-full max-w-md">
+            <CardHeader className="border-b">
                 <div className="flex flex-row items-center justify-center">
-                    <Image
-                        src={`/logo/pangolin_orange.svg`}
-                        alt={t('pangolinLogoAlt')}
-                        width={100}
-                        height={100}
-                    />
+                    <BrandingLogo height={58} width={175} />
                 </div>
-                <div className="text-center space-y-1">
-                    <h1 className="text-2xl font-bold mt-1">
-                        {t('welcome')}
-                    </h1>
-                    <p className="text-sm text-muted-foreground">
-                        {t('loginStart')}
-                    </p>
+                <div className="text-center space-y-1 pt-3">
+                    <p className="text-muted-foreground">{getSubtitle()}</p>
                 </div>
             </CardHeader>
-            <CardContent>
+            <CardContent className="pt-6">
                 <LoginForm
                     redirect={redirect}
                     idps={idps}
diff --git a/src/app/auth/login/page.tsx b/src/app/auth/login/page.tsx
index 348555bf..cad0ce58 100644
--- a/src/app/auth/login/page.tsx
+++ b/src/app/auth/login/page.tsx
@@ -20,7 +20,7 @@ export default async function Page(props: {
 }) {
     const searchParams = await props.searchParams;
     const getUser = cache(verifySession);
-    const user = await getUser();
+    const user = await getUser({ skipCheckVerifyEmail: true });
 
     const isInvite = searchParams?.redirect?.includes("/invite");
 
@@ -54,10 +54,10 @@ export default async function Page(props: {
                     <div className="flex flex-col items-center">
                         <Mail className="w-12 h-12 mb-4 text-primary" />
                         <h2 className="text-2xl font-bold mb-2 text-center">
-                            {t('inviteAlready')}
+                            {t("inviteAlready")}
                         </h2>
                         <p className="text-center">
-                            {t('inviteAlreadyDescription')}
+                            {t("inviteAlreadyDescription")}
                         </p>
                     </div>
                 </div>
@@ -67,7 +67,7 @@ export default async function Page(props: {
 
             {(!signUpDisabled || isInvite) && (
                 <p className="text-center text-muted-foreground mt-4">
-                    {t('authNoAccount')}{" "}
+                    {t("authNoAccount")}{" "}
                     <Link
                         href={
                             !redirectUrl
@@ -76,7 +76,7 @@ export default async function Page(props: {
                         }
                         className="underline"
                     >
-                        {t('signup')}
+                        {t("signup")}
                     </Link>
                 </p>
             )}
diff --git a/src/app/auth/reset-password/ResetPasswordForm.tsx b/src/app/auth/reset-password/ResetPasswordForm.tsx
index 4869cb5b..19531c8a 100644
--- a/src/app/auth/reset-password/ResetPasswordForm.tsx
+++ b/src/app/auth/reset-password/ResetPasswordForm.tsx
@@ -54,12 +54,14 @@ export type ResetPasswordFormProps = {
     emailParam?: string;
     tokenParam?: string;
     redirect?: string;
+    quickstart?: boolean;
 };
 
 export default function ResetPasswordForm({
     emailParam,
     tokenParam,
-    redirect
+    redirect,
+    quickstart
 }: ResetPasswordFormProps) {
     const router = useRouter();
 
@@ -184,17 +186,73 @@ export default function ResetPasswordForm({
                 return;
             }
 
-            setSuccessMessage(t('passwordResetSuccess'));
+            setSuccessMessage(quickstart ? t('accountSetupSuccess') : t('passwordResetSuccess'));
 
-            setTimeout(() => {
-                if (redirect) {
-                    const safe = cleanRedirect(redirect);
-                    router.push(safe);
-                } else {
-                    router.push("/auth/login");
+            // Auto-login after successful password reset
+            try {
+                const loginRes = await api.post("/auth/login", {
+                    email: form.getValues("email"),
+                    password: form.getValues("password")
+                });
+
+                if (loginRes.data.data?.codeRequested) {
+                    if (redirect) {
+                        router.push(`/auth/login?redirect=${redirect}`);
+                    } else {
+                        router.push("/auth/login");
+                    }
+                    return;
                 }
-                setIsSubmitting(false);
-            }, 1500);
+
+if (loginRes.data.data?.emailVerificationRequired) {
+                    try {
+                        await api.post("/auth/verify-email/request");
+                    } catch (verificationError) {
+                        console.error("Failed to send verification code:", verificationError);
+                    }
+
+                    if (redirect) {
+                        router.push(`/auth/verify-email?redirect=${redirect}`);
+                    } else {
+                        router.push("/auth/verify-email");
+                    }
+                    return;
+                } else {
+                    setTimeout(() => {
+                        if (redirect) {
+                            const safe = cleanRedirect(redirect);
+                            router.push(safe);
+                        } else {
+                            router.push("/auth/login");
+                        }
+                    }, 0);
+                }
+                }
+
+                // Login successful, redirect
+                setTimeout(() => {
+                    if (redirect) {
+                        const safe = cleanRedirect(redirect);
+                        router.push(safe);
+                    } else {
+                        router.push("/");
+                    }
+                    setIsSubmitting(false);
+                }, 1500);
+
+            } catch (loginError) {
+                // Auto-login failed, but password reset was successful
+                console.error("Auto-login failed:", loginError);
+                setTimeout(() => {
+                    if (redirect) {
+                        const safe = cleanRedirect(redirect);
+                        router.push(safe);
+                    } else {
+                        router.push("/login");
+                    }
+                    setIsSubmitting(false);
+                }, 1500);
+            }
         }
     }
 
@@ -202,9 +260,14 @@ export default function ResetPasswordForm({
         <div>
             <Card className="w-full max-w-md">
                 <CardHeader>
-                    <CardTitle>{t('passwordReset')}</CardTitle>
+                    <CardTitle>
+                        {quickstart ? t('completeAccountSetup') : t('passwordReset')}
+                    </CardTitle>
                     <CardDescription>
-                        {t('passwordResetDescription')}
+                        {quickstart 
+                            ? t('completeAccountSetupDescription') 
+                            : t('passwordResetDescription')
+                        }
                     </CardDescription>
                 </CardHeader>
                 <CardContent>
@@ -229,7 +292,10 @@ export default function ResetPasswordForm({
                                                 </FormControl>
                                                 <FormMessage />
                                                 <FormDescription>
-                                                    {t('passwordResetSent')}
+                                                    {quickstart 
+                                                        ? t('accountSetupSent') 
+                                                        : t('passwordResetSent')
+                                                    }
                                                 </FormDescription>
                                             </FormItem>
                                         )}
@@ -269,7 +335,10 @@ export default function ResetPasswordForm({
                                             render={({ field }) => (
                                                 <FormItem>
                                                     <FormLabel>
-                                                        {t('passwordResetCode')}
+                                                        {quickstart 
+                                                            ? t('accountSetupCode') 
+                                                            : t('passwordResetCode')
+                                                        }
                                                     </FormLabel>
                                                     <FormControl>
                                                         <Input
@@ -279,7 +348,10 @@ export default function ResetPasswordForm({
                                                     </FormControl>
                                                     <FormMessage />
                                                     <FormDescription>
-                                                        {t('passwordResetCodeDescription')}
+                                                        {quickstart 
+                                                            ? t('accountSetupCodeDescription') 
+                                                            : t('passwordResetCodeDescription')
+                                                        }
                                                     </FormDescription>
                                                 </FormItem>
                                             )}
@@ -292,7 +364,10 @@ export default function ResetPasswordForm({
                                         render={({ field }) => (
                                             <FormItem>
                                                 <FormLabel>
-                                                    {t('passwordNew')}
+                                                    {quickstart 
+                                                        ? t('passwordCreate') 
+                                                        : t('passwordNew')
+                                                    }
                                                 </FormLabel>
                                                 <FormControl>
                                                     <Input
@@ -310,7 +385,10 @@ export default function ResetPasswordForm({
                                         render={({ field }) => (
                                             <FormItem>
                                                 <FormLabel>
-                                                    {t('passwordNewConfirm')}
+                                                    {quickstart 
+                                                        ? t('passwordCreateConfirm') 
+                                                        : t('passwordNewConfirm')
+                                                    }
                                                 </FormLabel>
                                                 <FormControl>
                                                     <Input
@@ -407,7 +485,7 @@ export default function ResetPasswordForm({
                                         <Loader2 className="mr-2 h-4 w-4 animate-spin" />
                                     )}
                                     {state === "reset"
-                                        ? t('passwordReset')
+                                        ? (quickstart ? t('completeSetup') : t('passwordReset'))
                                         : t('pincodeSubmit2')}
                                 </Button>
                             )}
@@ -422,7 +500,10 @@ export default function ResetPasswordForm({
                                     {isSubmitting && (
                                         <Loader2 className="mr-2 h-4 w-4 animate-spin" />
                                     )}
-                                    {t('passwordResetSubmit')}
+                                    {quickstart 
+                                        ? t('accountSetupSubmit') 
+                                        : t('passwordResetSubmit')
+                                    }
                                 </Button>
                             )}
 
diff --git a/src/app/auth/reset-password/page.tsx b/src/app/auth/reset-password/page.tsx
index a0466208..f06c7c4c 100644
--- a/src/app/auth/reset-password/page.tsx
+++ b/src/app/auth/reset-password/page.tsx
@@ -13,6 +13,7 @@ export default async function Page(props: {
         redirect: string | undefined;
         email: string | undefined;
         token: string | undefined;
+        quickstart?: string | undefined;
     }>;
 }) {
     const searchParams = await props.searchParams;
@@ -35,6 +36,9 @@ export default async function Page(props: {
                 redirect={searchParams.redirect}
                 tokenParam={searchParams.token}
                 emailParam={searchParams.email}
+                quickstart={
+                    searchParams.quickstart === "true" ? true : undefined
+                }
             />
 
             <p className="text-center text-muted-foreground mt-4">
@@ -46,7 +50,7 @@ export default async function Page(props: {
                     }
                     className="underline"
                 >
-                    {t('loginBack')}
+                    {t("loginBack")}
                 </Link>
             </p>
         </>
diff --git a/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx b/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
index 3c4e8023..c77c9e0b 100644
--- a/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
+++ b/src/app/auth/resource/[resourceId]/ResourceAuthPortal.tsx
@@ -43,6 +43,7 @@ import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { toast } from "@app/hooks/useToast";
 import Link from "next/link";
+import Image from "next/image";
 import { useSupporterStatusContext } from "@app/hooks/useSupporterStatusContext";
 import { useTranslations } from "next-intl";
 
@@ -185,8 +186,8 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                     setOtpState("otp_sent");
                     submitOtpForm.setValue("email", values.email);
                     toast({
-                        title: t('otpEmailSent'),
-                        description: t('otpEmailSentDescription')
+                        title: t("otpEmailSent"),
+                        description: t("otpEmailSentDescription")
                     });
                     return;
                 }
@@ -202,7 +203,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
             .catch((e) => {
                 console.error(e);
                 setWhitelistError(
-                    formatAxiosError(e, t('otpEmailErrorAuthenticate'))
+                    formatAxiosError(e, t("otpEmailErrorAuthenticate"))
                 );
             })
             .then(() => setLoadingLogin(false));
@@ -227,7 +228,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
             .catch((e) => {
                 console.error(e);
                 setPincodeError(
-                    formatAxiosError(e, t('pincodeErrorAuthenticate'))
+                    formatAxiosError(e, t("pincodeErrorAuthenticate"))
                 );
             })
             .then(() => setLoadingLogin(false));
@@ -255,7 +256,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
             .catch((e) => {
                 console.error(e);
                 setPasswordError(
-                    formatAxiosError(e, t('passwordErrorAuthenticate'))
+                    formatAxiosError(e, t("passwordErrorAuthenticate"))
                 );
             })
             .finally(() => setLoadingLogin(false));
@@ -276,13 +277,23 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
         }
     }
 
+    function getTitle() {
+        return t("authenticationRequired");
+    }
+
+    function getSubtitle(resourceName: string) {
+        return numMethods > 1
+            ? t("authenticationMethodChoose", { name: props.resource.name })
+            : t("authenticationRequest", { name: props.resource.name });
+    }
+
     return (
         <div>
             {!accessDenied ? (
                 <div>
                     <div className="text-center mb-2">
                         <span className="text-sm text-muted-foreground">
-                            {t('poweredBy')}{" "}
+                            {t("poweredBy")}{" "}
                             <Link
                                 href="https://github.com/fosrl/pangolin"
                                 target="_blank"
@@ -295,11 +306,9 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                     </div>
                     <Card>
                         <CardHeader>
-                            <CardTitle>{t('authenticationRequired')}</CardTitle>
+                            <CardTitle>{getTitle()}</CardTitle>
                             <CardDescription>
-                                {numMethods > 1
-                                    ? t('authenticationMethodChoose', {name: props.resource.name})
-                                    : t('authenticationRequest', {name: props.resource.name})}
+                                {getSubtitle(props.resource.name)}
                             </CardDescription>
                         </CardHeader>
                         <CardContent>
@@ -329,19 +338,19 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                         {props.methods.password && (
                                             <TabsTrigger value="password">
                                                 <Key className="w-4 h-4 mr-1" />{" "}
-                                                {t('password')}
+                                                {t("password")}
                                             </TabsTrigger>
                                         )}
                                         {props.methods.sso && (
                                             <TabsTrigger value="sso">
                                                 <User className="w-4 h-4 mr-1" />{" "}
-                                                {t('user')}
+                                                {t("user")}
                                             </TabsTrigger>
                                         )}
                                         {props.methods.whitelist && (
                                             <TabsTrigger value="whitelist">
                                                 <AtSign className="w-4 h-4 mr-1" />{" "}
-                                                {t('email')}
+                                                {t("email")}
                                             </TabsTrigger>
                                         )}
                                     </TabsList>
@@ -364,7 +373,9 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                     render={({ field }) => (
                                                         <FormItem>
                                                             <FormLabel>
-                                                                {t('pincodeInput')}
+                                                                {t(
+                                                                    "pincodeInput"
+                                                                )}
                                                             </FormLabel>
                                                             <FormControl>
                                                                 <div className="flex justify-center">
@@ -433,7 +444,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                     disabled={loadingLogin}
                                                 >
                                                     <LockIcon className="w-4 h-4 mr-2" />
-                                                    {t('pincodeSubmit')}
+                                                    {t("pincodeSubmit")}
                                                 </Button>
                                             </form>
                                         </Form>
@@ -459,7 +470,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                     render={({ field }) => (
                                                         <FormItem>
                                                             <FormLabel>
-                                                                {t('password')}
+                                                                {t("password")}
                                                             </FormLabel>
                                                             <FormControl>
                                                                 <Input
@@ -487,7 +498,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                     disabled={loadingLogin}
                                                 >
                                                     <LockIcon className="w-4 h-4 mr-2" />
-                                                    {t('passwordSubmit')}
+                                                    {t("passwordSubmit")}
                                                 </Button>
                                             </form>
                                         </Form>
@@ -528,7 +539,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('email')}
+                                                                    {t("email")}
                                                                 </FormLabel>
                                                                 <FormControl>
                                                                     <Input
@@ -537,7 +548,9 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                                     />
                                                                 </FormControl>
                                                                 <FormDescription>
-                                                                    {t('otpEmailDescription')}
+                                                                    {t(
+                                                                        "otpEmailDescription"
+                                                                    )}
                                                                 </FormDescription>
                                                                 <FormMessage />
                                                             </FormItem>
@@ -559,7 +572,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                         disabled={loadingLogin}
                                                     >
                                                         <Send className="w-4 h-4 mr-2" />
-                                                        {t('otpEmailSend')}
+                                                        {t("otpEmailSend")}
                                                     </Button>
                                                 </form>
                                             </Form>
@@ -581,7 +594,9 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                         render={({ field }) => (
                                                             <FormItem>
                                                                 <FormLabel>
-                                                                    {t('otpEmail')}
+                                                                    {t(
+                                                                        "otpEmail"
+                                                                    )}
                                                                 </FormLabel>
                                                                 <FormControl>
                                                                     <Input
@@ -609,7 +624,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                         disabled={loadingLogin}
                                                     >
                                                         <LockIcon className="w-4 h-4 mr-2" />
-                                                        {t('otpEmailSubmit')}
+                                                        {t("otpEmailSubmit")}
                                                     </Button>
 
                                                     <Button
@@ -621,7 +636,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                                                             submitOtpForm.reset();
                                                         }}
                                                     >
-                                                        {t('backToEmail')}
+                                                        {t("backToEmail")}
                                                     </Button>
                                                 </form>
                                             </Form>
@@ -634,7 +649,7 @@ export default function ResourceAuthPortal(props: ResourceAuthPortalProps) {
                     {supporterStatus?.visible && (
                         <div className="text-center mt-2">
                             <span className="text-sm text-muted-foreground opacity-50">
-                                {t('noSupportKey')}
+                                {t("noSupportKey")}
                             </span>
                         </div>
                     )}
diff --git a/src/app/auth/signup/SignupForm.tsx b/src/app/auth/signup/SignupForm.tsx
index 9ae8450e..52fbe824 100644
--- a/src/app/auth/signup/SignupForm.tsx
+++ b/src/app/auth/signup/SignupForm.tsx
@@ -32,6 +32,7 @@ import { useEnvContext } from "@app/hooks/useEnvContext";
 import Image from "next/image";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { useTranslations } from "next-intl";
+import BrandingLogo from "@app/components/BrandingLogo";
 
 type SignupFormProps = {
     redirect?: string;
@@ -58,7 +59,9 @@ export default function SignupForm({
 }: SignupFormProps) {
     const router = useRouter();
 
-    const api = createApiClient(useEnvContext());
+    const { env } = useEnvContext();
+
+    const api = createApiClient({ env });
 
     const [loading, setLoading] = useState(false);
     const [error, setError] = useState<string | null>(null);
@@ -89,9 +92,7 @@ export default function SignupForm({
             })
             .catch((e) => {
                 console.error(e);
-                setError(
-                    formatAxiosError(e, t('signupError'))
-                );
+                setError(formatAxiosError(e, t("signupError")));
             });
 
         if (res && res.status === 200) {
@@ -118,27 +119,24 @@ export default function SignupForm({
         setLoading(false);
     }
 
+    function getSubtitle() {
+        return t("authCreateAccount");
+    }
+
     return (
-        <Card className="w-full max-w-md">
-            <CardHeader>
+        <Card className="w-full max-w-md shadow-md">
+            <CardHeader className="border-b">
                 <div className="flex flex-row items-center justify-center">
-                    <Image
-                        src={`/logo/pangolin_orange.svg`}
-                        alt={t('pangolinLogoAlt')}
-                        width="100"
-                        height="100"
+                    <BrandingLogo
+                        height={58}
+                        width={175}
                     />
                 </div>
-                <div className="text-center space-y-1">
-                    <h1 className="text-2xl font-bold mt-1">
-                        {t('welcome')}
-                    </h1>
-                    <p className="text-sm text-muted-foreground">
-                        {t('authCreateAccount')}
-                    </p>
+                <div className="text-center space-y-1 pt-3">
+                    <p className="text-muted-foreground">{getSubtitle()}</p>
                 </div>
             </CardHeader>
-            <CardContent>
+            <CardContent className="pt-6">
                 <Form {...form}>
                     <form
                         onSubmit={form.handleSubmit(onSubmit)}
@@ -162,7 +160,7 @@ export default function SignupForm({
                             name="email"
                             render={({ field }) => (
                                 <FormItem>
-                                    <FormLabel>{t('email')}</FormLabel>
+                                    <FormLabel>{t("email")}</FormLabel>
                                     <FormControl>
                                         <Input {...field} />
                                     </FormControl>
@@ -175,12 +173,9 @@ export default function SignupForm({
                             name="password"
                             render={({ field }) => (
                                 <FormItem>
-                                    <FormLabel>{t('password')}</FormLabel>
+                                    <FormLabel>{t("password")}</FormLabel>
                                     <FormControl>
-                                        <Input
-                                            type="password"
-                                            {...field}
-                                        />
+                                        <Input type="password" {...field} />
                                     </FormControl>
                                     <FormMessage />
                                 </FormItem>
@@ -191,12 +186,11 @@ export default function SignupForm({
                             name="confirmPassword"
                             render={({ field }) => (
                                 <FormItem>
-                                    <FormLabel>{t('confirmPassword')}</FormLabel>
+                                    <FormLabel>
+                                        {t("confirmPassword")}
+                                    </FormLabel>
                                     <FormControl>
-                                        <Input
-                                            type="password"
-                                            {...field}
-                                        />
+                                        <Input type="password" {...field} />
                                     </FormControl>
                                     <FormMessage />
                                 </FormItem>
@@ -210,7 +204,7 @@ export default function SignupForm({
                         )}
 
                         <Button type="submit" className="w-full">
-                            {t('createAccount')}
+                            {t("createAccount")}
                         </Button>
                     </form>
                 </Form>
diff --git a/src/app/auth/signup/page.tsx b/src/app/auth/signup/page.tsx
index 242bf10b..debd7c58 100644
--- a/src/app/auth/signup/page.tsx
+++ b/src/app/auth/signup/page.tsx
@@ -6,7 +6,7 @@ import { Mail } from "lucide-react";
 import Link from "next/link";
 import { redirect } from "next/navigation";
 import { cache } from "react";
-import { getTranslations } from 'next-intl/server';
+import { getTranslations } from "next-intl/server";
 
 export const dynamic = "force-dynamic";
 
@@ -15,7 +15,7 @@ export default async function Page(props: {
 }) {
     const searchParams = await props.searchParams;
     const getUser = cache(verifySession);
-    const user = await getUser();
+    const user = await getUser({ skipCheckVerifyEmail: true });
     const t = await getTranslations();
 
     const env = pullEnv();
@@ -56,10 +56,10 @@ export default async function Page(props: {
                     <div className="flex flex-col items-center">
                         <Mail className="w-12 h-12 mb-4 text-primary" />
                         <h2 className="text-2xl font-bold mb-2 text-center">
-                            {t('inviteAlready')}
+                            {t("inviteAlready")}
                         </h2>
                         <p className="text-center">
-                            {t('inviteAlreadyDescription')}
+                            {t("inviteAlreadyDescription")}
                         </p>
                     </div>
                 </div>
@@ -72,7 +72,7 @@ export default async function Page(props: {
             />
 
             <p className="text-center text-muted-foreground mt-4">
-                {t('signupQuestion')}{" "}
+                {t("signupQuestion")}{" "}
                 <Link
                     href={
                         !redirectUrl
@@ -81,7 +81,7 @@ export default async function Page(props: {
                     }
                     className="underline"
                 >
-                    {t('login')}
+                    {t("login")}
                 </Link>
             </p>
         </>
diff --git a/src/app/auth/verify-email/VerifyEmailForm.tsx b/src/app/auth/verify-email/VerifyEmailForm.tsx
index cbe1e5fb..e9761eef 100644
--- a/src/app/auth/verify-email/VerifyEmailForm.tsx
+++ b/src/app/auth/verify-email/VerifyEmailForm.tsx
@@ -10,7 +10,7 @@ import {
     CardContent,
     CardDescription,
     CardHeader,
-    CardTitle,
+    CardTitle
 } from "@/components/ui/card";
 import {
     Form,
@@ -19,21 +19,21 @@ import {
     FormField,
     FormItem,
     FormLabel,
-    FormMessage,
+    FormMessage
 } from "@/components/ui/form";
 import { Input } from "@/components/ui/input";
 import {
     InputOTP,
     InputOTPGroup,
-    InputOTPSlot,
+    InputOTPSlot
 } from "@/components/ui/input-otp";
 import { AxiosResponse } from "axios";
 import { VerifyEmailResponse } from "@server/routers/auth";
-import { Loader2 } from "lucide-react";
+import { ArrowRight, IdCard, Loader2 } from "lucide-react";
 import { Alert, AlertDescription } from "../../../components/ui/alert";
 import { toast } from "@app/hooks/useToast";
 import { useRouter } from "next/navigation";
-import { formatAxiosError } from "@app/lib/api";;
+import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
@@ -46,7 +46,7 @@ export type VerifyEmailFormProps = {
 
 export default function VerifyEmailForm({
     email,
-    redirect,
+    redirect
 }: VerifyEmailFormProps) {
     const router = useRouter();
     const t = useTranslations();
@@ -58,19 +58,34 @@ export default function VerifyEmailForm({
 
     const api = createApiClient(useEnvContext());
 
+    function logout() {
+        api.post("/auth/logout")
+            .catch((e) => {
+                console.error(t("logoutError"), e);
+                toast({
+                    title: t("logoutError"),
+                    description: formatAxiosError(e, t("logoutError"))
+                });
+            })
+            .then(() => {
+                router.push("/auth/login");
+                router.refresh();
+            });
+    }
+
     const FormSchema = z.object({
-        email: z.string().email({ message: t('emailInvalid') }),
+        email: z.string().email({ message: t("emailInvalid") }),
         pin: z.string().min(8, {
-            message: t('verificationCodeLengthRequirements'),
-        }),
+            message: t("verificationCodeLengthRequirements")
+        })
     });
 
     const form = useForm<z.infer<typeof FormSchema>>({
         resolver: zodResolver(FormSchema),
         defaultValues: {
             email: email,
-            pin: "",
-        },
+            pin: ""
+        }
     });
 
     async function onSubmit(data: z.infer<typeof FormSchema>) {
@@ -78,19 +93,17 @@ export default function VerifyEmailForm({
 
         const res = await api
             .post<AxiosResponse<VerifyEmailResponse>>("/auth/verify-email", {
-                code: data.pin,
+                code: data.pin
             })
             .catch((e) => {
-                setError(formatAxiosError(e, t('errorOccurred')));
-                console.error(t('emailErrorVerify'), e);
+                setError(formatAxiosError(e, t("errorOccurred")));
+                console.error(t("emailErrorVerify"), e);
                 setIsSubmitting(false);
             });
 
         if (res && res.data?.data?.valid) {
             setError(null);
-            setSuccessMessage(
-                t('emailVerified')
-            );
+            setSuccessMessage(t("emailVerified"));
             setTimeout(() => {
                 if (redirect) {
                     const safe = cleanRedirect(redirect);
@@ -107,16 +120,16 @@ export default function VerifyEmailForm({
         setIsResending(true);
 
         const res = await api.post("/auth/verify-email/request").catch((e) => {
-            setError(formatAxiosError(e, t('errorOccurred')));
-            console.error(t('verificationCodeErrorResend'), e);
+            setError(formatAxiosError(e, t("errorOccurred")));
+            console.error(t("verificationCodeErrorResend"), e);
         });
 
         if (res) {
             setError(null);
             toast({
                 variant: "default",
-                title: t('verificationCodeResend'),
-                description: t('verificationCodeResendDescription'),
+                title: t("verificationCodeResend"),
+                description: t("verificationCodeResendDescription")
             });
         }
 
@@ -127,40 +140,26 @@ export default function VerifyEmailForm({
         <div>
             <Card className="w-full max-w-md">
                 <CardHeader>
-                    <CardTitle>{t('emailVerify')}</CardTitle>
+                    <CardTitle>{t("emailVerify")}</CardTitle>
                     <CardDescription>
-                        {t('emailVerifyDescription')}
+                        {t("emailVerifyDescription")}
                     </CardDescription>
                 </CardHeader>
                 <CardContent>
+                    <p className="text-center text-muted-foreground mb-4">
+                        {email}
+                    </p>
                     <Form {...form}>
                         <form
                             onSubmit={form.handleSubmit(onSubmit)}
                             className="space-y-4"
+                            id="verify-email-form"
                         >
-                            <FormField
-                                control={form.control}
-                                name="email"
-                                render={({ field }) => (
-                                    <FormItem>
-                                        <FormLabel>{t('email')}</FormLabel>
-                                        <FormControl>
-                                            <Input
-                                                {...field}
-                                                disabled
-                                            />
-                                        </FormControl>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-
                             <FormField
                                 control={form.control}
                                 name="pin"
                                 render={({ field }) => (
                                     <FormItem>
-                                        <FormLabel>{t('verificationCode')}</FormLabel>
                                         <FormControl>
                                             <div className="flex justify-center">
                                                 <InputOTP
@@ -197,13 +196,23 @@ export default function VerifyEmailForm({
                                             </div>
                                         </FormControl>
                                         <FormMessage />
-                                        <FormDescription>
-                                            {t('verificationCodeEmailSent')}
-                                        </FormDescription>
                                     </FormItem>
                                 )}
                             />
 
+                            <div className="text-center text-muted-foreground">
+                                <Button
+                                    type="button"
+                                    variant="link"
+                                    onClick={handleResendCode}
+                                    disabled={isResending}
+                                >
+                                    {isResending
+                                        ? t("emailVerifyResendProgress")
+                                        : t("emailVerifyResend")}
+                                </Button>
+                            </div>
+
                             {error && (
                                 <Alert variant="destructive">
                                     <AlertDescription>{error}</AlertDescription>
@@ -222,29 +231,26 @@ export default function VerifyEmailForm({
                                 type="submit"
                                 className="w-full"
                                 disabled={isSubmitting}
+                                form="verify-email-form"
                             >
                                 {isSubmitting && (
                                     <Loader2 className="mr-2 h-4 w-4 animate-spin" />
                                 )}
-                                {t('submit')}
+                                {t("submit")}
+                            </Button>
+
+                            <Button
+                                type="button"
+                                variant={"secondary"}
+                                className="w-full"
+                                onClick={logout}
+                            >
+                                Log in with another account
                             </Button>
                         </form>
                     </Form>
                 </CardContent>
             </Card>
-
-            <div className="text-center text-muted-foreground mt-2">
-                <Button
-                    type="button"
-                    variant="link"
-                    onClick={handleResendCode}
-                    disabled={isResending}
-                >
-                    {isResending
-                        ? t('emailVerifyResendProgress')
-                        : t('emailVerifyResend')}
-                </Button>
-            </div>
         </div>
     );
 }
diff --git a/src/app/globals.css b/src/app/globals.css
index 9b6c18bc..e643cfb6 100644
--- a/src/app/globals.css
+++ b/src/app/globals.css
@@ -1,125 +1,142 @@
 @import url("https://fonts.googleapis.com/css2?family=Inter:ital,opsz,wght@0,14..32,100..900;1,14..32,100..900&family=Space+Grotesk:wght@300..700&display=swap");
-@import 'tw-animate-css';
-@import 'tailwindcss';
+@import "tw-animate-css";
+@import "tailwindcss";
 
 @custom-variant dark (&:is(.dark *));
 
 :root {
-  --background: hsl(0 0% 98%);
-  --foreground: hsl(20 0% 10%);
-  --card: hsl(0 0% 100%);
-  --card-foreground: hsl(20 0% 10%);
-  --popover: hsl(0 0% 100%);
-  --popover-foreground: hsl(20 0% 10%);
-  --primary: hsl(24.6 95% 53.1%);
-  --primary-foreground: hsl(60 9.1% 97.8%);
-  --secondary: hsl(60 4.8% 95.9%);
-  --secondary-foreground: hsl(24 9.8% 10%);
-  --muted: hsl(60 4.8% 85%);
-  --muted-foreground: hsl(25 5.3% 44.7%);
-  --accent: hsl(60 4.8% 90%);
-  --accent-foreground: hsl(24 9.8% 10%);
-  --destructive: hsl(0 84.2% 60.2%);
-  --destructive-foreground: hsl(60 9.1% 97.8%);
-  --border: hsl(20 5.9% 90%);
-  --input: hsl(20 5.9% 75%);
-  --ring: hsl(24.6 95% 53.1%);
-  --radius: 0.75rem;
-  --chart-1: hsl(12 76% 61%);
-  --chart-2: hsl(173 58% 39%);
-  --chart-3: hsl(197 37% 24%);
-  --chart-4: hsl(43 74% 66%);
-  --chart-5: hsl(27 87% 67%);
+    --radius: 0.65rem;
+    --background: oklch(0.99 0 0);
+    --foreground: oklch(0.141 0.005 285.823);
+    --card: oklch(1 0 0);
+    --card-foreground: oklch(0.141 0.005 285.823);
+    --popover: oklch(1 0 0);
+    --popover-foreground: oklch(0.141 0.005 285.823);
+    --primary: oklch(0.6717 0.1946 41.93);
+    --primary-foreground: oklch(0.98 0.016 73.684);
+    --secondary: oklch(0.967 0.001 286.375);
+    --secondary-foreground: oklch(0.21 0.006 285.885);
+    --muted: oklch(0.967 0.001 286.375);
+    --muted-foreground: oklch(0.552 0.016 285.938);
+    --accent: oklch(0.967 0.001 286.375);
+    --accent-foreground: oklch(0.21 0.006 285.885);
+    --destructive: oklch(0.577 0.245 27.325);
+    --border: oklch(0.92 0.004 286.32);
+    --input: oklch(0.92 0.004 286.32);
+    --ring: oklch(0.705 0.213 47.604);
+    --chart-1: oklch(0.646 0.222 41.116);
+    --chart-2: oklch(0.6 0.118 184.704);
+    --chart-3: oklch(0.398 0.07 227.392);
+    --chart-4: oklch(0.828 0.189 84.429);
+    --chart-5: oklch(0.769 0.188 70.08);
+    --sidebar: oklch(0.985 0 0);
+    --sidebar-foreground: oklch(0.141 0.005 285.823);
+    --sidebar-primary: oklch(0.705 0.213 47.604);
+    --sidebar-primary-foreground: oklch(0.98 0.016 73.684);
+    --sidebar-accent: oklch(0.967 0.001 286.375);
+    --sidebar-accent-foreground: oklch(0.21 0.006 285.885);
+    --sidebar-border: oklch(0.92 0.004 286.32);
+    --sidebar-ring: oklch(0.705 0.213 47.604);
 }
 
 .dark {
-  --background: hsl(20 0% 8%);
-  --foreground: hsl(60 9.1% 97.8%);
-  --card: hsl(20 0% 10%);
-  --card-foreground: hsl(60 9.1% 97.8%);
-  --popover: hsl(20 0% 10%);
-  --popover-foreground: hsl(60 9.1% 97.8%);
-  --primary: hsl(20.5 90.2% 48.2%);
-  --primary-foreground: hsl(60 9.1% 97.8%);
-  --secondary: hsl(12 6.5% 15%);
-  --secondary-foreground: hsl(60 9.1% 97.8%);
-  --muted: hsl(12 6.5% 25%);
-  --muted-foreground: hsl(24 5.4% 63.9%);
-  --accent: hsl(12 2.5% 15%);
-  --accent-foreground: hsl(60 9.1% 97.8%);
-  --destructive: hsl(0 72.2% 50.6%);
-  --destructive-foreground: hsl(60 9.1% 97.8%);
-  --border: hsl(12 6.5% 15%);
-  --input: hsl(12 6.5% 35%);
-  --ring: hsl(20.5 90.2% 48.2%);
-  --chart-1: hsl(220 70% 50%);
-  --chart-2: hsl(160 60% 45%);
-  --chart-3: hsl(30 80% 55%);
-  --chart-4: hsl(280 65% 60%);
-  --chart-5: hsl(340 75% 55%);
+    --background: oklch(0.20 0.006 285.885);
+    --foreground: oklch(0.985 0 0);
+    --card: oklch(0.21 0.006 285.885);
+    --card-foreground: oklch(0.985 0 0);
+    --popover: oklch(0.21 0.006 285.885);
+    --popover-foreground: oklch(0.985 0 0);
+    --primary: oklch(0.6717 0.1946 41.93);
+    --primary-foreground: oklch(0.98 0.016 73.684);
+    --secondary: oklch(0.274 0.006 286.033);
+    --secondary-foreground: oklch(0.985 0 0);
+    --muted: oklch(0.274 0.006 286.033);
+    --muted-foreground: oklch(0.705 0.015 286.067);
+    --accent: oklch(0.274 0.006 286.033);
+    --accent-foreground: oklch(0.985 0 0);
+    --destructive: oklch(0.704 0.191 22.216);
+    --border: oklch(1 0 0 / 10%);
+    --input: oklch(1 0 0 / 15%);
+    --ring: oklch(0.646 0.222 41.116);
+    --chart-1: oklch(0.488 0.243 264.376);
+    --chart-2: oklch(0.696 0.17 162.48);
+    --chart-3: oklch(0.769 0.188 70.08);
+    --chart-4: oklch(0.627 0.265 303.9);
+    --chart-5: oklch(0.645 0.246 16.439);
+    --sidebar: oklch(0.21 0.006 285.885);
+    --sidebar-foreground: oklch(0.985 0 0);
+    --sidebar-primary: oklch(0.646 0.222 41.116);
+    --sidebar-primary-foreground: oklch(0.98 0.016 73.684);
+    --sidebar-accent: oklch(0.274 0.006 286.033);
+    --sidebar-accent-foreground: oklch(0.985 0 0);
+    --sidebar-border: oklch(1 0 0 / 10%);
+    --sidebar-ring: oklch(0.646 0.222 41.116);
 }
 
