Bump recharts from 2.15.4 to 3.7.0

Bumps [recharts](https://github.com/recharts/recharts) from 2.15.4 to 3.7.0. - [Release notes](https://github.com/recharts/recharts/releases) - [Changelog](https://github.com/recharts/recharts/blob/main/CHANGELOG.md) - [Commits](https://github.com/recharts/recharts/compare/v2.15.4...v3.7.0) --- updated-dependencies: - dependency-name: recharts dependency-version: 3.7.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
2026-03-04 01:36:39 +00:00 · 2026-02-26 01:44:25 +00:00
127 changed files with 586 additions and 1029 deletions
--- a/6
+++ b/6
@@ -1,5 +1,4 @@
-# FROM node:24-slim AS base
-FROM public.ecr.aws/docker/library/node:24-slim AS base
+FROM node:24-slim AS base

 WORKDIR /app

@@ -32,8 +31,7 @@ FROM base AS builder

 RUN npm ci --omit=dev

-# FROM node:24-slim AS runner
-FROM public.ecr.aws/docker/library/node:24-slim AS runner
+FROM node:24-slim AS runner

 WORKDIR /app

--- a/docker-compose.example.yml
+++ b/docker-compose.example.yml
@@ -4,12 +4,6 @@ services:
    image: fosrl/pangolin:latest
    container_name: pangolin
    restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          memory: 1g
-        reservations:
-          memory: 256m
    volumes:
      - ./config:/app/config
    healthcheck:
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -4,12 +4,6 @@ services:
    image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{.PangolinVersion}}
    container_name: pangolin
    restart: unless-stopped
-    deploy:
-      resources:
-        limits:
-          memory: 1g
-        reservations:
-          memory: 256m
    volumes:
      - ./config:/app/config
    healthcheck:
--- a/messages/en-US.json
+++ b/messages/en-US.json
@@ -1102,12 +1102,6 @@
    "actionGetUser": "Get User",
    "actionGetOrgUser": "Get Organization User",
    "actionListOrgDomains": "List Organization Domains",
-    "actionGetDomain": "Get Domain",
-    "actionCreateOrgDomain": "Create Domain",
-    "actionUpdateOrgDomain": "Update Domain",
-    "actionDeleteOrgDomain": "Delete Domain",
-    "actionGetDNSRecords": "Get DNS Records",
-    "actionRestartOrgDomain": "Restart Domain",
    "actionCreateSite": "Create Site",
    "actionDeleteSite": "Delete Site",
    "actionGetSite": "Get Site",
@@ -1676,10 +1670,10 @@
    "sshSudoModeCommandsDescription": "User can run only the specified commands with sudo.",
    "sshSudo": "Allow sudo",
    "sshSudoCommands": "Sudo Commands",
-    "sshSudoCommandsDescription": "Comma separated list of commands the user is allowed to run with sudo.",
+    "sshSudoCommandsDescription": "List of commands the user is allowed to run with sudo.",
    "sshCreateHomeDir": "Create Home Directory",
    "sshUnixGroups": "Unix Groups",
-    "sshUnixGroupsDescription": "Comma separated Unix groups to add the user to on the target host.",
+    "sshUnixGroupsDescription": "Unix groups to add the user to on the target host.",
    "retryAttempts": "Retry Attempts",
    "expectedResponseCodes": "Expected Response Codes",
    "expectedResponseCodesDescription": "HTTP status code that indicates healthy status. If left blank, 200-300 is considered healthy.",
--- a/package-lock.json
+++ b/package-lock.json
@@ -85,7 +85,7 @@
                "react-easy-sort": "1.8.0",
                "react-hook-form": "7.71.2",
                "react-icons": "5.5.0",
-                "recharts": "2.15.4",
+                "recharts": "3.7.0",
                "reodotdev": "1.0.0",
                "resend": "6.9.2",
                "semver": "7.7.4",
@@ -1354,15 +1354,6 @@
                "node": ">=6.0.0"
            }
        },
-        "node_modules/@babel/runtime": {
-            "version": "7.28.4",
-            "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.28.4.tgz",
-            "integrity": "sha512-Q/N6JNWvIvPnLDvjlE1OUBLPQHH6l3CltCEsHIujp45zQUSSh8K+gHnaEX45yAT1nyngnINhvWtzN+Nb9D8RAQ==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=6.9.0"
-            }
-        },
        "node_modules/@babel/template": {
            "version": "7.27.2",
            "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.27.2.tgz",
@@ -7934,6 +7925,42 @@
                "react": "^16.8.0 || ^17.0.0-rc.1 || ^18.0.0 || ^19.0.0-rc.1"
            }
        },
+        "node_modules/@reduxjs/toolkit": {
+            "version": "2.11.2",
+            "resolved": "https://registry.npmjs.org/@reduxjs/toolkit/-/toolkit-2.11.2.tgz",
+            "integrity": "sha512-Kd6kAHTA6/nUpp8mySPqj3en3dm0tdMIgbttnQ1xFMVpufoj+ADi8pXLBsd4xzTRHQa7t/Jv8W5UnCuW4kuWMQ==",
+            "license": "MIT",
+            "dependencies": {
+                "@standard-schema/spec": "^1.0.0",
+                "@standard-schema/utils": "^0.3.0",
+                "immer": "^11.0.0",
+                "redux": "^5.0.1",
+                "redux-thunk": "^3.1.0",
+                "reselect": "^5.1.0"
+            },
+            "peerDependencies": {
+                "react": "^16.9.0 || ^17.0.0 || ^18 || ^19",
+                "react-redux": "^7.2.1 || ^8.1.3 || ^9.0.0"
+            },
+            "peerDependenciesMeta": {
+                "react": {
+                    "optional": true
+                },
+                "react-redux": {
+                    "optional": true
+                }
+            }
+        },
+        "node_modules/@reduxjs/toolkit/node_modules/immer": {
+            "version": "11.1.4",
+            "resolved": "https://registry.npmjs.org/immer/-/immer-11.1.4.tgz",
+            "integrity": "sha512-XREFCPo6ksxVzP4E0ekD5aMdf8WMwmdNaz6vuvxgI40UaEiu6q3p8X52aU6GdyvLY3XXX/8R7JOTXStz/nBbRw==",
+            "license": "MIT",
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/immer"
+            }
+        },
        "node_modules/@rtsao/scc": {
            "version": "1.1.0",
            "resolved": "https://registry.npmjs.org/@rtsao/scc/-/scc-1.1.0.tgz",
@@ -8719,6 +8746,12 @@
            "integrity": "sha512-1bnPQqSxSuc3Ii6MhBysoWCg58j97aUjuCSZrGSmDxNqtytIi0k8utUenAwTZN4V5mXXYGsVUI9zeBqy+jBOSQ==",
            "license": "MIT"
        },
+        "node_modules/@standard-schema/spec": {
+            "version": "1.1.0",
+            "resolved": "https://registry.npmjs.org/@standard-schema/spec/-/spec-1.1.0.tgz",
+            "integrity": "sha512-l2aFy5jALhniG5HgqrD6jXLi/rUWrKvqN/qJx6yoJsgKhblVd+iqqU4RCXavm/jPityDo5TCvKMnpjKnOriy0w==",
+            "license": "MIT"
+        },
        "node_modules/@standard-schema/utils": {
            "version": "0.3.0",
            "resolved": "https://registry.npmjs.org/@standard-schema/utils/-/utils-0.3.0.tgz",
@@ -10015,6 +10048,12 @@
            "optional": true,
            "peer": true
        },
+        "node_modules/@types/use-sync-external-store": {
+            "version": "0.0.6",
+            "resolved": "https://registry.npmjs.org/@types/use-sync-external-store/-/use-sync-external-store-0.0.6.tgz",
+            "integrity": "sha512-zFDAD+tlpf2r4asuHEj0XH6pY6i0g5NeAHPn+15wk3BV6JA69eERFXC1gyGThDkVa1zCyKr5jox1+2LbV/AMLg==",
+            "license": "MIT"
+        },
        "node_modules/@types/ws": {
            "version": "8.18.1",
            "resolved": "https://registry.npmjs.org/@types/ws/-/ws-8.18.1.tgz",
@@ -11869,6 +11908,7 @@
            "version": "3.2.3",
            "resolved": "https://registry.npmjs.org/csstype/-/csstype-3.2.3.tgz",
            "integrity": "sha512-z1HGKcYy2xA8AGQfwrn0PAy+PB7X/GSj3UVJW9qKyn43xWa+gl5nXmU4qqLMRzWVLFC8KusUX8T/0kCiOYpAIQ==",
+            "devOptional": true,
            "license": "MIT"
        },
        "node_modules/d3": {
@@ -12581,16 +12621,6 @@
                "node": ">=0.10.0"
            }
        },
-        "node_modules/dom-helpers": {
-            "version": "5.2.1",
-            "resolved": "https://registry.npmjs.org/dom-helpers/-/dom-helpers-5.2.1.tgz",
-            "integrity": "sha512-nRCa7CK3VTrM2NmGkIy4cbK7IZlgBE/PYMn55rrXefr5xXDP0LdtfPnblFDoVdcAfslJ7or6iqAUnx0CCGIWQA==",
-            "license": "MIT",
-            "dependencies": {
-                "@babel/runtime": "^7.8.7",
-                "csstype": "^3.0.2"
-            }
-        },
        "node_modules/dom-serializer": {
            "version": "2.0.0",
            "resolved": "https://registry.npmjs.org/dom-serializer/-/dom-serializer-2.0.0.tgz",
@@ -13744,6 +13774,16 @@
                "url": "https://github.com/sponsors/ljharb"
            }
        },
+        "node_modules/es-toolkit": {
+            "version": "1.44.0",
+            "resolved": "https://registry.npmjs.org/es-toolkit/-/es-toolkit-1.44.0.tgz",
+            "integrity": "sha512-6penXeZalaV88MM3cGkFZZfOoLGWshWWfdy0tWw/RlVVyhvMaWSBTOvXNeiW3e5FwdS5ePW0LGEu17zT139ktg==",
+            "license": "MIT",
+            "workspaces": [
+                "docs",
+                "benchmarks"
+            ]
+        },
        "node_modules/esbuild": {
            "version": "0.27.3",
            "resolved": "https://registry.npmjs.org/esbuild/-/esbuild-0.27.3.tgz",
@@ -14310,9 +14350,9 @@
            }
        },
        "node_modules/eventemitter3": {
-            "version": "4.0.7",
-            "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-4.0.7.tgz",
-            "integrity": "sha512-8guHBZCwKnFhYdHr2ysuRWErTwhoN2X8XELRlrRwpmfeY2jjuUN4taQMsULKUVo1K4DvZl+0pgfyoysHxvmvEw==",
+            "version": "5.0.4",
+            "resolved": "https://registry.npmjs.org/eventemitter3/-/eventemitter3-5.0.4.tgz",
+            "integrity": "sha512-mlsTRyGaPBjPedk6Bvw+aqbsXDtoAyAzm5MO7JgU+yVRyMQ5O8bD4Kcci7BS85f93veegeCPkL8R4GLClnjLFw==",
            "license": "MIT"
        },
        "node_modules/execa": {
@@ -14441,15 +14481,6 @@
            "dev": true,
            "license": "MIT"
        },
-        "node_modules/fast-equals": {
-            "version": "5.3.3",
-            "resolved": "https://registry.npmjs.org/fast-equals/-/fast-equals-5.3.3.tgz",
-            "integrity": "sha512-/boTcHZeIAQ2r/tL11voclBHDeP9WPxLt+tyAbVSyyXuUFyh0Tne7gJZTqGbxnvj79TjLdCXLOY7UIPhyG5MTw==",
-            "license": "MIT",
-            "engines": {
-                "node": ">=6.0.0"
-            }
-        },
        "node_modules/fast-glob": {
            "version": "3.3.1",
            "resolved": "https://registry.npmjs.org/fast-glob/-/fast-glob-3.3.1.tgz",