 @theme inline {
-  --color-background: var(--background);
-  --color-foreground: var(--foreground);
+    --color-background: var(--background);
+    --color-foreground: var(--foreground);
 
-  --color-card: var(--card);
-  --color-card-foreground: var(--card-foreground);
+    --color-card: var(--card);
+    --color-card-foreground: var(--card-foreground);
 
-  --color-popover: var(--popover);
-  --color-popover-foreground: var(--popover-foreground);
+    --color-popover: var(--popover);
+    --color-popover-foreground: var(--popover-foreground);
 
-  --color-primary: var(--primary);
-  --color-primary-foreground: var(--primary-foreground);
+    --color-primary: var(--primary);
+    --color-primary-foreground: var(--primary-foreground);
 
-  --color-secondary: var(--secondary);
-  --color-secondary-foreground: var(--secondary-foreground);
+    --color-secondary: var(--secondary);
+    --color-secondary-foreground: var(--secondary-foreground);
 
-  --color-muted: var(--muted);
-  --color-muted-foreground: var(--muted-foreground);
+    --color-muted: var(--muted);
+    --color-muted-foreground: var(--muted-foreground);
 
-  --color-accent: var(--accent);
-  --color-accent-foreground: var(--accent-foreground);
+    --color-accent: var(--accent);
+    --color-accent-foreground: var(--accent-foreground);
 
-  --color-destructive: var(--destructive);
-  --color-destructive-foreground: var(--destructive-foreground);
+    --color-destructive: var(--destructive);
+    --color-destructive-foreground: var(--destructive-foreground);
 
-  --color-border: var(--border);
-  --color-input: var(--input);
-  --color-ring: var(--ring);
+    --color-border: var(--border);
+    --color-input: var(--input);
+    --color-ring: var(--ring);
 
-  --color-chart-1: var(--chart-1);
-  --color-chart-2: var(--chart-2);
-  --color-chart-3: var(--chart-3);
-  --color-chart-4: var(--chart-4);
-  --color-chart-5: var(--chart-5);
+    --color-chart-1: var(--chart-1);
+    --color-chart-2: var(--chart-2);
+    --color-chart-3: var(--chart-3);
+    --color-chart-4: var(--chart-4);
+    --color-chart-5: var(--chart-5);
 
-  --radius-lg: var(--radius);
-  --radius-md: calc(var(--radius) - 2px);
-  --radius-sm: calc(var(--radius) - 4px);
+    --radius-lg: var(--radius);
+    --radius-md: calc(var(--radius) - 2px);
+    --radius-sm: calc(var(--radius) - 4px);
+
+    --shadow-2xs: 0 1px 1px rgba(0, 0, 0, 0.03);
+    --inset-shadow-2xs: inset 0 1px 1px rgba(0, 0, 1, 0.03);
 }
 
 @layer base {
-  *,
-  ::after,
-  ::before,
-  ::backdrop,
-  ::file-selector-button {
-    border-color: var(--color-gray-200, currentcolor);
-  }
+    *,
+    ::after,
+    ::before,
+    ::backdrop,
+    ::file-selector-button {
+        border-color: var(--color-gray-200, currentcolor);
+    }
 }
 
 @layer base {
-  * {
-    @apply border-border;
-  }
+    * {
+        @apply border-border;
+    }
 
-  body {
-    @apply bg-background text-foreground;
-  }
+    body {
+        @apply bg-background text-foreground;
+    }
 }
 
 p {
-  word-break: keep-all;
-  white-space: normal;
-}
\ No newline at end of file
+    word-break: keep-all;
+    white-space: normal;
+}
diff --git a/src/app/layout.tsx b/src/app/layout.tsx
index dd02c489..1ad8d10a 100644
--- a/src/app/layout.tsx
+++ b/src/app/layout.tsx
@@ -1,7 +1,6 @@
 import type { Metadata } from "next";
 import "./globals.css";
 import { Inter } from "next/font/google";
-import { Toaster } from "@/components/ui/toaster";
 import { ThemeProvider } from "@app/providers/ThemeProvider";
 import EnvProvider from "@app/providers/EnvProvider";
 import { pullEnv } from "@app/lib/pullEnv";
@@ -11,14 +10,15 @@ import { AxiosResponse } from "axios";
 import { IsSupporterKeyVisibleResponse } from "@server/routers/supporterKey";
 import LicenseStatusProvider from "@app/providers/LicenseStatusProvider";
 import { GetLicenseStatusResponse } from "@server/routers/license";
-import LicenseViolation from "./components/LicenseViolation";
+import LicenseViolation from "@app/components/LicenseViolation";
 import { cache } from "react";
 import { NextIntlClientProvider } from "next-intl";
 import { getLocale } from "next-intl/server";
+import { Toaster } from "@app/components/ui/toaster";
 
 export const metadata: Metadata = {
     title: `Dashboard - Pangolin`,
-    description: ""
+    description: "",
 };
 
 export const dynamic = "force-dynamic";
@@ -83,4 +83,4 @@ export default async function RootLayout({
             </body>
         </html>
     );
-}
+}
\ No newline at end of file
diff --git a/src/app/navigation.tsx b/src/app/navigation.tsx
index 06a29bb0..b8f60abd 100644
--- a/src/app/navigation.tsx
+++ b/src/app/navigation.tsx
@@ -1,4 +1,5 @@
 import { SidebarNavItem } from "@app/components/SidebarNav";
+import { build } from "@server/build";
 import {
     Home,
     Settings,
@@ -7,11 +8,20 @@ import {
     Waypoints,
     Combine,
     Fingerprint,
+    Workflow,
     KeyRound,
     TicketCheck,
-    User
+    User,
+    Globe, // Added from 'dev' branch
+    MonitorUp // Added from 'dev' branch
 } from "lucide-react";
 
+export type SidebarNavSection = { // Added from 'dev' branch
+    heading: string;
+    items: SidebarNavItem[];
+};
+
+// Merged from 'user-management-and-resources' branch
 export const orgLangingNavItems: SidebarNavItem[] = [
     {
         title: "sidebarAccount",
@@ -27,83 +37,108 @@ export const orgLangingNavItems: SidebarNavItem[] = [
     }
 ];
 
-export const rootNavItems: SidebarNavItem[] = [
+export const orgNavSections = (
+    enableClients: boolean = true
+): SidebarNavSection[] => [
     {
-        title: "sidebarHome",
-        href: "/",
-        icon: <Home className="h-4 w-4" />
-    }
-];
-
-export const orgNavItems: SidebarNavItem[] = [
-    {
-        title: "sidebarSites",
-        href: "/{orgId}/settings/sites",
-        icon: <Combine className="h-4 w-4" />
-    },
-    {
-        title: "sidebarResources",
-        href: "/{orgId}/settings/resources",
-        icon: <Waypoints className="h-4 w-4" />
-    },
-    {
-        title: "sidebarAccessControl",
-        href: "/{orgId}/settings/access",
-        icon: <Users className="h-4 w-4" />,
-        autoExpand: true,
-        children: [
+        heading: "General",
+        items: [
             {
-                title: "sidebarUsers",
-                href: "/{orgId}/settings/access/users",
-                children: [
-                    {
-                        title: "sidebarInvitations",
-                        href: "/{orgId}/settings/access/invitations"
-                    }
-                ]
+                title: "sidebarSites",
+                href: "/{orgId}/settings/sites",
+                icon: <Combine className="h-4 w-4" />
             },
             {
-                title: "sidebarRoles",
-                href: "/{orgId}/settings/access/roles"
+                title: "sidebarResources",
+                href: "/{orgId}/settings/resources",
+                icon: <Waypoints className="h-4 w-4" />
+            },
+            ...(enableClients
+                ? [
+                      {
+                          title: "sidebarClients",
+                          href: "/{orgId}/settings/clients",
+                          icon: <MonitorUp className="h-4 w-4" />
+                      }
+                  ]
+                : []),
+            {
+                title: "sidebarDomains",
+                href: "/{orgId}/settings/domains",
+                icon: <Globe className="h-4 w-4" />
             }
         ]
     },
     {
-        title: "sidebarShareableLinks",
-        href: "/{orgId}/settings/share-links",
-        icon: <LinkIcon className="h-4 w-4" />
+        heading: "Access Control",
+        items: [
+            {
+                title: "sidebarUsers",
+                href: "/{orgId}/settings/access/users",
+                icon: <User className="h-4 w-4" />
+            },
+            {
+                title: "sidebarRoles",
+                href: "/{orgId}/settings/access/roles",
+                icon: <Users className="h-4 w-4" />
+            },
+            {
+                title: "sidebarInvitations",
+                href: "/{orgId}/settings/access/invitations",
+                icon: <TicketCheck className="h-4 w-4" />
+            },
+            {
+                title: "sidebarShareableLinks",
+                href: "/{orgId}/settings/share-links",
+                icon: <LinkIcon className="h-4 w-4" />
+            }
+        ]
     },
     {
-        title: "sidebarApiKeys",
-        href: "/{orgId}/settings/api-keys",
-        icon: <KeyRound className="h-4 w-4" />
-    },
-    {
-        title: "sidebarSettings",
-        href: "/{orgId}/settings/general",
-        icon: <Settings className="h-4 w-4" />
+        heading: "Organization",
+        items: [
+            {
+                title: "sidebarApiKeys",
+                href: "/{orgId}/settings/api-keys",
+                icon: <KeyRound className="h-4 w-4" />
+            },
+            {
+                title: "sidebarSettings",
+                href: "/{orgId}/settings/general",
+                icon: <Settings className="h-4 w-4" />
+            }
+        ]
     }
 ];
 
-export const adminNavItems: SidebarNavItem[] = [
+export const adminNavSections: SidebarNavSection[] = [
     {
-        title: "sidebarAllUsers",
-        href: "/admin/users",
-        icon: <Users className="h-4 w-4" />
-    },
-    {
-        title: "sidebarApiKeys",
-        href: "/admin/api-keys",
-        icon: <KeyRound className="h-4 w-4" />
-    },
-    {
-        title: "sidebarIdentityProviders",
-        href: "/admin/idp",
-        icon: <Fingerprint className="h-4 w-4" />
-    },
-    {
-        title: "sidebarLicense",
-        href: "/admin/license",
-        icon: <TicketCheck className="h-4 w-4" />
+        heading: "Admin",
+        items: [
+            {
+                title: "sidebarAllUsers",
+                href: "/admin/users",
+                icon: <Users className="h-4 w-4" />
+            },
+            {
+                title: "sidebarApiKeys",
+                href: "/admin/api-keys",
+                icon: <KeyRound className="h-4 w-4" />
+            },
+            {
+                title: "sidebarIdentityProviders",
+                href: "/admin/idp",
+                icon: <Fingerprint className="h-4 w-4" />
+            },
+            ...(build == "enterprise"
+                ? [
+                      {
+                          title: "sidebarLicense",
+                          href: "/admin/license",
+                          icon: <TicketCheck className="h-4 w-4" />
+                      }
+                  ]
+                : [])
+        ]
     }
-];
+];
\ No newline at end of file
diff --git a/src/app/page.tsx b/src/app/page.tsx
index 14738ac7..91ca5686 100644
--- a/src/app/page.tsx
+++ b/src/app/page.tsx
@@ -6,12 +6,12 @@ import { ListUserOrgsResponse } from "@server/routers/org";
 import { AxiosResponse } from "axios";
 import { redirect } from "next/navigation";
 import { cache } from "react";
-import OrganizationLanding from "./components/OrganizationLanding";
+import OrganizationLanding from "@app/components/OrganizationLanding";
 import { pullEnv } from "@app/lib/pullEnv";
 import { cleanRedirect } from "@app/lib/cleanRedirect";
 import { Layout } from "@app/components/Layout";
-import { rootNavItems } from "./navigation";
 import { InitialSetupCompleteResponse } from "@server/routers/auth";
+import { cookies } from "next/headers";
 
 export const dynamic = "force-dynamic";
 
@@ -72,21 +72,36 @@ export default async function Page(props: {
         }
     }
 
-    return (
-        <UserProvider user={user}>
-            <Layout orgs={orgs} navItems={rootNavItems} showBreadcrumbs={false}>
-                <div className="w-full max-w-md mx-auto md:mt-32 mt-4">
-                    <OrganizationLanding
-                        disableCreateOrg={
-                            env.flags.disableUserCreateOrg && !user.serverAdmin
-                        }
-                        organizations={orgs.map((org) => ({
-                            name: org.name,
-                            id: org.orgId
-                        }))}
-                    />
-                </div>
-            </Layout>
-        </UserProvider>
-    );
+    const allCookies = await cookies();
+    const lastOrgCookie = allCookies.get("pangolin-last-org")?.value;
+
+    const lastOrgExists = orgs.some((org) => org.orgId === lastOrgCookie);
+    if (lastOrgExists) {
+        redirect(`/${lastOrgCookie}`);
+    } else {
+        const ownedOrg = orgs.find((org) => org.isOwner);
+        if (ownedOrg) {
+            redirect(`/${ownedOrg.orgId}`);
+        } else {
+            redirect("/setup");
+        }
+    }
+
+    // return (
+    //     <UserProvider user={user}>
+    //         <Layout orgs={orgs} navItems={[]}>
+    //             <div className="w-full max-w-md mx-auto md:mt-32 mt-4">
+    //                 <OrganizationLanding
+    //                     disableCreateOrg={
+    //                         env.flags.disableUserCreateOrg && !user.serverAdmin
+    //                     }
+    //                     organizations={orgs.map((org) => ({
+    //                         name: org.name,
+    //                         id: org.orgId
+    //                     }))}
+    //                 />
+    //             </div>
+    //         </Layout>
+    //     </UserProvider>
+    // );
 }
diff --git a/src/app/setup/layout.tsx b/src/app/setup/layout.tsx
index e254037d..06dd3300 100644
--- a/src/app/setup/layout.tsx
+++ b/src/app/setup/layout.tsx
@@ -6,7 +6,6 @@ import UserProvider from "@app/providers/UserProvider";
 import { Metadata } from "next";
 import { redirect } from "next/navigation";
 import { cache } from "react";
-import { rootNavItems } from "../navigation";
 import { ListUserOrgsResponse } from "@server/routers/org";
 import { internal } from "@app/lib/api";
 import { AxiosResponse } from "axios";
@@ -54,11 +53,7 @@ export default async function SetupLayout({
     return (
         <>
             <UserProvider user={user}>
-                <Layout
-                    navItems={rootNavItems}
-                    showBreadcrumbs={false}
-                    orgs={orgs}
-                >
+                <Layout navItems={[]} orgs={orgs}>
                     <div className="w-full max-w-2xl mx-auto md:mt-32 mt-4">
                         {children}
                     </div>
diff --git a/src/app/setup/page.tsx b/src/app/setup/page.tsx
index 2a1447ee..42c64b16 100644
--- a/src/app/setup/page.tsx
+++ b/src/app/setup/page.tsx
@@ -2,8 +2,6 @@
 
 import { Button } from "@/components/ui/button";
 import { Input } from "@/components/ui/input";
-import { Label } from "@/components/ui/label";
-import Link from "next/link";
 import { toast } from "@app/hooks/useToast";
 import { useCallback, useEffect, useState } from "react";
 import {
@@ -13,8 +11,7 @@ import {
     CardHeader,
     CardTitle
 } from "@app/components/ui/card";
-import CopyTextBox from "@app/components/CopyTextBox";
-import { formatAxiosError } from "@app/lib/api";;
+import { formatAxiosError } from "@app/lib/api";
 import { createApiClient } from "@app/lib/api";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { Separator } from "@/components/ui/separator";
@@ -32,7 +29,6 @@ import {
     FormMessage
 } from "@app/components/ui/form";
 import { Alert, AlertDescription } from "@app/components/ui/alert";
-import CreateSiteForm from "../[orgId]/settings/sites/CreateSiteForm";
 import { useTranslations } from "next-intl";
 
 type Step = "org" | "site" | "resources";
@@ -41,6 +37,7 @@ export default function StepperForm() {
     const [currentStep, setCurrentStep] = useState<Step>("org");
     const [orgIdTaken, setOrgIdTaken] = useState(false);
     const t = useTranslations();
+    const { env } = useEnvContext();
 
     const [loading, setLoading] = useState(false);
     const [isChecked, setIsChecked] = useState(false);
@@ -48,36 +45,62 @@ export default function StepperForm() {
     const [orgCreated, setOrgCreated] = useState(false);
 
     const orgSchema = z.object({
-        orgName: z.string().min(1, { message: t('orgNameRequired') }),
-        orgId: z.string().min(1, { message: t('orgIdRequired') })
+        orgName: z.string().min(1, { message: t("orgNameRequired") }),
+        orgId: z.string().min(1, { message: t("orgIdRequired") }),
+        subnet: z.string().min(1, { message: t("subnetRequired") })
     });
 
     const orgForm = useForm<z.infer<typeof orgSchema>>({
         resolver: zodResolver(orgSchema),
         defaultValues: {
             orgName: "",
-            orgId: ""
+            orgId: "",
+            subnet: ""
         }
     });
 
     const api = createApiClient(useEnvContext());
     const router = useRouter();
 
-    const checkOrgIdAvailability = useCallback(async (value: string) => {
-        if (loading || orgCreated) {
-            return;
-        }
+    // Fetch default subnet on component mount
+    useEffect(() => {
+        fetchDefaultSubnet();
+    }, []);
+
+    const fetchDefaultSubnet = async () => {
         try {
-            const res = await api.get(`/org/checkId`, {
-                params: {
-                    orgId: value
-                }
+            const res = await api.get(`/pick-org-defaults`);
+            if (res && res.data && res.data.data) {
+                orgForm.setValue("subnet", res.data.data.subnet);
+            }
+        } catch (e) {
+            console.error("Failed to fetch default subnet:", e);
+            toast({
+                title: "Error",
+                description: "Failed to fetch default subnet",
+                variant: "destructive"
             });
-            setOrgIdTaken(res.status !== 404);
-        } catch (error) {
-            setOrgIdTaken(false);
         }
-    }, [loading, orgCreated, api]);
+    };
+
+    const checkOrgIdAvailability = useCallback(
+        async (value: string) => {
+            if (loading || orgCreated) {
+                return;
+            }
+            try {
+                const res = await api.get(`/org/checkId`, {
+                    params: {
+                        orgId: value
+                    }
+                });
+                setOrgIdTaken(res.status !== 404);
+            } catch (error) {
+                setOrgIdTaken(false);
+            }
+        },
+        [loading, orgCreated, api]
+    );
 
     const debouncedCheckOrgIdAvailability = useCallback(
         debounce(checkOrgIdAvailability, 300),
@@ -105,7 +128,8 @@ export default function StepperForm() {
         try {
             const res = await api.put(`/org`, {
                 orgId: values.orgId,
-                name: values.orgName
+                name: values.orgName,
+                subnet: values.subnet
             });
 
             if (res && res.status === 201) {
@@ -114,9 +138,7 @@ export default function StepperForm() {
             }
         } catch (e) {
             console.error(e);
-            setError(
-                formatAxiosError(e, t('orgErrorCreate'))
-            );
+            setError(formatAxiosError(e, t("orgErrorCreate")));
         }
 
         setLoading(false);
@@ -126,10 +148,8 @@ export default function StepperForm() {
         <>
             <Card>
                 <CardHeader>
-                    <CardTitle>{t('setupNewOrg')}</CardTitle>
-                    <CardDescription>
-                        {t('setupCreate')}
-                    </CardDescription>
+                    <CardTitle>{t("setupNewOrg")}</CardTitle>
+                    <CardDescription>{t("setupCreate")}</CardDescription>
                 </CardHeader>
                 <CardContent>
                     <section className="space-y-6">
@@ -151,7 +171,7 @@ export default function StepperForm() {
                                             : "text-muted-foreground"
                                     }`}
                                 >
-                                    {t('setupCreateOrg')}
+                                    {t("setupCreateOrg")}
                                 </span>
                             </div>
                             <div className="flex flex-col items-center">
@@ -171,7 +191,7 @@ export default function StepperForm() {
                                             : "text-muted-foreground"
                                     }`}
                                 >
-                                    {t('siteCreate')}
+                                    {t("siteCreate")}
                                 </span>
                             </div>
                             <div className="flex flex-col items-center">
@@ -191,7 +211,7 @@ export default function StepperForm() {
                                             : "text-muted-foreground"
                                     }`}
                                 >
-                                    {t('setupCreateResources')}
+                                    {t("setupCreateResources")}
                                 </span>
                             </div>
                         </div>
@@ -210,7 +230,7 @@ export default function StepperForm() {
                                         render={({ field }) => (
                                             <FormItem>
                                                 <FormLabel>
-                                                    {t('setupOrgName')}
+                                                    {t("setupOrgName")}
                                                 </FormLabel>
                                                 <FormControl>
                                                     <Input
@@ -218,8 +238,15 @@ export default function StepperForm() {
                                                         {...field}
                                                         onChange={(e) => {
                                                             // Prevent "/" in orgName input
-                                                            const sanitizedValue = e.target.value.replace(/\//g, "-");
-                                                            const orgId = generateId(sanitizedValue);
+                                                            const sanitizedValue =
+                                                                e.target.value.replace(
+                                                                    /\//g,
+                                                                    "-"
+                                                                );
+                                                            const orgId =
+                                                                generateId(
+                                                                    sanitizedValue
+                                                                );
                                                             orgForm.setValue(
                                                                 "orgId",
                                                                 orgId
@@ -232,12 +259,15 @@ export default function StepperForm() {
                                                                 orgId
                                                             );
                                                         }}
-                                                        value={field.value.replace(/\//g, "-")}
+                                                        value={field.value.replace(
+                                                            /\//g,
+                                                            "-"
+                                                        )}
                                                     />
                                                 </FormControl>
                                                 <FormMessage />
                                                 <FormDescription>
-                                                    {t('orgDisplayName')}
+                                                    {t("orgDisplayName")}
                                                 </FormDescription>
                                             </FormItem>
                                         )}
@@ -248,7 +278,7 @@ export default function StepperForm() {
                                         render={({ field }) => (
                                             <FormItem>
                                                 <FormLabel>
-                                                    {t('orgId')}
+                                                    {t("orgId")}
                                                 </FormLabel>
                                                 <FormControl>
                                                     <Input
@@ -258,16 +288,44 @@ export default function StepperForm() {
                                                 </FormControl>
                                                 <FormMessage />
                                                 <FormDescription>
-                                                    {t('setupIdentifierMessage')}
+                                                    {t(
+                                                        "setupIdentifierMessage"
+                                                    )}
                                                 </FormDescription>
                                             </FormItem>
                                         )}
                                     />
 
+                                    {env.flags.enableClients && (
+                                        <FormField
+                                            control={orgForm.control}
+                                            name="subnet"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        Subnet
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            type="text"
+                                                            {...field}
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                    <FormDescription>
+                                                        Network subnet for this
+                                                        organization. A default
+                                                        value has been provided.
+                                                    </FormDescription>
+                                                </FormItem>
+                                            )}
+                                        />
+                                    )}
+
                                     {orgIdTaken && !orgCreated ? (
                                         <Alert variant="destructive">
                                             <AlertDescription>
-                                                {t('setupErrorIdentifier')}
+                                                {t("setupErrorIdentifier")}
                                             </AlertDescription>
                                         </Alert>
                                     ) : null}
@@ -290,7 +348,7 @@ export default function StepperForm() {
                                                 orgIdTaken
                                             }
                                         >
-                                            {t('setupCreateOrg')}
+                                            {t("setupCreateOrg")}
                                         </Button>
                                     </div>
                                 </form>
diff --git a/src/components/AuthFooter.tsx b/src/components/AuthFooter.tsx
deleted file mode 100644
index a1c0795e..00000000
--- a/src/components/AuthFooter.tsx
+++ /dev/null
@@ -1,3 +0,0 @@
-"use client";
-
-export function AuthFooter() {}
diff --git a/src/components/BrandingLogo.tsx b/src/components/BrandingLogo.tsx
new file mode 100644
index 00000000..34771333
--- /dev/null
+++ b/src/components/BrandingLogo.tsx
@@ -0,0 +1,50 @@
+"use client";
+
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useTheme } from "next-themes";
+import Image from "next/image";
+import { useEffect, useState } from "react";
+
+type BrandingLogoProps = {
+    width: number;
+    height: number;
+};
+
+export default function BrandingLogo(props: BrandingLogoProps) {
+    const { env } = useEnvContext();
+    const { theme } = useTheme();
+    const [path, setPath] = useState<string>(""); // Default logo path
+
+    useEffect(() => {
+        function getPath() {
+            let lightOrDark = theme;
+
+            if (theme === "system" || !theme) {
+                lightOrDark = window.matchMedia("(prefers-color-scheme: dark)")
+                    .matches
+                    ? "dark"
+                    : "light";
+            }
+
+            if (lightOrDark === "light") {
+                return "/logo/word_mark_black.png";
+            }
+
+            return "/logo/word_mark_white.png";
+        }
+
+        const path = getPath();
+        setPath(path);
+    }, [theme, env]);
+
+    return (
+        path && (
+            <Image
+                src={path}
+                alt="Logo"
+                width={props.width}
+                height={props.height}
+            />
+        )
+    );
+}
diff --git a/src/components/Breadcrumbs.tsx b/src/components/Breadcrumbs.tsx
deleted file mode 100644
index 25366ffa..00000000
--- a/src/components/Breadcrumbs.tsx
+++ /dev/null
@@ -1,42 +0,0 @@
-"use client";
-
-import { usePathname } from "next/navigation";
-import Link from "next/link";
-import { ChevronRight } from "lucide-react";
-import { cn } from "@app/lib/cn";
-
-interface BreadcrumbItem {
-    label: string;
-    href: string;
-}
-
-export function Breadcrumbs() {
-    const pathname = usePathname();
-    const segments = pathname.split("/").filter(Boolean);
-
-    const breadcrumbs: BreadcrumbItem[] = segments.map((segment, index) => {
-        const href = `/${segments.slice(0, index + 1).join("/")}`;
-        let label = decodeURIComponent(segment);
-        return { label, href };
-    });
-
-    return (
-        <nav className="flex items-center space-x-1 text-muted-foreground">
-            {breadcrumbs.map((crumb, index) => (
-                <div key={crumb.href} className="flex items-center flex-nowrap">
-                    {index !== 0 && <ChevronRight className="h-4 w-4 flex-shrink-0" />}
-                    <Link
-                        href={crumb.href}
-                        className={cn(
-                            "ml-1 hover:text-foreground whitespace-nowrap",
-                            index === breadcrumbs.length - 1 &&
-                                "text-foreground font-medium"
-                        )}
-                    >
-                        {crumb.label}
-                    </Link>
-                </div>
-            ))}
-        </nav>
-    );
-}
diff --git a/src/components/ConfirmDeleteDialog.tsx b/src/components/ConfirmDeleteDialog.tsx
index 5ca8ca8d..cd053a14 100644
--- a/src/components/ConfirmDeleteDialog.tsx
+++ b/src/components/ConfirmDeleteDialog.tsx
@@ -72,7 +72,7 @@ export default function InviteUserForm({
 
     const formSchema = z.object({
         string: z.string().refine((val) => val === string, {
-            message: t('inviteErrorInvalidConfirmation')
+            message: t("inviteErrorInvalidConfirmation")
         })
     });
 
@@ -108,7 +108,9 @@ export default function InviteUserForm({
                         <CredenzaTitle>{title}</CredenzaTitle>
                     </CredenzaHeader>
                     <CredenzaBody>
-                        <div className="mb-4 break-all overflow-hidden">{dialog}</div>
+                        <div className="mb-4 break-all overflow-hidden">
+                            {dialog}
+                        </div>
                         <Form {...form}>
                             <form
                                 onSubmit={form.handleSubmit(onSubmit)}
@@ -132,9 +134,10 @@ export default function InviteUserForm({
                     </CredenzaBody>
                     <CredenzaFooter>
                         <CredenzaClose asChild>
-                            <Button variant="outline">{t('close')}</Button>
+                            <Button variant="outline">{t("close")}</Button>
                         </CredenzaClose>
                         <Button
+                            variant={"destructive"}
                             type="submit"
                             form="confirm-delete-form"
                             loading={loading}
diff --git a/src/components/CopyTextBox.tsx b/src/components/CopyTextBox.tsx
index bc70f8e8..72a99c3f 100644
--- a/src/components/CopyTextBox.tsx
+++ b/src/components/CopyTextBox.tsx
@@ -40,7 +40,7 @@ export default function CopyTextBox({
         >
             <pre
                 ref={textRef}
-                className={`p-2 pr-16 text-sm w-full ${
+                className={`p-4 pr-16 text-sm w-full ${
                     wrapText
                         ? "whitespace-pre-wrap break-words"
                         : "overflow-x-auto"
diff --git a/src/components/CopyToClipboard.tsx b/src/components/CopyToClipboard.tsx
index f034b454..b187e6c6 100644
--- a/src/components/CopyToClipboard.tsx
+++ b/src/components/CopyToClipboard.tsx
@@ -32,7 +32,7 @@ const CopyToClipboard = ({ text, displayText, isLink }: CopyToClipboardProps) =>
                     href={text}
                     target="_blank"
                     rel="noopener noreferrer"
-                    className="truncate hover:underline"
+                    className="truncate hover:underline text-sm"
                     style={{ maxWidth: "100%" }} // Ensures truncation works within parent
                     title={text} // Shows full text on hover
                 >
@@ -40,7 +40,7 @@ const CopyToClipboard = ({ text, displayText, isLink }: CopyToClipboardProps) =>
                 </Link>
             ) : (
                 <span
-                    className="truncate"
+                    className="truncate text-sm"
                     style={{
                         maxWidth: "100%",
                         display: "block",
diff --git a/src/components/DomainPicker.tsx b/src/components/DomainPicker.tsx
new file mode 100644
index 00000000..d7b38794
--- /dev/null
+++ b/src/components/DomainPicker.tsx
@@ -0,0 +1,552 @@
+"use client";
+
+import { useState, useEffect, useCallback } from "react";
+import { Input } from "@/components/ui/input";
+import { Label } from "@/components/ui/label";
+import { Badge } from "@/components/ui/badge";
+import { Button } from "@/components/ui/button";
+import {
+    AlertCircle,
+    CheckCircle2,
+    Building2,
+    Zap,
+    ArrowUpDown
+} from "lucide-react";
+import { Alert, AlertDescription } from "@/components/ui/alert";
+import { createApiClient, formatAxiosError } from "@/lib/api";
+import { useEnvContext } from "@/hooks/useEnvContext";
+import { toast } from "@/hooks/useToast";
+import { ListDomainsResponse } from "@server/routers/domain/listDomains";
+import { AxiosResponse } from "axios";
+import { cn } from "@/lib/cn";
+import { Tabs, TabsList, TabsTrigger } from "@/components/ui/tabs";
+import { useTranslations } from "next-intl";
+import { build } from "@server/build";
+
+type OrganizationDomain = {
+    domainId: string;
+    baseDomain: string;
+    verified: boolean;
+    type: "ns" | "cname" | "wildcard";
+};
+
+type AvailableOption = {
+    domainNamespaceId: string;
+    fullDomain: string;
+    domainId: string;
+};
+
+type DomainOption = {
+    id: string;
+    domain: string;
+    type: "organization" | "provided";
+    verified?: boolean;
+    domainType?: "ns" | "cname" | "wildcard";
+    domainId?: string;
+    domainNamespaceId?: string;
+    subdomain?: string;
+};
+
+interface DomainPickerProps {
+    orgId: string;
+    onDomainChange?: (domainInfo: {
+        domainId: string;
+        domainNamespaceId?: string;
+        type: "organization" | "provided";
+        subdomain?: string;
+        fullDomain: string;
+        baseDomain: string;
+    }) => void;
+}
+
+export default function DomainPicker({
+    orgId,
+    onDomainChange
+}: DomainPickerProps) {
+    const { env } = useEnvContext();
+    const api = createApiClient({ env });
+    const t = useTranslations();
+
+    const [userInput, setUserInput] = useState<string>("");
+    const [selectedOption, setSelectedOption] = useState<DomainOption | null>(
+        null
+    );
+    const [availableOptions, setAvailableOptions] = useState<AvailableOption[]>(
+        []
+    );
+    const [isChecking, setIsChecking] = useState(false);
+    const [organizationDomains, setOrganizationDomains] = useState<
+        OrganizationDomain[]
+    >([]);
+    const [loadingDomains, setLoadingDomains] = useState(false);
+    const [sortOrder, setSortOrder] = useState<"asc" | "desc">("asc");
+    const [activeTab, setActiveTab] = useState<
+        "all" | "organization" | "provided"
+    >("all");
+    const [providedDomainsShown, setProvidedDomainsShown] = useState(3);
+
+    useEffect(() => {
+        const loadOrganizationDomains = async () => {
+            setLoadingDomains(true);
+            try {
+                const response = await api.get<
+                    AxiosResponse<ListDomainsResponse>
+                >(`/org/${orgId}/domains`);
+                if (response.status === 200) {
+                    const domains = response.data.data.domains
+                        .filter(
+                            (domain) =>
+                                domain.type === "ns" ||
+                                domain.type === "cname" ||
+                                domain.type === "wildcard"
+                        )
+                        .map((domain) => ({
+                            ...domain,
+                            type: domain.type as "ns" | "cname" | "wildcard"
+                        }));
+                    setOrganizationDomains(domains);
+                }
+            } catch (error) {
+                console.error("Failed to load organization domains:", error);
+                toast({
+                    variant: "destructive",
+                    title: "Error",
+                    description: "Failed to load organization domains"
+                });
+            } finally {
+                setLoadingDomains(false);
+            }
+        };
+
+        loadOrganizationDomains();
+    }, [orgId, api]);
+
+    // Generate domain options based on user input
+    const generateDomainOptions = (): DomainOption[] => {
+        const options: DomainOption[] = [];
+
+        if (!userInput.trim()) return options;
+
+        // Check if input is more than one level deep (contains multiple dots)
+        const isMultiLevel = (userInput.match(/\./g) || []).length > 1;
+
+        // Add organization domain options
+        organizationDomains.forEach((orgDomain) => {
+            if (orgDomain.type === "cname") {
+                // For CNAME domains, check if the user input matches exactly
+                if (
+                    orgDomain.baseDomain.toLowerCase() ===
+                    userInput.toLowerCase()
+                ) {
+                    options.push({
+                        id: `org-${orgDomain.domainId}`,
+                        domain: orgDomain.baseDomain,
+                        type: "organization",
+                        verified: orgDomain.verified,
+                        domainType: "cname",
+                        domainId: orgDomain.domainId
+                    });
+                }
+            } else if (orgDomain.type === "ns") {
+                // For NS domains, check if the user input could be a subdomain
+                const userInputLower = userInput.toLowerCase();
+                const baseDomainLower = orgDomain.baseDomain.toLowerCase();
+
+                // Check if user input ends with the base domain
+                if (userInputLower.endsWith(`.${baseDomainLower}`)) {
+                    const subdomain = userInputLower.slice(
+                        0,
+                        -(baseDomainLower.length + 1)
+                    );
+                    options.push({
+                        id: `org-${orgDomain.domainId}`,
+                        domain: userInput,
+                        type: "organization",
+                        verified: orgDomain.verified,
+                        domainType: "ns",
+                        domainId: orgDomain.domainId,
+                        subdomain: subdomain
+                    });
+                } else if (userInputLower === baseDomainLower) {
+                    // Exact match for base domain
+                    options.push({
+                        id: `org-${orgDomain.domainId}`,
+                        domain: orgDomain.baseDomain,
+                        type: "organization",
+                        verified: orgDomain.verified,
+                        domainType: "ns",
+                        domainId: orgDomain.domainId
+                    });
+                }
+            } else if (orgDomain.type === "wildcard") {
+                // For wildcard domains, allow the base domain or one level up
+                const userInputLower = userInput.toLowerCase();
+                const baseDomainLower = orgDomain.baseDomain.toLowerCase();
+
+                // Check if user input is exactly the base domain
+                if (userInputLower === baseDomainLower) {
+                    options.push({
+                        id: `org-${orgDomain.domainId}`,
+                        domain: orgDomain.baseDomain,
+                        type: "organization",
+                        verified: orgDomain.verified,
+                        domainType: "wildcard",
+                        domainId: orgDomain.domainId
+                    });
+                }
+                // Check if user input is one level up (subdomain.baseDomain)
+                else if (userInputLower.endsWith(`.${baseDomainLower}`)) {
+                    const subdomain = userInputLower.slice(
+                        0,
+                        -(baseDomainLower.length + 1)
+                    );
+                    // Only allow one level up (no dots in subdomain)
+                    if (!subdomain.includes(".")) {
+                        options.push({
+                            id: `org-${orgDomain.domainId}`,
+                            domain: userInput,
+                            type: "organization",
+                            verified: orgDomain.verified,
+                            domainType: "wildcard",
+                            domainId: orgDomain.domainId,
+                            subdomain: subdomain
+                        });
+                    }
+                }
+            }
+        });
+
+        // Add provided domain options (always try to match provided domains)
+        availableOptions.forEach((option) => {
+            options.push({
+                id: `provided-${option.domainNamespaceId}`,
+                domain: option.fullDomain,
+                type: "provided",
+                domainNamespaceId: option.domainNamespaceId,
+                domainId: option.domainId
+            });
+        });
+
+        // Sort options
+        return options.sort((a, b) => {
+            const comparison = a.domain.localeCompare(b.domain);
+            return sortOrder === "asc" ? comparison : -comparison;
+        });
+    };
+
+    const domainOptions = generateDomainOptions();
+
+    // Filter options based on active tab
+    const filteredOptions = domainOptions.filter((option) => {
+        if (activeTab === "all") return true;
+        return option.type === activeTab;
+    });
+
+    // Separate organization and provided options for pagination
+    const organizationOptions = filteredOptions.filter(
+        (opt) => opt.type === "organization"
+    );
+    const allProvidedOptions = filteredOptions.filter(
+        (opt) => opt.type === "provided"
+    );
+    const providedOptions = allProvidedOptions.slice(0, providedDomainsShown);
+    const hasMoreProvided = allProvidedOptions.length > providedDomainsShown;
+
+    // Handle option selection
+    const handleOptionSelect = (option: DomainOption) => {
+        setSelectedOption(option);
+
+        if (option.type === "organization") {
+            if (option.domainType === "cname") {
+                onDomainChange?.({
+                    domainId: option.domainId!,
+                    type: "organization",
+                    subdomain: undefined,
+                    fullDomain: option.domain,
+                    baseDomain: option.domain
+                });
+            } else if (option.domainType === "ns") {
+                const subdomain = option.subdomain || "";
+                onDomainChange?.({
+                    domainId: option.domainId!,
+                    type: "organization",
+                    subdomain: subdomain || undefined,
+                    fullDomain: option.domain,
+                    baseDomain: option.domain
+                });
+            } else if (option.domainType === "wildcard") {
+                onDomainChange?.({
+                    domainId: option.domainId!,
+                    type: "organization",
+                    subdomain: option.subdomain || undefined,
+                    fullDomain: option.domain,
+                    baseDomain: option.subdomain
+                        ? option.domain.split(".").slice(1).join(".")
+                        : option.domain
+                });
+            }
+        } else if (option.type === "provided") {
+            // Extract subdomain from full domain
+            const parts = option.domain.split(".");
+            const subdomain = parts[0];
+            const baseDomain = parts.slice(1).join(".");
+            onDomainChange?.({
+                domainId: option.domainId!,
+                domainNamespaceId: option.domainNamespaceId,
+                type: "provided",
+                subdomain: subdomain,
+                fullDomain: option.domain,
+                baseDomain: baseDomain
+            });
+        }
+    };
+
+    return (
+        <div className="space-y-6">
+            {/* Domain Input */}
+            <div className="space-y-2">
+                <Label htmlFor="domain-input">
+                    {t("domainPickerEnterDomain")}
+                </Label>
+                <Input
+                    id="domain-input"
+                    value={userInput}
+                    onChange={(e) => {
+                        // Only allow letters, numbers, hyphens, and periods
+                        const validInput = e.target.value.replace(
+                            /[^a-zA-Z0-9.-]/g,
+                            ""
+                        );
+                        setUserInput(validInput);
+                    }}
+                />
+                <p className="text-xs text-muted-foreground">
+                    {build === "saas"
+                        ? t("domainPickerDescriptionSaas")
+                        : t("domainPickerDescription")}
+                </p>
+            </div>
+
+            {/* Tabs and Sort Toggle */}
+            <div className="flex justify-between items-center">
+                <Tabs
+                    value={activeTab}
+                    onValueChange={(value) =>
+                        setActiveTab(
+                            value as "all" | "organization" | "provided"
+                        )
+                    }
+                >
+                    <TabsList>
+                        <TabsTrigger value="all">
+                            {t("domainPickerTabAll")}
+                        </TabsTrigger>
+                        <TabsTrigger value="organization">
+                            {t("domainPickerTabOrganization")}
+                        </TabsTrigger>
+                        {build == "saas" && (
+                            <TabsTrigger value="provided">
+                                {t("domainPickerTabProvided")}
+                            </TabsTrigger>
+                        )}
+                    </TabsList>
+                </Tabs>
+                <Button
+                    variant="outline"
+                    size="sm"
+                    onClick={() =>
+                        setSortOrder(sortOrder === "asc" ? "desc" : "asc")
+                    }
+                >
+                    <ArrowUpDown className="h-4 w-4 mr-2" />
+                    {sortOrder === "asc"
+                        ? t("domainPickerSortAsc")
+                        : t("domainPickerSortDesc")}
+                </Button>
+            </div>
+
+            {/* Loading State */}
+            {isChecking && (
+                <div className="flex items-center justify-center p-8">
+                    <div className="flex items-center space-x-2 text-sm text-muted-foreground">
+                        <div className="animate-spin rounded-full h-4 w-4 border-b-2 border-primary"></div>
+                        <span>{t("domainPickerCheckingAvailability")}</span>
+                    </div>
+                </div>
+            )}
+
+            {/* No Options */}
+            {!isChecking &&
+                filteredOptions.length === 0 &&
+                userInput.trim() && (
+                    <Alert>
+                        <AlertCircle className="h-4 w-4" />
+                        <AlertDescription>
+                            {t("domainPickerNoMatchingDomains", { userInput })}
+                        </AlertDescription>
+                    </Alert>
+                )}
+
+            {/* Domain Options */}
+            {!isChecking && filteredOptions.length > 0 && (
+                <div className="space-y-4">
+                    {/* Organization Domains */}
+                    {organizationOptions.length > 0 && (
+                        <div className="space-y-3">
+                            <div className="flex items-center space-x-2">
+                                <Building2 className="h-4 w-4" />
+                                <h4 className="text-sm font-medium">
+                                    {t("domainPickerOrganizationDomains")}
+                                </h4>
+                            </div>
+                            <div className="grid gap-2">
+                                {organizationOptions.map((option) => (
+                                    <div
+                                        key={option.id}
+                                        className={cn(
+                                            "transition-all p-3 rounded-lg border",
+                                            selectedOption?.id === option.id
+                                                ? "border-primary bg-primary/5"
+                                                : "border-input",
+                                            option.verified
+                                                ? "cursor-pointer hover:bg-accent"
+                                                : "cursor-not-allowed opacity-60"
+                                        )}
+                                        onClick={() =>
+                                            option.verified &&
+                                            handleOptionSelect(option)
+                                        }
+                                    >
+                                        <div className="flex items-center justify-between">
+                                            <div className="flex-1">
+                                                <div className="flex items-center space-x-2">
+                                                    <p className="font-mono text-sm">
+                                                        {option.domain}
+                                                    </p>
+                                                    {/* <Badge */}
+                                                    {/*     variant={ */}
+                                                    {/*         option.domainType === */}
+                                                    {/*         "ns" */}
+                                                    {/*             ? "default" */}
+                                                    {/*             : "secondary" */}
+                                                    {/*     } */}
+                                                    {/* > */}
+                                                    {/*     {option.domainType} */}
+                                                    {/* </Badge> */}
+                                                    {option.verified ? (
+                                                        <CheckCircle2 className="h-3 w-3 text-green-500" />
+                                                    ) : (
+                                                        <AlertCircle className="h-3 w-3 text-yellow-500" />
+                                                    )}
+                                                </div>
+                                                {option.subdomain && (
+                                                    <p className="text-xs text-muted-foreground mt-1">
+                                                        {t(
+                                                            "domainPickerSubdomain",
+                                                            {
+                                                                subdomain:
+                                                                    option.subdomain
+                                                            }
+                                                        )}
+                                                    </p>
+                                                )}
+                                                {!option.verified && (
+                                                    <p className="text-xs text-yellow-600 mt-1">
+                                                        Domain is unverified
+                                                    </p>
+                                                )}
+                                            </div>
+                                            {selectedOption?.id ===
+                                                option.id && (
+                                                <CheckCircle2 className="h-4 w-4 text-primary" />
+                                            )}
+                                        </div>
+                                    </div>
+                                ))}
+                            </div>
+                        </div>
+                    )}
+
+                    {/* Provided Domains */}
+                    {providedOptions.length > 0 && (
+                        <div className="space-y-3">
+                            <div className="flex items-center space-x-2">
+                                <Zap className="h-4 w-4" />
+                                <div className="text-sm font-medium">
+                                    {t("domainPickerProvidedDomains")}
+                                </div>
+                            </div>
+                            <div className="grid gap-2">
+                                {providedOptions.map((option) => (
+                                    <div
+                                        key={option.id}
+                                        className={cn(
+                                            "transition-all p-3 rounded-lg border",
+                                            selectedOption?.id === option.id
+                                                ? "border-primary bg-primary/5"
+                                                : "border-input",
+                                            "cursor-pointer hover:bg-accent"
+                                        )}
+                                        onClick={() =>
+                                            handleOptionSelect(option)
+                                        }
+                                    >
+                                        <div className="flex items-center justify-between">
+                                            <div>
+                                                <p className="font-mono text-sm">
+                                                    {option.domain}
+                                                </p>
+                                                <p className="text-xs text-muted-foreground">
+                                                    {t(
+                                                        "domainPickerNamespace",
+                                                        {
+                                                            namespace:
+                                                                option.domainNamespaceId as string
+                                                        }
+                                                    )}
+                                                </p>
+                                            </div>
+                                            {selectedOption?.id ===
+                                                option.id && (
+                                                <CheckCircle2 className="h-4 w-4 text-primary" />
+                                            )}
+                                        </div>
+                                    </div>
+                                ))}
+                            </div>
+                            {hasMoreProvided && (
+                                <Button
+                                    variant="outline"
+                                    size="sm"
+                                    onClick={() =>
+                                        setProvidedDomainsShown(
+                                            (prev) => prev + 3
+                                        )
+                                    }
+                                    className="w-full"
+                                >
+                                    {t("domainPickerShowMore")}
+                                </Button>
+                            )}
+                        </div>
+                    )}
+                </div>
+            )}
+        </div>
+    );
+}
+
+function debounce<T extends (...args: any[]) => any>(
+    func: T,
+    wait: number
+): (...args: Parameters<T>) => void {
+    let timeout: NodeJS.Timeout | null = null;
+
+    return (...args: Parameters<T>) => {
+        if (timeout) clearTimeout(timeout);
+
+        timeout = setTimeout(() => {
+            func(...args);
+        }, wait);
+    };
+}
diff --git a/src/components/HorizontalTabs.tsx b/src/components/HorizontalTabs.tsx
index 258bace3..b529dbba 100644
--- a/src/components/HorizontalTabs.tsx
+++ b/src/components/HorizontalTabs.tsx
@@ -38,6 +38,7 @@ export function HorizontalTabs({
             .replace("{resourceId}", params.resourceId as string)
             .replace("{niceId}", params.niceId as string)
             .replace("{userId}", params.userId as string)
+            .replace("{clientId}", params.clientId as string)
             .replace("{apiKeyId}", params.apiKeyId as string);
     }
 
diff --git a/src/components/Layout.tsx b/src/components/Layout.tsx
index 28ef307b..7d99a773 100644
--- a/src/components/Layout.tsx
+++ b/src/components/Layout.tsx
@@ -1,276 +1,82 @@
-"use client";
-
-import React, { useEffect, useState } from "react";
-import { SidebarNav } from "@app/components/SidebarNav";
-import { OrgSelector } from "@app/components/OrgSelector";
+import React from "react";
 import { cn } from "@app/lib/cn";
 import { ListUserOrgsResponse } from "@server/routers/org";
-import SupporterStatus from "@app/components/SupporterStatus";
-import { Button } from "@app/components/ui/button";
-import { ExternalLink, Menu, X, Server } from "lucide-react";
-import Image from "next/image";
-import ProfileIcon from "@app/components/ProfileIcon";
-import {
-    Sheet,
-    SheetContent,
-    SheetTrigger,
-    SheetTitle,
-    SheetDescription
-} from "@app/components/ui/sheet";
-import { useEnvContext } from "@app/hooks/useEnvContext";
-import { Breadcrumbs } from "@app/components/Breadcrumbs";
-import Link from "next/link";
-import { usePathname } from "next/navigation";
-import { useUserContext } from "@app/hooks/useUserContext";
-import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
-import { useTheme } from "next-themes";
-import { useTranslations } from "next-intl";
+import type { SidebarNavSection } from "@app/app/navigation";
+import { LayoutSidebar } from "@app/components/LayoutSidebar";
+import { LayoutHeader } from "@app/components/LayoutHeader";
+import { LayoutMobileMenu } from "@app/components/LayoutMobileMenu";
+import { cookies } from "next/headers";
 
 interface LayoutProps {
     children: React.ReactNode;
     orgId?: string;
     orgs?: ListUserOrgsResponse["orgs"];
-    navItems?: Array<{
-        title: string;
-        href: string;
-        icon?: React.ReactNode;
-        children?: Array<{
-            title: string;
-            href: string;
-            icon?: React.ReactNode;
-        }>;
-    }>;
+    navItems?: SidebarNavSection[];
     showSidebar?: boolean;
-    showBreadcrumbs?: boolean;
     showHeader?: boolean;
     showTopBar?: boolean;
+    defaultSidebarCollapsed?: boolean;
 }
 
-export function Layout({
+export async function Layout({
     children,
     orgId,
     orgs,
     navItems = [],
     showSidebar = true,
-    showBreadcrumbs = true,
     showHeader = true,
-    showTopBar = true
+    showTopBar = true,
+    defaultSidebarCollapsed = false
 }: LayoutProps) {
-    const [isMobileMenuOpen, setIsMobileMenuOpen] = useState(false);
-    const { env } = useEnvContext();
-    const pathname = usePathname();
-    const isAdminPage = pathname?.startsWith("/admin");
-    const { user } = useUserContext();
-    const { isUnlocked } = useLicenseStatusContext();
+    const allCookies = await cookies();
+    const sidebarStateCookie = allCookies.get("pangolin-sidebar-state")?.value;
 
-    const { theme } = useTheme();
-    const [path, setPath] = useState<string>(""); // Default logo path
-
-    useEffect(() => {
-        function getPath() {
-            let lightOrDark = theme;
-
-            if (theme === "system" || !theme) {
-                lightOrDark = window.matchMedia("(prefers-color-scheme: dark)")
-                    .matches
-                    ? "dark"
-                    : "light";
-            }
-
-            if (lightOrDark === "light") {
-                // return "/logo/word_mark_black.png";
-                return "/logo/pangolin_orange.svg";
-            }
-
-            // return "/logo/word_mark_white.png";
-            return "/logo/pangolin_orange.svg";
-        }
-
-        setPath(getPath());
-    }, [theme, env]);
-
-    const t = useTranslations();
+    const initialSidebarCollapsed =
+        sidebarStateCookie === "collapsed" ||
+        (sidebarStateCookie !== "expanded" && defaultSidebarCollapsed);
 
     return (
-        <div className="flex flex-col h-screen overflow-hidden">
-            {/* Full width header */}
-            {showHeader && (
-                <div className="border-b shrink-0 bg-card">
-                    <div className="h-16 flex items-center px-4">
-                        <div className="flex items-center gap-4">
-                            {showSidebar && (
-                                <div className="md:hidden">
-                                    <Sheet
-                                        open={isMobileMenuOpen}
-                                        onOpenChange={setIsMobileMenuOpen}
-                                    >
-                                        <SheetTrigger asChild>
-                                            <Button variant="ghost" size="icon">
-                                                <Menu className="h-6 w-6" />
-                                            </Button>
-                                        </SheetTrigger>
-                                        <SheetContent
-                                            side="left"
-                                            className="w-64 p-0 flex flex-col h-full"
-                                        >
-                                            <SheetTitle className="sr-only">
-                                                {t('navbar')}
-                                            </SheetTitle>
-                                            <SheetDescription className="sr-only">
-                                                {t('navbarDescription')}
-                                            </SheetDescription>
-                                            <div className="flex-1 overflow-y-auto">
-                                                <div className="p-4">
-                                                    <SidebarNav
-                                                        items={navItems}
-                                                        onItemClick={() =>
-                                                            setIsMobileMenuOpen(
-                                                                false
-                                                            )
-                                                        }
-                                                    />
-                                                </div>
-                                                {!isAdminPage &&
-                                                    user.serverAdmin && (
-                                                        <div className="p-4 border-t">
-                                                            <Link
-                                                                href="/admin"
-                                                                className="flex items-center gap-3 text-muted-foreground hover:text-foreground transition-colors px-3 py-2 rounded-md w-full"
-                                                                onClick={() =>
-                                                                    setIsMobileMenuOpen(
-                                                                        false
-                                                                    )
-                                                                }
-                                                            >
-                                                                <Server className="h-4 w-4" />
-                                                                {t('serverAdmin')}
-                                                            </Link>
-                                                        </div>
-                                                    )}
-                                            </div>
-                                            <div className="p-4 space-y-4 border-t shrink-0">
-                                                <SupporterStatus />
-                                                <OrgSelector
-                                                    orgId={orgId}
-                                                    orgs={orgs}
-                                                />
-                                                {env?.app?.version && (
-                                                    <div className="text-xs text-muted-foreground text-center">
-                                                        v{env.app.version}
-                                                    </div>
-                                                )}
-                                            </div>
-                                        </SheetContent>
-                                    </Sheet>
-                                </div>
-                            )}
-                            <Link
-                                href="/"
-                                className="flex items-center hidden md:block"
-                            >
-                                {path && (
-                                    <Image
-                                        src={path}
-                                        alt="Pangolin Logo"
-                                        width={35}
-                                        height={35}
-                                        priority={true}
-                                        quality={25}
-                                    />
-                                )}
-                            </Link>
-                            {showBreadcrumbs && (
-                                <div className="hidden md:block overflow-x-auto scrollbar-hide">
-                                    <Breadcrumbs />
-                                </div>
-                            )}
-                        </div>
-                        {showTopBar && (
-                            <div className="ml-auto flex items-center justify-end md:justify-between">
-                                <div className="hidden md:flex items-center space-x-3 mr-6">
-                                    <Link
-                                        href="https://docs.fossorial.io"
-                                        target="_blank"
-                                        rel="noopener noreferrer"
-                                        className="text-muted-foreground hover:text-foreground transition-colors"
-                                    >
-                                        {t('navbarDocsLink')}
-                                    </Link>
-                                </div>
-                                <div>
-                                    <ProfileIcon />
-                                </div>
-                            </div>
-                        )}
-                    </div>
-                    {showBreadcrumbs && (
-                        <div className="md:hidden px-4 pb-2 overflow-x-auto scrollbar-hide">
-                            <Breadcrumbs />
-                        </div>
-                    )}
-                </div>
+        <div className="flex h-screen overflow-hidden">
+            {/* Desktop Sidebar */}
+            {showSidebar && (
+                <LayoutSidebar
+                    orgId={orgId}
+                    orgs={orgs}
+                    navItems={navItems}
+                    defaultSidebarCollapsed={initialSidebarCollapsed}
+                />
             )}
 
-            <div className="flex flex-1 overflow-hidden">
-                {/* Desktop Sidebar */}
-                {showSidebar && (
-                    <div className="hidden md:flex w-64 border-r bg-card flex-col h-full shrink-0">
-                        <div className="flex-1 overflow-y-auto">
-                            <div className="p-4">
-                                <SidebarNav items={navItems} />
-                            </div>
-                            {!isAdminPage && user.serverAdmin && (
-                                <div className="p-4 border-t">
-                                    <Link
-                                        href="/admin"
-                                        className="flex items-center gap-3 text-muted-foreground hover:text-foreground transition-colors px-3 py-2 rounded-md w-full"
-                                    >
-                                        <Server className="h-4 w-4" />
-                                        {t('serverAdmin')}
-                                    </Link>
-                                </div>
-                            )}
-                        </div>
-                        <div className="p-4 space-y-4 border-t shrink-0">
-                            <SupporterStatus />
-                            <OrgSelector orgId={orgId} orgs={orgs} />
-                            <div className="space-y-2">
-                                <div className="text-xs text-muted-foreground text-center">
-                                    <Link
-                                        href="https://github.com/fosrl/pangolin"
-                                        target="_blank"
-                                        rel="noopener noreferrer"
-                                        className="flex items-center justify-center gap-1"
-                                    >
-                                        {!isUnlocked()
-                                            ? t('communityEdition')
-                                            : t('commercialEdition')}
-                                        <ExternalLink size={12} />
-                                    </Link>
-                                </div>
-                                {env?.app?.version && (
-                                    <div className="text-xs text-muted-foreground text-center">
-                                        v{env.app.version}
-                                    </div>
-                                )}
-                            </div>
-                        </div>
-                    </div>
+            {/* Main content area */}
+            <div
+                className={cn(
+                    "flex-1 flex flex-col h-full min-w-0 relative",
+                    !showSidebar && "w-full"
+                )}
+            >
+                {/* Mobile header */}
+                {showHeader && (
+                    <LayoutMobileMenu
+                        orgId={orgId}
+                        orgs={orgs}
+                        navItems={navItems}
+                        showSidebar={showSidebar}
+                        showTopBar={showTopBar}
+                    />
                 )}
 
+                {/* Desktop header */}
+                {showHeader && <LayoutHeader showTopBar={showTopBar} />}
+
                 {/* Main content */}
-                <div
-                    className={cn(
-                        "flex-1 flex flex-col h-full min-w-0",
-                        !showSidebar && "w-full"
-                    )}
-                >
-                    <main className="flex-1 overflow-y-auto p-3 md:p-6 w-full">
-                        <div className="container mx-auto max-w-12xl mb-12">
-                            {children}
-                        </div>
-                    </main>
-                </div>
+                <main className="flex-1 overflow-y-auto p-3 md:p-6 w-full">
+                    <div className={cn(
+                        "container mx-auto max-w-12xl mb-12",
+                        showHeader && "md:pt-20" // Add top padding only on desktop to account for fixed header
+                    )}>
+                        {children}
+                    </div>
+                </main>
             </div>
         </div>
     );
diff --git a/src/components/LayoutHeader.tsx b/src/components/LayoutHeader.tsx
new file mode 100644
index 00000000..2584b259
--- /dev/null
+++ b/src/components/LayoutHeader.tsx
@@ -0,0 +1,72 @@
+"use client";
+
+import React, { useEffect, useState } from "react";
+import Image from "next/image";
+import Link from "next/link";
+import ProfileIcon from "@app/components/ProfileIcon";
+import ThemeSwitcher from "@app/components/ThemeSwitcher";
+import { useTheme } from "next-themes";
+
+interface LayoutHeaderProps {
+    showTopBar: boolean;
+}
+
+export function LayoutHeader({ showTopBar }: LayoutHeaderProps) {
+    const { theme } = useTheme();
+    const [path, setPath] = useState<string>("");
+
+    useEffect(() => {
+        function getPath() {
+            let lightOrDark = theme;
+
+            if (theme === "system" || !theme) {
+                lightOrDark = window.matchMedia("(prefers-color-scheme: dark)")
+                    .matches
+                    ? "dark"
+                    : "light";
+            }
+
+            if (lightOrDark === "light") {
+                return "/logo/word_mark_black.png";
+            }
+
+            return "/logo/word_mark_white.png";
+        }
+
+        setPath(getPath());
+    }, [theme]);
+
+    return (
+        <div className="absolute top-0 left-0 right-0 z-50 hidden md:block">
+            <div className="absolute inset-0 bg-background/86 backdrop-blur-sm" />
+            <div className="relative z-10 px-6 py-2">
+                <div className="container mx-auto max-w-12xl">
+                    <div className="h-16 flex items-center justify-between">
+                        <div className="flex items-center gap-2">
+                            <Link href="/" className="flex items-center">
+                                {path && (
+                                    <Image
+                                        src={path}
+                                        alt="Pangolin"
+                                        width={98}
+                                        height={32}
+                                        className="h-8 w-auto"
+                                    />
+                                )}
+                            </Link>
+                        </div>
+
+                        {showTopBar && (
+                            <div className="flex items-center space-x-2">
+                                <ThemeSwitcher />
+                                <ProfileIcon />
+                            </div>
+                        )}
+                    </div>
+                </div>
+            </div>
+        </div>
+    );
+}
+
+export default LayoutHeader;
diff --git a/src/components/LayoutMobileMenu.tsx b/src/components/LayoutMobileMenu.tsx
new file mode 100644
index 00000000..cdec0d98
--- /dev/null
+++ b/src/components/LayoutMobileMenu.tsx
@@ -0,0 +1,142 @@
+"use client";
+
+import React, { useState } from "react";
+import { SidebarNav } from "@app/components/SidebarNav";
+import { OrgSelector } from "@app/components/OrgSelector";
+import { cn } from "@app/lib/cn";
+import { ListUserOrgsResponse } from "@server/routers/org";
+import SupporterStatus from "@app/components/SupporterStatus";
+import { Button } from "@app/components/ui/button";
+import { Menu, Server } from "lucide-react";
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+import { useUserContext } from "@app/hooks/useUserContext";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useTranslations } from "next-intl";
+import ProfileIcon from "@app/components/ProfileIcon";
+import ThemeSwitcher from "@app/components/ThemeSwitcher";
+import type { SidebarNavSection } from "@app/app/navigation";
+import {
+    Sheet,
+    SheetContent,
+    SheetTrigger,
+    SheetTitle,
+    SheetDescription
+} from "@app/components/ui/sheet";
+import { Abel } from "next/font/google";
+
+interface LayoutMobileMenuProps {
+    orgId?: string;
+    orgs?: ListUserOrgsResponse["orgs"];
+    navItems: SidebarNavSection[];
+    showSidebar: boolean;
+    showTopBar: boolean;
+}
+
+export function LayoutMobileMenu({
+    orgId,
+    orgs,
+    navItems,
+    showSidebar,
+    showTopBar
+}: LayoutMobileMenuProps) {
+    const [isMobileMenuOpen, setIsMobileMenuOpen] = useState(false);
+    const pathname = usePathname();
+    const isAdminPage = pathname?.startsWith("/admin");
+    const { user } = useUserContext();
+    const { env } = useEnvContext();
+    const t = useTranslations();
+
+    return (
+        <div className="shrink-0 md:hidden">
+            <div className="h-16 flex items-center px-4">
+                <div className="flex items-center gap-4">
+                    {showSidebar && (
+                        <div>
+                            <Sheet
+                                open={isMobileMenuOpen}
+                                onOpenChange={setIsMobileMenuOpen}
+                            >
+                                <SheetTrigger asChild>
+                                    <Button variant="ghost" size="icon">
+                                        <Menu className="h-6 w-6" />
+                                    </Button>
+                                </SheetTrigger>
+                                <SheetContent
+                                    side="left"
+                                    className="w-64 p-0 flex flex-col h-full"
+                                >
+                                    <SheetTitle className="sr-only">
+                                        {t("navbar")}
+                                    </SheetTitle>
+                                    <SheetDescription className="sr-only">
+                                        {t("navbarDescription")}
+                                    </SheetDescription>
+                                    <div className="flex-1 overflow-y-auto">
+                                        <div className="p-4">
+                                            <OrgSelector
+                                                orgId={orgId}
+                                                orgs={orgs}
+                                            />
+                                        </div>
+                                        <div className="px-4">
+                                            {!isAdminPage &&
+                                                user.serverAdmin && (
+                                                    <div className="pb-3">
+                                                        <Link
+                                                            href="/admin"
+                                                            className={cn(
+                                                                "flex items-center rounded transition-colors text-muted-foreground hover:text-foreground text-sm w-full hover:bg-secondary/50 dark:hover:bg-secondary/20 rounded-md px-3 py-1.5"
+                                                            )}
+                                                            onClick={() =>
+                                                                setIsMobileMenuOpen(
+                                                                    false
+                                                                )
+                                                            }
+                                                        >
+                                                            <span className="flex-shrink-0 mr-2">
+                                                                <Server className="h-4 w-4" />
+                                                            </span>
+                                                            <span>
+                                                                {t(
+                                                                    "serverAdmin"
+                                                                )}
+                                                            </span>
+                                                        </Link>
+                                                    </div>
+                                                )}
+                                            <SidebarNav
+                                                sections={navItems}
+                                                onItemClick={() =>
+                                                    setIsMobileMenuOpen(false)
+                                                }
+                                            />
+                                        </div>
+                                    </div>
+                                    <div className="p-4 space-y-4 border-t shrink-0">
+                                        <SupporterStatus />
+                                        {env?.app?.version && (
+                                            <div className="text-xs text-muted-foreground text-center">
+                                                v{env.app.version}
+                                            </div>
+                                        )}
+                                    </div>
+                                </SheetContent>
+                            </Sheet>
+                        </div>
+                    )}
+                </div>
+                {showTopBar && (
+                    <div className="ml-auto flex items-center justify-end">
+                        <div className="flex items-center space-x-2">
+                            <ThemeSwitcher />
+                            <ProfileIcon />
+                        </div>
+                    </div>
+                )}
+            </div>
+        </div>
+    );
+}
+
+export default LayoutMobileMenu;
diff --git a/src/components/LayoutSidebar.tsx b/src/components/LayoutSidebar.tsx
new file mode 100644
index 00000000..98ef87eb
--- /dev/null
+++ b/src/components/LayoutSidebar.tsx
@@ -0,0 +1,178 @@
+"use client";
+
+import React, { useEffect, useState } from "react";
+import { SidebarNav } from "@app/components/SidebarNav";
+import { OrgSelector } from "@app/components/OrgSelector";
+import { cn } from "@app/lib/cn";
+import { ListUserOrgsResponse } from "@server/routers/org";
+import SupporterStatus from "@app/components/SupporterStatus";
+import { ExternalLink, Server, BookOpenText } from "lucide-react";
+import Link from "next/link";
+import { usePathname } from "next/navigation";
+import { useUserContext } from "@app/hooks/useUserContext";
+import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
+import { useEnvContext } from "@app/hooks/useEnvContext";
+import { useTranslations } from "next-intl";
+import type { SidebarNavSection } from "@app/app/navigation";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger
+} from "@app/components/ui/tooltip";
+
+interface LayoutSidebarProps {
+    orgId?: string;
+    orgs?: ListUserOrgsResponse["orgs"];
+    navItems: SidebarNavSection[];
+    defaultSidebarCollapsed: boolean;
+}
+
+export function LayoutSidebar({
+    orgId,
+    orgs,
+    navItems,
+    defaultSidebarCollapsed
+}: LayoutSidebarProps) {
+    const [isSidebarCollapsed, setIsSidebarCollapsed] = useState(
+        defaultSidebarCollapsed
+    );
+    const pathname = usePathname();
+    const isAdminPage = pathname?.startsWith("/admin");
+    const { user } = useUserContext();
+    const { isUnlocked } = useLicenseStatusContext();
+    const { env } = useEnvContext();
+    const t = useTranslations();
+
+    const setSidebarStateCookie = (collapsed: boolean) => {
+        if (typeof window !== "undefined") {
+            const isSecure = window.location.protocol === "https:";
+            document.cookie = `pangolin-sidebar-state=${collapsed ? "collapsed" : "expanded"}; path=/; max-age=${60 * 60 * 24 * 30}; samesite=lax${isSecure ? "; secure" : ""}`;
+        }
+    };
+
+    useEffect(() => {
+        setSidebarStateCookie(isSidebarCollapsed);
+    }, [isSidebarCollapsed]);
+
+    return (
+        <div
+            className={cn(
+                "hidden md:flex border-r bg-card flex-col h-full shrink-0 relative",
+                isSidebarCollapsed ? "w-16" : "w-64"
+            )}
+        >
+            <div className="flex-1 overflow-y-auto">
+                <div className="p-4">
+                    <OrgSelector
+                        orgId={orgId}
+                        orgs={orgs}
+                        isCollapsed={isSidebarCollapsed}
+                    />
+                </div>
+                <div className="px-4 pt-1">
+                    {!isAdminPage && user.serverAdmin && (
+                        <div className="pb-4">
+                            <Link
+                                href="/admin"
+                                className={cn(
+                                    "flex items-center rounded transition-colors text-muted-foreground hover:text-foreground text-sm w-full hover:bg-secondary/50 dark:hover:bg-secondary/20 rounded-md",
+                                    isSidebarCollapsed
+                                        ? "px-2 py-2 justify-center"
+                                        : "px-3 py-1.5"
+                                )}
+                                title={
+                                    isSidebarCollapsed
+                                        ? t("serverAdmin")
+                                        : undefined
+                                }
+                            >
+                                <span
+                                    className={cn(
+                                        "flex-shrink-0",
+                                        !isSidebarCollapsed && "mr-2"
+                                    )}
+                                >
+                                    <Server className="h-4 w-4" />
+                                </span>
+                                {!isSidebarCollapsed && (
+                                    <span>{t("serverAdmin")}</span>
+                                )}
+                            </Link>
+                        </div>
+                    )}
+                    <SidebarNav
+                        sections={navItems}
+                        isCollapsed={isSidebarCollapsed}
+                    />
+                </div>
+            </div>
+            <div className="p-4 space-y-4 border-t shrink-0">
+                <SupporterStatus isCollapsed={isSidebarCollapsed} />
+                {!isSidebarCollapsed && (
+                    <div className="space-y-2">
+                        <div className="text-xs text-muted-foreground text-center">
+                            <Link
+                                href="https://github.com/fosrl/pangolin"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                className="flex items-center justify-center gap-1"
+                            >
+                                {!isUnlocked()
+                                    ? t("communityEdition")
+                                    : t("commercialEdition")}
+                                <ExternalLink size={12} />
+                            </Link>
+                        </div>
+                        <div className="text-xs text-muted-foreground ">
+                            <Link
+                                href="https://docs.fossorial.io/"
+                                target="_blank"
+                                rel="noopener noreferrer"
+                                className="flex items-center justify-center gap-1"
+                            >
+                                {t("documentation")}
+                                <BookOpenText size={12} />
+                            </Link>
+                        </div>
+                        {env?.app?.version && (
+                            <div className="text-xs text-muted-foreground text-center">
+                                v{env.app.version}
+                            </div>
+                        )}
+                    </div>
+                )}
+            </div>
+
+            {/* Collapse button */}
+            <TooltipProvider>
+                <Tooltip>
+                    <TooltipTrigger asChild>
+                        <button
+                            onClick={() =>
+                                setIsSidebarCollapsed(!isSidebarCollapsed)
+                            }
+                            className="cursor-pointer absolute -right-2.5 top-1/2 transform -translate-y-1/2 w-2 h-8 rounded-full flex items-center justify-center transition-all duration-200 ease-in-out hover:scale-110 group z-[60]"
+                            aria-label={
+                                isSidebarCollapsed
+                                    ? "Expand sidebar"
+                                    : "Collapse sidebar"
+                            }
+                        >
+                            <div className="w-0.5 h-4 bg-current opacity-30 group-hover:opacity-100 transition-opacity duration-200" />
+                        </button>
+                    </TooltipTrigger>
+                    <TooltipContent side="right" sideOffset={8}>
+                        <p>
+                            {isSidebarCollapsed
+                                ? t("sidebarExpand")
+                                : t("sidebarCollapse")}
+                        </p>
+                    </TooltipContent>
+                </Tooltip>
+            </TooltipProvider>
+        </div>
+    );
+}
+
+export default LayoutSidebar;
diff --git a/src/app/components/LicenseViolation.tsx b/src/components/LicenseViolation.tsx
similarity index 100%
rename from src/app/components/LicenseViolation.tsx
rename to src/components/LicenseViolation.tsx
diff --git a/src/components/LocaleSwitcher.tsx b/src/components/LocaleSwitcher.tsx
index fe1dece5..0e883a3c 100644
--- a/src/components/LocaleSwitcher.tsx
+++ b/src/components/LocaleSwitcher.tsx
@@ -1,59 +1,59 @@
 import { useLocale } from "next-intl";
-import LocaleSwitcherSelect from './LocaleSwitcherSelect';
+import LocaleSwitcherSelect from "./LocaleSwitcherSelect";
 
 export default function LocaleSwitcher() {
-  const locale = useLocale();
+    const locale = useLocale();
 