@@ -15381,6 +15412,16 @@
                "node": ">= 4"
            }
        },
+        "node_modules/immer": {
+            "version": "10.2.0",
+            "resolved": "https://registry.npmjs.org/immer/-/immer-10.2.0.tgz",
+            "integrity": "sha512-d/+XTN3zfODyjr89gM3mPq1WNX2B8pYsu7eORitdwyA2sBubnTl3laYlBk4sXY5FUa5qTZGBDPJICVbvqzjlbw==",
+            "license": "MIT",
+            "funding": {
+                "type": "opencollective",
+                "url": "https://opencollective.com/immer"
+            }
+        },
        "node_modules/import-fresh": {
            "version": "3.3.1",
            "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.3.1.tgz",
@@ -16489,12 +16530,6 @@
                "url": "https://github.com/sponsors/sindresorhus"
            }
        },
-        "node_modules/lodash": {
-            "version": "4.17.23",
-            "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.23.tgz",
-            "integrity": "sha512-LgVTMpQtIopCi79SJeDiP0TfWi5CNEc/L/aRdTh3yIvmZXTnheWpKjSZhnvMl8iXbC1tFg9gdHHDMLoV7CnG+w==",
-            "license": "MIT"
-        },
        "node_modules/lodash.defaults": {
            "version": "4.2.0",
            "resolved": "https://registry.npmjs.org/lodash.defaults/-/lodash.defaults-4.2.0.tgz",
@@ -19287,6 +19322,29 @@
            "integrity": "sha512-24e6ynE2H+OKt4kqsOvNd8kBpV65zoxbA4BVsEOB3ARVWQki/DHzaUoC5KuON/BiccDaCCTZBuOcfZs70kR8bQ==",
            "license": "MIT"
        },
+        "node_modules/react-redux": {
+            "version": "9.2.0",
+            "resolved": "https://registry.npmjs.org/react-redux/-/react-redux-9.2.0.tgz",
+            "integrity": "sha512-ROY9fvHhwOD9ySfrF0wmvu//bKCQ6AeZZq1nJNtbDC+kk5DuSuNX/n6YWYF/SYy7bSba4D4FSz8DJeKY/S/r+g==",
+            "license": "MIT",
+            "dependencies": {
+                "@types/use-sync-external-store": "^0.0.6",
+                "use-sync-external-store": "^1.4.0"
+            },
+            "peerDependencies": {
+                "@types/react": "^18.2.25 || ^19",
+                "react": "^18.0 || ^19",
+                "redux": "^5.0.0"
+            },
+            "peerDependenciesMeta": {
+                "@types/react": {
+                    "optional": true
+                },
+                "redux": {
+                    "optional": true
+                }
+            }
+        },
        "node_modules/react-remove-scroll": {
            "version": "2.7.2",
            "resolved": "https://registry.npmjs.org/react-remove-scroll/-/react-remove-scroll-2.7.2.tgz",
@@ -19334,21 +19392,6 @@
                }
            }
        },
-        "node_modules/react-smooth": {
-            "version": "4.0.4",
-            "resolved": "https://registry.npmjs.org/react-smooth/-/react-smooth-4.0.4.tgz",
-            "integrity": "sha512-gnGKTpYwqL0Iii09gHobNolvX4Kiq4PKx6eWBCYYix+8cdw+cGo3do906l1NBPKkSWx1DghC1dlWG9L2uGd61Q==",
-            "license": "MIT",
-            "dependencies": {
-                "fast-equals": "^5.0.1",
-                "prop-types": "^15.8.1",
-                "react-transition-group": "^4.4.5"
-            },
-            "peerDependencies": {
-                "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-                "react-dom": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
-            }
-        },
        "node_modules/react-style-singleton": {
            "version": "2.2.3",
            "resolved": "https://registry.npmjs.org/react-style-singleton/-/react-style-singleton-2.2.3.tgz",
@@ -19371,22 +19414,6 @@
                }
            }
        },
-        "node_modules/react-transition-group": {
-            "version": "4.4.5",
-            "resolved": "https://registry.npmjs.org/react-transition-group/-/react-transition-group-4.4.5.tgz",
-            "integrity": "sha512-pZcd1MCJoiKiBR2NRxeCRg13uCXbydPnmB4EOeRrY7480qNWO8IIgQG6zlDkm6uRMsURXPuKq0GWtiM59a5Q6g==",
-            "license": "BSD-3-Clause",
-            "dependencies": {
-                "@babel/runtime": "^7.5.5",
-                "dom-helpers": "^5.0.1",
-                "loose-envify": "^1.4.0",
-                "prop-types": "^15.6.2"
-            },
-            "peerDependencies": {
-                "react": ">=16.6.0",
-                "react-dom": ">=16.6.0"
-            }
-        },
        "node_modules/readable-stream": {
            "version": "3.6.2",
            "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-3.6.2.tgz",
@@ -19416,43 +19443,35 @@
            }
        },
        "node_modules/recharts": {
-            "version": "2.15.4",
-            "resolved": "https://registry.npmjs.org/recharts/-/recharts-2.15.4.tgz",
-            "integrity": "sha512-UT/q6fwS3c1dHbXv2uFgYJ9BMFHu3fwnd7AYZaEQhXuYQ4hgsxLvsUXzGdKeZrW5xopzDCvuA2N41WJ88I7zIw==",
+            "version": "3.7.0",
+            "resolved": "https://registry.npmjs.org/recharts/-/recharts-3.7.0.tgz",
+            "integrity": "sha512-l2VCsy3XXeraxIID9fx23eCb6iCBsxUQDnE8tWm6DFdszVAO7WVY/ChAD9wVit01y6B2PMupYiMmQwhgPHc9Ew==",
            "license": "MIT",
+            "workspaces": [
+                "www"
+            ],
            "dependencies": {
-                "clsx": "^2.0.0",
-                "eventemitter3": "^4.0.1",
-                "lodash": "^4.17.21",
-                "react-is": "^18.3.1",
-                "react-smooth": "^4.0.4",
-                "recharts-scale": "^0.4.4",
-                "tiny-invariant": "^1.3.1",
-                "victory-vendor": "^36.6.8"
+                "@reduxjs/toolkit": "1.x.x || 2.x.x",
+                "clsx": "^2.1.1",
+                "decimal.js-light": "^2.5.1",
+                "es-toolkit": "^1.39.3",
+                "eventemitter3": "^5.0.1",
+                "immer": "^10.1.1",
+                "react-redux": "8.x.x || 9.x.x",
+                "reselect": "5.1.1",
+                "tiny-invariant": "^1.3.3",
+                "use-sync-external-store": "^1.2.2",
+                "victory-vendor": "^37.0.2"
            },
            "engines": {
-                "node": ">=14"
+                "node": ">=18"
            },
            "peerDependencies": {
-                "react": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
-                "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
+                "react": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
+                "react-dom": "^16.0.0 || ^17.0.0 || ^18.0.0 || ^19.0.0",
+                "react-is": "^16.8.0 || ^17.0.0 || ^18.0.0 || ^19.0.0"
            }
        },
-        "node_modules/recharts-scale": {
-            "version": "0.4.5",
-            "resolved": "https://registry.npmjs.org/recharts-scale/-/recharts-scale-0.4.5.tgz",
-            "integrity": "sha512-kivNFO+0OcUNu7jQquLXAxz1FIwZj8nrj+YkOKc5694NbjCvcT6aSZiIzNzd2Kul4o4rTto8QVR9lMNtxD4G1w==",
-            "license": "MIT",
-            "dependencies": {
-                "decimal.js-light": "^2.4.1"
-            }
-        },
-        "node_modules/recharts/node_modules/react-is": {
-            "version": "18.3.1",
-            "resolved": "https://registry.npmjs.org/react-is/-/react-is-18.3.1.tgz",
-            "integrity": "sha512-/LLMVyas0ljjAtoYiPqYiL8VWXzUUdThrmU5+n20DZv+a+ClRoevUzw5JxU+Ieh5/c87ytoTBV9G1FiKfNJdmg==",
-            "license": "MIT"
-        },
        "node_modules/redis-errors": {
            "version": "1.2.0",
            "resolved": "https://registry.npmjs.org/redis-errors/-/redis-errors-1.2.0.tgz",
@@ -19474,6 +19493,21 @@
                "node": ">=4"
            }
        },
+        "node_modules/redux": {
+            "version": "5.0.1",
+            "resolved": "https://registry.npmjs.org/redux/-/redux-5.0.1.tgz",
+            "integrity": "sha512-M9/ELqF6fy8FwmkpnF0S3YKOqMyoWJ4+CS5Efg2ct3oY9daQvd/Pc71FpGZsVsbl3Cpb+IIcjBDUnnyBdQbq4w==",
+            "license": "MIT"
+        },
+        "node_modules/redux-thunk": {
+            "version": "3.1.0",
+            "resolved": "https://registry.npmjs.org/redux-thunk/-/redux-thunk-3.1.0.tgz",
+            "integrity": "sha512-NW2r5T6ksUKXCabzhL9z+h206HQw/NJkcLm1GPImRQ8IzfXwRGqjVhKJGauHirT0DAuyy6hjdnMZaRoAcy0Klw==",
+            "license": "MIT",
+            "peerDependencies": {
+                "redux": "^5.0.0"
+            }
+        },
        "node_modules/reflect-metadata": {
            "version": "0.2.2",
            "resolved": "https://registry.npmjs.org/reflect-metadata/-/reflect-metadata-0.2.2.tgz",
@@ -19540,6 +19574,12 @@
                "node": ">=0.10.0"
            }
        },
+        "node_modules/reselect": {
+            "version": "5.1.1",
+            "resolved": "https://registry.npmjs.org/reselect/-/reselect-5.1.1.tgz",
+            "integrity": "sha512-K/BG6eIky/SBpzfHZv/dd+9JBFiS4SWV7FIujVyJRux6e45+73RaUHXLmIR1f7WOMaQ0U1km6qwklRQxpJJY0w==",
+            "license": "MIT"
+        },
        "node_modules/resend": {
            "version": "6.9.2",
            "resolved": "https://registry.npmjs.org/resend/-/resend-6.9.2.tgz",
@@ -21487,9 +21527,9 @@
            }
        },
        "node_modules/victory-vendor": {
-            "version": "36.9.2",
-            "resolved": "https://registry.npmjs.org/victory-vendor/-/victory-vendor-36.9.2.tgz",
-            "integrity": "sha512-PnpQQMuxlwYdocC8fIJqVXvkeViHYzotI+NJrCuav0ZYFoq912ZHBk3mCeuj+5/VpodOjPe1z0Fk2ihgzlXqjQ==",
+            "version": "37.3.6",
+            "resolved": "https://registry.npmjs.org/victory-vendor/-/victory-vendor-37.3.6.tgz",
+            "integrity": "sha512-SbPDPdDBYp+5MJHhBCAyI7wKM3d5ivekigc2Dk2s7pgbZ9wIgIBYGVw4zGHBml/qTFbexrofXW6Gu4noGxrOwQ==",
            "license": "MIT AND ISC",
            "dependencies": {
                "@types/d3-array": "^3.0.3",
--- a/package.json
+++ b/package.json
@@ -108,7 +108,7 @@
        "react-easy-sort": "1.8.0",
        "react-hook-form": "7.71.2",
        "react-icons": "5.5.0",
-        "recharts": "2.15.4",
+        "recharts": "3.7.0",
        "reodotdev": "1.0.0",
        "resend": "6.9.2",
        "semver": "7.7.4",
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -17,7 +17,6 @@ import fs from "fs";
 import path from "path";
 import { APP_PATH } from "./lib/consts";
 import yaml from "js-yaml";
-import { z } from "zod";