-  return (
-    <LocaleSwitcherSelect
-      label="Select language"
-      defaultValue={locale}
-      items={[
-        {
-            value: 'en-US',
-            label: 'English'
-        },
-        {
-            value: 'fr-FR',
-            label: "Français"
-        },
-        {
-            value: 'de-DE',
-            label: 'Deutsch'
-        },
-        {
-            value: 'it-IT',
-            label: 'Italiano'
-        },
-        {
-            value: 'nl-NL',
-            label: 'Nederlands'
-        },
-        {
-            value: 'pl-PL',
-            label: 'Polski'
-        },
-        {
-            value: 'pt-PT',
-            label: 'Português'
-        },
-        {
-            value: 'es-ES',
-            label: 'Español'
-        },
-        {
-            value: 'tr-TR',
-            label: 'Türkçe'
-        },
-        {
-            value: 'zh-CN',
-            label: '简体中文'
-        },
-        {
-            value: 'ko-KR',
-            label: '한국어'
-        }
-      ]}
-    />
-  );
+    return (
+        <LocaleSwitcherSelect
+            label="Select language"
+            defaultValue={locale}
+            items={[
+                {
+                    value: "en-US",
+                    label: "English"
+                },
+                {
+                    value: "fr-FR",
+                    label: "Français"
+                },
+                {
+                    value: "de-DE",
+                    label: "Deutsch"
+                },
+                {
+                    value: "it-IT",
+                    label: "Italiano"
+                },
+                {
+                    value: "nl-NL",
+                    label: "Nederlands"
+                },
+                {
+                    value: "pl-PL",
+                    label: "Polski"
+                },
+                {
+                    value: "pt-PT",
+                    label: "Português"
+                },
+                {
+                    value: "es-ES",
+                    label: "Español"
+                },
+                {
+                    value: "tr-TR",
+                    label: "Türkçe"
+                },
+                {
+                    value: "zh-CN",
+                    label: "简体中文"
+                },
+                {
+                    value: "ko-KR",
+                    label: "한국어"
+                }
+            ]}
+        />
+    );
 }
diff --git a/src/components/LocaleSwitcherSelect.tsx b/src/components/LocaleSwitcherSelect.tsx
index 53c25d8f..201aeb18 100644
--- a/src/components/LocaleSwitcherSelect.tsx
+++ b/src/components/LocaleSwitcherSelect.tsx
@@ -1,71 +1,71 @@
-'use client';
+"use client";
 
 import {
-  DropdownMenu,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuTrigger
-} from '@app/components/ui/dropdown-menu';
-import { Button } from '@app/components/ui/button';
-import { Check, Globe, Languages } from 'lucide-react';
-import clsx from 'clsx';
-import { useTransition } from 'react';
-import { Locale } from '@/i18n/config';
-import { setUserLocale } from '@/services/locale';
+    DropdownMenu,
+    DropdownMenuContent,
+    DropdownMenuItem,
+    DropdownMenuTrigger
+} from "@app/components/ui/dropdown-menu";
+import { Button } from "@app/components/ui/button";
+import { Check, Globe, Languages } from "lucide-react";
+import clsx from "clsx";
+import { useTransition } from "react";
+import { Locale } from "@/i18n/config";
+import { setUserLocale } from "@/services/locale";
 
 type Props = {
-  defaultValue: string;
-  items: Array<{ value: string; label: string }>;
-  label: string;
+    defaultValue: string;
+    items: Array<{ value: string; label: string }>;
+    label: string;
 };
 
 export default function LocaleSwitcherSelect({
-  defaultValue,
-  items,
-  label
+    defaultValue,
+    items,
+    label
 }: Props) {
-  const [isPending, startTransition] = useTransition();
+    const [isPending, startTransition] = useTransition();
 
-  function onChange(value: string) {
-    const locale = value as Locale;
-    startTransition(() => {
-      setUserLocale(locale);
-    });
-  }
+    function onChange(value: string) {
+        const locale = value as Locale;
+        startTransition(() => {
+            setUserLocale(locale);
+        });
+    }
 
-  const selected = items.find((item) => item.value === defaultValue);
+    const selected = items.find((item) => item.value === defaultValue);
 
-  return (
-    <DropdownMenu>
-      <DropdownMenuTrigger asChild>
-        <Button
-          variant="ghost"
-          className={clsx(
-            'w-full rounded-sm h-8 gap-2 justify-start font-normal',
-            isPending && 'pointer-events-none'
-          )}
-          aria-label={label}
-        >
-          <Languages className="h-4 w-4" />
-          <span className="text-left flex-1">
-            {selected?.label ?? label}
-          </span>
-        </Button>
-      </DropdownMenuTrigger>
-      <DropdownMenuContent align="end" className="min-w-[8rem]">
-        {items.map((item) => (
-          <DropdownMenuItem
-            key={item.value}
-            onClick={() => onChange(item.value)}
-            className="flex items-center gap-2"
-          >
-            {item.value === defaultValue && (
-              <Check className="h-4 w-4" />
-            )}
-            <span>{item.label}</span>
-          </DropdownMenuItem>
-        ))}
-      </DropdownMenuContent>
-    </DropdownMenu>
-  );
+    return (
+        <DropdownMenu>
+            <DropdownMenuTrigger asChild>
+                <Button
+                    variant="ghost"
+                    className={clsx(
+                        "w-full rounded-sm h-8 gap-2 justify-start font-normal",
+                        isPending && "pointer-events-none"
+                    )}
+                    aria-label={label}
+                >
+                    <Languages className="h-4 w-4" />
+                    <span className="text-left flex-1">
+                        {selected?.label ?? label}
+                    </span>
+                </Button>
+            </DropdownMenuTrigger>
+            <DropdownMenuContent align="end" className="min-w-[8rem]">
+                {items.map((item) => (
+                    <DropdownMenuItem
+                        key={item.value}
+                        onClick={() => onChange(item.value)}
+                        className="flex items-center gap-2"
+                    >
+                        {item.value === defaultValue && (
+                            <Check className="h-4 w-4" />
+                        )}
+                        <span>{item.label}</span>
+                    </DropdownMenuItem>
+                ))}
+            </DropdownMenuContent>
+        </DropdownMenu>
+    );
 }
diff --git a/src/components/LoginForm.tsx b/src/components/LoginForm.tsx
index 04ed25fb..153b7eb7 100644
--- a/src/components/LoginForm.tsx
+++ b/src/components/LoginForm.tsx
@@ -63,6 +63,7 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
 
     const [error, setError] = useState<string | null>(null);
     const [loading, setLoading] = useState(false);
+    const [securityKeyLoading, setSecurityKeyLoading] = useState(false);
     const hasIdp = idps && idps.length > 0;
 
     const [mfaRequested, setMfaRequested] = useState(false);
@@ -98,7 +99,7 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
 
     async function initiateSecurityKeyAuth() {
         setShowSecurityKeyPrompt(true);
-        setLoading(true);
+        setSecurityKeyLoading(true);
         setError(null);
 
         try {
@@ -117,7 +118,7 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
             // Perform WebAuthn authentication
             try {
                 const credential = await startAuthentication(options);
-                
+
                 // Verify authentication
                 const verifyRes = await api.post(
                     "/auth/security-key/authenticate/verify",
@@ -167,7 +168,7 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
                 }));
             }
         } finally {
-            setLoading(false);
+            setSecurityKeyLoading(false);
             setShowSecurityKeyPrompt(false);
         }
     }
@@ -432,8 +433,8 @@ export default function LoginForm({ redirect, onLogin, idps }: LoginFormProps) {
                             variant="outline"
                             className="w-full"
                             onClick={initiateSecurityKeyAuth}
-                            loading={loading}
-                            disabled={loading || showSecurityKeyPrompt}
+                            loading={securityKeyLoading}
+                            disabled={securityKeyLoading || showSecurityKeyPrompt}
                         >
                             <FingerprintIcon className="w-4 h-4 mr-2" />
                             {t('securityKeyLogin', {
diff --git a/src/components/OrgSelector.tsx b/src/components/OrgSelector.tsx
index b402e0de..abf34a45 100644
--- a/src/components/OrgSelector.tsx
+++ b/src/components/OrgSelector.tsx
@@ -15,10 +15,16 @@ import {
     PopoverContent,
     PopoverTrigger
 } from "@app/components/ui/popover";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger,
+} from "@app/components/ui/tooltip";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { cn } from "@app/lib/cn";
 import { ListUserOrgsResponse } from "@server/routers/org";
-import { Check, ChevronsUpDown, Plus } from "lucide-react";
+import { Check, ChevronsUpDown, Plus, Building2, Users } from "lucide-react";
 import { useRouter } from "next/navigation";
 import { useState } from "react";
 import { useUserContext } from "@app/hooks/useUserContext";
@@ -27,94 +33,110 @@ import { useTranslations } from "next-intl";
 interface OrgSelectorProps {
     orgId?: string;
     orgs?: ListUserOrgsResponse["orgs"];
+    isCollapsed?: boolean;
 }
 
-export function OrgSelector({ orgId, orgs }: OrgSelectorProps) {
+export function OrgSelector({ orgId, orgs, isCollapsed = false }: OrgSelectorProps) {
     const { user } = useUserContext();
     const [open, setOpen] = useState(false);
     const router = useRouter();
     const { env } = useEnvContext();
     const t = useTranslations();
 
-    return (
+    const selectedOrg = orgs?.find((org) => org.orgId === orgId);
+
+    const orgSelectorContent = (
         <Popover open={open} onOpenChange={setOpen}>
             <PopoverTrigger asChild>
                 <Button
-                    variant="outline"
-                    size="lg"
+                    variant="secondary"
+                    size={isCollapsed ? "icon" : "lg"}
                     role="combobox"
                     aria-expanded={open}
-                    className="w-full h-12 px-3 py-4 bg-neutral hover:bg-neutral"
+                    className={cn(
+                        "shadow-xs",
+                        isCollapsed ? "w-8 h-8" : "w-full h-12 px-3 py-4"
+                    )}
                 >
-                    <div className="flex items-center justify-between w-full">
-                        <div className="flex flex-col items-start">
-                            <span className="font-bold text-sm">
-                                {t('org')}
-                            </span>
-                            <span className="text-sm text-muted-foreground">
-                                {orgId
-                                    ? orgs?.find(
-                                          (org) =>
-                                              org.orgId ===
-                                              orgId
-                                      )?.name
-                                    : t('noneSelected')}
-                            </span>
+                    {isCollapsed ? (
+                        <Building2 className="h-4 w-4" />
+                    ) : (
+                        <div className="flex items-center justify-between w-full min-w-0">
+                            <div className="flex items-center min-w-0 flex-1">
+                                <Building2 className="h-4 w-4 mr-2 shrink-0" />
+                                <div className="flex flex-col items-start min-w-0 flex-1">
+                                    <span className="font-bold text-sm">
+                                        {t('org')}
+                                    </span>
+                                    <span className="text-sm text-muted-foreground truncate w-full text-left">
+                                        {selectedOrg?.name || t('noneSelected')}
+                                    </span>
+                                </div>
+                            </div>
+                            <ChevronsUpDown className="h-4 w-4 shrink-0 opacity-50 ml-2" />
                         </div>
-                        <ChevronsUpDown className="h-4 w-4 shrink-0 opacity-50" />
-                    </div>
+                    )}
                 </Button>
             </PopoverTrigger>
-            <PopoverContent className="w-[180px] p-0">
-                <Command>
-                    <CommandInput placeholder={t('searchProgress')} />
-                    <CommandEmpty>
-                        {t('orgNotFound2')}
+            <PopoverContent className="w-[320px] p-0" align="start">
+                <Command className="rounded-lg">
+                    <CommandInput
+                        placeholder={t('searchProgress')}
+                        className="border-0 focus:ring-0"
+                    />
+                    <CommandEmpty className="py-6 text-center">
+                        <div className="text-muted-foreground text-sm">
+                            {t('orgNotFound2')}
+                        </div>
                     </CommandEmpty>
-                    {(!env.flags.disableUserCreateOrg ||
-                        user.serverAdmin) && (
+                    {(!env.flags.disableUserCreateOrg || user.serverAdmin) && (
                         <>
-                            <CommandGroup heading={t('create')}>
+                            <CommandGroup heading={t('create')} className="py-2">
                                 <CommandList>
                                     <CommandItem
-                                        onSelect={(
-                                            currentValue
-                                        ) => {
-                                            router.push(
-                                                "/setup"
-                                            );
+                                        onSelect={() => {
+                                            setOpen(false);
+                                            router.push("/setup");
                                         }}
+                                        className="mx-2 rounded-md"
                                     >
-                                        <Plus className="mr-2 h-4 w-4" />
-                                        {t('setupNewOrg')}
+                                        <div className="flex items-center justify-center w-8 h-8 rounded-lg bg-primary/10 mr-3">
+                                            <Plus className="h-4 w-4 text-primary" />
+                                        </div>
+                                        <div className="flex flex-col">
+                                            <span className="font-medium">{t('setupNewOrg')}</span>
+                                            <span className="text-xs text-muted-foreground">{t('createNewOrgDescription')}</span>
+                                        </div>
                                     </CommandItem>
                                 </CommandList>
                             </CommandGroup>
-                            <CommandSeparator />
+                            <CommandSeparator className="my-2" />
                         </>
                     )}
-                    <CommandGroup heading={t('orgs')}>
+                    <CommandGroup heading={t('orgs')} className="py-2">
                         <CommandList>
                             {orgs?.map((org) => (
                                 <CommandItem
                                     key={org.orgId}
-                                    onSelect={(
-                                        currentValue
-                                    ) => {
-                                        router.push(
-                                            `/${org.orgId}/settings`
-                                        );
+                                    onSelect={() => {
+                                        setOpen(false);
+                                        router.push(`/${org.orgId}/settings`);
                                     }}
+                                    className="mx-2 rounded-md"
                                 >
+                                    <div className="flex items-center justify-center w-8 h-8 rounded-lg bg-muted mr-3">
+                                        <Users className="h-4 w-4 text-muted-foreground" />
+                                    </div>
+                                    <div className="flex flex-col flex-1">
+                                        <span className="font-medium">{org.name}</span>
+                                        <span className="text-xs text-muted-foreground">{t('organization')}</span>
+                                    </div>
                                     <Check
                                         className={cn(
-                                            "mr-2 h-4 w-4",
-                                            orgId === org.orgId
-                                                ? "opacity-100"
-                                                : "opacity-0"
+                                            "h-4 w-4 text-primary",
+                                            orgId === org.orgId ? "opacity-100" : "opacity-0"
                                         )}
                                     />
-                                    {org.name}
                                 </CommandItem>
                             ))}
                         </CommandList>
@@ -123,4 +145,24 @@ export function OrgSelector({ orgId, orgs }: OrgSelectorProps) {
             </PopoverContent>
         </Popover>
     );
+
+    if (isCollapsed) {
+        return (
+            <TooltipProvider>
+                <Tooltip>
+                    <TooltipTrigger asChild>
+                        {orgSelectorContent}
+                    </TooltipTrigger>
+                    <TooltipContent side="right" sideOffset={8}>
+                        <div className="text-center">
+                            <p className="font-medium">{selectedOrg?.name || t('noneSelected')}</p>
+                            <p className="text-xs text-muted-foreground">{t('org')}</p>
+                        </div>
+                    </TooltipContent>
+                </Tooltip>
+            </TooltipProvider>
+        );
+    }
+
+    return orgSelectorContent;
 }
diff --git a/src/app/components/OrganizationLanding.tsx b/src/components/OrganizationLanding.tsx
similarity index 97%
rename from src/app/components/OrganizationLanding.tsx
rename to src/components/OrganizationLanding.tsx
index a443fcf3..2f3125b0 100644
--- a/src/app/components/OrganizationLanding.tsx
+++ b/src/components/OrganizationLanding.tsx
@@ -11,6 +11,7 @@ import {
 import { Button } from "@/components/ui/button";
 import Link from "next/link";
 import { ArrowRight, Plus } from "lucide-react";
+import { useEnvContext } from "@app/hooks/useEnvContext";
 import { useTranslations } from "next-intl";
 
 interface Organization {
@@ -29,6 +30,8 @@ export default function OrganizationLanding({
 }: OrganizationLandingProps) {
     const [selectedOrg, setSelectedOrg] = useState<string | null>(null);
 
+    const { env } = useEnvContext();
+
     const handleOrgClick = (orgId: string) => {
         setSelectedOrg(orgId);
     };
diff --git a/src/components/ProfileIcon.tsx b/src/components/ProfileIcon.tsx
index 275f9f71..0348058f 100644
--- a/src/components/ProfileIcon.tsx
+++ b/src/components/ProfileIcon.tsx
@@ -24,7 +24,7 @@ import SecurityKeyForm from "./SecurityKeyForm";
 import Enable2FaDialog from "./Enable2FaDialog";
 import SupporterStatus from "./SupporterStatus";
 import { UserType } from "@server/types/UserTypes";
-import LocaleSwitcher from '@app/components/LocaleSwitcher';
+import LocaleSwitcher from "@app/components/LocaleSwitcher";
 import { useTranslations } from "next-intl";
 
 export default function ProfileIcon() {
@@ -58,10 +58,10 @@ export default function ProfileIcon() {
     function logout() {
         api.post("/auth/logout")
             .catch((e) => {
-                console.error(t('logoutError'), e);
+                console.error(t("logoutError"), e);
                 toast({
-                    title: t('logoutError'),
-                    description: formatAxiosError(e, t('logoutError'))
+                    title: t("logoutError"),
+                    description: formatAxiosError(e, t("logoutError"))
                 });
             })
             .then(() => {
@@ -74,111 +74,102 @@ export default function ProfileIcon() {
         <>
             <Enable2FaDialog open={openEnable2fa} setOpen={setOpenEnable2fa} />
             <Disable2FaForm open={openDisable2fa} setOpen={setOpenDisable2fa} />
-            <SecurityKeyForm open={openSecurityKey} setOpen={setOpenSecurityKey} />
-
-            <div className="flex items-center md:gap-2 grow min-w-0 gap-2 md:gap-0">
-                <span className="truncate max-w-full font-medium min-w-0">
-                    {user.name || user.email || user.username}
-                </span>
-                <DropdownMenu>
-                    <DropdownMenuTrigger asChild>
-                        <Button
-                            variant="outline"
-                            className="relative h-10 w-10 rounded-full"
-                        >
-                            <Avatar className="h-9 w-9">
-                                <AvatarFallback>{getInitials()}</AvatarFallback>
-                            </Avatar>
-                        </Button>
-                    </DropdownMenuTrigger>
-                    <DropdownMenuContent
-                        className="w-56"
-                        align="start"
-                        forceMount
+            <SecurityKeyForm
+                open={openSecurityKey}
+                setOpen={setOpenSecurityKey}
+            />
+            <DropdownMenu>
+                <DropdownMenuTrigger asChild>
+                    <Button
+                        variant="outline"
+                        className="relative h-10 w-10 rounded-full"
                     >
-                        <DropdownMenuLabel className="font-normal">
-                            <div className="flex flex-col space-y-1">
-                                <p className="text-sm font-medium leading-none">
-                                    {t('signingAs')}
-                                </p>
-                                <p className="text-xs leading-none text-muted-foreground">
-                                    {user.name || user.email || user.username}
-                                </p>
-                            </div>
-                            {user.serverAdmin ? (
-                                <p className="text-xs leading-none text-muted-foreground mt-2">
-                                    {t('serverAdmin')}
-                                </p>
-                            ) : (
-                                <p className="text-xs leading-none text-muted-foreground mt-2">
-                                    {user.idpName || t('idpNameInternal')}
-                                </p>
+                        <Avatar className="h-9 w-9">
+                            <AvatarFallback>{getInitials()}</AvatarFallback>
+                        </Avatar>
+                    </Button>
+                </DropdownMenuTrigger>
+                <DropdownMenuContent className="w-56" align="start" forceMount>
+                    <DropdownMenuLabel className="font-normal">
+                        <div className="flex flex-col space-y-1">
+                            <p className="text-sm font-medium leading-none">
+                                {t("signingAs")}
+                            </p>
+                            <p className="text-xs leading-none text-muted-foreground">
+                                {user.email || user.name || user.username}
+                            </p>
+                        </div>
+                        {user.serverAdmin ? (
+                            <p className="text-xs leading-none text-muted-foreground mt-2">
+                                {t("serverAdmin")}
+                            </p>
+                        ) : (
+                            <p className="text-xs leading-none text-muted-foreground mt-2">
+                                {user.idpName || t("idpNameInternal")}
+                            </p>
+                        )}
+                    </DropdownMenuLabel>
+                    <DropdownMenuSeparator />
+                    {user?.type === UserType.Internal && (
+                        <>
+                            {!user.twoFactorEnabled && (
+                                <DropdownMenuItem
+                                    onClick={() => setOpenEnable2fa(true)}
+                                >
+                                    <span>{t("otpEnable")}</span>
+                                </DropdownMenuItem>
                             )}
-                        </DropdownMenuLabel>
-                        <DropdownMenuSeparator />
-                        {user?.type === UserType.Internal && (
-                            <>
-                                {!user.twoFactorEnabled && (
-                                    <DropdownMenuItem
-                                        onClick={() => setOpenEnable2fa(true)}
-                                    >
-                                        <span>{t('otpEnable')}</span>
-                                    </DropdownMenuItem>
-                                )}
-                                {user.twoFactorEnabled && (
-                                    <DropdownMenuItem
-                                        onClick={() => setOpenDisable2fa(true)}
-                                    >
-                                        <span>{t('otpDisable')}</span>
-                                    </DropdownMenuItem>
-                                )}
+                            {user.twoFactorEnabled && (
                                 <DropdownMenuItem
-                                    onClick={() => setOpenSecurityKey(true)}
+                                    onClick={() => setOpenDisable2fa(true)}
                                 >
-                                    <span>{t('securityKeyManage')}</span>
+                                    <span>{t("otpDisable")}</span>
                                 </DropdownMenuItem>
-                                <DropdownMenuSeparator />
-                            </>
-                        )}
-                        <DropdownMenuLabel>{t("theme")}</DropdownMenuLabel>
-                        {(["light", "dark", "system"] as const).map(
-                            (themeOption) => (
-                                <DropdownMenuItem
-                                    key={themeOption}
-                                    onClick={() =>
-                                        handleThemeChange(themeOption)
-                                    }
-                                >
-                                    {themeOption === "light" && (
-                                        <Sun className="mr-2 h-4 w-4" />
-                                    )}
-                                    {themeOption === "dark" && (
-                                        <Moon className="mr-2 h-4 w-4" />
-                                    )}
-                                    {themeOption === "system" && (
-                                        <Laptop className="mr-2 h-4 w-4" />
-                                    )}
-                                    <span className="capitalize">
-                                        {t(themeOption)}
+                            )}
+                            <DropdownMenuItem
+                                onClick={() => setOpenSecurityKey(true)}
+                            >
+                                <span>{t("securityKeyManage")}</span>
+                            </DropdownMenuItem>
+                            <DropdownMenuSeparator />
+                        </>
+                    )}
+                    <DropdownMenuLabel>{t("theme")}</DropdownMenuLabel>
+                    {(["light", "dark", "system"] as const).map(
+                        (themeOption) => (
+                            <DropdownMenuItem
+                                key={themeOption}
+                                onClick={() => handleThemeChange(themeOption)}
+                            >
+                                {themeOption === "light" && (
+                                    <Sun className="mr-2 h-4 w-4" />
+                                )}
+                                {themeOption === "dark" && (
+                                    <Moon className="mr-2 h-4 w-4" />
+                                )}
+                                {themeOption === "system" && (
+                                    <Laptop className="mr-2 h-4 w-4" />
+                                )}
+                                <span className="capitalize">
+                                    {t(themeOption)}
+                                </span>
+                                {userTheme === themeOption && (
+                                    <span className="absolute right-2 flex h-3.5 w-3.5 items-center justify-center">
+                                        <span className="h-2 w-2 rounded-full bg-primary"></span>
                                     </span>
-                                    {userTheme === themeOption && (
-                                        <span className="absolute right-2 flex h-3.5 w-3.5 items-center justify-center">
-                                            <span className="h-2 w-2 rounded-full bg-primary"></span>
-                                        </span>
-                                    )}
-                                </DropdownMenuItem>
-                            )
-                        )}
-                        <DropdownMenuSeparator />
-                                <LocaleSwitcher />
-                        <DropdownMenuSeparator />
-                        <DropdownMenuItem onClick={() => logout()}>
-                            {/* <LogOut className="mr-2 h-4 w-4" /> */}
-                            <span>{t('logout')}</span>
-                        </DropdownMenuItem>
-                    </DropdownMenuContent>
-                </DropdownMenu>
-            </div>
+                                )}
+                            </DropdownMenuItem>
+                        )
+                    )}
+                    <DropdownMenuSeparator />
+                    <LocaleSwitcher />
+                    <DropdownMenuSeparator />
+                    <DropdownMenuItem onClick={() => logout()}>
+                        {/* <LogOut className="mr-2 h-4 w-4" /> */}
+                        <span>{t("logout")}</span>
+                    </DropdownMenuItem>
+                </DropdownMenuContent>
+            </DropdownMenu>
         </>
     );
 }
diff --git a/src/components/SecurityKeyForm.tsx b/src/components/SecurityKeyForm.tsx
index 5b5ab3bb..d4970947 100644
--- a/src/components/SecurityKeyForm.tsx
+++ b/src/components/SecurityKeyForm.tsx
@@ -15,23 +15,25 @@ import {
     FormField,
     FormItem,
     FormLabel,
-    FormMessage,
+    FormMessage
 } from "@app/components/ui/form";
 import { Input } from "@app/components/ui/input";
 import { Alert, AlertDescription } from "@app/components/ui/alert";
 import {
-    Dialog,
-    DialogContent,
-    DialogDescription,
-    DialogFooter,
-    DialogHeader,
-    DialogTitle,
-} from "@app/components/ui/dialog";
+    Credenza,
+    CredenzaBody,
+    CredenzaClose,
+    CredenzaContent,
+    CredenzaDescription,
+    CredenzaFooter,
+    CredenzaHeader,
+    CredenzaTitle
+} from "@app/components/Credenza";
 import { startRegistration } from "@simplewebauthn/browser";
 import { useEnvContext } from "@app/hooks/useEnvContext";
 import { Card, CardContent } from "@app/components/ui/card";
 import { Badge } from "@app/components/ui/badge";
-import { Loader2, KeyRound, Trash2, Plus, Shield } from "lucide-react";
+import { Loader2, KeyRound, Trash2, Plus, Shield, Info } from "lucide-react";
 import { cn } from "@app/lib/cn";
 
 type SecurityKeyFormProps = {
@@ -53,6 +55,7 @@ type DeleteSecurityKeyData = {
 type RegisterFormValues = {
     name: string;
     password: string;
+    code?: string;
 };
 
 type DeleteFormValues = {
@@ -70,30 +73,47 @@ type FieldProps = {
     };
 };
 
-export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps) {
+export default function SecurityKeyForm({
+    open,
+    setOpen
+}: SecurityKeyFormProps) {
     const t = useTranslations();
     const { env } = useEnvContext();
     const api = createApiClient({ env });
     const [securityKeys, setSecurityKeys] = useState<SecurityKey[]>([]);
     const [isRegistering, setIsRegistering] = useState(false);
-    const [showRegisterDialog, setShowRegisterDialog] = useState(false);
-    const [selectedSecurityKey, setSelectedSecurityKey] = useState<DeleteSecurityKeyData | null>(null);
-    const [show2FADialog, setShow2FADialog] = useState(false);
+    const [dialogState, setDialogState] = useState<
+        "list" | "register" | "register2fa" | "delete" | "delete2fa"
+    >("list");
+    const [selectedSecurityKey, setSelectedSecurityKey] =
+        useState<DeleteSecurityKeyData | null>(null);
     const [deleteInProgress, setDeleteInProgress] = useState(false);
-    const [pendingDeleteCredentialId, setPendingDeleteCredentialId] = useState<string | null>(null);
-    const [pendingDeletePassword, setPendingDeletePassword] = useState<string | null>(null);
+    const [pendingDeleteCredentialId, setPendingDeleteCredentialId] = useState<
+        string | null
+    >(null);
+    const [pendingDeletePassword, setPendingDeletePassword] = useState<
+        string | null
+    >(null);
+    const [pendingRegisterData, setPendingRegisterData] = useState<{
+        name: string;
+        password: string;
+    } | null>(null);
+    const [register2FAForm, setRegister2FAForm] = useState<{ code: string }>({
+        code: ""
+    });
 
     useEffect(() => {
         loadSecurityKeys();
     }, []);
 
     const registerSchema = z.object({
-        name: z.string().min(1, { message: t('securityKeyNameRequired') }),
-        password: z.string().min(1, { message: t('passwordRequired') }),
+        name: z.string().min(1, { message: t("securityKeyNameRequired") }),
+        password: z.string().min(1, { message: t("passwordRequired") }),
+        code: z.string().optional()
     });
 
     const deleteSchema = z.object({
-        password: z.string().min(1, { message: t('passwordRequired') }),
+        password: z.string().min(1, { message: t("passwordRequired") }),
         code: z.string().optional()
     });
 
@@ -102,7 +122,8 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
         defaultValues: {
             name: "",
             password: "",
-        },
+            code: ""
+        }
     });
 
     const deleteForm = useForm<DeleteFormValues>({
@@ -110,7 +131,7 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
         defaultValues: {
             password: "",
             code: ""
-        },
+        }
     });
 
     const loadSecurityKeys = async () => {
@@ -120,7 +141,7 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
         } catch (error) {
             toast({
                 variant: "destructive",
-                description: formatAxiosError(error, t('securityKeyLoadError')),
+                description: formatAxiosError(error, t("securityKeyLoadError"))
             });
         }
     };
@@ -131,88 +152,101 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
             if (!window.PublicKeyCredential) {
                 toast({
                     variant: "destructive",
-                    description: t('securityKeyBrowserNotSupported', {
-                        defaultValue: "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari."
+                    description: t("securityKeyBrowserNotSupported", {
+                        defaultValue:
+                            "Your browser doesn't support security keys. Please use a modern browser like Chrome, Firefox, or Safari."
                     })
                 });
                 return;
             }
 
             setIsRegistering(true);
-            const startRes = await api.post("/auth/security-key/register/start", {
-                name: values.name,
-                password: values.password,
-            });
+            const startRes = await api.post(
+                "/auth/security-key/register/start",
+                {
+                    name: values.name,
+                    password: values.password,
+                    code: values.code
+                }
+            );
 