 const dev = process.env.ENVIRONMENT !== "prod";
 const externalPort = config.getRawConfig().server.integration_port;
@@ -39,24 +38,12 @@ export function createIntegrationApiServer() {
    apiServer.use(cookieParser());
    apiServer.use(express.json());

-    const openApiDocumentation = getOpenApiDocumentation();
-
    apiServer.use(
        "/v1/docs",
        swaggerUi.serve,
-        swaggerUi.setup(openApiDocumentation)
+        swaggerUi.setup(getOpenApiDocumentation())
    );

-    // Unauthenticated OpenAPI spec endpoints
-    apiServer.get("/v1/openapi.json", (_req, res) => {
-        res.json(openApiDocumentation);
-    });
-
-    apiServer.get("/v1/openapi.yaml", (_req, res) => {
-        const yamlOutput = yaml.dump(openApiDocumentation);
-        res.type("application/yaml").send(yamlOutput);
-    });
-
    // API routes
    const prefix = `/v1`;
    apiServer.use(logIncomingMiddleware);
@@ -88,6 +75,16 @@ function getOpenApiDocumentation() {
        }
    );

+    for (const def of registry.definitions) {
+        if (def.type === "route") {
+            def.route.security = [
+                {
+                    [bearerAuth.name]: []
+                }
+            ];
+        }
+    }
+
    registry.registerPath({
        method: "get",
        path: "/",
@@ -97,74 +94,6 @@ function getOpenApiDocumentation() {
        responses: {}
    });

-    registry.registerPath({
-        method: "get",
-        path: "/openapi.json",
-        description: "Get OpenAPI specification as JSON",
-        tags: [],
-        request: {},
-        responses: {
-            "200": {
-                description: "OpenAPI specification as JSON",
-                content: {
-                    "application/json": {
-                        schema: {
-                            type: "object"
-                        }
-                    }
-                }
-            }
-        }
-    });
-
-    registry.registerPath({
-        method: "get",
-        path: "/openapi.yaml",
-        description: "Get OpenAPI specification as YAML",
-        tags: [],
-        request: {},
-        responses: {
-            "200": {
-                description: "OpenAPI specification as YAML",
-                content: {
-                    "application/yaml": {
-                        schema: {
-                            type: "string"
-                        }
-                    }
-                }
-            }
-        }
-    });
-
-    for (const def of registry.definitions) {
-        if (def.type === "route") {
-            def.route.security = [
-                {
-                    [bearerAuth.name]: []
-                }
-            ];
-
-            // Ensure every route has a generic JSON response schema so Swagger UI can render responses
-            const existingResponses = def.route.responses;
-            const hasExistingResponses =
-                existingResponses && Object.keys(existingResponses).length > 0;
-
-            if (!hasExistingResponses) {
-                def.route.responses = {
-                    "*": {
-                        description: "",
-                        content: {
-                            "application/json": {
-                                schema: z.object({})
-                            }
-                        }
-                    }
-                };
-            }
-        }
-    }
-
    const generator = new OpenApiGeneratorV3(registry.definitions);

    const generated = generator.generateDocument({
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -477,10 +477,7 @@ export async function getTraefikConfig(