-            if (startRes.status === 202) {
-                toast({
-                    variant: "destructive",
-                    description: t('twoFactorRequired', {
-                        defaultValue: "Two-factor authentication is required to register a security key."
-                    })
+            // If 2FA is required
+            if (startRes.status === 202 && startRes.data.data?.codeRequested) {
+                setPendingRegisterData({
+                    name: values.name,
+                    password: values.password
                 });
+                setDialogState("register2fa");
+                setIsRegistering(false);
                 return;
             }
 
             const options = startRes.data.data;
-            
+
             try {
                 const credential = await startRegistration(options);
 
                 await api.post("/auth/security-key/register/verify", {
-                    credential,
+                    credential
                 });
 
                 toast({
-                    description: t('securityKeyRegisterSuccess', {
+                    description: t("securityKeyRegisterSuccess", {
                         defaultValue: "Security key registered successfully"
                     })
                 });
 
                 registerForm.reset();
-                setShowRegisterDialog(false);
+                setDialogState("list");
                 await loadSecurityKeys();
             } catch (error: any) {
-                if (error.name === 'NotAllowedError') {
-                    if (error.message.includes('denied permission')) {
+                if (error.name === "NotAllowedError") {
+                    if (error.message.includes("denied permission")) {
                         toast({
                             variant: "destructive",
-                            description: t('securityKeyPermissionDenied', {
-                                defaultValue: "Please allow access to your security key to continue registration."
+                            description: t("securityKeyPermissionDenied", {
+                                defaultValue:
+                                    "Please allow access to your security key to continue registration."
                             })
                         });
                     } else {
                         toast({
                             variant: "destructive",
-                            description: t('securityKeyRemovedTooQuickly', {
-                                defaultValue: "Please keep your security key connected until the registration process completes."
+                            description: t("securityKeyRemovedTooQuickly", {
+                                defaultValue:
+                                    "Please keep your security key connected until the registration process completes."
                             })
                         });
                     }
-                } else if (error.name === 'NotSupportedError') {
+                } else if (error.name === "NotSupportedError") {
                     toast({
                         variant: "destructive",
-                        description: t('securityKeyNotSupported', {
-                            defaultValue: "Your security key may not be compatible. Please try a different security key."
+                        description: t("securityKeyNotSupported", {
+                            defaultValue:
+                                "Your security key may not be compatible. Please try a different security key."
                         })
                     });
                 } else {
                     toast({
                         variant: "destructive",
-                        description: t('securityKeyUnknownError', {
-                            defaultValue: "There was a problem registering your security key. Please try again."
+                        description: t("securityKeyUnknownError", {
+                            defaultValue:
+                                "There was a problem registering your security key. Please try again."
                         })
                     });
                 }
                 throw error; // Re-throw to be caught by outer catch
             }
         } catch (error) {
-            console.error('Security key registration error:', error);
+            console.error("Security key registration error:", error);
             toast({
                 variant: "destructive",
-                description: formatAxiosError(error, t('securityKeyRegisterError', {
-                    defaultValue: "Failed to register security key"
-                }))
+                description: formatAxiosError(
+                    error,
+                    t("securityKeyRegisterError", {
+                        defaultValue: "Failed to register security key"
+                    })
+                )
             });
         } finally {
             setIsRegistering(false);
@@ -224,33 +258,42 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
 
         try {
             setDeleteInProgress(true);
-            const encodedCredentialId = encodeURIComponent(selectedSecurityKey.credentialId);
-            const response = await api.delete(`/auth/security-key/${encodedCredentialId}`, {
-                data: {
-                    password: values.password,
-                    code: values.code
+            const encodedCredentialId = encodeURIComponent(
+                selectedSecurityKey.credentialId
+            );
+            const response = await api.delete(
+                `/auth/security-key/${encodedCredentialId}`,
+                {
+                    data: {
+                        password: values.password,
+                        code: values.code
+                    }
                 }
-            });
+            );
 
             // If 2FA is required
             if (response.status === 202 && response.data.data.codeRequested) {
                 setPendingDeleteCredentialId(encodedCredentialId);
                 setPendingDeletePassword(values.password);
-                setShow2FADialog(true);
+                setDialogState("delete2fa");
                 return;
             }
 
             toast({
-                description: t('securityKeyRemoveSuccess')
+                description: t("securityKeyRemoveSuccess")
             });
 
             deleteForm.reset();
             setSelectedSecurityKey(null);
+            setDialogState("list");
             await loadSecurityKeys();
         } catch (error) {
             toast({
                 variant: "destructive",
-                description: formatAxiosError(error, t('securityKeyRemoveError')),
+                description: formatAxiosError(
+                    error,
+                    t("securityKeyRemoveError")
+                )
             });
         } finally {
             setDeleteInProgress(false);
@@ -262,33 +305,128 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
 
         try {
             setDeleteInProgress(true);
-            await api.delete(`/auth/security-key/${pendingDeleteCredentialId}`, {
-                data: {
-                    password: pendingDeletePassword,
-                    code: values.code
+            await api.delete(
+                `/auth/security-key/${pendingDeleteCredentialId}`,
+                {
+                    data: {
+                        password: pendingDeletePassword,
+                        code: values.code
+                    }
                 }
-            });
+            );
 
             toast({
-                description: t('securityKeyRemoveSuccess')
+                description: t("securityKeyRemoveSuccess")
             });
 
             deleteForm.reset();
             setSelectedSecurityKey(null);
-            setShow2FADialog(false);
+            setDialogState("list");
             setPendingDeleteCredentialId(null);
             setPendingDeletePassword(null);
             await loadSecurityKeys();
         } catch (error) {
             toast({
                 variant: "destructive",
-                description: formatAxiosError(error, t('securityKeyRemoveError')),
+                description: formatAxiosError(
+                    error,
+                    t("securityKeyRemoveError")
+                )
             });
         } finally {
             setDeleteInProgress(false);
         }
     };
 
+    const handleRegister2FASubmit = async (values: { code: string }) => {
+        if (!pendingRegisterData) return;
+
+        try {
+            setIsRegistering(true);
+            const startRes = await api.post(
+                "/auth/security-key/register/start",
+                {
+                    name: pendingRegisterData.name,
+                    password: pendingRegisterData.password,
+                    code: values.code
+                }
+            );
+
+            const options = startRes.data.data;
+
+            try {
+                const credential = await startRegistration(options);
+
+                await api.post("/auth/security-key/register/verify", {
+                    credential
+                });
+
+                toast({
+                    description: t("securityKeyRegisterSuccess", {
+                        defaultValue: "Security key registered successfully"
+                    })
+                });
+
+                registerForm.reset();
+                setDialogState("list");
+                setPendingRegisterData(null);
+                setRegister2FAForm({ code: "" });
+                await loadSecurityKeys();
+            } catch (error: any) {
+                if (error.name === "NotAllowedError") {
+                    if (error.message.includes("denied permission")) {
+                        toast({
+                            variant: "destructive",
+                            description: t("securityKeyPermissionDenied", {
+                                defaultValue:
+                                    "Please allow access to your security key to continue registration."
+                            })
+                        });
+                    } else {
+                        toast({
+                            variant: "destructive",
+                            description: t("securityKeyRemovedTooQuickly", {
+                                defaultValue:
+                                    "Please keep your security key connected until the registration process completes."
+                            })
+                        });
+                    }
+                } else if (error.name === "NotSupportedError") {
+                    toast({
+                        variant: "destructive",
+                        description: t("securityKeyNotSupported", {
+                            defaultValue:
+                                "Your security key may not be compatible. Please try a different security key."
+                        })
+                    });
+                } else {
+                    toast({
+                        variant: "destructive",
+                        description: t("securityKeyUnknownError", {
+                            defaultValue:
+                                "There was a problem registering your security key. Please try again."
+                        })
+                    });
+                }
+                throw error; // Re-throw to be caught by outer catch
+            }
+        } catch (error) {
+            console.error("Security key registration error:", error);
+            toast({
+                variant: "destructive",
+                description: formatAxiosError(
+                    error,
+                    t("securityKeyRegisterError", {
+                        defaultValue: "Failed to register security key"
+                    })
+                )
+            });
+            setRegister2FAForm({ code: "" });
+        } finally {
+            setIsRegistering(false);
+        }
+    };
+
     const onOpenChange = (open: boolean) => {
         if (open) {
             loadSecurityKeys();
@@ -296,292 +434,423 @@ export default function SecurityKeyForm({ open, setOpen }: SecurityKeyFormProps)
             registerForm.reset();
             deleteForm.reset();
             setSelectedSecurityKey(null);
-            setShowRegisterDialog(false);
+            setDialogState("list");
+            setPendingRegisterData(null);
+            setRegister2FAForm({ code: "" });
         }
         setOpen(open);
     };
 
     return (
         <>
-            <Dialog open={open} onOpenChange={onOpenChange}>
-                <DialogContent className="sm:max-w-[500px]">
-                    <DialogHeader>
-                        <DialogTitle className="flex items-center gap-2">
-                            <Shield className="h-5 w-5" />
-                            {t('securityKeyManage')}
-                        </DialogTitle>
-                        <DialogDescription>
-                            {t('securityKeyDescription')}
-                        </DialogDescription>
-                    </DialogHeader>
+            <Credenza open={open} onOpenChange={onOpenChange}>
+                <CredenzaContent>
+                    {dialogState === "list" && (
+                        <>
+                            <CredenzaHeader>
+                                <CredenzaTitle className="flex items-center gap-2">
+                                    {t("securityKeyManage")}
+                                </CredenzaTitle>
+                                <CredenzaDescription>
+                                    {t("securityKeyDescription")}
+                                </CredenzaDescription>
+                            </CredenzaHeader>
+                            <CredenzaBody>
+                                <div className="space-y-4">
+                                    <div className="flex items-center justify-between">
+                                        <h3 className="text-sm font-medium text-muted-foreground">
+                                            {t("securityKeyList")}
+                                        </h3>
+                                        <Button
+                                            onClick={() =>
+                                                setDialogState("register")
+                                            }
+                                            className="gap-2"
+                                        >
+                                            <Plus className="h-4 w-4" />
+                                            {t("securityKeyAdd")}
+                                        </Button>
+                                    </div>
 
-                    <div className="space-y-4">
-                        <div className="flex items-center justify-between">
-                            <h3 className="text-sm font-medium text-muted-foreground">{t('securityKeyList')}</h3>
-                            <Button
-                                className="h-8 w-8 p-0"
-                                onClick={() => setShowRegisterDialog(true)}
-                            >
-                                <Plus className="h-4 w-4" />
-                            </Button>
-                        </div>
+                                    {securityKeys.length > 0 ? (
+                                        <div className="space-y-2">
+                                            {securityKeys.map((securityKey) => (
+                                                <Card
+                                                    key={
+                                                        securityKey.credentialId
+                                                    }
+                                                >
+                                                    <CardContent className="flex items-center justify-between p-4">
+                                                        <div className="flex items-center gap-3">
+                                                            <div className="flex h-8 w-8 items-center justify-center rounded-full bg-secondary">
+                                                                <KeyRound className="h-4 w-4 text-secondary-foreground" />
+                                                            </div>
+                                                            <div>
+                                                                <p className="font-medium">
+                                                                    {
+                                                                        securityKey.name
+                                                                    }
+                                                                </p>
+                                                                <p className="text-xs text-muted-foreground">
+                                                                    {t(
+                                                                        "securityKeyLastUsed",
+                                                                        {
+                                                                            date: new Date(
+                                                                                securityKey.lastUsed
+                                                                            ).toLocaleDateString()
+                                                                        }
+                                                                    )}
+                                                                </p>
+                                                            </div>
+                                                        </div>
+                                                        <Button
+                                                            className="h-8 w-8 p-0 text-white hover:text-white/80"
+                                                            onClick={() => {
+                                                                setSelectedSecurityKey(
+                                                                    {
+                                                                        credentialId:
+                                                                            securityKey.credentialId,
+                                                                        name: securityKey.name
+                                                                    }
+                                                                );
+                                                                setDialogState(
+                                                                    "delete"
+                                                                );
+                                                            }}
+                                                        >
+                                                            <Trash2 className="h-4 w-4" />
+                                                        </Button>
+                                                    </CardContent>
+                                                </Card>
+                                            ))}
+                                        </div>
+                                    ) : (
+                                        <div className="flex flex-col items-center justify-center py-8 text-center">
+                                            <Shield className="mb-2 h-12 w-12 text-muted-foreground" />
+                                            <p className="text-sm text-muted-foreground">
+                                                {t("securityKeyNoKeysRegistered")}
+                                            </p>
+                                            <p className="text-xs text-muted-foreground">
+                                                {t("securityKeyNoKeysDescription")}
+                                            </p>
+                                        </div>
+                                    )}
 
-                        {securityKeys.length > 0 ? (
-                            <div className="space-y-2">
-                                {securityKeys.map((securityKey) => (
-                                    <Card key={securityKey.credentialId}>
-                                        <CardContent className="flex items-center justify-between p-4">
-                                            <div className="flex items-center gap-3">
-                                                <div className="flex h-8 w-8 items-center justify-center rounded-full bg-secondary">
-                                                    <KeyRound className="h-4 w-4 text-secondary-foreground" />
-                                                </div>
-                                                <div>
-                                                    <p className="font-medium">{securityKey.name}</p>
-                                                    <p className="text-xs text-muted-foreground">
-                                                        {t('securityKeyLastUsed', {
-                                                            date: new Date(securityKey.lastUsed).toLocaleDateString()
-                                                        })}
-                                                    </p>
-                                                </div>
-                                            </div>
-                                            <Button
-                                                className="h-8 w-8 p-0 text-white hover:text-white/80"
-                                                onClick={() => setSelectedSecurityKey({
-                                                    credentialId: securityKey.credentialId,
-                                                    name: securityKey.name
-                                                })}
-                                            >
-                                                <Trash2 className="h-4 w-4" />
-                                            </Button>
-                                        </CardContent>
-                                    </Card>
-                                ))}
-                            </div>
-                        ) : (
-                            <div className="flex flex-col items-center justify-center py-8 text-center">
-                                <Shield className="mb-2 h-12 w-12 text-muted-foreground" />
-                                <p className="text-sm text-muted-foreground">No security keys registered</p>
-                                <p className="text-xs text-muted-foreground">Add a security key to enhance your account security</p>
-                            </div>
-                        )}
+                                    {securityKeys.length === 1 && (
+                                        <Alert variant="default">
+                                            <Info className="h-4 w-4" />
+                                            <AlertDescription>
+                                                {t("securityKeyRecommendation")}
+                                            </AlertDescription>
+                                        </Alert>
+                                    )}
+                                </div>
+                            </CredenzaBody>
+                        </>
+                    )}
 
-                        {securityKeys.length === 1 && (
-                            <Alert variant="default">
-                                <AlertDescription>{t('securityKeyRecommendation')}</AlertDescription>
-                            </Alert>
-                        )}
-                    </div>
-                </DialogContent>
-            </Dialog>
-
-            <Dialog open={showRegisterDialog} onOpenChange={setShowRegisterDialog}>
-                <DialogContent className="sm:max-w-[400px]">
-                    <DialogHeader>
-                        <DialogTitle>Register New Security Key</DialogTitle>
-                        <DialogDescription>
-                            Connect your security key and enter a name to identify it
-                        </DialogDescription>
-                    </DialogHeader>
-
-                    <Form {...registerForm}>
-                        <form onSubmit={registerForm.handleSubmit(handleRegisterSecurityKey)} className="space-y-4">
-                            <FormField
-                                control={registerForm.control}
-                                name="name"
-                                render={({ field }: FieldProps) => (
-                                    <FormItem>
-                                        <FormLabel>{t('securityKeyNameLabel')}</FormLabel>
-                                        <FormControl>
-                                            <Input
-                                                {...field}
-                                                placeholder={t('securityKeyNamePlaceholder')}
-                                                disabled={isRegistering}
-                                            />
-                                        </FormControl>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-                            <FormField
-                                control={registerForm.control}
-                                name="password"
-                                render={({ field }: FieldProps) => (
-                                    <FormItem>
-                                        <FormLabel>{t('password')}</FormLabel>
-                                        <FormControl>
-                                            <Input 
-                                                {...field} 
-                                                type="password" 
-                                                disabled={isRegistering}
-                                            />
-                                        </FormControl>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-
-                            <DialogFooter>
+                    {dialogState === "register" && (
+                        <>
+                            <CredenzaHeader>
+                                <CredenzaTitle>
+                                    {t("securityKeyRegisterTitle")}
+                                </CredenzaTitle>
+                                <CredenzaDescription>
+                                    {t("securityKeyRegisterDescription")}
+                                </CredenzaDescription>
+                            </CredenzaHeader>
+                            <CredenzaBody>
+                                <Form {...registerForm}>
+                                    <form
+                                        onSubmit={registerForm.handleSubmit(
+                                            handleRegisterSecurityKey
+                                        )}
+                                        className="space-y-4"
+                                        id="form"
+                                    >
+                                        <FormField
+                                            control={registerForm.control}
+                                            name="name"
+                                            render={({ field }: FieldProps) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t(
+                                                            "securityKeyNameLabel"
+                                                        )}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            {...field}
+                                                            disabled={
+                                                                isRegistering
+                                                            }
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                        <FormField
+                                            control={registerForm.control}
+                                            name="password"
+                                            render={({ field }: FieldProps) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t("password")}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            {...field}
+                                                            type="password"
+                                                            disabled={
+                                                                isRegistering
+                                                            }
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </form>
+                                </Form>
+                            </CredenzaBody>
+                            <CredenzaFooter>
+                                <CredenzaClose asChild>
+                                    <Button
+                                        variant="outline"
+                                        onClick={() => {
+                                            registerForm.reset();
+                                            setDialogState("list");
+                                        }}
+                                        disabled={isRegistering}
+                                    >
+                                        {t("cancel")}
+                                    </Button>
+                                </CredenzaClose>
                                 <Button
-                                    type="button"
-                                    className="border border-input bg-transparent text-foreground hover:bg-accent hover:text-accent-foreground"
-                                    onClick={() => {
-                                        registerForm.reset();
-                                        setShowRegisterDialog(false);
-                                    }}
-                                    disabled={isRegistering}
-                                >
-                                    {t('cancel')}
-                                </Button>
-                                <Button 
-                                    type="submit" 
+                                    type="submit"
+                                    form="form"
                                     disabled={isRegistering}
                                     className={cn(
                                         "min-w-[100px]",
-                                        isRegistering && "cursor-not-allowed opacity-50"
+                                        isRegistering &&
+                                            "cursor-not-allowed opacity-50"
                                     )}
+                                    loading={isRegistering}
                                 >
-                                    {isRegistering ? (
-                                        <>
-                                            <Loader2 className="mr-2 h-4 w-4 animate-spin" />
-                                            {t('registering')}
-                                        </>
-                                    ) : (
-                                        t('securityKeyRegister')
-                                    )}
+                                    {t("securityKeyRegister")}
                                 </Button>
-                            </DialogFooter>
-                        </form>
-                    </Form>
-                </DialogContent>
-            </Dialog>
+                            </CredenzaFooter>
+                        </>
+                    )}
 
-            <Dialog open={!!selectedSecurityKey} onOpenChange={(open) => !open && setSelectedSecurityKey(null)}>
-                <DialogContent className="sm:max-w-[400px]">
-                    <DialogHeader>
-                        <DialogTitle className="flex items-center gap-2 text-destructive">
-                            <Trash2 className="h-4 w-4" />
-                            Remove Security Key
-                        </DialogTitle>
-                        <DialogDescription>
-                            Enter your password to remove the security key "{selectedSecurityKey?.name}"
-                        </DialogDescription>
-                    </DialogHeader>
-
-                    <Form {...deleteForm}>
-                        <form onSubmit={deleteForm.handleSubmit(handleDeleteSecurityKey)} className="space-y-4">
-                            <FormField
-                                control={deleteForm.control}
-                                name="password"
-                                render={({ field }) => (
-                                    <FormItem>
-                                        <FormLabel>{t('password')}</FormLabel>
-                                        <FormControl>
-                                            <Input
-                                                {...field}
-                                                type="password"
-                                                disabled={deleteInProgress}
-                                            />
-                                        </FormControl>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-
-                            <DialogFooter>
+                    {dialogState === "register2fa" && (
+                        <>
+                            <CredenzaHeader>
+                                <CredenzaTitle>
+                                    {t("securityKeyTwoFactorRequired")}
+                                </CredenzaTitle>
+                                <CredenzaDescription>
+                                    {t("securityKeyTwoFactorDescription")}
+                                </CredenzaDescription>
+                            </CredenzaHeader>
+                            <CredenzaBody>
+                                <div className="space-y-4">
+                                    <div>
+                                        <label className="text-sm font-medium">
+                                            {t("securityKeyTwoFactorCode")}
+                                        </label>
+                                        <Input
+                                            type="text"
+                                            value={register2FAForm.code}
+                                            onChange={(e) =>
+                                                setRegister2FAForm({
+                                                    code: e.target.value
+                                                })
+                                            }
+                                            maxLength={6}
+                                            disabled={isRegistering}
+                                        />
+                                    </div>
+                                </div>
+                            </CredenzaBody>
+                            <CredenzaFooter>
+                                <CredenzaClose asChild>
+                                    <Button
+                                        variant="outline"
+                                        onClick={() => {
+                                            setRegister2FAForm({ code: "" });
+                                            setDialogState("list");
+                                            setPendingRegisterData(null);
+                                        }}
+                                        disabled={isRegistering}
+                                    >
+                                        {t("cancel")}
+                                    </Button>
+                                </CredenzaClose>
                                 <Button
                                     type="button"
-                                    className="border border-input bg-transparent text-foreground hover:bg-accent hover:text-accent-foreground"
-                                    onClick={() => {
-                                        deleteForm.reset();
-                                        setSelectedSecurityKey(null);
-                                    }}
-                                    disabled={deleteInProgress}
+                                    className="min-w-[100px]"
+                                    disabled={
+                                        isRegistering ||
+                                        register2FAForm.code.length !== 6
+                                    }
+                                    loading={isRegistering}
+                                    onClick={() =>
+                                        handleRegister2FASubmit({
+                                            code: register2FAForm.code
+                                        })
+                                    }
                                 >
-                                    {t('cancel')}
+                                    {t("securityKeyRegister")}
                                 </Button>
+                            </CredenzaFooter>
+                        </>
+                    )}
+
+                    {dialogState === "delete" && (
+                        <>
+                            <CredenzaHeader>
+                                <CredenzaTitle className="flex items-center gap-2">
+                                    {t("securityKeyRemoveTitle")}
+                                </CredenzaTitle>
+                                <CredenzaDescription>
+                                    {t("securityKeyRemoveDescription", { name: selectedSecurityKey!.name! })}
+                                </CredenzaDescription>
+                            </CredenzaHeader>
+                            <CredenzaBody>
+                                <Form {...deleteForm}>
+                                    <form
+                                        onSubmit={deleteForm.handleSubmit(
+                                            handleDeleteSecurityKey
+                                        )}
+                                        className="space-y-4"
+                                        id="delete-form"
+                                    >
+                                        <FormField
+                                            control={deleteForm.control}
+                                            name="password"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t("password")}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            {...field}
+                                                            type="password"
+                                                            disabled={
+                                                                deleteInProgress
+                                                            }
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </form>
+                                </Form>
+                            </CredenzaBody>
+                            <CredenzaFooter>
+                                <CredenzaClose asChild>
+                                    <Button
+                                        variant="outline"
+                                        onClick={() => {
+                                            deleteForm.reset();
+                                            setSelectedSecurityKey(null);
+                                            setDialogState("list");
+                                        }}
+                                        disabled={deleteInProgress}
+                                    >
+                                        {t("cancel")}
+                                    </Button>
+                                </CredenzaClose>
                                 <Button
                                     type="submit"
+                                    form="delete-form"
                                     className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
                                     disabled={deleteInProgress}
+                                    loading={deleteInProgress}
                                 >
-                                    {deleteInProgress ? (
-                                        <>
-                                            <Loader2 className="mr-2 h-4 w-4 animate-spin" />
-                                            {t('securityKeyRemoving')}
-                                        </>
-                                    ) : (
-                                        t('securityKeyRemove')
-                                    )}
+                                    {t("securityKeyRemove")}
                                 </Button>
-                            </DialogFooter>
-                        </form>
-                    </Form>
-                </DialogContent>
-            </Dialog>
+                            </CredenzaFooter>
+                        </>
+                    )}
 
-            <Dialog open={show2FADialog} onOpenChange={(open) => !open && setShow2FADialog(false)}>
-                <DialogContent className="sm:max-w-[400px]">
-                    <DialogHeader>
-                        <DialogTitle>Two-Factor Authentication Required</DialogTitle>
-                        <DialogDescription>
-                            Please enter your two-factor authentication code to remove the security key
-                        </DialogDescription>
-                    </DialogHeader>
-
-                    <Form {...deleteForm}>
-                        <form onSubmit={deleteForm.handleSubmit(handle2FASubmit)} className="space-y-4">
-                            <FormField
-                                control={deleteForm.control}
-                                name="code"
-                                render={({ field }) => (
-                                    <FormItem>
-                                        <FormLabel>Two-Factor Code</FormLabel>
-                                        <FormControl>
-                                            <Input
-                                                {...field}
-                                                type="text"
-                                                placeholder="Enter your 6-digit code"
-                                                disabled={deleteInProgress}
-                                            />
-                                        </FormControl>
-                                        <FormMessage />
-                                    </FormItem>
-                                )}
-                            />
-
-                            <DialogFooter>
-                                <Button
-                                    type="button"
-                                    className="border border-input bg-transparent text-foreground hover:bg-accent hover:text-accent-foreground"
-                                    onClick={() => {
-                                        deleteForm.reset();
-                                        setShow2FADialog(false);
-                                        setPendingDeleteCredentialId(null);
-                                        setPendingDeletePassword(null);
-                                    }}
-                                    disabled={deleteInProgress}
-                                >
-                                    {t('cancel')}
-                                </Button>
+                    {dialogState === "delete2fa" && (
+                        <>
+                            <CredenzaHeader>
+                                <CredenzaTitle>
+                                    {t("securityKeyTwoFactorRequired")}
+                                </CredenzaTitle>
+                                <CredenzaDescription>
+                                    {t("securityKeyTwoFactorRemoveDescription")}
+                                </CredenzaDescription>
+                            </CredenzaHeader>
+                            <CredenzaBody>
+                                <Form {...deleteForm}>
+                                    <form
+                                        onSubmit={deleteForm.handleSubmit(
+                                            handle2FASubmit
+                                        )}
+                                        className="space-y-4"
+                                        id="delete2fa-form"
+                                    >
+                                        <FormField
+                                            control={deleteForm.control}
+                                            name="code"
+                                            render={({ field }) => (
+                                                <FormItem>
+                                                    <FormLabel>
+                                                        {t("securityKeyTwoFactorCode")}
+                                                    </FormLabel>
+                                                    <FormControl>
+                                                        <Input
+                                                            {...field}
+                                                            type="text"
+                                                            maxLength={6}
+                                                            disabled={
+                                                                deleteInProgress
+                                                            }
+                                                        />
+                                                    </FormControl>
+                                                    <FormMessage />
+                                                </FormItem>
+                                            )}
+                                        />
+                                    </form>
+                                </Form>
+                            </CredenzaBody>
+                            <CredenzaFooter>
+                                <CredenzaClose asChild>
+                                    <Button
+                                        variant="outline"
+                                        onClick={() => {
+                                            deleteForm.reset();
+                                            setDialogState("list");
+                                            setPendingDeleteCredentialId(null);
+                                            setPendingDeletePassword(null);
+                                        }}
+                                        disabled={deleteInProgress}
+                                    >
+                                        {t("cancel")}
+                                    </Button>
+                                </CredenzaClose>
                                 <Button
                                     type="submit"
+                                    form="delete2fa-form"
                                     className="bg-destructive text-destructive-foreground hover:bg-destructive/90"
                                     disabled={deleteInProgress}
+                                    loading={deleteInProgress}
                                 >
-                                    {deleteInProgress ? (
-                                        <>
-                                            <Loader2 className="mr-2 h-4 w-4 animate-spin" />
-                                            {t('securityKeyRemoving')}
-                                        </>
-                                    ) : (
-                                        t('securityKeyRemove')
-                                    )}
+                                    {t("securityKeyRemove")}
                                 </Button>
-                            </DialogFooter>
-                        </form>
-                    </Form>
-                </DialogContent>
-            </Dialog>
+                            </CredenzaFooter>
+                        </>
+                    )}
+                </CredenzaContent>
+            </Credenza>
         </>
     );
-} 
\ No newline at end of file
+}
diff --git a/src/components/SetLastOrgCookie.tsx b/src/components/SetLastOrgCookie.tsx
new file mode 100644
index 00000000..a142df9e
--- /dev/null
+++ b/src/components/SetLastOrgCookie.tsx
@@ -0,0 +1,19 @@
+"use client";
+
+import { useEffect } from "react";
+
+interface SetLastOrgCookieProps {
+    orgId: string;
+}
+
+export default function SetLastOrgCookie({ orgId }: SetLastOrgCookieProps) {
+    useEffect(() => {
+        const isSecure =
+            typeof window !== "undefined" &&
+            window.location.protocol === "https:";
+
+        document.cookie = `pangolin-last-org=${orgId}; path=/; max-age=${60 * 60 * 24 * 30}; samesite=lax${isSecure ? "; secure" : ""}`;
+    }, [orgId]);
+
+    return null;
+}
diff --git a/src/components/Settings.tsx b/src/components/Settings.tsx
index 410d3093..796a4bc8 100644
--- a/src/components/Settings.tsx
+++ b/src/components/Settings.tsx
@@ -19,7 +19,7 @@ export function SettingsSectionForm({
 }: {
     children: React.ReactNode;
 }) {
-    return <div className="max-w-xl">{children}</div>;
+    return <div className="max-w-xl space-y-4">{children}</div>;
 }
 
 export function SettingsSectionTitle({
diff --git a/src/components/SidebarNav.tsx b/src/components/SidebarNav.tsx
index d90a5093..7e8ad336 100644
--- a/src/components/SidebarNav.tsx
+++ b/src/components/SidebarNav.tsx
@@ -1,35 +1,45 @@
 "use client";
 
-import React, { useState, useEffect } from "react";
+import React from "react";
 import Link from "next/link";
 import { useParams, usePathname } from "next/navigation";
 import { cn } from "@app/lib/cn";
-import { ChevronDown, ChevronRight } from "lucide-react";
 import { useUserContext } from "@app/hooks/useUserContext";
 import { Badge } from "@app/components/ui/badge";
 import { useLicenseStatusContext } from "@app/hooks/useLicenseStatusContext";
 import { useTranslations } from "next-intl";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger
+} from "@app/components/ui/tooltip";
 
-export interface SidebarNavItem {
+export type SidebarNavItem = {
     href: string;
     title: string;
     icon?: React.ReactNode;
-    children?: SidebarNavItem[];
-    autoExpand?: boolean;
     showProfessional?: boolean;
-}
+};
+
+export type SidebarNavSection = {
+    heading: string;
+    items: SidebarNavItem[];
+};
 
 export interface SidebarNavProps extends React.HTMLAttributes<HTMLElement> {
-    items: SidebarNavItem[];
+    sections: SidebarNavSection[];
     disabled?: boolean;
     onItemClick?: () => void;
+    isCollapsed?: boolean;
 }
 
 export function SidebarNav({
     className,
-    items,
+    sections,
     disabled = false,
     onItemClick,
+    isCollapsed = false,
     ...props
 }: SidebarNavProps) {
     const pathname = usePathname();
@@ -38,34 +48,10 @@ export function SidebarNav({
     const niceId = params.niceId as string;
     const resourceId = params.resourceId as string;
     const userId = params.userId as string;
-    const [expandedItems, setExpandedItems] = useState<Set<string>>(() => {
-        const autoExpanded = new Set<string>();
-
-        function findAutoExpandedAndActivePath(
-            items: SidebarNavItem[],
-            parentHrefs: string[] = []
-        ) {
-            items.forEach((item) => {
-                const hydratedHref = hydrateHref(item.href);
-                const currentPath = [...parentHrefs, hydratedHref];
-
-                if (item.autoExpand || pathname.startsWith(hydratedHref)) {
-                    currentPath.forEach((href) => autoExpanded.add(href));
-                }
-
-                if (item.children) {
-                    findAutoExpandedAndActivePath(item.children, currentPath);
-                }
-            });
-        }
-
-        findAutoExpandedAndActivePath(items);
-        return autoExpanded;
-    });
+    const apiKeyId = params.apiKeyId as string;
+    const clientId = params.clientId as string;
     const { licenseStatus, isUnlocked } = useLicenseStatusContext();
-
     const { user } = useUserContext();
-
     const t = useTranslations();
 
     function hydrateHref(val: string): string {
@@ -73,119 +59,114 @@ export function SidebarNav({
             .replace("{orgId}", orgId)
             .replace("{niceId}", niceId)
             .replace("{resourceId}", resourceId)
-            .replace("{userId}", userId);
+            .replace("{userId}", userId)
+            .replace("{apiKeyId}", apiKeyId)
+            .replace("{clientId}", clientId);
     }
 
-    function toggleItem(href: string) {
-        setExpandedItems((prev) => {
-            const newSet = new Set(prev);
-            if (newSet.has(href)) {
-                newSet.delete(href);
-            } else {
-                newSet.add(href);
-            }
-            return newSet;
-        });
-    }
+    const renderNavItem = (
+        item: SidebarNavItem,
+        hydratedHref: string,
+        isActive: boolean,
+        isDisabled: boolean
+    ) => {
+        const tooltipText =
+            item.showProfessional && !isUnlocked()
+                ? `${t(item.title)} (${t("licenseBadge")})`
+                : t(item.title);
 
-    function renderItems(items: SidebarNavItem[], level = 0) {
-        return items.map((item) => {
-            const hydratedHref = hydrateHref(item.href);
-            const isActive = pathname.startsWith(hydratedHref);
-            const hasChildren = item.children && item.children.length > 0;
-            const isExpanded = expandedItems.has(hydratedHref);
-            const indent = level * 28; // Base indent for each level
-            const isProfessional = item.showProfessional && !isUnlocked();
-            const isDisabled = disabled || isProfessional;
-
-            return (
-                <div key={hydratedHref}>
-                    <div
-                        className="flex items-center group"
-                        style={{ marginLeft: `${indent}px` }}
+        const itemContent = (
+            <Link
+                href={isDisabled ? "#" : hydratedHref}
+                className={cn(
+                    "flex items-center rounded transition-colors hover:bg-secondary/50 dark:hover:bg-secondary/20 rounded-md",
+                    isCollapsed ? "px-2 py-2 justify-center" : "px-3 py-1.5",
+                    isActive
+                        ? "text-primary font-medium"
+                        : "text-muted-foreground hover:text-foreground",
+                    isDisabled && "cursor-not-allowed opacity-60"
+                )}
+                onClick={(e) => {
+                    if (isDisabled) {
+                        e.preventDefault();
+                    } else if (onItemClick) {
+                        onItemClick();
+                    }
+                }}
+                tabIndex={isDisabled ? -1 : undefined}
+                aria-disabled={isDisabled}
+            >
+                {item.icon && (
+                    <span
+                        className={cn("flex-shrink-0", !isCollapsed && "mr-2")}
                     >
-                        <div
-                            className={cn(
-                                "flex items-center w-full transition-colors rounded-md",
-                                isActive && level === 0 && "bg-primary/10"
-                            )}
-                        >
-                            <Link
-                                href={isProfessional ? "#" : hydratedHref}
-                                className={cn(
-                                    "flex items-center w-full px-3 py-2",
-                                    isActive
-                                        ? "text-primary font-medium"
-                                        : "text-muted-foreground group-hover:text-foreground",
-                                    isDisabled && "cursor-not-allowed"
-                                )}
-                                onClick={(e) => {
-                                    if (isDisabled) {
-                                        e.preventDefault();
-                                    } else if (onItemClick) {
-                                        onItemClick();
-                                    }
-                                }}
-                                tabIndex={isDisabled ? -1 : undefined}
-                                aria-disabled={isDisabled}
-                            >
-                                <div
-                                    className={cn(
-                                        "flex items-center",
-                                        isDisabled && "opacity-60"
-                                    )}
-                                >
-                                    {item.icon && (
-                                        <span className="mr-3">
-                                            {item.icon}
-                                        </span>
-                                    )}
-                                    {t(item.title)}
-                                </div>
-                                {isProfessional && (
-                                    <Badge
-                                        variant="outlinePrimary"
-                                        className="ml-2"
-                                    >
-                                        {t('licenseBadge')}
-                                    </Badge>
-                                )}
-                            </Link>
-                            {hasChildren && (
-                                <button
-                                    onClick={() => toggleItem(hydratedHref)}
-                                    className="p-2 rounded-md text-muted-foreground hover:text-foreground cursor-pointer"
-                                    disabled={isDisabled}
-                                >
-                                    {isExpanded ? (
-                                        <ChevronDown className="h-5 w-5" />
-                                    ) : (
-                                        <ChevronRight className="h-5 w-5" />
-                                    )}
-                                </button>
-                            )}
-                        </div>
-                    </div>
-                    {hasChildren && isExpanded && (
-                        <div className="space-y-1 mt-1">
-                            {renderItems(item.children || [], level + 1)}
-                        </div>
-                    )}
-                </div>
+                        {item.icon}
+                    </span>
+                )}
+                {!isCollapsed && (
+                    <>
+                        <span>{t(item.title)}</span>
+                        {item.showProfessional && !isUnlocked() && (
+                            <Badge variant="outlinePrimary" className="ml-2">
+                                {t("licenseBadge")}
+                            </Badge>
+                        )}
+                    </>
+                )}
+            </Link>
+        );
+
+        if (isCollapsed) {
+            return (
+                <TooltipProvider key={hydratedHref}>
+                    <Tooltip>
+                        <TooltipTrigger asChild>{itemContent}</TooltipTrigger>
+                        <TooltipContent side="right" sideOffset={8}>
+                            <p>{tooltipText}</p>
+                        </TooltipContent>
+                    </Tooltip>
+                </TooltipProvider>
             );
-        });
-    }
+        }
+
+        return (
+            <React.Fragment key={hydratedHref}>{itemContent}</React.Fragment>
+        );
+    };
 
     return (
         <nav
             className={cn(
-                "flex flex-col space-y-2",
+                "flex flex-col gap-2 text-sm",
                 disabled && "pointer-events-none opacity-60",
                 className
             )}
             {...props}
         >
-            {renderItems(items)}
+            {sections.map((section) => (
+                <div key={section.heading} className="mb-2">
+                    {!isCollapsed && (
+                        <div className="px-3 py-1 text-xs font-semibold text-muted-foreground uppercase tracking-wide">
+                            {section.heading}
+                        </div>
+                    )}
+                    <div className="flex flex-col gap-1">
+                        {section.items.map((item) => {
+                            const hydratedHref = hydrateHref(item.href);
+                            const isActive = pathname.startsWith(hydratedHref);
+                            const isProfessional =
+                                item.showProfessional && !isUnlocked();
+                            const isDisabled = disabled || isProfessional;
+                            return renderNavItem(
+                                item,
+                                hydratedHref,
+                                isActive,
+                                isDisabled || false
+                            );
+                        })}
+                    </div>
+                </div>
+            ))}
         </nav>
     );
 }
diff --git a/src/components/SidebarSettings.tsx b/src/components/SidebarSettings.tsx
deleted file mode 100644
index 04b68810..00000000
--- a/src/components/SidebarSettings.tsx
+++ /dev/null
@@ -1,35 +0,0 @@
-"use client";
-
-import { SidebarNav } from "@app/components/SidebarNav";
-import React from "react";
-
-interface SideBarSettingsProps {
-    children: React.ReactNode;
-    sidebarNavItems: Array<{
-        title: string;
-        href: string;
-        icon?: React.ReactNode;
-    }>;
-    disabled?: boolean;
-    limitWidth?: boolean;
-}
-
-export function SidebarSettings({
-    children,
-    sidebarNavItems,
-    disabled,
-    limitWidth
-}: SideBarSettingsProps) {
-    return (
-        <div className="space-y-4">
-            <div className="flex flex-col space-y-4 lg:flex-row lg:space-x-6 lg:space-y-0">
-                <aside className="lg:w-1/5">
-                    <SidebarNav items={sidebarNavItems} disabled={disabled} />
-                </aside>
-                <div className={`flex-1 ${limitWidth ? "lg:max-w-2xl" : ""} space-y-6`}>
-                    {children}
-                </div>
-            </div>
-        </div>
-    );
-}
diff --git a/src/app/components/SupporterMessage.tsx b/src/components/SupporterMessage.tsx
similarity index 100%
rename from src/app/components/SupporterMessage.tsx
rename to src/components/SupporterMessage.tsx
diff --git a/src/components/SupporterStatus.tsx b/src/components/SupporterStatus.tsx
index a17b9b9f..74d4bf8b 100644
--- a/src/components/SupporterStatus.tsx
+++ b/src/components/SupporterStatus.tsx
@@ -9,6 +9,12 @@ import {
     PopoverContent,
     PopoverTrigger
 } from "@app/components/ui/popover";
+import {
+    Tooltip,
+    TooltipContent,
+    TooltipProvider,
+    TooltipTrigger,
+} from "@app/components/ui/tooltip";
 import { Button } from "./ui/button";
 import {
     Credenza,
@@ -46,18 +52,23 @@ import {
     CardHeader,
     CardTitle
 } from "./ui/card";
-import { Check, ExternalLink } from "lucide-react";
+import { Check, ExternalLink, Heart } from "lucide-react";
 import confetti from "canvas-confetti";
 import { useTranslations } from "next-intl";
 
-export default function SupporterStatus() {
+interface SupporterStatusProps {
+    isCollapsed?: boolean;
+}
+
+export default function SupporterStatus({ isCollapsed = false }: SupporterStatusProps) {
     const { supporterStatus, updateSupporterStatus } =
         useSupporterStatusContext();
     const [supportOpen, setSupportOpen] = useState(false);
     const [keyOpen, setKeyOpen] = useState(false);
     const [purchaseOptionsOpen, setPurchaseOptionsOpen] = useState(false);
 
-    const api = createApiClient(useEnvContext());
+    const { env } = useEnvContext();
+    const api = createApiClient({ env });
     const t = useTranslations();
 
     const formSchema = z.object({
@@ -411,16 +422,36 @@ export default function SupporterStatus() {
             </Credenza>
 
             {supporterStatus?.visible ? (
-                <Button
-                    variant="outlinePrimary"
-                    size="sm"
-                    className="gap-2 w-full"
-                    onClick={() => {
-                        setPurchaseOptionsOpen(true);
-                    }}
-                >
-                    {t('supportKeyBuy')}
-                </Button>
+                isCollapsed ? (
+                    <TooltipProvider>
+                        <Tooltip>
+                            <TooltipTrigger asChild>
+                                <Button
+                                    size="icon"
+                                    className="w-8 h-8"
+                                    onClick={() => {
+                                        setPurchaseOptionsOpen(true);
+                                    }}
+                                >
+                                    <Heart className="h-4 w-4" />
+                                </Button>
+                            </TooltipTrigger>
+                            <TooltipContent side="right" sideOffset={8}>
+                                <p>{t('supportKeyBuy')}</p>
+                            </TooltipContent>
+                        </Tooltip>
+                    </TooltipProvider>
+                ) : (
+                    <Button
+                        size="sm"
+                        className="gap-2 w-full"
+                        onClick={() => {
+                            setPurchaseOptionsOpen(true);
+                        }}
+                    >
+                        {t('supportKeyBuy')}
+                    </Button>
+                )
             ) : null}
         </>
     );
diff --git a/src/components/SwitchInput.tsx b/src/components/SwitchInput.tsx
index fd312115..a2291c2e 100644
--- a/src/components/SwitchInput.tsx
+++ b/src/components/SwitchInput.tsx
@@ -4,7 +4,7 @@ import { Label } from "./ui/label";
 
 interface SwitchComponentProps {
     id: string;
-    label: string;
+    label?: string;
     description?: string;
     checked?: boolean;
     defaultChecked?: boolean;
@@ -31,7 +31,7 @@ export function SwitchInput({
                     onCheckedChange={onCheckedChange}
                     disabled={disabled}
                 />
-                <Label htmlFor={id}>{label}</Label>
+                {label && <Label htmlFor={id}>{label}</Label>}
             </div>
             {description && (
                 <span className="text-muted-foreground text-sm">
diff --git a/src/components/ThemeSwitcher.tsx b/src/components/ThemeSwitcher.tsx
new file mode 100644
index 00000000..5605ec31
--- /dev/null
+++ b/src/components/ThemeSwitcher.tsx
@@ -0,0 +1,78 @@
+"use client";
+
+import { Button } from "@app/components/ui/button";
+import { Laptop, Moon, Sun } from "lucide-react";
+import { useTranslations } from "next-intl";
+import { useTheme } from "next-themes";
+import { useEffect, useState } from "react";
+
+export default function ThemeSwitcher() {
+    const { setTheme, theme, resolvedTheme } = useTheme();
+    const [mounted, setMounted] = useState(false);
+
+    const t = useTranslations();
+
+    useEffect(() => {
+        setMounted(true);
+    }, []);
+
+    if (!mounted) {
+        return (
+            <Button variant="ghost" size="sm" className="h-8">
+                <Sun className="h-4 w-4 mr-2" />
+                Light
+            </Button>
+        );
+    }
+
+    function cycleTheme() {
+        const currentTheme = theme || "system";
+
+        if (currentTheme === "light") {
+            setTheme("dark");
+        } else if (currentTheme === "dark") {
+            setTheme("system");
+        } else {
+            setTheme("light");
+        }
+    }
+
+    function getThemeIcon() {
+        const currentTheme = theme || "system";
+
+        if (currentTheme === "light") {
+            return <Sun className="h-4 w-4" />;
+        } else if (currentTheme === "dark") {
+            return <Moon className="h-4 w-4" />;
+        } else {
+            // When theme is "system", show icon based on resolved theme
+            if (resolvedTheme === "light") {
+                return <Sun className="h-4 w-4" />;
+            } else if (resolvedTheme === "dark") {
+                return <Moon className="h-4 w-4" />;
+            } else {
+                // Fallback to laptop icon if resolvedTheme is not available
+                return <Laptop className="h-4 w-4" />;
+            }
+        }
+    }
+
+    function getThemeText() {
+        const currentTheme = theme || "system";
+        const translated = t(currentTheme);
+        return translated.charAt(0).toUpperCase() + translated.slice(1);
+    }
+
+    return (
+        <Button
+            variant="ghost"
+            size="sm"
+            className="h-8"
+            onClick={cycleTheme}
+            title={`Current theme: ${theme || "system"}. Click to cycle themes.`}
+        >
+            {getThemeIcon()}
+            <span className="ml-2">{getThemeText()}</span>
+        </Button>
+    );
+}
diff --git a/src/components/tags/tag-input.tsx b/src/components/tags/tag-input.tsx
index ad8c0d03..789a127c 100644
--- a/src/components/tags/tag-input.tsx
+++ b/src/components/tags/tag-input.tsx
@@ -173,7 +173,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
             (maxTags !== undefined && maxTags < 0) ||
             (props.minTags !== undefined && props.minTags < 0)
         ) {
-            console.warn(t('tagsWarnCannotBeLessThanZero'));
+            console.warn(t("tagsWarnCannotBeLessThanZero"));
             // error
             return null;
         }
@@ -197,22 +197,28 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                             (option) => option.text === newTagText
                         )
                     ) {
-                        console.warn(t('tagsWarnNotAllowedAutocompleteOptions'));
+                        console.warn(
+                            t("tagsWarnNotAllowedAutocompleteOptions")
+                        );
                         return;
                     }
 
                     if (validateTag && !validateTag(newTagText)) {
-                        console.warn(t('tagsWarnInvalid'));
+                        console.warn(t("tagsWarnInvalid"));
                         return;
                     }
 
                     if (minLength && newTagText.length < minLength) {
-                        console.warn(t('tagWarnTooShort', {tagText: newTagText}));
+                        console.warn(
+                            t("tagWarnTooShort", { tagText: newTagText })
+                        );
                         return;
                     }
 
                     if (maxLength && newTagText.length > maxLength) {
-                        console.warn(t('tagWarnTooLong', {tagText: newTagText}));
+                        console.warn(
+                            t("tagWarnTooLong", { tagText: newTagText })
+                        );
                         return;
                     }
 
@@ -229,10 +235,12 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                             setTags((prevTags) => [...prevTags, newTag]);
                             onTagAdd?.(newTagText);
                         } else {
-                            console.warn(t('tagsWarnReachedMaxNumber'));
+                            console.warn(t("tagsWarnReachedMaxNumber"));
                         }
                     } else {
-                        console.warn(t('tagWarnDuplicate', {tagText: newTagText}));
+                        console.warn(
+                            t("tagWarnDuplicate", { tagText: newTagText })
+                        );
                     }
                 });
                 setInputValue("");
@@ -258,12 +266,12 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                 }
 
                 if (minLength && newTagText.length < minLength) {
-                    console.warn(t('tagWarnTooShort'));
+                    console.warn(t("tagWarnTooShort"));
                     return;
                 }
 
                 if (maxLength && newTagText.length > maxLength) {
-                    console.warn(t('tagWarnTooLong'));
+                    console.warn(t("tagWarnTooLong"));
                     return;
                 }
 
@@ -308,7 +316,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                 }
 
                 if (minLength && newTagText.length < minLength) {
-                    console.warn(t('tagWarnTooShort'));
+                    console.warn(t("tagWarnTooShort"));
                     // error
                     return;
                 }
@@ -316,7 +324,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                 // Validate maxLength
                 if (maxLength && newTagText.length > maxLength) {
                     // error
-                    console.warn(t('tagWarnTooLong'));
+                    console.warn(t("tagWarnTooLong"));
                     return;
                 }
 
@@ -489,7 +497,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                             <div className="w-full">
                                 <div
                                     className={cn(
-                                        `flex flex-row flex-wrap items-center gap-1.5 p-1.5 w-full rounded-md border border-input bg-background text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 bg-transparent`,
+                                        `flex flex-row flex-wrap items-center gap-1.5 p-1.5 w-full rounded-md border border-input text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:cursor-not-allowed disabled:opacity-50`,
                                         styleClasses?.inlineTagsContainer
                                     )}
                                 >
@@ -536,7 +544,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                         onBlur={handleInputBlur}
                                         {...inputProps}
                                         className={cn(
-                                            "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit",
+                                            "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit shadow-none inset-shadow-none",
                                             // className,
                                             styleClasses?.input
                                         )}
@@ -622,7 +630,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                         onBlur={handleInputBlur}
                                         {...inputProps}
                                         className={cn(
-                                            "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit",
+                                            "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit shadow-none inset-shadow-none",
                                             // className,
                                             styleClasses?.input
                                         )}
@@ -643,7 +651,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                 ) : (
                                     <div
                                         className={cn(
-                                            `flex flex-row flex-wrap items-center p-1.5 gap-1.5 h-fit w-full bg-transparent text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50`,
+                                            `flex flex-row flex-wrap items-center p-1.5 gap-1.5 h-fit w-full bg-transparent text-sm ring-offset-background file:border-0 file:bg-transparent file:text-sm file:font-medium placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:cursor-not-allowed disabled:opacity-50`,
                                             styleClasses?.inlineTagsContainer
                                         )}
                                     >
@@ -710,7 +718,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                             onBlur={handleInputBlur}
                                             {...inputProps}
                                             className={cn(
-                                                "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit",
+                                                "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit shadow-none inset-shadow-none",
                                                 // className,
                                                 styleClasses?.input
                                             )}
@@ -791,7 +799,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                         onBlur={handleInputBlur}
                                         {...inputProps}
                                         className={cn(
-                                            "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit",
+                                            "border-0 h-5 bg-transparent focus-visible:ring-0 focus-visible:ring-transparent focus-visible:ring-offset-0 flex-1 w-fit shadow-none inset-shadow-none",
                                             // className,
                                             styleClasses?.input
                                         )}
@@ -834,7 +842,8 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                     onBlur={handleInputBlur}
                                     {...inputProps}
                                     className={cn(
-                                        styleClasses?.input
+                                        styleClasses?.input,
+                                        "shadow-none inset-shadow-none"
                                         // className
                                     )}
                                     autoComplete={
@@ -908,7 +917,7 @@ const TagInput = React.forwardRef<HTMLInputElement, TagInputProps>(
                                             tags.length >= maxTags)
                                     }
                                     className={cn(
-                                        "border-0 w-full",
+                                        "border-0 w-full shadow-none inset-shadow-none",
                                         styleClasses?.input
                                         // className
                                     )}
diff --git a/src/components/tags/tag.tsx b/src/components/tags/tag.tsx
index ccc489e4..938a2669 100644
--- a/src/components/tags/tag.tsx
+++ b/src/components/tags/tag.tsx
@@ -127,7 +127,7 @@ export const Tag: React.FC<TagProps> = ({
                 {
                     "justify-between w-full": direction === "column",
                     "cursor-pointer": draggable,
-                    "ring-ring ring-offset-2 ring-2 ring-offset-background":
+                    "ring-ring ring-offset-0 ring-2 ring-offset-background":
                         isActiveTag
                 },
                 tagClasses?.body
diff --git a/src/components/ui/alert.tsx b/src/components/ui/alert.tsx
index 3783ecfe..e6fad743 100644
--- a/src/components/ui/alert.tsx
+++ b/src/components/ui/alert.tsx
@@ -14,14 +14,13 @@ const alertVariants = cva(
                     "border-destructive/50 border bg-destructive/10 text-destructive dark:border-destructive [&>svg]:text-destructive",
                 success:
                     "border-green-500/50 border bg-green-500/10 text-green-500 dark:border-success [&>svg]:text-green-500",
-                info:
-                    "border-blue-500/50 border bg-blue-500/10 text-blue-500 dark:border-blue-400 [&>svg]:text-blue-500",
-            },
+                info: "border-blue-500/50 border bg-blue-500/10 text-blue-500 dark:border-blue-400 [&>svg]:text-blue-500"
+            }
         },
         defaultVariants: {
-            variant: "default",
-        },
-    },
+            variant: "default"
+        }
+    }
 );
 
 const Alert = React.forwardRef<
@@ -45,7 +44,7 @@ const AlertTitle = React.forwardRef<
         ref={ref}
         className={cn(
             "mb-1 font-medium leading-none tracking-tight",
-            className,
+            className
         )}
         {...props}
     />
diff --git a/src/components/ui/badge.tsx b/src/components/ui/badge.tsx
index 222a234f..3bcf2bea 100644
--- a/src/components/ui/badge.tsx
+++ b/src/components/ui/badge.tsx
@@ -4,7 +4,7 @@ import { cva, type VariantProps } from "class-variance-authority";
 import { cn } from "@app/lib/cn";
 
 const badgeVariants = cva(
-    "inline-flex items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2",
+    "inline-flex items-center rounded-full border px-2.5 py-0.5 text-xs font-semibold transition-colors focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-0",
     {
         variants: {
             variant: {
@@ -16,9 +16,9 @@ const badgeVariants = cva(
                 destructive:
                     "border-transparent bg-destructive text-destructive-foreground",
                 outline: "text-foreground",
-                green: "border-transparent bg-green-500",
-                yellow: "border-transparent bg-yellow-500",
-                red: "border-transparent bg-red-300",
+                green: "border-green-600 bg-green-500/20 text-green-700 dark:text-green-300",
+                yellow: "border-yellow-600 bg-yellow-500/20 text-yellow-700 dark:text-yellow-300",
+                red: "border-red-400 bg-red-300/20 text-red-600 dark:text-red-300",
             },
         },
         defaultVariants: {
diff --git a/src/components/ui/button.tsx b/src/components/ui/button.tsx
index 43f420d7..d77bc39a 100644
--- a/src/components/ui/button.tsx
+++ b/src/components/ui/button.tsx
@@ -6,35 +6,35 @@ import { cn } from "@app/lib/cn";
 import { Loader2 } from "lucide-react";
 
 const buttonVariants = cva(
-    "cursor-pointer inline-flex items-center justify-center rounded-full whitespace-nowrap text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50",
+    "cursor-pointer inline-flex items-center justify-center whitespace-nowrap text-sm font-medium ring-offset-background transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:pointer-events-none disabled:opacity-50",
     {
         variants: {
             variant: {
                 default:
-                    "bg-primary text-primary-foreground hover:bg-primary/90",
+                    "bg-primary text-primary-foreground hover:bg-primary/90 shadow-2xs",
                 destructive:
-                    "bg-destructive text-destructive-foreground hover:bg-destructive/90",
+                    "bg-destructive text-white dark:text-destructive-foreground hover:bg-destructive/90 shadow-2xs",
                 outline:
-                    "border border-input bg-card hover:bg-accent hover:text-accent-foreground",
+                    "border border-input bg-card hover:bg-accent hover:text-accent-foreground shadow-2xs",
                 outlinePrimary:
-                    "border border-primary bg-card hover:bg-primary/10 text-primary",
+                    "border border-primary bg-card hover:bg-primary/10 text-primary shadow-2xs",
                 secondary:
-                    "bg-secondary border border-input border text-secondary-foreground hover:bg-secondary/80",
+                    "bg-secondary border border-input border text-secondary-foreground hover:bg-secondary/80 shadow-2xs",
                 ghost: "hover:bg-accent hover:text-accent-foreground",
                 squareOutlinePrimary:
-                    "border border-primary bg-card hover:bg-primary/10 text-primary rounded-md",
+                    "border border-primary bg-card hover:bg-primary/10 text-primary rounded-md shadow-2xs",
                 squareOutline:
-                    "border border-input bg-card hover:bg-accent hover:text-accent-foreground rounded-md",
+                    "border border-input bg-card hover:bg-accent hover:text-accent-foreground rounded-md shadow-2xs",
                 squareDefault:
-                    "bg-primary text-primary-foreground hover:bg-primary/90 rounded-md",
+                    "bg-primary text-primary-foreground hover:bg-primary/90 rounded-md shadow-2xs",
                 text: "",
                 link: "text-primary underline-offset-4 hover:underline"
             },
             size: {
-                default: "h-9 px-4 py-2",
+                default: "h-9 rounded-md px-3",
                 sm: "h-8 rounded-md px-3",
                 lg: "h-10 rounded-md px-8",
-                icon: "h-9 w-9"
+                icon: "h-9 w-9 rounded-md"
             }
         },
         defaultVariants: {
diff --git a/src/components/ui/checkbox.tsx b/src/components/ui/checkbox.tsx
index ad22b8fa..e1bd4ddc 100644
--- a/src/components/ui/checkbox.tsx
+++ b/src/components/ui/checkbox.tsx
@@ -9,7 +9,7 @@ import { cva, type VariantProps } from "class-variance-authority";
 
 // Define checkbox variants
 const checkboxVariants = cva(
-    "peer h-4 w-4 shrink-0 ring-offset-background focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50",
+    "peer h-4 w-4 shrink-0 ring-offset-background focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:cursor-not-allowed disabled:opacity-50",
     {
         variants: {
             variant: {
diff --git a/src/components/ui/command.tsx b/src/components/ui/command.tsx
index 447bbb44..59e98ed3 100644
--- a/src/components/ui/command.tsx
+++ b/src/components/ui/command.tsx
@@ -1,155 +1,183 @@
 "use client";
 
 import * as React from "react";
-import { type DialogProps } from "@radix-ui/react-dialog";
 import { Command as CommandPrimitive } from "cmdk";
-import { Search } from "lucide-react";
+import { SearchIcon } from "lucide-react";
 
+import {
+    Dialog,
+    DialogContent,
+    DialogDescription,
+    DialogHeader,
+    DialogTitle
+} from "@/components/ui/dialog";
 import { cn } from "@app/lib/cn";
-import { Dialog, DialogContent } from "@/components/ui/dialog";
 
-const Command = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive>
->(({ className, ...props }, ref) => (
-  <CommandPrimitive
-    ref={ref}
-    className={cn(
-      "flex h-full w-full flex-col overflow-hidden rounded-md bg-popover text-popover-foreground",
-      className
-    )}
-    {...props}
-  />
-));
-Command.displayName = CommandPrimitive.displayName;
+function Command({
+    className,
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive>) {
+    return (
+        <CommandPrimitive
+            data-slot="command"
+            className={cn(
+                "bg-popover text-popover-foreground flex h-full w-full flex-col overflow-hidden rounded-md",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-interface CommandDialogProps extends DialogProps {}
+function CommandDialog({
+    title = "Command Palette",
+    description = "Search for a command to run...",
+    children,
+    className,
+    showCloseButton = true,
+    ...props
+}: React.ComponentProps<typeof Dialog> & {
+    title?: string;
+    description?: string;
+    className?: string;
+    showCloseButton?: boolean;
+}) {
+    return (
+        <Dialog {...props}>
+            <DialogHeader className="sr-only">
+                <DialogTitle>{title}</DialogTitle>
+                <DialogDescription>{description}</DialogDescription>
+            </DialogHeader>
+            <DialogContent
+                className={cn("overflow-hidden p-0", className)}
+            >
+                <Command className="[&_[cmdk-group-heading]]:text-muted-foreground **:data-[slot=command-input-wrapper]:h-12 [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:font-medium [&_[cmdk-group]]:px-2 [&_[cmdk-group]:not([hidden])_~[cmdk-group]]:pt-0 [&_[cmdk-input-wrapper]_svg]:h-5 [&_[cmdk-input-wrapper]_svg]:w-5 [&_[cmdk-input]]:h-12 [&_[cmdk-item]]:px-2 [&_[cmdk-item]]:py-3 [&_[cmdk-item]_svg]:h-5 [&_[cmdk-item]_svg]:w-5">
+                    {children}
+                </Command>
+            </DialogContent>
+        </Dialog>
+    );
+}
 
-const CommandDialog = ({ children, ...props }: CommandDialogProps) => {
-  return (
-    <Dialog {...props}>
-      <DialogContent className="overflow-hidden p-0 shadow-lg">
-        <Command className="[&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:font-medium [&_[cmdk-group-heading]]:text-muted-foreground [&_[cmdk-group]:not([hidden])_~[cmdk-group]]:pt-0 [&_[cmdk-group]]:px-2 [&_[cmdk-input-wrapper]_svg]:h-5 [&_[cmdk-input-wrapper]_svg]:w-5 [&_[cmdk-input]]:h-12 [&_[cmdk-item]]:px-2 [&_[cmdk-item]]:py-3 [&_[cmdk-item]_svg]:h-5 [&_[cmdk-item]_svg]:w-5">
-          {children}
-        </Command>
-      </DialogContent>
-    </Dialog>
-  );
-};
+function CommandInput({
+    className,
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive.Input>) {
+    return (
+        <div
+            data-slot="command-input-wrapper"
+            className="flex h-9 items-center gap-2 border-b px-3"
+        >
+            <SearchIcon className="size-4 shrink-0 opacity-50" />
+            <CommandPrimitive.Input
+                data-slot="command-input"
+                className={cn(
+                    "placeholder:text-muted-foreground flex h-10 w-full rounded-md bg-transparent py-3 text-sm outline-hidden disabled:cursor-not-allowed disabled:opacity-50",
+                    className
+                )}
+                {...props}
+            />
+        </div>
+    );
+}
 
-const CommandInput = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive.Input>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive.Input>
->(({ className, ...props }, ref) => (
-  <div className="flex items-center border-b px-3" cmdk-input-wrapper="">
-    <Search className="mr-2 h-4 w-4 shrink-0 opacity-50" />
-    <CommandPrimitive.Input
-      ref={ref}
-      className={cn(
-        "flex h-11 w-full rounded-md bg-transparent py-3 text-base md:text-sm outline-none placeholder:text-muted-foreground disabled:cursor-not-allowed disabled:opacity-50",
-        className
-      )}
-      {...props}
-    />
-  </div>
-));
+function CommandList({
+    className,
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive.List>) {
+    return (
+        <CommandPrimitive.List
+            data-slot="command-list"
+            className={cn(
+                "max-h-[300px] scroll-py-1 overflow-x-hidden overflow-y-auto",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-CommandInput.displayName = CommandPrimitive.Input.displayName;
+function CommandEmpty({
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive.Empty>) {
+    return (
+        <CommandPrimitive.Empty
+            data-slot="command-empty"
+            className="py-6 text-center text-sm"
+            {...props}
+        />
+    );
+}
 
-const CommandList = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive.List>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive.List>
->(({ className, ...props }, ref) => (
-  <CommandPrimitive.List
-    ref={ref}
-    className={cn("max-h-[300px] overflow-y-auto overflow-x-hidden", className)}
-    {...props}
-  />
-));
+function CommandGroup({
+    className,
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive.Group>) {
+    return (
+        <CommandPrimitive.Group
+            data-slot="command-group"
+            className={cn(
+                "text-foreground [&_[cmdk-group-heading]]:text-muted-foreground overflow-hidden p-1 [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:py-1.5 [&_[cmdk-group-heading]]:text-xs [&_[cmdk-group-heading]]:font-medium",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-CommandList.displayName = CommandPrimitive.List.displayName;
+function CommandSeparator({
+    className,
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive.Separator>) {
+    return (
+        <CommandPrimitive.Separator
+            data-slot="command-separator"
+            className={cn("bg-border -mx-1 h-px", className)}
+            {...props}
+        />
+    );
+}
 
-const CommandEmpty = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive.Empty>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive.Empty>
->((props, ref) => (
-  <CommandPrimitive.Empty
-    ref={ref}
-    className="py-6 text-center text-sm"
-    {...props}
-  />
-));
+function CommandItem({
+    className,
+    ...props
+}: React.ComponentProps<typeof CommandPrimitive.Item>) {
+    return (
+        <CommandPrimitive.Item
+            data-slot="command-item"
+            className={cn(
+                "data-[selected=true]:bg-accent data-[selected=true]:text-accent-foreground [&_svg:not([class*='text-'])]:text-muted-foreground relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[disabled=true]:pointer-events-none data-[disabled=true]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-CommandEmpty.displayName = CommandPrimitive.Empty.displayName;
-
-const CommandGroup = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive.Group>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive.Group>
->(({ className, ...props }, ref) => (
-  <CommandPrimitive.Group
-    ref={ref}
-    className={cn(
-      "overflow-hidden p-1 text-foreground [&_[cmdk-group-heading]]:px-2 [&_[cmdk-group-heading]]:py-1.5 [&_[cmdk-group-heading]]:text-xs [&_[cmdk-group-heading]]:font-medium [&_[cmdk-group-heading]]:text-muted-foreground",
-      className
-    )}
-    {...props}
-  />
-));
-
-CommandGroup.displayName = CommandPrimitive.Group.displayName;
-
-const CommandSeparator = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive.Separator>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive.Separator>
->(({ className, ...props }, ref) => (
-  <CommandPrimitive.Separator
-    ref={ref}
-    className={cn("-mx-1 h-px bg-border", className)}
-    {...props}
-  />
-));
-CommandSeparator.displayName = CommandPrimitive.Separator.displayName;
-
-const CommandItem = React.forwardRef<
-  React.ElementRef<typeof CommandPrimitive.Item>,
-  React.ComponentPropsWithoutRef<typeof CommandPrimitive.Item>
->(({ className, ...props }, ref) => (
-  <CommandPrimitive.Item
-    ref={ref}
-    className={cn(
-      "relative flex cursor-default select-none rounded-md items-center px-2 py-1.5 text-sm outline-none data-[disabled=true]:pointer-events-none data-[selected='true']:bg-accent data-[selected=true]:text-accent-foreground data-[disabled=true]:opacity-50",
-      className,
-    )}
-    {...props}
-  />
-));
-
-CommandItem.displayName = CommandPrimitive.Item.displayName;
-
-const CommandShortcut = ({
-  className,
-  ...props
-}: React.HTMLAttributes<HTMLSpanElement>) => {
-  return (
-    <span
-      className={cn(
-        "ml-auto text-xs tracking-widest text-muted-foreground",
-        className
-      )}
-      {...props}
-    />
-  );
-};
-CommandShortcut.displayName = "CommandShortcut";
+function CommandShortcut({
+    className,
+    ...props
+}: React.ComponentProps<"span">) {
+    return (
+        <span
+            data-slot="command-shortcut"
+            className={cn(
+                "text-muted-foreground ml-auto text-xs tracking-widest",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
 export {
-  Command,
-  CommandDialog,
-  CommandInput,
-  CommandList,
-  CommandEmpty,
-  CommandGroup,
-  CommandItem,
-  CommandShortcut,
-  CommandSeparator,
+    Command,
+    CommandDialog,
+    CommandInput,
+    CommandList,
+    CommandEmpty,
+    CommandGroup,
+    CommandItem,
+    CommandShortcut,
+    CommandSeparator
 };
diff --git a/src/components/ui/data-table.tsx b/src/components/ui/data-table.tsx
index c9556052..6b22ddfe 100644
--- a/src/components/ui/data-table.tsx
+++ b/src/components/ui/data-table.tsx
@@ -23,13 +23,14 @@ import { Button } from "@app/components/ui/button";
 import { useState } from "react";
 import { Input } from "@app/components/ui/input";
 import { DataTablePagination } from "@app/components/DataTablePagination";
-import { Plus, Search } from "lucide-react";
+import { Plus, Search, RefreshCw } from "lucide-react";
 import {
     Card,
     CardContent,
     CardHeader,
     CardTitle
 } from "@app/components/ui/card";
+import { useTranslations } from "next-intl";
 
 type DataTableProps<TData, TValue> = {
     columns: ColumnDef<TData, TValue>[];
@@ -37,6 +38,8 @@ type DataTableProps<TData, TValue> = {
     title?: string;
     addButtonText?: string;
     onAdd?: () => void;
+    onRefresh?: () => void;
+    isRefreshing?: boolean;
     searchPlaceholder?: string;
     searchColumn?: string;
     defaultSort?: {
@@ -51,6 +54,8 @@ export function DataTable<TData, TValue>({
     title,
     addButtonText,
     onAdd,
+    onRefresh,
+    isRefreshing,
     searchPlaceholder = "Search...",
     searchColumn = "name",
     defaultSort
@@ -60,6 +65,7 @@ export function DataTable<TData, TValue>({
     );
     const [columnFilters, setColumnFilters] = useState<ColumnFiltersState>([]);
     const [globalFilter, setGlobalFilter] = useState<any>([]);
+    const t = useTranslations();
 
     const table = useReactTable({
         data,
@@ -87,8 +93,8 @@ export function DataTable<TData, TValue>({
     return (
         <div className="container mx-auto max-w-12xl">
             <Card>
-                <CardHeader className="flex flex-row items-center justify-between space-y-0 pb-4">
-                    <div className="flex items-center max-w-sm w-full relative mr-2">
+                <CardHeader className="flex flex-col space-y-4 sm:flex-row sm:items-center sm:justify-between sm:space-y-0 pb-4">
+                    <div className="flex items-center w-full sm:max-w-sm sm:mr-2 relative">
                         <Input
                             placeholder={searchPlaceholder}
                             value={globalFilter ?? ""}
@@ -99,12 +105,26 @@ export function DataTable<TData, TValue>({
                         />
                         <Search className="h-4 w-4 absolute left-2 top-1/2 transform -translate-y-1/2 text-muted-foreground" />
                     </div>
-                    {onAdd && addButtonText && (
-                        <Button onClick={onAdd}>
-                            <Plus className="mr-2 h-4 w-4" />
-                            {addButtonText}
-                        </Button>
-                    )}
+                    <div className="flex items-center gap-2 sm:justify-end">
+                        {onRefresh && (
+                            <Button
+                                variant="outline"
+                                onClick={onRefresh}
+                                disabled={isRefreshing}
+                            >
+                                <RefreshCw
+                                    className={`mr-2 h-4 w-4 ${isRefreshing ? "animate-spin" : ""}`}
+                                />
+                                {t("refresh")}
+                            </Button>
+                        )}
+                        {onAdd && addButtonText && (
+                            <Button onClick={onAdd}>
+                                <Plus className="mr-2 h-4 w-4" />
+                                {addButtonText}
+                            </Button>
+                        )}
+                    </div>
                 </CardHeader>
                 <CardContent>
                     <Table>
diff --git a/src/components/ui/dialog.tsx b/src/components/ui/dialog.tsx
index 33dc0438..da9e6504 100644
--- a/src/components/ui/dialog.tsx
+++ b/src/components/ui/dialog.tsx
@@ -38,13 +38,13 @@ const DialogContent = React.forwardRef<
         <DialogPrimitive.Content
             ref={ref}
             className={cn(
-                "fixed left-[50%] top-[50%] z-50 grid w-full max-w-lg translate-x-[-50%] translate-y-[-50%] gap-4 border bg-card p-6 shadow-lg duration-200 data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-99 data-[state=open]:zoom-in-99 data-[state=closed]:slide-out-to-bottom-[5%] data-[state=open]:slide-in-from-bottom-[5%] sm:rounded-lg",
+                "fixed left-[50%] top-[50%] z-50 grid w-full max-w-lg translate-x-[-50%] translate-y-[-50%] gap-4 border bg-card p-6 shadow-lg duration-200 data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[state=closed]:scale-95 data-[state=open]:scale-100 sm:rounded-lg",
                 className
             )}
             {...props}
         >
             {children}
-            <DialogPrimitive.Close className="absolute right-4 top-4 rounded-sm opacity-70 ring-offset-background transition-opacity hover:opacity-100 focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2 disabled:pointer-events-none data-[state=open]:bg-accent data-[state=open]:text-muted-foreground">
+            <DialogPrimitive.Close className="absolute right-4 top-4 rounded-sm opacity-70 ring-offset-background transition-opacity hover:opacity-100 focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-0 disabled:pointer-events-none data-[state=open]:bg-accent data-[state=open]:text-muted-foreground">
                 <X className="h-4 w-4" />
                 <span className="sr-only">Close</span>
             </DialogPrimitive.Close>
diff --git a/src/components/ui/dropdown-menu.tsx b/src/components/ui/dropdown-menu.tsx
index efe369d8..be0861d8 100644
--- a/src/components/ui/dropdown-menu.tsx
+++ b/src/components/ui/dropdown-menu.tsx
@@ -2,199 +2,263 @@
 
 import * as React from "react";
 import * as DropdownMenuPrimitive from "@radix-ui/react-dropdown-menu";
-import { Check, ChevronRight, Circle } from "lucide-react";
-
+import { CheckIcon, ChevronRightIcon, CircleIcon } from "lucide-react";
 import { cn } from "@app/lib/cn";
 