                        // TODO: HOW TO HANDLE ^^^^^^ BETTER
                        const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                        );

                        return (
@@ -493,7 +490,7 @@ export async function getTraefikConfig(
                                    if (target.health == "unhealthy") {
                                        return false;
                                    }
-                                    
+
                                    // If any sites are online, exclude offline sites
                                    if (anySitesOnline && !target.site.online) {
                                        return false;
@@ -608,10 +605,7 @@ export async function getTraefikConfig(
                    servers: (() => {
                        // Check if any sites are online
                        const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                        );

                        return targets
@@ -619,7 +613,7 @@ export async function getTraefikConfig(
                                if (!target.enabled) {
                                    return false;
                                }
-                                
+
                                // If any sites are online, exclude offline sites
                                if (anySitesOnline && !target.site.online) {
                                    return false;
--- a/server/middlewares/integration/index.ts
+++ b/server/middlewares/integration/index.ts
@@ -14,4 +14,3 @@ export * from "./verifyApiKeyApiKeyAccess";
 export * from "./verifyApiKeyClientAccess";
 export * from "./verifyApiKeySiteResourceAccess";
 export * from "./verifyApiKeyIdpAccess";
-export * from "./verifyApiKeyDomainAccess";
--- a/server/middlewares/integration/verifyApiKeyDomainAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyDomainAccess.ts
@@ -1,90 +0,0 @@
-import { Request, Response, NextFunction } from "express";
-import { db, domains, orgDomains, apiKeyOrg } from "@server/db";
-import { and, eq } from "drizzle-orm";
-import createHttpError from "http-errors";
-import HttpCode from "@server/types/HttpCode";
-
-export async function verifyApiKeyDomainAccess(
-    req: Request,
-    res: Response,
-    next: NextFunction
-) {
-    try {
-        const apiKey = req.apiKey;
-        const domainId =
-            req.params.domainId || req.body.domainId || req.query.domainId;
-        const orgId = req.params.orgId;
-
-        if (!apiKey) {
-            return next(
-                createHttpError(HttpCode.UNAUTHORIZED, "Key not authenticated")
-            );
-        }
-
-        if (!domainId) {
-            return next(
-                createHttpError(HttpCode.BAD_REQUEST, "Invalid domain ID")
-            );
-        }
-
-        if (apiKey.isRoot) {
-            // Root keys can access any domain in any org
-            return next();
-        }
-
-        // Verify domain exists and belongs to the organization
-        const [domain] = await db
-            .select()
-            .from(domains)
-            .innerJoin(orgDomains, eq(orgDomains.domainId, domains.domainId))
-            .where(
-                and(
-                    eq(orgDomains.domainId, domainId),
-                    eq(orgDomains.orgId, orgId)
-                )
-            )
-            .limit(1);
-
-        if (!domain) {
-            return next(
-                createHttpError(
-                    HttpCode.NOT_FOUND,
-                    `Domain with ID ${domainId} not found in organization ${orgId}`
-                )
-            );
-        }
-
-        // Verify the API key has access to this organization
-        if (!req.apiKeyOrg) {
-            const apiKeyOrgRes = await db
-                .select()
-                .from(apiKeyOrg)
-                .where(
-                    and(
-                        eq(apiKeyOrg.apiKeyId, apiKey.apiKeyId),
-                        eq(apiKeyOrg.orgId, orgId)
-                    )
-                )
-                .limit(1);
-            req.apiKeyOrg = apiKeyOrgRes[0];
-        }
-
-        if (!req.apiKeyOrg) {
-            return next(
-                createHttpError(
-                    HttpCode.FORBIDDEN,
-                    "Key does not have access to this organization"
-                )
-            );
-        }
-
-        return next();
-    } catch (error) {
-        return next(
-            createHttpError(
-                HttpCode.INTERNAL_SERVER_ERROR,
-                "Error verifying domain access"
-            )
-        );
-    }
-}
--- a/server/openApi.ts
+++ b/server/openApi.ts
@@ -5,20 +5,17 @@ export const registry = new OpenAPIRegistry();
 export enum OpenAPITags {
    Site = "Site",
    Org = "Organization",
-    PublicResource = "Public Resource",
-    PrivateResource = "Private Resource",
+    Resource = "Resource",
    Role = "Role",
    User = "User",
-    Invitation = "User Invitation",
-    Target = "Resource Target",
+    Invitation = "Invitation",
+    Target = "Target",
    Rule = "Rule",
    AccessToken = "Access Token",
-    GlobalIdp = "Identity Provider (Global)",
-    OrgIdp = "Identity Provider (Organization Only)",
+    Idp = "Identity Provider",
    Client = "Client",
    ApiKey = "API Key",
    Domain = "Domain",
    Blueprint = "Blueprint",
-    Ssh = "SSH",
-    Logs = "Logs"
+    Ssh = "SSH"
 }
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -665,10 +665,7 @@ export async function getTraefikConfig(

                        // TODO: HOW TO HANDLE ^^^^^^ BETTER
                        const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                        );

                        return (
@@ -796,10 +793,7 @@ export async function getTraefikConfig(
                    servers: (() => {
                        // Check if any sites are online
                        const anySitesOnline = targets.some(
-                            (target) =>
-                            target.site.online ||
-                            target.site.type === "local" ||
-                            target.site.type === "wireguard"
+                            (target) => target.site.online
                        );

                        return targets
--- a/server/private/routers/auditLogs/exportAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -32,7 +32,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/access/export",
    description: "Export the access audit log for an organization as CSV",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryAccessAuditLogsParams
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -32,7 +32,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/action/export",
    description: "Export the action audit log for an organization as CSV",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryActionAuditLogsQuery,
        params: queryActionAuditLogsParams
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -249,7 +249,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/access",
    description: "Query the access audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryAccessAuditLogsParams
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -160,7 +160,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/action",
    description: "Query the action audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryActionAuditLogsQuery,
        params: queryActionAuditLogsParams
--- a/server/private/routers/billing/getOrgUsage.ts
+++ b/server/private/routers/billing/getOrgUsage.ts
@@ -31,16 +31,16 @@ const getOrgSchema = z.strictObject({
    orgId: z.string()
 });

-// registry.registerPath({
-//     method: "get",
-//     path: "/org/{orgId}/billing/usage",
-//     description: "Get an organization's billing usage",
-//     tags: [OpenAPITags.Org],
-//     request: {
-//         params: getOrgSchema
-//     },
-//     responses: {}
-// });
+registry.registerPath({
+    method: "get",
+    path: "/org/{orgId}/billing/usage",
+    description: "Get an organization's billing usage",
+    tags: [OpenAPITags.Org],
+    request: {
+        params: getOrgSchema
+    },
+    responses: {}
+});

 export async function getOrgUsage(
    req: Request,
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -52,7 +52,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/idp/oidc",
    description: "Create an OIDC IdP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
    request: {
        params: paramsSchema,
        body: {
--- a/server/private/routers/orgIdp/deleteOrgIdp.ts
+++ b/server/private/routers/orgIdp/deleteOrgIdp.ts
@@ -35,7 +35,7 @@ registry.registerPath({
    method: "delete",
    path: "/org/{orgId}/idp/{idpId}",
    description: "Delete IDP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
    request: {
        params: paramsSchema
    },
--- a/server/private/routers/orgIdp/getOrgIdp.ts
+++ b/server/private/routers/orgIdp/getOrgIdp.ts
@@ -50,9 +50,9 @@ async function query(idpId: number, orgId: string) {