-const DropdownMenu = DropdownMenuPrimitive.Root;
+function DropdownMenu({
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Root>) {
+    return <DropdownMenuPrimitive.Root data-slot="dropdown-menu" {...props} />;
+}
 
-const DropdownMenuTrigger = DropdownMenuPrimitive.Trigger;
+function DropdownMenuPortal({
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Portal>) {
+    return (
+        <DropdownMenuPrimitive.Portal
+            data-slot="dropdown-menu-portal"
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuGroup = DropdownMenuPrimitive.Group;
+function DropdownMenuTrigger({
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Trigger>) {
+    return (
+        <DropdownMenuPrimitive.Trigger
+            data-slot="dropdown-menu-trigger"
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuPortal = DropdownMenuPrimitive.Portal;
+function DropdownMenuContent({
+    className,
+    sideOffset = 4,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Content>) {
+    return (
+        <DropdownMenuPrimitive.Portal>
+            <DropdownMenuPrimitive.Content
+                data-slot="dropdown-menu-content"
+                sideOffset={sideOffset}
+                className={cn(
+                    "bg-popover text-popover-foreground data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 max-h-(--radix-dropdown-menu-content-available-height) min-w-[8rem] origin-(--radix-dropdown-menu-content-transform-origin) overflow-x-hidden overflow-y-auto rounded-md border p-1 shadow-md",
+                    className
+                )}
+                {...props}
+            />
+        </DropdownMenuPrimitive.Portal>
+    );
+}
 
-const DropdownMenuSub = DropdownMenuPrimitive.Sub;
+function DropdownMenuGroup({
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Group>) {
+    return (
+        <DropdownMenuPrimitive.Group
+            data-slot="dropdown-menu-group"
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuRadioGroup = DropdownMenuPrimitive.RadioGroup;
+function DropdownMenuItem({
+    className,
+    inset,
+    variant = "default",
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Item> & {
+    inset?: boolean;
+    variant?: "default" | "destructive";
+}) {
+    return (
+        <DropdownMenuPrimitive.Item
+            data-slot="dropdown-menu-item"
+            data-inset={inset}
+            data-variant={variant}
+            className={cn(
+                "focus:bg-accent focus:text-accent-foreground data-[variant=destructive]:text-destructive data-[variant=destructive]:focus:bg-destructive/10 dark:data-[variant=destructive]:focus:bg-destructive/20 data-[variant=destructive]:focus:text-destructive data-[variant=destructive]:*:[svg]:!text-destructive [&_svg:not([class*='text-'])]:text-muted-foreground relative flex cursor-default items-center gap-2 rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 data-[inset]:pl-8 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuSubTrigger = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.SubTrigger>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.SubTrigger> & {
-    inset?: boolean
-  }
->(({ className, inset, children, ...props }, ref) => (
-  <DropdownMenuPrimitive.SubTrigger
-    ref={ref}
-    className={cn(
-      "flex cursor-default select-none items-center rounded-sm px-2 py-1.5 text-sm outline-none focus:bg-accent data-[state=open]:bg-accent",
-      inset && "pl-8",
-      className
-    )}
-    {...props}
-  >
-    {children}
-    <ChevronRight className="ml-auto h-4 w-4" />
-  </DropdownMenuPrimitive.SubTrigger>
-));
-DropdownMenuSubTrigger.displayName =
-  DropdownMenuPrimitive.SubTrigger.displayName;
+function DropdownMenuCheckboxItem({
+    className,
+    children,
+    checked,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.CheckboxItem>) {
+    return (
+        <DropdownMenuPrimitive.CheckboxItem
+            data-slot="dropdown-menu-checkbox-item"
+            className={cn(
+                "focus:bg-accent focus:text-accent-foreground relative flex cursor-default items-center gap-2 rounded-sm py-1.5 pr-2 pl-8 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
+                className
+            )}
+            checked={checked}
+            {...props}
+        >
+            <span className="pointer-events-none absolute left-2 flex size-3.5 items-center justify-center">
+                <DropdownMenuPrimitive.ItemIndicator>
+                    <CheckIcon className="size-4" />
+                </DropdownMenuPrimitive.ItemIndicator>
+            </span>
+            {children}
+        </DropdownMenuPrimitive.CheckboxItem>
+    );
+}
 
-const DropdownMenuSubContent = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.SubContent>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.SubContent>
->(({ className, ...props }, ref) => (
-  <DropdownMenuPrimitive.SubContent
-    ref={ref}
-    className={cn(
-      "z-50 min-w-[8rem] overflow-hidden rounded-md border bg-popover p-1 text-popover-foreground shadow-lg data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
-      className
-    )}
-    {...props}
-  />
-));
-DropdownMenuSubContent.displayName =
-  DropdownMenuPrimitive.SubContent.displayName;
+function DropdownMenuRadioGroup({
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.RadioGroup>) {
+    return (
+        <DropdownMenuPrimitive.RadioGroup
+            data-slot="dropdown-menu-radio-group"
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuContent = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.Content>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.Content>
->(({ className, sideOffset = 4, ...props }, ref) => (
-  <DropdownMenuPrimitive.Portal>
-    <DropdownMenuPrimitive.Content
-      ref={ref}
-      sideOffset={sideOffset}
-      className={cn(
-        "z-50 min-w-[8rem] overflow-hidden rounded-md border bg-popover p-1 text-foreground shadow-md data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
-        className
-      )}
-      {...props}
-    />
-  </DropdownMenuPrimitive.Portal>
-));
-DropdownMenuContent.displayName = DropdownMenuPrimitive.Content.displayName;
+function DropdownMenuRadioItem({
+    className,
+    children,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.RadioItem>) {
+    return (
+        <DropdownMenuPrimitive.RadioItem
+            data-slot="dropdown-menu-radio-item"
+            className={cn(
+                "focus:bg-accent focus:text-accent-foreground relative flex cursor-default items-center gap-2 rounded-sm py-1.5 pr-2 pl-8 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4",
+                className
+            )}
+            {...props}
+        >
+            <span className="pointer-events-none absolute left-2 flex size-3.5 items-center justify-center">
+                <DropdownMenuPrimitive.ItemIndicator>
+                    <CircleIcon className="size-2 fill-current" />
+                </DropdownMenuPrimitive.ItemIndicator>
+            </span>
+            {children}
+        </DropdownMenuPrimitive.RadioItem>
+    );
+}
 
-const DropdownMenuItem = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.Item>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.Item> & {
-    inset?: boolean
-  }
->(({ className, inset, ...props }, ref) => (
-  <DropdownMenuPrimitive.Item
-    ref={ref}
-    className={cn(
-      "relative flex cursor-default select-none items-center rounded-sm px-2 py-1.5 text-sm outline-none transition-colors focus:bg-accent focus:text-accent-foreground data-[disabled]:pointer-events-none data-[disabled]:opacity-50",
-      inset && "pl-8",
-      className
-    )}
-    {...props}
-  />
-));
-DropdownMenuItem.displayName = DropdownMenuPrimitive.Item.displayName;
+function DropdownMenuLabel({
+    className,
+    inset,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Label> & {
+    inset?: boolean;
+}) {
+    return (
+        <DropdownMenuPrimitive.Label
+            data-slot="dropdown-menu-label"
+            data-inset={inset}
+            className={cn(
+                "px-2 py-1.5 text-sm font-medium data-[inset]:pl-8",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuCheckboxItem = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.CheckboxItem>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.CheckboxItem>
->(({ className, children, checked, ...props }, ref) => (
-  <DropdownMenuPrimitive.CheckboxItem
-    ref={ref}
-    className={cn(
-      "relative flex cursor-default select-none items-center rounded-sm py-1.5 pl-8 pr-2 text-sm outline-none transition-colors focus:bg-accent focus:text-accent-foreground data-[disabled]:pointer-events-none data-[disabled]:opacity-50",
-      className
-    )}
-    checked={checked}
-    {...props}
-  >
-    <span className="absolute left-2 flex h-3.5 w-3.5 items-center justify-center">
-      <DropdownMenuPrimitive.ItemIndicator>
-        <Check className="h-4 w-4" />
-      </DropdownMenuPrimitive.ItemIndicator>
-    </span>
-    {children}
-  </DropdownMenuPrimitive.CheckboxItem>
-));
-DropdownMenuCheckboxItem.displayName =
-  DropdownMenuPrimitive.CheckboxItem.displayName;
+function DropdownMenuSeparator({
+    className,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Separator>) {
+    return (
+        <DropdownMenuPrimitive.Separator
+            data-slot="dropdown-menu-separator"
+            className={cn("bg-border -mx-1 my-1 h-px", className)}
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuRadioItem = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.RadioItem>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.RadioItem>
->(({ className, children, ...props }, ref) => (
-  <DropdownMenuPrimitive.RadioItem
-    ref={ref}
-    className={cn(
-      "relative flex cursor-default select-none items-center rounded-sm py-1.5 pl-8 pr-2 text-sm outline-none transition-colors focus:bg-accent focus:text-accent-foreground data-[disabled]:pointer-events-none data-[disabled]:opacity-50",
-      className
-    )}
-    {...props}
-  >
-    <span className="absolute left-2 flex h-3.5 w-3.5 items-center justify-center">
-      <DropdownMenuPrimitive.ItemIndicator>
-        <Circle className="h-2 w-2 fill-current" />
-      </DropdownMenuPrimitive.ItemIndicator>
-    </span>
-    {children}
-  </DropdownMenuPrimitive.RadioItem>
-));
-DropdownMenuRadioItem.displayName = DropdownMenuPrimitive.RadioItem.displayName;
+function DropdownMenuShortcut({
+    className,
+    ...props
+}: React.ComponentProps<"span">) {
+    return (
+        <span
+            data-slot="dropdown-menu-shortcut"
+            className={cn(
+                "text-muted-foreground ml-auto text-xs tracking-widest",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-const DropdownMenuLabel = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.Label>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.Label> & {
-    inset?: boolean
-  }
->(({ className, inset, ...props }, ref) => (
-  <DropdownMenuPrimitive.Label
-    ref={ref}
-    className={cn(
-      "px-2 py-1.5 text-sm font-semibold",
-      inset && "pl-8",
-      className
-    )}
-    {...props}
-  />
-));
-DropdownMenuLabel.displayName = DropdownMenuPrimitive.Label.displayName;
+function DropdownMenuSub({
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.Sub>) {
+    return (
+        <DropdownMenuPrimitive.Sub data-slot="dropdown-menu-sub" {...props} />
+    );
+}
 
-const DropdownMenuSeparator = React.forwardRef<
-  React.ElementRef<typeof DropdownMenuPrimitive.Separator>,
-  React.ComponentPropsWithoutRef<typeof DropdownMenuPrimitive.Separator>
->(({ className, ...props }, ref) => (
-  <DropdownMenuPrimitive.Separator
-    ref={ref}
-    className={cn("-mx-1 my-1 h-px bg-muted", className)}
-    {...props}
-  />
-));
-DropdownMenuSeparator.displayName = DropdownMenuPrimitive.Separator.displayName;
+function DropdownMenuSubTrigger({
+    className,
+    inset,
+    children,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.SubTrigger> & {
+    inset?: boolean;
+}) {
+    return (
+        <DropdownMenuPrimitive.SubTrigger
+            data-slot="dropdown-menu-sub-trigger"
+            data-inset={inset}
+            className={cn(
+                "focus:bg-accent focus:text-accent-foreground data-[state=open]:bg-accent data-[state=open]:text-accent-foreground flex cursor-default items-center rounded-sm px-2 py-1.5 text-sm outline-hidden select-none data-[inset]:pl-8",
+                className
+            )}
+            {...props}
+        >
+            {children}
+            <ChevronRightIcon className="ml-auto size-4" />
+        </DropdownMenuPrimitive.SubTrigger>
+    );
+}
 
-const DropdownMenuShortcut = ({
-  className,
-  ...props
-}: React.HTMLAttributes<HTMLSpanElement>) => {
-  return (
-    <span
-      className={cn("ml-auto text-xs tracking-widest opacity-60", className)}
-      {...props}
-    />
-  );
-};
-DropdownMenuShortcut.displayName = "DropdownMenuShortcut";
+function DropdownMenuSubContent({
+    className,
+    ...props
+}: React.ComponentProps<typeof DropdownMenuPrimitive.SubContent>) {
+    return (
+        <DropdownMenuPrimitive.SubContent
+            data-slot="dropdown-menu-sub-content"
+            className={cn(
+                "bg-popover text-popover-foreground data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 min-w-[8rem] origin-(--radix-dropdown-menu-content-transform-origin) overflow-hidden rounded-md border p-1 shadow-lg",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
 export {
-  DropdownMenu,
-  DropdownMenuTrigger,
-  DropdownMenuContent,
-  DropdownMenuItem,
-  DropdownMenuCheckboxItem,
-  DropdownMenuRadioItem,
-  DropdownMenuLabel,
-  DropdownMenuSeparator,
-  DropdownMenuShortcut,
-  DropdownMenuGroup,
-  DropdownMenuPortal,
-  DropdownMenuSub,
-  DropdownMenuSubContent,
-  DropdownMenuSubTrigger,
-  DropdownMenuRadioGroup,
+    DropdownMenu,
+    DropdownMenuPortal,
+    DropdownMenuTrigger,
+    DropdownMenuContent,
+    DropdownMenuGroup,
+    DropdownMenuLabel,
+    DropdownMenuItem,
+    DropdownMenuCheckboxItem,
+    DropdownMenuRadioGroup,
+    DropdownMenuRadioItem,
+    DropdownMenuSeparator,
+    DropdownMenuShortcut,
+    DropdownMenuSub,
+    DropdownMenuSubTrigger,
+    DropdownMenuSubContent
 };
diff --git a/src/components/ui/form.tsx b/src/components/ui/form.tsx
index 963404e7..1d9a7250 100644
--- a/src/components/ui/form.tsx
+++ b/src/components/ui/form.tsx
@@ -5,15 +5,16 @@ import * as LabelPrimitive from "@radix-ui/react-label";
 import { Slot } from "@radix-ui/react-slot";
 import {
     Controller,
-    ControllerProps,
-    FieldPath,
-    FieldValues,
     FormProvider,
-    useFormContext
+    useFormContext,
+    useFormState,
+    type ControllerProps,
+    type FieldPath,
+    type FieldValues
 } from "react-hook-form";
 
-import { cn } from "@app/lib/cn";
 import { Label } from "@/components/ui/label";
+import { cn } from "@app/lib/cn";
 
 const Form = FormProvider;
 
@@ -44,8 +45,8 @@ const FormField = <
 const useFormField = () => {
     const fieldContext = React.useContext(FormFieldContext);
     const itemContext = React.useContext(FormItemContext);
-    const { getFieldState, formState } = useFormContext();
-
+    const { getFieldState } = useFormContext();
+    const formState = useFormState({ name: fieldContext.name });
     const fieldState = getFieldState(fieldContext.name, formState);
 
     if (!fieldContext) {
@@ -72,47 +73,44 @@ const FormItemContext = React.createContext<FormItemContextValue>(
     {} as FormItemContextValue
 );
 
-const FormItem = React.forwardRef<
-    HTMLDivElement,
-    React.HTMLAttributes<HTMLDivElement>
->(({ className, ...props }, ref) => {
+function FormItem({ className, ...props }: React.ComponentProps<"div">) {
     const id = React.useId();
 
     return (
         <FormItemContext.Provider value={{ id }}>
-            <div ref={ref} className={cn("space-y-2", className)} {...props} />
+            <div
+                data-slot="form-item"
+                className={cn("grid gap-2", className)}
+                {...props}
+            />
         </FormItemContext.Provider>
     );
-});
-FormItem.displayName = "FormItem";
+}
 
-const FormLabel = React.forwardRef<
-    React.ElementRef<typeof LabelPrimitive.Root>,
-    React.ComponentPropsWithoutRef<typeof LabelPrimitive.Root>
->(({ className, ...props }, ref) => {
+function FormLabel({
+    className,
+    ...props
+}: React.ComponentProps<typeof LabelPrimitive.Root>) {
     const { error, formItemId } = useFormField();
 
     return (
         <Label
-            ref={ref}
-            className={cn(error && "text-destructive", className)}
+            data-slot="form-label"
+            data-error={!!error}
+            className={cn("data-[error=true]:text-destructive", className)}
             htmlFor={formItemId}
             {...props}
         />
     );
-});
-FormLabel.displayName = "FormLabel";
+}
 
-const FormControl = React.forwardRef<
-    React.ElementRef<typeof Slot>,
-    React.ComponentPropsWithoutRef<typeof Slot>
->(({ ...props }, ref) => {
+function FormControl({ ...props }: React.ComponentProps<typeof Slot>) {
     const { error, formItemId, formDescriptionId, formMessageId } =
         useFormField();
 
     return (
         <Slot
-            ref={ref}
+            data-slot="form-control"
             id={formItemId}
             aria-describedby={
                 !error
@@ -123,32 +121,24 @@ const FormControl = React.forwardRef<
             {...props}
         />
     );
-});
-FormControl.displayName = "FormControl";
+}
 
-const FormDescription = React.forwardRef<
-    HTMLParagraphElement,
-    React.HTMLAttributes<HTMLParagraphElement>
->(({ className, ...props }, ref) => {
+function FormDescription({ className, ...props }: React.ComponentProps<"p">) {
     const { formDescriptionId } = useFormField();
 
     return (
         <p
-            ref={ref}
+            data-slot="form-description"
             id={formDescriptionId}
-            className={cn("text-sm text-muted-foreground", className)}
+            className={cn("text-muted-foreground text-sm", className)}
             {...props}
         />
     );
-});
-FormDescription.displayName = "FormDescription";
+}
 
-const FormMessage = React.forwardRef<
-    HTMLParagraphElement,
-    React.HTMLAttributes<HTMLParagraphElement>
->(({ className, children, ...props }, ref) => {
+function FormMessage({ className, ...props }: React.ComponentProps<"p">) {
     const { error, formMessageId } = useFormField();
-    const body = error ? String(error?.message) : children;
+    const body = error ? String(error?.message ?? "") : props.children;
 
     if (!body) {
         return null;
@@ -156,16 +146,15 @@ const FormMessage = React.forwardRef<
 
     return (
         <p
-            ref={ref}
+            data-slot="form-message"
             id={formMessageId}
-            className={cn("text-sm font-medium text-destructive", className)}
+            className={cn("text-destructive text-sm", className)}
             {...props}
         >
             {body}
         </p>
     );
-});
-FormMessage.displayName = "FormMessage";
+}
 
 export {
     useFormField,
diff --git a/src/components/ui/input-otp.tsx b/src/components/ui/input-otp.tsx
index efa4141d..9293541d 100644
--- a/src/components/ui/input-otp.tsx
+++ b/src/components/ui/input-otp.tsx
@@ -2,70 +2,80 @@
 
 import * as React from "react";
 import { OTPInput, OTPInputContext } from "input-otp";
-import { Dot } from "lucide-react";
-
+import { MinusIcon } from "lucide-react";
 import { cn } from "@app/lib/cn";
 
-const InputOTP = React.forwardRef<
-  React.ElementRef<typeof OTPInput>,
-  React.ComponentPropsWithoutRef<typeof OTPInput> & { obscured?: boolean }
->(({ className, containerClassName, obscured = false, ...props }, ref) => (
-  <OTPInput
-    ref={ref}
-    containerClassName={cn(
-      "flex items-center gap-2 has-[:disabled]:opacity-50",
-      containerClassName
-    )}
-    className={cn("disabled:cursor-not-allowed", className)}
-    {...props}
-  />
-));
-InputOTP.displayName = "InputOTP";
+function InputOTP({
+    className,
+    containerClassName,
+    obscured = false,
+    ...props
+}: React.ComponentProps<typeof OTPInput> & {
+    containerClassName?: string;
+    obscured?: boolean;
+}) {
+    return (
+        <OTPInput
+            data-slot="input-otp"
+            containerClassName={cn(
+                "flex items-center gap-2 has-disabled:opacity-50",
+                containerClassName
+            )}
+            className={cn("disabled:cursor-not-allowed", className)}
+            {...props}
+        />
+    );
+}
 
-const InputOTPGroup = React.forwardRef<
-  React.ElementRef<"div">,
-  React.ComponentPropsWithoutRef<"div">
->(({ className, ...props }, ref) => (
-  <div ref={ref} className={cn("flex items-center", className)} {...props} />
-));
-InputOTPGroup.displayName = "InputOTPGroup";
+function InputOTPGroup({ className, ...props }: React.ComponentProps<"div">) {
+    return (
+        <div
+            data-slot="input-otp-group"
+            className={cn("flex items-center", className)}
+            {...props}
+        />
+    );
+}
 
-const InputOTPSlot = React.forwardRef<
-  React.ElementRef<"div">,
-  React.ComponentPropsWithoutRef<"div"> & { index: number; obscured?: boolean }
->(({ index, className, obscured = false, ...props }, ref) => {
-  const inputOTPContext = React.useContext(OTPInputContext);
-  const { char, hasFakeCaret, isActive } = inputOTPContext.slots[index];
+function InputOTPSlot({
+    index,
+    className,
+    obscured = false,
+    ...props
+}: React.ComponentProps<"div"> & {
+    index: number;
+    obscured?: boolean;
+}) {
+    const inputOTPContext = React.useContext(OTPInputContext);
+    const { char, hasFakeCaret, isActive } =
+        inputOTPContext?.slots[index] ?? {};
 
-  return (
-    <div
-      ref={ref}
-      className={cn(
-        "relative flex h-10 w-10 items-center justify-center border-y border-r border-input text-base md:text-sm transition-all first:rounded-l-md first:border-l last:rounded-r-md",
-        isActive && "z-10 ring-2 ring-ring ring-offset-background",
-        className
-      )}
-      {...props}
-    >
-      {char && obscured ? "•" : char}
-      {hasFakeCaret && (
-        <div className="pointer-events-none absolute inset-0 flex items-center justify-center">
-          <div className="h-4 w-px animate-caret-blink bg-foreground duration-1000" />
+    return (
+        <div
+            data-slot="input-otp-slot"
+            data-active={isActive}
+            className={cn(
+                "data-[active=true]:border-ring data-[active=true]:ring-ring/50 data-[active=true]:aria-invalid:ring-destructive/20 dark:data-[active=true]:aria-invalid:ring-destructive/40 aria-invalid:border-destructive data-[active=true]:aria-invalid:border-destructive border-input relative flex h-9 w-9 items-center justify-center border-y border-r text-sm shadow-xs transition-all outline-none first:rounded-l-md first:border-l last:rounded-r-md data-[active=true]:z-10 data-[active=true]:ring-[3px]",
+                className
+            )}
+            {...props}
+        >
+            {char && obscured ? "•" : char}
+            {hasFakeCaret && (
+                <div className="pointer-events-none absolute inset-0 flex items-center justify-center">
+                    <div className="animate-caret-blink bg-foreground h-4 w-px duration-1000" />
+                </div>
+            )}
         </div>
-      )}
-    </div>
-  );
-});
-InputOTPSlot.displayName = "InputOTPSlot";
+    );
+}
 
-const InputOTPSeparator = React.forwardRef<
-  React.ElementRef<"div">,
-  React.ComponentPropsWithoutRef<"div">
->(({ ...props }, ref) => (
-  <div ref={ref} role="separator" {...props}>
-    <Dot />
-  </div>
-));
-InputOTPSeparator.displayName = "InputOTPSeparator";
+function InputOTPSeparator({ ...props }: React.ComponentProps<"div">) {
+    return (
+        <div data-slot="input-otp-separator" role="separator" {...props}>
+            <MinusIcon />
+        </div>
+    );
+}
 
 export { InputOTP, InputOTPGroup, InputOTPSlot, InputOTPSeparator };
diff --git a/src/components/ui/input.tsx b/src/components/ui/input.tsx
index 9a085cb2..880a44b7 100644
--- a/src/components/ui/input.tsx
+++ b/src/components/ui/input.tsx
@@ -14,8 +14,11 @@ const Input = React.forwardRef<HTMLInputElement, InputProps>(
             <div className="relative">
                 <input
                     type={showPassword ? "text" : "password"}
+                    data-slot="input"
                     className={cn(
-                        "flex h-9 w-full rounded-md border border-input bg-card px-3 py-2 text-base md:text-sm ring-offset-background file:border-0 file:bg-transparent file:text-base md:file:text-sm file:font-medium file:text-foreground placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50",
+                        "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base inset-shadow-2xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
+                        "focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]",
+                        "aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive",
                         className
                     )}
                     ref={ref}
@@ -38,8 +41,11 @@ const Input = React.forwardRef<HTMLInputElement, InputProps>(
         ) : (
             <input
                 type={type}
+                data-slot="input"
                 className={cn(
-                    "flex h-9 w-full rounded-md border border-input bg-card px-3 py-2 text-base md:text-sm ring-offset-background file:border-0 file:bg-transparent file:text-base md:file:text-sm file:font-medium file:text-foreground placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50",
+                    "file:text-foreground placeholder:text-muted-foreground selection:bg-primary selection:text-primary-foreground border-input flex h-9 w-full min-w-0 rounded-md border bg-transparent px-3 py-1 text-base inset-shadow-2xs transition-[color,box-shadow] outline-none file:inline-flex file:h-7 file:border-0 file:bg-transparent file:text-sm file:font-medium disabled:pointer-events-none disabled:cursor-not-allowed disabled:opacity-50 md:text-sm",
+                    "focus-visible:border-ring focus-visible:ring-ring/50 focus-visible:ring-[3px]",
+                    "aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive",
                     className
                 )}
                 ref={ref}
diff --git a/src/components/ui/label.tsx b/src/components/ui/label.tsx
index c6dad5be..19890a93 100644
--- a/src/components/ui/label.tsx
+++ b/src/components/ui/label.tsx
@@ -2,25 +2,22 @@
 
 import * as React from "react";
 import * as LabelPrimitive from "@radix-ui/react-label";
-import { cva, type VariantProps } from "class-variance-authority";
-
 import { cn } from "@app/lib/cn";
 
-const labelVariants = cva(
-    "text-sm font-medium leading-none peer-disabled:cursor-not-allowed peer-disabled:opacity-70"
-);
-
-const Label = React.forwardRef<
-    React.ElementRef<typeof LabelPrimitive.Root>,
-    React.ComponentPropsWithoutRef<typeof LabelPrimitive.Root> &
-    VariantProps<typeof labelVariants>
->(({ className, ...props }, ref) => (
-    <LabelPrimitive.Root
-        ref={ref}
-        className={cn(labelVariants(), className)}
-        {...props}
-    />
-));
-Label.displayName = LabelPrimitive.Root.displayName;
+function Label({
+    className,
+    ...props
+}: React.ComponentProps<typeof LabelPrimitive.Root>) {
+    return (
+        <LabelPrimitive.Root
+            data-slot="label"
+            className={cn(
+                "flex items-center gap-2 text-sm leading-none font-medium select-none group-data-[disabled=true]:pointer-events-none group-data-[disabled=true]:opacity-50 peer-disabled:cursor-not-allowed peer-disabled:opacity-50",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
 export { Label };
diff --git a/src/components/ui/popover.tsx b/src/components/ui/popover.tsx
index 715fa61c..07cdc3f5 100644
--- a/src/components/ui/popover.tsx
+++ b/src/components/ui/popover.tsx
@@ -2,39 +2,46 @@
 
 import * as React from "react";
 import * as PopoverPrimitive from "@radix-ui/react-popover";
-
 import { cn } from "@app/lib/cn";
 
-const Popover = PopoverPrimitive.Root;
+function Popover({
+    ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Root>) {
+    return <PopoverPrimitive.Root data-slot="popover" {...props} />;
+}
 
-const PopoverTrigger = React.forwardRef<
-    React.ElementRef<typeof PopoverPrimitive.Trigger>,
-    React.ComponentPropsWithoutRef<typeof PopoverPrimitive.Trigger>
->(({ className, ...props }, ref) => (
-    <PopoverPrimitive.Trigger
-        ref={ref}
-        className={cn(className, "rounded-md")}
-        {...props}
-    />
-));
+function PopoverTrigger({
+    ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Trigger>) {
+    return <PopoverPrimitive.Trigger data-slot="popover-trigger" {...props} />;
+}
 
-const PopoverContent = React.forwardRef<
-  React.ElementRef<typeof PopoverPrimitive.Content>,
-  React.ComponentPropsWithoutRef<typeof PopoverPrimitive.Content>
->(({ className, align = "center", sideOffset = 4, ...props }, ref) => (
-  <PopoverPrimitive.Portal>
-    <PopoverPrimitive.Content
-      ref={ref}
-      align={align}
-      sideOffset={sideOffset}
-      className={cn(
-        "z-50 w-72 rounded-md border bg-popover p-4 text-popover-foreground shadow-md outline-none data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
-        className
-      )}
-      {...props}
-    />
-  </PopoverPrimitive.Portal>
-));
-PopoverContent.displayName = PopoverPrimitive.Content.displayName;
+function PopoverContent({
+    className,
+    align = "center",
+    sideOffset = 4,
+    ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Content>) {
+    return (
+        <PopoverPrimitive.Portal>
+            <PopoverPrimitive.Content
+                data-slot="popover-content"
+                align={align}
+                sideOffset={sideOffset}
+                className={cn(
+                    "bg-popover text-popover-foreground data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 w-72 origin-(--radix-popover-content-transform-origin) rounded-md border p-4 shadow-md outline-hidden",
+                    className
+                )}
+                {...props}
+            />
+        </PopoverPrimitive.Portal>
+    );
+}
 
-export { Popover, PopoverTrigger, PopoverContent };
+function PopoverAnchor({
+    ...props
+}: React.ComponentProps<typeof PopoverPrimitive.Anchor>) {
+    return <PopoverPrimitive.Anchor data-slot="popover-anchor" {...props} />;
+}
+
+export { Popover, PopoverTrigger, PopoverContent, PopoverAnchor };
diff --git a/src/components/ui/progress.tsx b/src/components/ui/progress.tsx
index e101715d..b24a2ba3 100644
--- a/src/components/ui/progress.tsx
+++ b/src/components/ui/progress.tsx
@@ -3,24 +3,60 @@
 import * as React from "react";
 import * as ProgressPrimitive from "@radix-ui/react-progress";
 import { cn } from "@app/lib/cn";
+import { cva, type VariantProps } from "class-variance-authority";
+
+const progressVariants = cva(
+    "border relative h-2 w-full overflow-hidden rounded-full",
+    {
+        variants: {
+            variant: {
+                default: "bg-muted",
+                success: "bg-muted",
+                warning: "bg-muted", 
+                danger: "bg-muted"
+            }
+        },
+        defaultVariants: {
+            variant: "default"
+        }
+    }
+);
+
+const indicatorVariants = cva(
+    "h-full w-full flex-1 transition-all",
+    {
+        variants: {
+            variant: {
+                default: "bg-primary",
+                success: "bg-green-500",
+                warning: "bg-yellow-500",
+                danger: "bg-red-500"
+            }
+        },
+        defaultVariants: {
+            variant: "default"
+        }
+    }
+);
+
+type ProgressProps = React.ComponentProps<typeof ProgressPrimitive.Root> & 
+    VariantProps<typeof progressVariants>;
 
 function Progress({
     className,
     value,
+    variant,
     ...props
-}: React.ComponentProps<typeof ProgressPrimitive.Root>) {
+}: ProgressProps) {
     return (
         <ProgressPrimitive.Root
             data-slot="progress"
-            className={cn(
-                "border relative h-2 w-full overflow-hidden rounded-full",
-                className
-            )}
+            className={cn(progressVariants({ variant }), className)}
             {...props}
         >
             <ProgressPrimitive.Indicator
                 data-slot="progress-indicator"
-                className="bg-primary h-full w-full flex-1 transition-all"
+                className={cn(indicatorVariants({ variant }))}
                 style={{ transform: `translateX(-${100 - (value || 0)}%)` }}
             />
         </ProgressPrimitive.Root>
diff --git a/src/components/ui/radio-group.tsx b/src/components/ui/radio-group.tsx
index edce7ce9..8bf35454 100644
--- a/src/components/ui/radio-group.tsx
+++ b/src/components/ui/radio-group.tsx
@@ -28,7 +28,7 @@ const RadioGroupItem = React.forwardRef<
     <RadioGroupPrimitive.Item
       ref={ref}
       className={cn(
-        "aspect-square h-4 w-4 rounded-full border border-primary text-primary ring-offset-background focus:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50",
+        "aspect-square h-4 w-4 rounded-full border border-primary text-primary ring-offset-background focus:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:cursor-not-allowed disabled:opacity-50",
         className
       )}
       {...props}
diff --git a/src/components/ui/select.tsx b/src/components/ui/select.tsx
index 214e3712..db231e17 100644
--- a/src/components/ui/select.tsx
+++ b/src/components/ui/select.tsx
@@ -2,160 +2,189 @@
 
 import * as React from "react";
 import * as SelectPrimitive from "@radix-ui/react-select";
-import { Check, ChevronDown, ChevronUp } from "lucide-react";
-
+import { CheckIcon, ChevronDownIcon, ChevronUpIcon } from "lucide-react";
 import { cn } from "@app/lib/cn";
 