 registry.registerPath({
    method: "get",
-    path: "/org/{orgId}/idp/{idpId}",
+    path: "/org/:orgId/idp/:idpId",
    description: "Get an IDP by its IDP ID for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
    request: {
        params: paramsSchema
    },
--- a/server/private/routers/orgIdp/listOrgIdps.ts
+++ b/server/private/routers/orgIdp/listOrgIdps.ts
@@ -67,7 +67,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/idp",
    description: "List all IDP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
    request: {
        query: querySchema,
        params: paramsSchema
--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -59,7 +59,7 @@ registry.registerPath({
    method: "post",
    path: "/org/{orgId}/idp/{idpId}/oidc",
    description: "Update an OIDC IdP for a specific organization.",
-    tags: [OpenAPITags.OrgIdp],
+    tags: [OpenAPITags.Idp, OpenAPITags.Org],
    request: {
        params: paramsSchema,
        body: {
--- a/server/private/routers/resource/getMaintenanceInfo.ts
+++ b/server/private/routers/resource/getMaintenanceInfo.ts
@@ -52,7 +52,7 @@ registry.registerPath({
    method: "get",
    path: "/maintenance/info",
    description: "Get maintenance information for a resource by domain.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        query: z.object({
            fullDomain: z.string()
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -43,7 +43,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/access-token",
    description: "Generate a new access token for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
+    tags: [OpenAPITags.Resource, OpenAPITags.AccessToken],
    request: {
        params: generateAccssTokenParamsSchema,
        body: {
--- a/server/routers/accessToken/listAccessTokens.ts
+++ b/server/routers/accessToken/listAccessTokens.ts
@@ -122,7 +122,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/access-tokens",
    description: "List all access tokens in an organization.",
-    tags: [OpenAPITags.AccessToken],
+    tags: [OpenAPITags.Org, OpenAPITags.AccessToken],
    request: {
        params: z.object({
            orgId: z.string()
@@ -135,8 +135,8 @@ registry.registerPath({
 registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/access-tokens",
-    description: "List all access tokens for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.AccessToken],
+    description: "List all access tokens in an organization.",
+    tags: [OpenAPITags.Resource, OpenAPITags.AccessToken],
    request: {
        params: z.object({
            resourceId: z.number()
--- a/server/routers/apiKeys/createOrgApiKey.ts
+++ b/server/routers/apiKeys/createOrgApiKey.ts
@@ -37,7 +37,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/api-key",
    description: "Create a new API key scoped to the organization.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/apiKeys/deleteApiKey.ts
+++ b/server/routers/apiKeys/deleteApiKey.ts
@@ -18,7 +18,7 @@ registry.registerPath({
    method: "delete",
    path: "/org/{orgId}/api-key/{apiKeyId}",
    description: "Delete an API key.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
    request: {
        params: paramsSchema
    },
--- a/server/routers/apiKeys/listApiKeyActions.ts
+++ b/server/routers/apiKeys/listApiKeyActions.ts
@@ -48,7 +48,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/api-key/{apiKeyId}/actions",
    description: "List all actions set for an API key.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        query: querySchema
--- a/server/routers/apiKeys/listOrgApiKeys.ts
+++ b/server/routers/apiKeys/listOrgApiKeys.ts
@@ -52,7 +52,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/api-keys",
    description: "List all API keys for an organization",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        query: querySchema
--- a/server/routers/apiKeys/setApiKeyActions.ts
+++ b/server/routers/apiKeys/setApiKeyActions.ts
@@ -25,7 +25,7 @@ registry.registerPath({
    path: "/org/{orgId}/api-key/{apiKeyId}/actions",
    description:
        "Set actions for an API key. This will replace any existing actions.",
-    tags: [OpenAPITags.ApiKey],
+    tags: [OpenAPITags.Org, OpenAPITags.ApiKey],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/auditLogs/exportRequestAuditLog.ts
+++ b/server/routers/auditLogs/exportRequestAuditLog.ts
@@ -20,7 +20,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/request",
    description: "Query the request audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryAccessAuditLogsQuery.omit({
            limit: true,
--- a/server/routers/auditLogs/queryRequestAnalytics.ts
+++ b/server/routers/auditLogs/queryRequestAnalytics.ts
@@ -151,7 +151,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/analytics",
    description: "Query the request audit analytics for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryRequestAuditLogsParams
--- a/server/routers/auditLogs/queryRequestAuditLog.ts
+++ b/server/routers/auditLogs/queryRequestAuditLog.ts
@@ -182,7 +182,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/logs/request",
    description: "Query the request audit log for an organization",
-    tags: [OpenAPITags.Logs],
+    tags: [OpenAPITags.Org],
    request: {
        query: queryAccessAuditLogsQuery,
        params: queryRequestAuditLogsParams
--- a/server/routers/blueprints/applyJSONBlueprint.ts
+++ b/server/routers/blueprints/applyJSONBlueprint.ts
@@ -20,7 +20,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/blueprint",
    description: "Apply a base64 encoded JSON blueprint to an organization",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
    request: {
        params: applyBlueprintParamsSchema,
        body: {
--- a/server/routers/blueprints/applyYAMLBlueprint.ts
+++ b/server/routers/blueprints/applyYAMLBlueprint.ts
@@ -43,7 +43,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/blueprint",
    description: "Create and apply a YAML blueprint to an organization",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
    request: {
        params: applyBlueprintParamsSchema,
        body: {
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -53,7 +53,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/blueprint/{blueprintId}",
    description: "Get a blueprint by its blueprint ID.",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
    request: {
        params: getBlueprintSchema
    },
--- a/server/routers/blueprints/listBlueprints.ts
+++ b/server/routers/blueprints/listBlueprints.ts
@@ -67,7 +67,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/blueprints",
    description: "List all blueprints for a organization.",
-    tags: [OpenAPITags.Blueprint],
+    tags: [OpenAPITags.Org, OpenAPITags.Blueprint],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -48,7 +48,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/client",
    description: "Create a new client for an organization.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: createClientParamsSchema,
        body: {
--- a/server/routers/client/createUserClient.ts
+++ b/server/routers/client/createUserClient.ts
@@ -49,7 +49,7 @@ registry.registerPath({
    path: "/org/{orgId}/user/{userId}/client",
    description:
        "Create a new client for a user and associate it with an existing olm.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org, OpenAPITags.User],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/client/getClient.ts
+++ b/server/routers/client/getClient.ts
@@ -243,7 +243,7 @@ registry.registerPath({
    path: "/org/{orgId}/client/{niceId}",
    description:
        "Get a client by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
    request: {
        params: z.object({
            orgId: z.string(),
--- a/server/routers/client/listClients.ts
+++ b/server/routers/client/listClients.ts
@@ -119,12 +119,12 @@ const listClientsSchema = z.object({
        }),
    query: z.string().optional(),
    sort_by: z
-        .enum(["name", "megabytesIn", "megabytesOut"])
+        .enum(["megabytesIn", "megabytesOut"])
        .optional()
        .catch(undefined)
        .openapi({
            type: "string",
-            enum: ["name", "megabytesIn", "megabytesOut"],
+            enum: ["megabytesIn", "megabytesOut"],
            description: "Field to sort by"
        }),
    order: z
@@ -237,7 +237,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/clients",
    description: "List all clients for an organization.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        query: listClientsSchema,
        params: listClientsParamsSchema
@@ -363,14 +363,14 @@ export async function listClients(
        const countQuery = db.$count(baseQuery.as("filtered_clients"));

        const listMachinesQuery = baseQuery
-            .limit(pageSize)
+            .limit(page)
            .offset(pageSize * (page - 1))
            .orderBy(
                sort_by
                    ? order === "asc"
                        ? asc(clients[sort_by])
                        : desc(clients[sort_by])
-                    : asc(clients.name)
+                    : asc(clients.clientId)
            );

        const [clientsList, totalCount] = await Promise.all([
--- a/server/routers/client/listUserDevices.ts
+++ b/server/routers/client/listUserDevices.ts
@@ -256,7 +256,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/user-devices",
    description: "List all user devices for an organization.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        query: listUserDevicesSchema,
        params: listUserDevicesParamsSchema
--- a/server/routers/client/pickClientDefaults.ts
+++ b/server/routers/client/pickClientDefaults.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/pick-client-defaults",
    description: "Return pre-requisite data for creating a client.",
-    tags: [OpenAPITags.Client],
+    tags: [OpenAPITags.Client, OpenAPITags.Site],
    request: {
        params: pickClientDefaultsSchema
    },
--- a/server/routers/domain/listDomains.ts
+++ b/server/routers/domain/listDomains.ts
@@ -59,7 +59,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/domains",
    description: "List all domains for a organization.",
-    tags: [OpenAPITags.Domain],
+    tags: [OpenAPITags.Org],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/idp/createIdpOrgPolicy.ts
+++ b/server/routers/idp/createIdpOrgPolicy.ts
@@ -27,7 +27,7 @@ registry.registerPath({
    method: "put",
    path: "/idp/{idpId}/org/{orgId}",
    description: "Create an IDP policy for an existing IDP on an organization.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/idp/createOidcIdp.ts
+++ b/server/routers/idp/createOidcIdp.ts
@@ -37,7 +37,7 @@ registry.registerPath({
    method: "put",
    path: "/idp/oidc",
    description: "Create an OIDC IdP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        body: {
            content: {
--- a/server/routers/idp/deleteIdp.ts
+++ b/server/routers/idp/deleteIdp.ts
@@ -21,7 +21,7 @@ registry.registerPath({
    method: "delete",
    path: "/idp/{idpId}",
    description: "Delete IDP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema
    },
--- a/server/routers/idp/deleteIdpOrgPolicy.ts
+++ b/server/routers/idp/deleteIdpOrgPolicy.ts
@@ -19,7 +19,7 @@ registry.registerPath({
    method: "delete",
    path: "/idp/{idpId}/org/{orgId}",
    description: "Create an OIDC IdP for an organization.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema
    },
--- a/server/routers/idp/getIdp.ts
+++ b/server/routers/idp/getIdp.ts
@@ -34,7 +34,7 @@ registry.registerPath({
    method: "get",
    path: "/idp/{idpId}",
    description: "Get an IDP by its IDP ID.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema
    },
--- a/server/routers/idp/listIdpOrgPolicies.ts
+++ b/server/routers/idp/listIdpOrgPolicies.ts
@@ -48,7 +48,7 @@ registry.registerPath({
    method: "get",
    path: "/idp/{idpId}/org",
    description: "List all org policies on an IDP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema,
        query: querySchema
--- a/server/routers/idp/listIdps.ts
+++ b/server/routers/idp/listIdps.ts
@@ -58,7 +58,7 @@ registry.registerPath({
    method: "get",
    path: "/idp",
    description: "List all IDP in the system.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        query: querySchema
    },
--- a/server/routers/idp/updateIdpOrgPolicy.ts
+++ b/server/routers/idp/updateIdpOrgPolicy.ts
@@ -26,7 +26,7 @@ registry.registerPath({
    method: "post",
    path: "/idp/{idpId}/org/{orgId}",
    description: "Update an IDP org policy.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/idp/updateOidcIdp.ts
+++ b/server/routers/idp/updateOidcIdp.ts
@@ -42,7 +42,7 @@ registry.registerPath({
    method: "post",
    path: "/idp/{idpId}/oidc",
    description: "Update an OIDC IdP.",
-    tags: [OpenAPITags.GlobalIdp],
+    tags: [OpenAPITags.Idp],
    request: {
        params: paramsSchema,
        body: {
--- a/server/routers/integration.ts
+++ b/server/routers/integration.ts
@@ -27,8 +27,7 @@ import {
    verifyApiKeyClientAccess,
    verifyApiKeySiteResourceAccess,
    verifyApiKeySetResourceClients,
-    verifyLimits,
-    verifyApiKeyDomainAccess
+    verifyLimits
 } from "@server/middlewares";
 import HttpCode from "@server/types/HttpCode";
 import { Router } from "express";
@@ -348,56 +347,6 @@ authenticated.get(
    domain.listDomains
 );

-authenticated.get(
-    "/org/:orgId/domain/:domainId",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.getDomain),
-    domain.getDomain
-);
-
-authenticated.put(
-    "/org/:orgId/domain",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyHasAction(ActionsEnum.createOrgDomain),
-    logActionAudit(ActionsEnum.createOrgDomain),
-    domain.createOrgDomain
-);
-
-authenticated.patch(
-    "/org/:orgId/domain/:domainId",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.updateOrgDomain),
-    domain.updateOrgDomain
-);
-
-authenticated.delete(
-    "/org/:orgId/domain/:domainId",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.deleteOrgDomain),
-    logActionAudit(ActionsEnum.deleteOrgDomain),
-    domain.deleteAccountDomain
-);
-
-authenticated.get(
-    "/org/:orgId/domain/:domainId/dns-records",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.getDNSRecords),
-    domain.getDNSRecords
-);
-
-authenticated.post(
-    "/org/:orgId/domain/:domainId/restart",
-    verifyApiKeyOrgAccess,
-    verifyApiKeyDomainAccess,
-    verifyApiKeyHasAction(ActionsEnum.restartOrgDomain),
-    logActionAudit(ActionsEnum.restartOrgDomain),
-    domain.restartOrgDomain
-);
-
 authenticated.get(
    "/org/:orgId/invitations",
    verifyApiKeyOrgAccess,
--- a/server/routers/resource/addEmailToResourceWhitelist.ts
+++ b/server/routers/resource/addEmailToResourceWhitelist.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/whitelist/add",
    description: "Add a single email to the resource whitelist.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: addEmailToResourceWhitelistParamsSchema,
        body: {
--- a/server/routers/resource/addRoleToResource.ts
+++ b/server/routers/resource/addRoleToResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/roles/add",
    description: "Add a single role to a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: addRoleToResourceParamsSchema,
        body: {
--- a/server/routers/resource/addUserToResource.ts
+++ b/server/routers/resource/addUserToResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/users/add",
    description: "Add a single user to a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: addUserToResourceParamsSchema,
        body: {
--- a/server/routers/resource/createResource.ts
+++ b/server/routers/resource/createResource.ts
@@ -79,7 +79,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/resource",
    description: "Create a resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
    request: {
        params: createResourceParamsSchema,
        body: {
--- a/server/routers/resource/createResourceRule.ts
+++ b/server/routers/resource/createResourceRule.ts
@@ -31,7 +31,7 @@ registry.registerPath({
    method: "put",
    path: "/resource/{resourceId}/rule",
    description: "Create a resource rule.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
    request: {
        params: createResourceRuleParamsSchema,
        body: {
--- a/server/routers/resource/deleteResource.ts
+++ b/server/routers/resource/deleteResource.ts
@@ -22,7 +22,7 @@ registry.registerPath({
    method: "delete",
    path: "/resource/{resourceId}",
    description: "Delete a resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: deleteResourceSchema
    },
--- a/server/routers/resource/deleteResourceRule.ts
+++ b/server/routers/resource/deleteResourceRule.ts
@@ -19,7 +19,7 @@ registry.registerPath({
    method: "delete",
    path: "/resource/{resourceId}/rule/{ruleId}",
    description: "Delete a resource rule.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
    request: {
        params: deleteResourceRuleSchema
    },
--- a/server/routers/resource/getResource.ts
+++ b/server/routers/resource/getResource.ts
@@ -54,7 +54,7 @@ registry.registerPath({
    path: "/org/{orgId}/resource/{niceId}",
    description:
        "Get a resource by orgId and niceId. NiceId is a readable ID for the resource and unique on a per org basis.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
    request: {
        params: z.object({
            orgId: z.string(),
@@ -68,7 +68,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}",
    description: "Get a resource by resourceId.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: z.object({
            resourceId: z.number()
--- a/server/routers/resource/getResourceWhitelist.ts
+++ b/server/routers/resource/getResourceWhitelist.ts
@@ -31,7 +31,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/whitelist",
    description: "Get the whitelist of emails for a specific resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: getResourceWhitelistSchema
    },
--- a/server/routers/resource/listAllResourceNames.ts
+++ b/server/routers/resource/listAllResourceNames.ts
@@ -33,7 +33,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/resources-names",
    description: "List all resource names for an organization.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/resource/listResourceRoles.ts
+++ b/server/routers/resource/listResourceRoles.ts
@@ -35,7 +35,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/roles",
    description: "List all roles for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: listResourceRolesSchema
    },
--- a/server/routers/resource/listResourceRules.ts
+++ b/server/routers/resource/listResourceRules.ts
@@ -56,7 +56,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/rules",
    description: "List rules for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
    request: {
        params: listResourceRulesParamsSchema,
        query: listResourceRulesSchema
--- a/server/routers/resource/listResourceUsers.ts
+++ b/server/routers/resource/listResourceUsers.ts
@@ -38,7 +38,7 @@ registry.registerPath({
    method: "get",
    path: "/resource/{resourceId}/users",
    description: "List all users for a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: listResourceUsersSchema
    },
--- a/server/routers/resource/listResources.ts
+++ b/server/routers/resource/listResources.ts
@@ -19,7 +19,6 @@ import {
    and,
    asc,
    count,
-    desc,
    eq,
    inArray,
    isNull,
@@ -64,26 +63,6 @@ const listResourcesSchema = z.object({
            description: "Page number to retrieve"
        }),
    query: z.string().optional(),
-    sort_by: z
-        .enum(["name"])
-        .optional()
-        .catch(undefined)
-        .openapi({
-            type: "string",
-            enum: ["name"],
-            description: "Field to sort by"
-        }),
-    order: z
-        .enum(["asc", "desc"])
-        .optional()
-        .default("asc")
-        .catch("asc")
-        .openapi({
-            type: "string",
-            enum: ["asc", "desc"],
-            default: "asc",
-            description: "Sort order"
-        }),
    enabled: z
        .enum(["true", "false"])
        .transform((v) => v === "true")
@@ -225,7 +204,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/resources",
    description: "List resources for an organization.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Org, OpenAPITags.Resource],
    request: {
        params: z.object({
            orgId: z.string()
@@ -250,16 +229,8 @@ export async function listResources(
                )
            );
        }
-        const {
-            page,
-            pageSize,
-            authState,
-            enabled,
-            query,
-            healthStatus,
-            sort_by,
-            order
-        } = parsedQuery.data;
+        const { page, pageSize, authState, enabled, query, healthStatus } =
+            parsedQuery.data;

        const parsedParams = listResourcesParamsSchema.safeParse(req.params);
        if (!parsedParams.success) {
@@ -424,13 +395,7 @@ export async function listResources(
            baseQuery
                .limit(pageSize)
                .offset(pageSize * (page - 1))
-                .orderBy(
-                    sort_by
-                        ? order === "asc"
-                            ? asc(resources[sort_by])
-                            : desc(resources[sort_by])
-                        : asc(resources.name)
-                ),
+                .orderBy(asc(resources.resourceId)),
            countQuery
        ]);