-const Select = SelectPrimitive.Root;
+function Select({
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Root>) {
+    return <SelectPrimitive.Root data-slot="select" {...props} />;
+}
 
-const SelectGroup = SelectPrimitive.Group;
+function SelectGroup({
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Group>) {
+    return <SelectPrimitive.Group data-slot="select-group" {...props} />;
+}
 
-const SelectValue = SelectPrimitive.Value;
+function SelectValue({
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Value>) {
+    return <SelectPrimitive.Value data-slot="select-value" {...props} />;
+}
 
-const SelectTrigger = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.Trigger>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Trigger>
->(({ className, children, ...props }, ref) => (
-  <SelectPrimitive.Trigger
-    ref={ref}
-    className={cn(
-      "flex h-9 w-full items-center justify-between border border-input bg-card px-3 py-2 text-base md:text-sm ring-offset-background placeholder:text-muted-foreground focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50 [&>span]:line-clamp-1",
-      "rounded-md",
-      className
-    )}
-    {...props}
-  >
-    {children}
-    <SelectPrimitive.Icon asChild>
-      <ChevronDown className="h-4 w-4 opacity-50" />
-    </SelectPrimitive.Icon>
-  </SelectPrimitive.Trigger>
-));
-SelectTrigger.displayName = SelectPrimitive.Trigger.displayName;
+function SelectTrigger({
+    className,
+    size = "default",
+    children,
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Trigger> & {
+    size?: "sm" | "default";
+}) {
+    return (
+        <SelectPrimitive.Trigger
+            data-slot="select-trigger"
+            data-size={size}
+            className={cn(
+                "border-input data-[placeholder]:text-muted-foreground [&_svg:not([class*='text-'])]:text-muted-foreground focus-visible:border-ring focus-visible:ring-ring/50 aria-invalid:ring-destructive/20 dark:aria-invalid:ring-destructive/40 aria-invalid:border-destructive cursor-pointer flex w-fit items-center justify-between gap-2 rounded-md border bg-transparent px-3 py-2 text-sm whitespace-nowrap shadow-xs transition-[color,box-shadow] outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50 data-[size=default]:h-9 data-[size=sm]:h-8 *:data-[slot=select-value]:line-clamp-1 *:data-[slot=select-value]:flex *:data-[slot=select-value]:items-center *:data-[slot=select-value]:gap-2 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 w-full",
+                className
+            )}
+            {...props}
+        >
+            {children}
+            <SelectPrimitive.Icon asChild>
+                <ChevronDownIcon className="size-4 opacity-50" />
+            </SelectPrimitive.Icon>
+        </SelectPrimitive.Trigger>
+    );
+}
 
-const SelectScrollUpButton = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.ScrollUpButton>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.ScrollUpButton>
->(({ className, ...props }, ref) => (
-  <SelectPrimitive.ScrollUpButton
-    ref={ref}
-    className={cn(
-      "flex cursor-default items-center justify-center py-1",
-      className
-    )}
-    {...props}
-  >
-    <ChevronUp className="h-4 w-4" />
-  </SelectPrimitive.ScrollUpButton>
-));
-SelectScrollUpButton.displayName = SelectPrimitive.ScrollUpButton.displayName;
+function SelectContent({
+    className,
+    children,
+    position = "popper",
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Content>) {
+    return (
+        <SelectPrimitive.Portal>
+            <SelectPrimitive.Content
+                data-slot="select-content"
+                className={cn(
+                    "bg-popover text-popover-foreground data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 relative z-50 max-h-(--radix-select-content-available-height) min-w-[8rem] origin-(--radix-select-content-transform-origin) overflow-x-hidden overflow-y-auto rounded-md border shadow-md",
+                    position === "popper" &&
+                        "data-[side=bottom]:translate-y-1 data-[side=left]:-translate-x-1 data-[side=right]:translate-x-1 data-[side=top]:-translate-y-1",
+                    className
+                )}
+                position={position}
+                {...props}
+            >
+                <SelectScrollUpButton />
+                <SelectPrimitive.Viewport
+                    className={cn(
+                        "p-1",
+                        position === "popper" &&
+                            "h-[var(--radix-select-trigger-height)] w-full min-w-[var(--radix-select-trigger-width)] scroll-my-1"
+                    )}
+                >
+                    {children}
+                </SelectPrimitive.Viewport>
+                <SelectScrollDownButton />
+            </SelectPrimitive.Content>
+        </SelectPrimitive.Portal>
+    );
+}
 
-const SelectScrollDownButton = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.ScrollDownButton>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.ScrollDownButton>
->(({ className, ...props }, ref) => (
-  <SelectPrimitive.ScrollDownButton
-    ref={ref}
-    className={cn(
-      "flex cursor-default items-center justify-center py-1",
-      className
-    )}
-    {...props}
-  >
-    <ChevronDown className="h-4 w-4" />
-  </SelectPrimitive.ScrollDownButton>
-));
-SelectScrollDownButton.displayName =
-  SelectPrimitive.ScrollDownButton.displayName;
+function SelectLabel({
+    className,
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Label>) {
+    return (
+        <SelectPrimitive.Label
+            data-slot="select-label"
+            className={cn(
+                "text-muted-foreground px-2 py-1.5 text-xs",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-const SelectContent = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.Content>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Content>
->(({ className, children, position = "popper", ...props }, ref) => (
-  <SelectPrimitive.Portal>
-    <SelectPrimitive.Content
-      ref={ref}
-      className={cn(
-        "relative z-50 max-h-96 min-w-[8rem] overflow-hidden rounded-md border bg-popover text-popover-foreground shadow-md data-[state=open]:animate-in data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=open]:fade-in-0 data-[state=closed]:zoom-out-95 data-[state=open]:zoom-in-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2",
-        position === "popper" &&
-          "data-[side=bottom]:translate-y-1 data-[side=left]:-translate-x-1 data-[side=right]:translate-x-1 data-[side=top]:-translate-y-1",
-        className
-      )}
-      position={position}
-      {...props}
-    >
-      <SelectScrollUpButton />
-      <SelectPrimitive.Viewport
-        className={cn(
-          "p-1",
-          position === "popper" &&
-            "h-[var(--radix-select-trigger-height)] w-full min-w-[var(--radix-select-trigger-width)]"
-        )}
-      >
-        {children}
-      </SelectPrimitive.Viewport>
-      <SelectScrollDownButton />
-    </SelectPrimitive.Content>
-  </SelectPrimitive.Portal>
-));
-SelectContent.displayName = SelectPrimitive.Content.displayName;
+function SelectItem({
+    className,
+    children,
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Item>) {
+    return (
+        <SelectPrimitive.Item
+            data-slot="select-item"
+            className={cn(
+                "focus:bg-accent focus:text-accent-foreground [&_svg:not([class*='text-'])]:text-muted-foreground relative flex w-full cursor-default items-center gap-2 rounded-sm py-1.5 pr-8 pl-2 text-sm outline-hidden select-none data-[disabled]:pointer-events-none data-[disabled]:opacity-50 [&_svg]:pointer-events-none [&_svg]:shrink-0 [&_svg:not([class*='size-'])]:size-4 *:[span]:last:flex *:[span]:last:items-center *:[span]:last:gap-2",
+                className
+            )}
+            {...props}
+        >
+            <span className="absolute right-2 flex size-3.5 items-center justify-center">
+                <SelectPrimitive.ItemIndicator>
+                    <CheckIcon className="size-4" />
+                </SelectPrimitive.ItemIndicator>
+            </span>
+            <SelectPrimitive.ItemText>{children}</SelectPrimitive.ItemText>
+        </SelectPrimitive.Item>
+    );
+}
 
-const SelectLabel = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.Label>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Label>
->(({ className, ...props }, ref) => (
-  <SelectPrimitive.Label
-    ref={ref}
-    className={cn("py-1.5 pl-8 pr-2 text-sm font-semibold", className)}
-    {...props}
-  />
-));
-SelectLabel.displayName = SelectPrimitive.Label.displayName;
+function SelectSeparator({
+    className,
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.Separator>) {
+    return (
+        <SelectPrimitive.Separator
+            data-slot="select-separator"
+            className={cn(
+                "bg-border pointer-events-none -mx-1 my-1 h-px",
+                className
+            )}
+            {...props}
+        />
+    );
+}
 
-const SelectItem = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.Item>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Item>
->(({ className, children, ...props }, ref) => (
-  <SelectPrimitive.Item
-    ref={ref}
-    className={cn(
-      "relative flex w-full cursor-default select-none items-center rounded-sm py-1.5 pl-8 pr-2 text-sm outline-none focus:bg-accent focus:text-accent-foreground data-[disabled]:pointer-events-none data-[disabled]:opacity-50",
-      className
-    )}
-    {...props}
-  >
-    <span className="absolute left-2 flex h-3.5 w-3.5 items-center justify-center">
-      <SelectPrimitive.ItemIndicator>
-        <Check className="h-4 w-4" />
-      </SelectPrimitive.ItemIndicator>
-    </span>
+function SelectScrollUpButton({
+    className,
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.ScrollUpButton>) {
+    return (
+        <SelectPrimitive.ScrollUpButton
+            data-slot="select-scroll-up-button"
+            className={cn(
+                "flex cursor-default items-center justify-center py-1",
+                className
+            )}
+            {...props}
+        >
+            <ChevronUpIcon className="size-4" />
+        </SelectPrimitive.ScrollUpButton>
+    );
+}
 
-    <SelectPrimitive.ItemText>{children}</SelectPrimitive.ItemText>
-  </SelectPrimitive.Item>
-));
-SelectItem.displayName = SelectPrimitive.Item.displayName;
-
-const SelectSeparator = React.forwardRef<
-  React.ElementRef<typeof SelectPrimitive.Separator>,
-  React.ComponentPropsWithoutRef<typeof SelectPrimitive.Separator>
->(({ className, ...props }, ref) => (
-  <SelectPrimitive.Separator
-    ref={ref}
-    className={cn("-mx-1 my-1 h-px bg-muted", className)}
-    {...props}
-  />
-));
-SelectSeparator.displayName = SelectPrimitive.Separator.displayName;
+function SelectScrollDownButton({
+    className,
+    ...props
+}: React.ComponentProps<typeof SelectPrimitive.ScrollDownButton>) {
+    return (
+        <SelectPrimitive.ScrollDownButton
+            data-slot="select-scroll-down-button"
+            className={cn(
+                "flex cursor-default items-center justify-center py-1",
+                className
+            )}
+            {...props}
+        >
+            <ChevronDownIcon className="size-4" />
+        </SelectPrimitive.ScrollDownButton>
+    );
+}
 
 export {
-  Select,
-  SelectGroup,
-  SelectValue,
-  SelectTrigger,
-  SelectContent,
-  SelectLabel,
-  SelectItem,
-  SelectSeparator,
-  SelectScrollUpButton,
-  SelectScrollDownButton,
+    Select,
+    SelectContent,
+    SelectGroup,
+    SelectItem,
+    SelectLabel,
+    SelectScrollDownButton,
+    SelectScrollUpButton,
+    SelectSeparator,
+    SelectTrigger,
+    SelectValue
 };
diff --git a/src/components/ui/sheet.tsx b/src/components/ui/sheet.tsx
index e3f5b4d6..931ae411 100644
--- a/src/components/ui/sheet.tsx
+++ b/src/components/ui/sheet.tsx
@@ -65,7 +65,7 @@ const SheetContent = React.forwardRef<
       {...props}
     >
       {children}
-      {/* <SheetPrimitive.Close className="absolute right-4 top-4 rounded-sm opacity-70 ring-offset-background transition-opacity hover:opacity-100 focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2 disabled:pointer-events-none data-[state=open]:bg-secondary"> */}
+      {/* <SheetPrimitive.Close className="absolute right-4 top-4 rounded-sm opacity-70 ring-offset-background transition-opacity hover:opacity-100 focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-0 disabled:pointer-events-none data-[state=open]:bg-secondary"> */}
       {/*   <X className="h-4 w-4" /> */}
       {/*   <span className="sr-only">Close</span> */}
       {/* </SheetPrimitive.Close> */}
diff --git a/src/components/ui/switch.tsx b/src/components/ui/switch.tsx
index 4eecee3a..6c22e133 100644
--- a/src/components/ui/switch.tsx
+++ b/src/components/ui/switch.tsx
@@ -1,29 +1,30 @@
 "use client";
 
 import * as React from "react";
-import * as SwitchPrimitives from "@radix-ui/react-switch";
-
+import * as SwitchPrimitive from "@radix-ui/react-switch";
 import { cn } from "@app/lib/cn";
 
-const Switch = React.forwardRef<
-  React.ElementRef<typeof SwitchPrimitives.Root>,
-  React.ComponentPropsWithoutRef<typeof SwitchPrimitives.Root>
->(({ className, ...props }, ref) => (
-  <SwitchPrimitives.Root
-    className={cn(
-      "peer inline-flex h-5 w-9 shrink-0 cursor-pointer items-center rounded-full border border-transparent transition-colors focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 focus-visible:ring-offset-background disabled:cursor-not-allowed disabled:opacity-50 data-[state=checked]:bg-primary data-[state=unchecked]:bg-input",
-      className
-    )}
-    {...props}
-    ref={ref}
-  >
-    <SwitchPrimitives.Thumb
-      className={cn(
-        "pointer-events-none block h-4 w-4 rounded-full bg-background shadow-lg ring-0 transition-transform data-[state=checked]:translate-x-4 data-[state=unchecked]:translate-x-0.5"
-      )}
-    />
-  </SwitchPrimitives.Root>
-));
-Switch.displayName = SwitchPrimitives.Root.displayName;
+function Switch({
+    className,
+    ...props
+}: React.ComponentProps<typeof SwitchPrimitive.Root>) {
+    return (
+        <SwitchPrimitive.Root
+            data-slot="switch"
+            className={cn(
+                "cursor-pointer peer data-[state=checked]:bg-primary data-[state=unchecked]:bg-input focus-visible:border-ring focus-visible:ring-ring/50 dark:data-[state=unchecked]:bg-input/80 inline-flex h-[1.15rem] w-8 shrink-0 items-center rounded-full border border-transparent transition-all outline-none focus-visible:ring-[3px] disabled:cursor-not-allowed disabled:opacity-50",
+                className
+            )}
+            {...props}
+        >
+            <SwitchPrimitive.Thumb
+                data-slot="switch-thumb"
+                className={cn(
+                    "cursor-pointer bg-background dark:data-[state=unchecked]:bg-foreground dark:data-[state=checked]:bg-primary-foreground pointer-events-none block size-3.5 rounded-full ring-0 transition-transform data-[state=checked]:translate-x-[calc(112%-2px)] data-[state=unchecked]:translate-x-[calc(18%)]"
+                )}
+            />
+        </SwitchPrimitive.Root>
+    );
+}
 
 export { Switch };
diff --git a/src/components/ui/tabs.tsx b/src/components/ui/tabs.tsx
index b11c16c0..7fa26a9e 100644
--- a/src/components/ui/tabs.tsx
+++ b/src/components/ui/tabs.tsx
@@ -29,7 +29,7 @@ const TabsTrigger = React.forwardRef<
   <TabsPrimitive.Trigger
     ref={ref}
     className={cn(
-      "inline-flex items-center justify-center whitespace-nowrap rounded-sm px-3 py-1.5 text-sm font-medium ring-offset-background transition-all focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:bg-background data-[state=active]:text-foreground",
+      "inline-flex items-center justify-center whitespace-nowrap rounded-sm px-3 py-1.5 text-sm font-medium ring-offset-background transition-all focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:pointer-events-none disabled:opacity-50 data-[state=active]:bg-background data-[state=active]:text-foreground",
       className
     )}
     {...props}
@@ -44,7 +44,7 @@ const TabsContent = React.forwardRef<
   <TabsPrimitive.Content
     ref={ref}
     className={cn(
-      "mt-6 ring-offset-background focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2",
+      "mt-6 ring-offset-background focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0",
       className
     )}
     {...props}
diff --git a/src/components/ui/textarea.tsx b/src/components/ui/textarea.tsx
index 9e5c16bd..dcfc646d 100644
--- a/src/components/ui/textarea.tsx
+++ b/src/components/ui/textarea.tsx
@@ -10,7 +10,7 @@ const Textarea = React.forwardRef<HTMLTextAreaElement, TextareaProps>(
     return (
       <textarea
         className={cn(
-          "flex min-h-[80px] w-full rounded-md border border-input bg-card px-3 py-2 text-sm ring-offset-background placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-2 disabled:cursor-not-allowed disabled:opacity-50",
+          "flex min-h-[80px] w-full rounded-md border border-input bg-card px-3 py-2 text-sm ring-offset-background placeholder:text-muted-foreground focus-visible:outline-none focus-visible:ring-2 focus-visible:ring-ring focus-visible:ring-offset-0 disabled:cursor-not-allowed disabled:opacity-50",
           className
         )}
         ref={ref}
diff --git a/src/components/ui/toast.tsx b/src/components/ui/toast.tsx
index 39615568..c723859c 100644
--- a/src/components/ui/toast.tsx
+++ b/src/components/ui/toast.tsx
@@ -10,120 +10,120 @@ import { cn } from "@app/lib/cn";
 const ToastProvider = ToastPrimitives.Provider;
 
 const ToastViewport = React.forwardRef<
-  React.ElementRef<typeof ToastPrimitives.Viewport>,
-  React.ComponentPropsWithoutRef<typeof ToastPrimitives.Viewport>
+    React.ElementRef<typeof ToastPrimitives.Viewport>,
+    React.ComponentPropsWithoutRef<typeof ToastPrimitives.Viewport>
 >(({ className, ...props }, ref) => (
-  <ToastPrimitives.Viewport
-    ref={ref}
-    className={cn(
-      "fixed top-0 right-0 z-[100] flex max-h-screen w-full flex-col-reverse p-4 md:max-w-[420px]",
-      className
-    )}
-    {...props}
-  />
+    <ToastPrimitives.Viewport
+        ref={ref}
+        className={cn(
+            "fixed bottom-0 left-0 z-[100] flex max-h-screen w-full flex-col-reverse p-4 md:max-w-[420px]",
+            className
+        )}
+        {...props}
+    />
 ));
 ToastViewport.displayName = ToastPrimitives.Viewport.displayName;
 
 const toastVariants = cva(
-  "group pointer-events-auto relative flex w-full items-center justify-between space-x-4 overflow-hidden rounded-md border p-3 pr-8 transition-all  data-[swipe=cancel]:translate-x-0  data-[swipe=end]:translate-x-[var(--radix-toast-swipe-end-x)]  data-[swipe=move]:translate-x-[var(--radix-toast-swipe-move-x)]  data-[swipe=move]:transition-none  data-[state=open]:animate-in data-[state=open]:fade-in  data-[state=closed]:animate-out data-[state=closed]:fade-out data-[swipe=end]:animate-out",
-  {
-    variants: {
-      variant: {
-        default: "border bg-card text-foreground",
-        destructive:
-          "destructive group border-destructive bg-destructive text-destructive-foreground",
-      },
-    },
-    defaultVariants: {
-      variant: "default",
-    },
-  }
+    "shadow-sm group pointer-events-auto relative flex w-full items-center justify-between space-x-4 overflow-hidden rounded-md border p-3 pr-8 transition-all  data-[swipe=cancel]:translate-x-0  data-[swipe=end]:translate-x-[var(--radix-toast-swipe-end-x)]  data-[swipe=move]:translate-x-[var(--radix-toast-swipe-move-x)]  data-[swipe=move]:transition-none  data-[state=open]:animate-in data-[state=open]:fade-in  data-[state=closed]:animate-out data-[state=closed]:fade-out data-[swipe=end]:animate-out",
+    {
+        variants: {
+            variant: {
+                default: "border bg-card text-foreground",
+                destructive:
+                    "destructive group border-destructive bg-destructive text-white dark:text-destructive-foreground"
+            }
+        },
+        defaultVariants: {
+            variant: "default"
+        }
+    }
 );
 
 const Toast = React.forwardRef<
-  React.ElementRef<typeof ToastPrimitives.Root>,
-  React.ComponentPropsWithoutRef<typeof ToastPrimitives.Root> &
-    VariantProps<typeof toastVariants>
+    React.ElementRef<typeof ToastPrimitives.Root>,
+    React.ComponentPropsWithoutRef<typeof ToastPrimitives.Root> &
+        VariantProps<typeof toastVariants>
 >(({ className, variant, ...props }, ref) => {
-  return (
-    <ToastPrimitives.Root
-      ref={ref}
-      className={cn(toastVariants({ variant }), className)}
-      {...props}
-    />
-  );
+    return (
+        <ToastPrimitives.Root
+            ref={ref}
+            className={cn(toastVariants({ variant }), className)}
+            {...props}
+        />
+    );
 });
 Toast.displayName = ToastPrimitives.Root.displayName;
 
 const ToastAction = React.forwardRef<
-  React.ElementRef<typeof ToastPrimitives.Action>,
-  React.ComponentPropsWithoutRef<typeof ToastPrimitives.Action>
+    React.ElementRef<typeof ToastPrimitives.Action>,
+    React.ComponentPropsWithoutRef<typeof ToastPrimitives.Action>
 >(({ className, ...props }, ref) => (
-  <ToastPrimitives.Action
-    ref={ref}
-    className={cn(
-      "inline-flex h-8 shrink-0 items-center justify-center rounded-md border bg-transparent px-3 text-sm font-medium ring-offset-background transition-colors hover:bg-secondary focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-2 disabled:pointer-events-none disabled:opacity-50 group-[.destructive]:border-muted/40 group-[.destructive]:hover:border-destructive/30 group-[.destructive]:hover:bg-destructive group-[.destructive]:hover:text-destructive-foreground group-[.destructive]:focus:ring-destructive",
-      className
-    )}
-    {...props}
-  />
+    <ToastPrimitives.Action
+        ref={ref}
+        className={cn(
+            "inline-flex h-8 shrink-0 items-center justify-center rounded-md border bg-transparent px-3 text-sm font-medium ring-offset-background transition-colors hover:bg-secondary focus:outline-none focus:ring-2 focus:ring-ring focus:ring-offset-0 disabled:pointer-events-none disabled:opacity-50 group-[.destructive]:border-muted/40 group-[.destructive]:hover:border-destructive/30 group-[.destructive]:hover:bg-destructive group-[.destructive]:hover:text-destructive-foreground group-[.destructive]:focus:ring-destructive",
+            className
+        )}
+        {...props}
+    />
 ));
 ToastAction.displayName = ToastPrimitives.Action.displayName;
 
 const ToastClose = React.forwardRef<
-  React.ElementRef<typeof ToastPrimitives.Close>,
-  React.ComponentPropsWithoutRef<typeof ToastPrimitives.Close>
+    React.ElementRef<typeof ToastPrimitives.Close>,
+    React.ComponentPropsWithoutRef<typeof ToastPrimitives.Close>
 >(({ className, ...props }, ref) => (
-  <ToastPrimitives.Close
-    ref={ref}
-    className={cn(
-      "absolute right-2 top-2 rounded-md p-1 text-foreground/50 opacity-0 transition-opacity hover:text-foreground focus:opacity-100 focus:outline-none focus:ring-2 group-hover:opacity-100 group-[.destructive]:text-red-300 group-[.destructive]:hover:text-red-50 group-[.destructive]:focus:ring-red-400 group-[.destructive]:focus:ring-offset-red-600",
-      className
-    )}
-    toast-close=""
-    {...props}
-  >
-    <X className="h-4 w-4" />
-  </ToastPrimitives.Close>
+    <ToastPrimitives.Close
+        ref={ref}
+        className={cn(
+            "absolute right-2 top-2 rounded-md p-1 text-foreground/50 opacity-0 transition-opacity hover:text-foreground focus:opacity-100 focus:outline-none focus:ring-2 group-hover:opacity-100 group-[.destructive]:text-red-300 group-[.destructive]:hover:text-red-50 group-[.destructive]:focus:ring-red-400 group-[.destructive]:focus:ring-offset-red-600",
+            className
+        )}
+        toast-close=""
+        {...props}
+    >
+        <X className="h-4 w-4" />
+    </ToastPrimitives.Close>
 ));
 ToastClose.displayName = ToastPrimitives.Close.displayName;
 
 const ToastTitle = React.forwardRef<
-  React.ElementRef<typeof ToastPrimitives.Title>,
-  React.ComponentPropsWithoutRef<typeof ToastPrimitives.Title>
+    React.ElementRef<typeof ToastPrimitives.Title>,
+    React.ComponentPropsWithoutRef<typeof ToastPrimitives.Title>
 >(({ className, ...props }, ref) => (
-  <ToastPrimitives.Title
-    ref={ref}
-    className={cn("text-sm font-semibold", className)}
-    {...props}
-  />
+    <ToastPrimitives.Title
+        ref={ref}
+        className={cn("text-sm font-semibold", className)}
+        {...props}
+    />
 ));
 ToastTitle.displayName = ToastPrimitives.Title.displayName;
 
 const ToastDescription = React.forwardRef<
-  React.ElementRef<typeof ToastPrimitives.Description>,
-  React.ComponentPropsWithoutRef<typeof ToastPrimitives.Description>
+    React.ElementRef<typeof ToastPrimitives.Description>,
+    React.ComponentPropsWithoutRef<typeof ToastPrimitives.Description>
 >(({ className, ...props }, ref) => (
-  <ToastPrimitives.Description
-    ref={ref}
-    className={cn("text-sm opacity-90", className)}
-    {...props}
-  />
+    <ToastPrimitives.Description
+        ref={ref}
+        className={cn("text-sm opacity-90", className)}
+        {...props}
+    />
 ));
 ToastDescription.displayName = ToastPrimitives.Description.displayName;
 
-type ToastProps = React.ComponentPropsWithoutRef<typeof Toast>
+type ToastProps = React.ComponentPropsWithoutRef<typeof Toast>;
 
-type ToastActionElement = React.ReactElement<typeof ToastAction>
+type ToastActionElement = React.ReactElement<typeof ToastAction>;
 
 export {
-  type ToastProps,
-  type ToastActionElement,
-  ToastProvider,
-  ToastViewport,
-  Toast,
-  ToastTitle,
-  ToastDescription,
-  ToastClose,
-  ToastAction,
+    type ToastProps,
+    type ToastActionElement,
+    ToastProvider,
+    ToastViewport,
+    Toast,
+    ToastTitle,
+    ToastDescription,
+    ToastClose,
+    ToastAction
 };
diff --git a/src/components/ui/toaster.tsx b/src/components/ui/toaster.tsx
index 79a87d26..ca64fc06 100644
--- a/src/components/ui/toaster.tsx
+++ b/src/components/ui/toaster.tsx
@@ -2,34 +2,42 @@
 
 import { useToast } from "@/hooks/useToast";
 import {
-  Toast,
-  ToastClose,
-  ToastDescription,
-  ToastProvider,
-  ToastTitle,
-  ToastViewport,
+    Toast,
+    ToastClose,
+    ToastDescription,
+    ToastProvider,
+    ToastTitle,
+    ToastViewport
 } from "@/components/ui/toast";
 
 export function Toaster() {
-  const { toasts } = useToast();
+    const { toasts } = useToast();
 
-  return (
-    <ToastProvider>
-      {toasts.map(function ({ id, title, description, action, ...props }) {
-        return (
-          <Toast key={id} {...props} className="mt-2">
-            <div className="grid gap-1">
-              {title && <ToastTitle>{title}</ToastTitle>}
-              {description && (
-                <ToastDescription>{description}</ToastDescription>
-              )}
-            </div>
-            {action}
-            <ToastClose />
-          </Toast>
-        );
-      })}
-      <ToastViewport />
-    </ToastProvider>
-  );
+    return (
+        <ToastProvider>
+            {toasts.map(function ({
+                id,
+                title,
+                description,
+                action,
+                ...props
+            }) {
+                return (
+                    <Toast key={id} {...props} className="mt-2">
+                        <div className="grid gap-1">
+                            {title && <ToastTitle>{title}</ToastTitle>}
+                            {description && (
+                                <ToastDescription>
+                                    {description}
+                                </ToastDescription>
+                            )}
+                        </div>
+                        {action}
+                        <ToastClose />
+                    </Toast>
+                );
+            })}
+            <ToastViewport />
+        </ToastProvider>
+    );
 }
diff --git a/src/components/ui/tooltip.tsx b/src/components/ui/tooltip.tsx
new file mode 100644
index 00000000..ae0b6a69
--- /dev/null
+++ b/src/components/ui/tooltip.tsx
@@ -0,0 +1,60 @@
+"use client";
+
+import * as React from "react";
+import * as TooltipPrimitive from "@radix-ui/react-tooltip";
+import { cn } from "@app/lib/cn";
+
+function TooltipProvider({
+    delayDuration = 0,
+    ...props
+}: React.ComponentProps<typeof TooltipPrimitive.Provider>) {
+    return (
+        <TooltipPrimitive.Provider
+            data-slot="tooltip-provider"
+            delayDuration={delayDuration}
+            {...props}
+        />
+    );
+}
+
+function Tooltip({
+    ...props
+}: React.ComponentProps<typeof TooltipPrimitive.Root>) {
+    return (
+        <TooltipProvider>
+            <TooltipPrimitive.Root data-slot="tooltip" {...props} />
+        </TooltipProvider>
+    );
+}
+
+function TooltipTrigger({
+    ...props
+}: React.ComponentProps<typeof TooltipPrimitive.Trigger>) {
+    return <TooltipPrimitive.Trigger data-slot="tooltip-trigger" {...props} />;
+}
+
+function TooltipContent({
+    className,
+    sideOffset = 0,
+    children,
+    ...props
+}: React.ComponentProps<typeof TooltipPrimitive.Content>) {
+    return (
+        <TooltipPrimitive.Portal>
+            <TooltipPrimitive.Content
+                data-slot="tooltip-content"
+                sideOffset={sideOffset}
+                className={cn(
+                    "bg-primary text-primary-foreground animate-in fade-in-0 zoom-in-95 data-[state=closed]:animate-out data-[state=closed]:fade-out-0 data-[state=closed]:zoom-out-95 data-[side=bottom]:slide-in-from-top-2 data-[side=left]:slide-in-from-right-2 data-[side=right]:slide-in-from-left-2 data-[side=top]:slide-in-from-bottom-2 z-50 w-fit origin-(--radix-tooltip-content-transform-origin) rounded-md px-3 py-1.5 text-xs text-balance",
+                    className
+                )}
+                {...props}
+            >
+                {children}
+                <TooltipPrimitive.Arrow className="bg-primary fill-primary z-50 size-2.5 translate-y-[calc(-50%_-_2px)] rotate-45 rounded-[2px]" />
+            </TooltipPrimitive.Content>
+        </TooltipPrimitive.Portal>
+    );
+}
+
+export { Tooltip, TooltipTrigger, TooltipContent, TooltipProvider };
diff --git a/src/contexts/clientContext.ts b/src/contexts/clientContext.ts
new file mode 100644
index 00000000..4ed8dc81
--- /dev/null
+++ b/src/contexts/clientContext.ts
@@ -0,0 +1,11 @@
+import { GetClientResponse } from "@server/routers/client/getClient";
+import { createContext } from "react";
+
+interface ClientContextType {
+    client: GetClientResponse;
+    updateClient: (updatedClient: Partial<GetClientResponse>) => void;
+}
+
+const ClientContext = createContext<ClientContextType | undefined>(undefined);
+
+export default ClientContext;
diff --git a/src/hooks/useClientContext.ts b/src/hooks/useClientContext.ts
new file mode 100644
index 00000000..fa958939
--- /dev/null
+++ b/src/hooks/useClientContext.ts
@@ -0,0 +1,10 @@
+import ClientContext from "@app/contexts/clientContext";
+import { useContext } from "react";
+
+export function useClientContext() {
+    const context = useContext(ClientContext);
+    if (context === undefined) {
+        throw new Error('useSiteContext must be used within a SiteProvider');
+    }
+    return context;
+}
\ No newline at end of file
diff --git a/src/lib/pullEnv.ts b/src/lib/pullEnv.ts
index 3f829436..39d8b66a 100644
--- a/src/lib/pullEnv.ts
+++ b/src/lib/pullEnv.ts
@@ -36,10 +36,16 @@ export function pullEnv(): Env {
                     : false,
             allowRawResources:
                 process.env.FLAGS_ALLOW_RAW_RESOURCES === "true" ? true : false,
-            allowBaseDomainResources:
-                process.env.FLAGS_ALLOW_BASE_DOMAIN_RESOURCES === "true"
+            disableLocalSites:
+                process.env.FLAGS_DISABLE_LOCAL_SITES === "true" ? true : false,
+            disableBasicWireguardSites:
+                process.env.FLAGS_DISABLE_BASIC_WIREGUARD_SITES === "true"
                     ? true
-                    : false
-        }
+                    : false,
+            enableClients:
+                process.env.FLAGS_ENABLE_CLIENTS === "true" ? true : false,
+            hideSupporterKey:
+                process.env.HIDE_SUPPORTER_KEY === "true" ? true : false
+        },
     };
 }
diff --git a/src/lib/types/env.ts b/src/lib/types/env.ts
index 80593ad7..a01b9cfd 100644
--- a/src/lib/types/env.ts
+++ b/src/lib/types/env.ts
@@ -21,6 +21,9 @@ export type Env = {
         disableUserCreateOrg: boolean;
         emailVerificationRequired: boolean;
         allowRawResources: boolean;
-        allowBaseDomainResources: boolean;
-    };
+        disableLocalSites: boolean;
+        disableBasicWireguardSites: boolean;
+        enableClients: boolean;
+        hideSupporterKey: boolean;
+    },
 };
diff --git a/src/providers/ClientProvider.tsx b/src/providers/ClientProvider.tsx
new file mode 100644
index 00000000..5e89acd8
--- /dev/null
+++ b/src/providers/ClientProvider.tsx
@@ -0,0 +1,40 @@
+"use client";
+
+import ClientContext from "@app/contexts/clientContext";
+import { GetClientResponse } from "@server/routers/client/getClient";
+import { useState } from "react";
+
+interface ClientProviderProps {
+    children: React.ReactNode;
+    client: GetClientResponse;
+}
+
+export function ClientProvider({
+    children,
+    client: serverClient
+}: ClientProviderProps) {
+    const [client, setClient] = useState<GetClientResponse>(serverClient);
+
+    const updateClient = (updatedClient: Partial<GetClientResponse>) => {
+        if (!client) {
+            throw new Error("No client to update");
+        }
+        setClient((prev) => {
+            if (!prev) {
+                return prev;
+            }
+            return {
+                ...prev,
+                ...updatedClient
+            };
+        });
+    };
+
+    return (
+        <ClientContext.Provider value={{ client, updateClient }}>
+            {children}
+        </ClientContext.Provider>
+    );
+}
+
+export default ClientProvider;