--- a/server/routers/resource/removeEmailFromResourceWhitelist.ts
+++ b/server/routers/resource/removeEmailFromResourceWhitelist.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/whitelist/remove",
    description: "Remove a single email from the resource whitelist.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: removeEmailFromResourceWhitelistParamsSchema,
        body: {
--- a/server/routers/resource/removeRoleFromResource.ts
+++ b/server/routers/resource/removeRoleFromResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/roles/remove",
    description: "Remove a single role from a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: removeRoleFromResourceParamsSchema,
        body: {
--- a/server/routers/resource/removeUserFromResource.ts
+++ b/server/routers/resource/removeUserFromResource.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/users/remove",
    description: "Remove a single user from a resource.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: removeUserFromResourceParamsSchema,
        body: {
--- a/server/routers/resource/setResourceHeaderAuth.ts
+++ b/server/routers/resource/setResourceHeaderAuth.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/header-auth",
    description:
        "Set or update the header authentication for a resource. If user and password is not provided, it will remove the header authentication.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: setResourceAuthMethodsParamsSchema,
        body: {
--- a/server/routers/resource/setResourcePassword.ts
+++ b/server/routers/resource/setResourcePassword.ts
@@ -25,7 +25,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/password",
    description:
        "Set the password for a resource. Setting the password to null will remove it.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: setResourceAuthMethodsParamsSchema,
        body: {
--- a/server/routers/resource/setResourcePincode.ts
+++ b/server/routers/resource/setResourcePincode.ts
@@ -29,7 +29,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/pincode",
    description:
        "Set the PIN code for a resource. Setting the PIN code to null will remove it.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: setResourceAuthMethodsParamsSchema,
        body: {
--- a/server/routers/resource/setResourceRoles.ts
+++ b/server/routers/resource/setResourceRoles.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/roles",
    description:
        "Set roles for a resource. This will replace all existing roles.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: setResourceRolesParamsSchema,
        body: {
--- a/server/routers/resource/setResourceUsers.ts
+++ b/server/routers/resource/setResourceUsers.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/users",
    description:
        "Set users for a resource. This will replace all existing users.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: setUserResourcesParamsSchema,
        body: {
--- a/server/routers/resource/setResourceWhitelist.ts
+++ b/server/routers/resource/setResourceWhitelist.ts
@@ -32,7 +32,7 @@ registry.registerPath({
    path: "/resource/{resourceId}/whitelist",
    description:
        "Set email whitelist for a resource. This will replace all existing emails.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: setResourceWhitelistParamsSchema,
        body: {
--- a/server/routers/resource/updateResource.ts
+++ b/server/routers/resource/updateResource.ts
@@ -136,7 +136,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}",
    description: "Update a resource.",
-    tags: [OpenAPITags.PublicResource],
+    tags: [OpenAPITags.Resource],
    request: {
        params: updateResourceParamsSchema,
        body: {
--- a/server/routers/resource/updateResourceRule.ts
+++ b/server/routers/resource/updateResourceRule.ts
@@ -38,7 +38,7 @@ registry.registerPath({
    method: "post",
    path: "/resource/{resourceId}/rule/{ruleId}",
    description: "Update a resource rule.",
-    tags: [OpenAPITags.PublicResource, OpenAPITags.Rule],
+    tags: [OpenAPITags.Resource, OpenAPITags.Rule],
    request: {
        params: updateResourceRuleParamsSchema,
        body: {
--- a/server/routers/role/createRole.ts
+++ b/server/routers/role/createRole.ts
@@ -45,7 +45,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/role",
    description: "Create a role.",
-    tags: [OpenAPITags.Role],
+    tags: [OpenAPITags.Org, OpenAPITags.Role],
    request: {
        params: createRoleParamsSchema,
        body: {
--- a/server/routers/role/listRoles.ts
+++ b/server/routers/role/listRoles.ts
@@ -7,7 +7,7 @@ import { and, eq, inArray, sql } from "drizzle-orm";
 import { ActionsEnum } from "@server/auth/actions";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
-import { object, z } from "zod";
+import { z } from "zod";
 import { fromError } from "zod-validation-error";

 const listRolesParamsSchema = z.strictObject({
@@ -64,7 +64,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/roles",
    description: "List roles.",
-    tags: [OpenAPITags.Role],
+    tags: [OpenAPITags.Org, OpenAPITags.Role],
    request: {
        params: listRolesParamsSchema,
        query: listRolesSchema
--- a/server/routers/site/createSite.ts
+++ b/server/routers/site/createSite.ts
@@ -58,7 +58,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/site",
    description: "Create a new site.",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Site, OpenAPITags.Org],
    request: {
        params: createSiteParamsSchema,
        body: {
@@ -292,7 +292,7 @@ export async function createSite(
            if (type == "newt") {
                [newSite] = await trx
                    .insert(sites)
-                    .values({ // NOTE: NO SUBNET OR EXIT NODE ID PASSED IN HERE BECAUSE ITS NOW CHOSEN ON CONNECT
+                    .values({
                        orgId,
                        name,
                        niceId,
--- a/server/routers/site/getSite.ts
+++ b/server/routers/site/getSite.ts
@@ -51,7 +51,7 @@ registry.registerPath({
    path: "/org/{orgId}/site/{niceId}",
    description:
        "Get a site by orgId and niceId. NiceId is a readable ID for the site and unique on a per org basis.",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
    request: {
        params: z.object({
            orgId: z.string(),
--- a/server/routers/site/listSites.ts
+++ b/server/routers/site/listSites.ts
@@ -108,12 +108,12 @@ const listSitesSchema = z.object({
        }),
    query: z.string().optional(),
    sort_by: z
-        .enum(["name", "megabytesIn", "megabytesOut"])
+        .enum(["megabytesIn", "megabytesOut"])
        .optional()
        .catch(undefined)
        .openapi({
            type: "string",
-            enum: ["name", "megabytesIn", "megabytesOut"],
+            enum: ["megabytesIn", "megabytesOut"],
            description: "Field to sort by"
        }),
    order: z
@@ -180,7 +180,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/sites",
    description: "List all sites in an organization",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
    request: {
        params: listSitesParamsSchema,
        query: listSitesSchema
@@ -278,7 +278,7 @@ export async function listSites(

        // we need to add `as` so that drizzle filters the result as a subquery
        const countQuery = db.$count(
-            querySitesBase().where(and(...conditions)).as("filtered_sites")
+            querySitesBase().where(and(...conditions))
        );

        const siteListQuery = baseQuery
@@ -289,7 +289,7 @@ export async function listSites(
                    ? order === "asc"
                        ? asc(sites[sort_by])
                        : desc(sites[sort_by])
-                    : asc(sites.name)
+                    : asc(sites.siteId)
            );

        const [totalCount, rows] = await Promise.all([
--- a/server/routers/site/pickSiteDefaults.ts
+++ b/server/routers/site/pickSiteDefaults.ts
@@ -35,7 +35,7 @@ registry.registerPath({
    path: "/org/{orgId}/pick-site-defaults",
    description:
        "Return pre-requisite data for creating a site, such as the exit node, subnet, Newt credentials, etc.",
-    tags: [OpenAPITags.Site],
+    tags: [OpenAPITags.Org, OpenAPITags.Site],
    request: {
        params: z.object({
            orgId: z.string()
--- a/server/routers/siteResource/addClientToSiteResource.ts
+++ b/server/routers/siteResource/addClientToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients/add",
    description:
        "Add a single client to a site resource. Clients with a userId cannot be added.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
+    tags: [OpenAPITags.Resource, OpenAPITags.Client],
    request: {
        params: addClientToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/addRoleToSiteResource.ts
+++ b/server/routers/siteResource/addRoleToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/roles/add",
    description: "Add a single role to a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: addRoleToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/addUserToSiteResource.ts
+++ b/server/routers/siteResource/addUserToSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/users/add",
    description: "Add a single user to a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: addUserToSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -114,7 +114,7 @@ registry.registerPath({
    method: "put",
    path: "/org/{orgId}/site-resource",
    description: "Create a new site resource.",
-    tags: [OpenAPITags.PrivateResource],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: createSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/deleteSiteResource.ts
+++ b/server/routers/siteResource/deleteSiteResource.ts
@@ -23,7 +23,7 @@ registry.registerPath({
    method: "delete",
    path: "/site-resource/{siteResourceId}",
    description: "Delete a site resource.",
-    tags: [OpenAPITags.PrivateResource],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: deleteSiteResourceParamsSchema
    },
--- a/server/routers/siteResource/getSiteResource.ts
+++ b/server/routers/siteResource/getSiteResource.ts
@@ -65,7 +65,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}",
    description: "Get a specific site resource by siteResourceId.",
-    tags: [OpenAPITags.PrivateResource],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: z.object({
            siteResourceId: z.number(),
@@ -80,7 +80,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site/{siteId}/resource/nice/{niceId}",
    description: "Get a specific site resource by niceId.",
-    tags: [OpenAPITags.PrivateResource],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: z.object({
            niceId: z.string(),
--- a/server/routers/siteResource/listAllSiteResourcesByOrg.ts
+++ b/server/routers/siteResource/listAllSiteResourcesByOrg.ts
@@ -4,7 +4,7 @@ import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 import HttpCode from "@server/types/HttpCode";
 import type { PaginatedResponse } from "@server/types/Pagination";
-import { and, asc, desc, eq, like, or, sql } from "drizzle-orm";
+import { and, asc, eq, like, or, sql } from "drizzle-orm";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
 import { z } from "zod";
@@ -48,26 +48,6 @@ const listAllSiteResourcesByOrgQuerySchema = z.object({
            type: "string",
            enum: ["host", "cidr"],
            description: "Filter site resources by mode"
-        }),
-    sort_by: z
-        .enum(["name"])
-        .optional()
-        .catch(undefined)
-        .openapi({
-            type: "string",
-            enum: ["name"],
-            description: "Field to sort by"
-        }),
-    order: z
-        .enum(["asc", "desc"])
-        .optional()
-        .default("asc")
-        .catch("asc")
-        .openapi({
-            type: "string",
-            enum: ["asc", "desc"],
-            default: "asc",
-            description: "Sort order"
        })
 });

@@ -112,7 +92,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site-resources",
    description: "List all site resources for an organization.",
-    tags: [OpenAPITags.PrivateResource],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: listAllSiteResourcesByOrgParamsSchema,
        query: listAllSiteResourcesByOrgQuerySchema
@@ -151,8 +131,7 @@ export async function listAllSiteResourcesByOrg(
        }

        const { orgId } = parsedParams.data;
-        const { page, pageSize, query, mode, sort_by, order } =
-            parsedQuery.data;
+        const { page, pageSize, query, mode } = parsedQuery.data;

        const conditions = [and(eq(siteResources.orgId, orgId))];
        if (query) {
@@ -193,20 +172,14 @@ export async function listAllSiteResourcesByOrg(
        const baseQuery = querySiteResourcesBase().where(and(...conditions));

        const countQuery = db.$count(
-            querySiteResourcesBase().where(and(...conditions)).as("filtered_site_resources")
+            querySiteResourcesBase().where(and(...conditions))
        );

        const [siteResourcesList, totalCount] = await Promise.all([
            baseQuery
                .limit(pageSize)
                .offset(pageSize * (page - 1))
-                .orderBy(
-                    sort_by
-                        ? order === "asc"
-                            ? asc(siteResources[sort_by])
-                            : desc(siteResources[sort_by])
-                        : asc(siteResources.name)
-                ),
+                .orderBy(asc(siteResources.siteResourceId)),
            countQuery
        ]);

--- a/server/routers/siteResource/listSiteResourceClients.ts
+++ b/server/routers/siteResource/listSiteResourceClients.ts
@@ -39,7 +39,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}/clients",
    description: "List all clients for a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
+    tags: [OpenAPITags.Resource, OpenAPITags.Client],
    request: {
        params: listSiteResourceClientsSchema
    },
--- a/server/routers/siteResource/listSiteResourceRoles.ts
+++ b/server/routers/siteResource/listSiteResourceRoles.ts
@@ -40,7 +40,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}/roles",
    description: "List all roles for a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: listSiteResourceRolesSchema
    },
--- a/server/routers/siteResource/listSiteResourceUsers.ts
+++ b/server/routers/siteResource/listSiteResourceUsers.ts
@@ -43,7 +43,7 @@ registry.registerPath({
    method: "get",
    path: "/site-resource/{siteResourceId}/users",
    description: "List all users for a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: listSiteResourceUsersSchema
    },
--- a/server/routers/siteResource/listSiteResources.ts
+++ b/server/routers/siteResource/listSiteResources.ts
@@ -5,7 +5,7 @@ import { siteResources, sites, SiteResource } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
-import { and, asc, desc, eq } from "drizzle-orm";
+import { eq, and } from "drizzle-orm";
 import { fromError } from "zod-validation-error";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
@@ -27,27 +27,7 @@ const listSiteResourcesQuerySchema = z.object({
        .optional()
        .default("0")
        .transform(Number)
-        .pipe(z.int().nonnegative()),
-    sort_by: z
-        .enum(["name"])
-        .optional()
-        .catch(undefined)
-        .openapi({
-            type: "string",
-            enum: ["name"],
-            description: "Field to sort by"
-        }),
-    order: z
-        .enum(["asc", "desc"])
-        .optional()
-        .default("asc")
-        .catch("asc")
-        .openapi({
-            type: "string",
-            enum: ["asc", "desc"],
-            default: "asc",
-            description: "Sort order"
-        })
+        .pipe(z.int().nonnegative())
 });

 export type ListSiteResourcesResponse = {
@@ -58,7 +38,7 @@ registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site/{siteId}/resources",
    description: "List site resources for a site.",
-    tags: [OpenAPITags.PrivateResource],
+    tags: [OpenAPITags.Client, OpenAPITags.Org],
    request: {
        params: listSiteResourcesParamsSchema,
        query: listSiteResourcesQuerySchema
@@ -95,7 +75,7 @@ export async function listSiteResources(
        }

        const { siteId, orgId } = parsedParams.data;
-        const { limit, offset, sort_by, order } = parsedQuery.data;
+        const { limit, offset } = parsedQuery.data;

        // Verify the site exists and belongs to the org
        const site = await db
@@ -118,13 +98,6 @@ export async function listSiteResources(
                    eq(siteResources.orgId, orgId)
                )
            )
-            .orderBy(
-                sort_by
-                    ? order === "asc"
-                        ? asc(siteResources[sort_by])
-                        : desc(siteResources[sort_by])
-                    : asc(siteResources.name)
-            )
            .limit(limit)
            .offset(offset);

--- a/server/routers/siteResource/removeClientFromSiteResource.ts
+++ b/server/routers/siteResource/removeClientFromSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients/remove",
    description:
        "Remove a single client from a site resource. Clients with a userId cannot be removed.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
+    tags: [OpenAPITags.Resource, OpenAPITags.Client],
    request: {
        params: removeClientFromSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/removeRoleFromSiteResource.ts
+++ b/server/routers/siteResource/removeRoleFromSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/roles/remove",
    description: "Remove a single role from a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Role],
+    tags: [OpenAPITags.Resource, OpenAPITags.Role],
    request: {
        params: removeRoleFromSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/removeUserFromSiteResource.ts
+++ b/server/routers/siteResource/removeUserFromSiteResource.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    method: "post",
    path: "/site-resource/{siteResourceId}/users/remove",
    description: "Remove a single user from a site resource.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.User],
+    tags: [OpenAPITags.Resource, OpenAPITags.User],
    request: {
        params: removeUserFromSiteResourceParamsSchema,
        body: {
--- a/server/routers/siteResource/setSiteResourceClients.ts
+++ b/server/routers/siteResource/setSiteResourceClients.ts
@@ -30,7 +30,7 @@ registry.registerPath({
    path: "/site-resource/{siteResourceId}/clients",
    description:
        "Set clients for a site resource. This will replace all existing clients. Clients with a userId cannot be added.",
-    tags: [OpenAPITags.PrivateResource, OpenAPITags.Client],
+    tags: [OpenAPITags.Resource, OpenAPITags.Client],
    request: {
        params: setSiteResourceClientsParamsSchema,
        body: {
--- a/Show More
+++ b/Show More