Improve OpenAPI response payload typing for Swagger data schemas (#3102 )

* Fix custom parser OpenAPI types and add structured default response schema Agent-Logs-Url: https://github.com/fosrl/pangolin/sessions/73990123-9c27-444b-bc6e-77e890a0d57c Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com> * Document all registerPath responses and normalize OpenAPI parser schemas Agent-Logs-Url: https://github.com/fosrl/pangolin/sessions/73990123-9c27-444b-bc6e-77e890a0d57c Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com> * Add concrete OpenAPI data schemas for selected routes Agent-Logs-Url: https://github.com/fosrl/pangolin/sessions/7b395a8e-7fae-4f4d-952e-4030fea08262 Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com> * Reformat generated OpenAPI response schemas for readability Agent-Logs-Url: https://github.com/fosrl/pangolin/sessions/7b395a8e-7fae-4f4d-952e-4030fea08262 Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com> * Remove obsolete stoi import from blueprint OpenAPI route Agent-Logs-Url: https://github.com/fosrl/pangolin/sessions/7b395a8e-7fae-4f4d-952e-4030fea08262 Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com> --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: oschwartz10612 <4999704+oschwartz10612@users.noreply.github.com>
Installer: Bootstrap optional PostgreSQL/Redis (#3152 )
2026-05-31 20:49:53 +00:00 · 2026-05-31 11:10:38 -07:00 · 2026-05-29 09:43:59 -07:00 · 2026-05-28 20:36:43 -07:00 · 2026-05-28 20:36:17 -07:00 · 2026-05-28 20:35:52 -07:00
235 changed files with 5844 additions and 4117 deletions
--- a/.github/workflows/cicd.yml
+++ b/.github/workflows/cicd.yml
@@ -77,7 +77,7 @@ jobs:
                  fi
            - name: Log in to Docker Hub
-              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+              uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -149,7 +149,7 @@ jobs:
                  fi
            - name: Log in to Docker Hub
-              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+              uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -204,7 +204,7 @@ jobs:
              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
            - name: Log in to Docker Hub
-              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+              uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
              with:
                  registry: docker.io
                  username: ${{ secrets.DOCKER_HUB_USERNAME }}
@@ -407,7 +407,7 @@ jobs:
              shell: bash
            - name: Login to GitHub Container Registry (for cosign)
-              uses: docker/login-action@4907a6ddec9925e35a0a9e82d7399ccc52663121 # v4.1.0
+              uses: docker/login-action@650006c6eb7dba73a995cc03b0b2d7f5ca915bee # v4.2.0
              with:
                registry: ghcr.io
                username: ${{ github.actor }}
--- a/.github/workflows/linting.yml
+++ b/.github/workflows/linting.yml
@@ -24,7 +24,7 @@ jobs:
              uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
            - name: Set up Node.js
-              uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+              uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
              with:
                node-version: '24'
--- a/.github/workflows/mirror.yaml
+++ b/.github/workflows/mirror.yaml
@@ -23,7 +23,7 @@ jobs:
          skopeo --version
      - name: Install cosign
-        uses: sigstore/cosign-installer@cad07c2e89fa2edd6e2d7bab4c1aa38e53f76003 # v4.1.1
+        uses: sigstore/cosign-installer@6f9f17788090df1f26f669e9d70d6ae9567deba6 # v4.1.2
      - name: Input check
        run: |
--- a/.github/workflows/stale-bot.yml
+++ b/.github/workflows/stale-bot.yml
@@ -14,7 +14,7 @@ jobs:
  stale:
    runs-on: ubuntu-latest
    steps:
-      - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0
+      - uses: actions/stale@eb5cf3af3ac0a1aa4c9c45633dd1ae542a27a899 # v10.3.0
        with:
          days-before-stale: 14
          days-before-close: 14
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -17,7 +17,7 @@ jobs:
        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
      - name: Install Node
-        uses: actions/setup-node@53b83947a5a98c8d113130e565377fae1a50d02f # v6.3.0
+        uses: actions/setup-node@48b55a011bda9f5d6aeb4c2d9c7362e8dae4041e # v6.4.0
        with:
          node-version: '24'
--- a/drizzle.sqlite.config.ts
+++ b/drizzle.sqlite.config.ts
@@ -1,4 +1,4 @@
-import { APP_PATH } from "@server/lib/consts";
+import { APP_PATH } from "./server/lib/consts";
 import { defineConfig } from "drizzle-kit";
 import path from "path";
--- a/install/config/config.yml
+++ b/install/config/config.yml
@@ -22,7 +22,8 @@ server:
        methods: ["GET", "POST", "PUT", "DELETE", "PATCH"]
        allowed_headers: ["X-CSRF-Token", "Content-Type"]
        credentials: false
-    {{if .EnableGeoblocking}}maxmind_db_path: "./config/GeoLite2-Country.mmdb"{{end}}
+    {{if .EnableMaxMind}}maxmind_db_path: "./config/GeoLite2-Country.mmdb"{{end}}
    {{if .EnableMaxMind}}maxmind_asn_path: "./config/GeoLite2-ASN.mmdb"{{end}}
 {{if .EnableEmail}}
 email:
    smtp_host: "{{.EmailSMTPHost}}"
@@ -36,3 +37,8 @@ flags:
    disable_signup_without_invite: true
    disable_user_create_org: false
    allow_raw_resources: true
 {{if .IsPostgreSQL}}
 postgres:
  connection_string: postgresql://pangolin:{{.IsPostgreSQLPass}}@postgres:5432/pangolin
 {{end}}
--- a/install/config/docker-compose.yml
+++ b/install/config/docker-compose.yml
@@ -1,7 +1,7 @@
 name: pangolin
 services:
  pangolin:
-    image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{.PangolinVersion}}
+    image: docker.io/fosrl/pangolin:{{if .IsEnterprise}}ee-{{end}}{{if .IsPostgreSQL}}postgresql-{{end}}{{.PangolinVersion}}
    container_name: pangolin
    restart: unless-stopped
    deploy:
@@ -10,6 +10,20 @@ services:
          memory: 1g
        reservations:
          memory: 256m
 {{if or .IsPostgreSQL .IsRedis}}
    depends_on:
    {{if .IsPostgreSQL}}
      postgres:
        condition: service_healthy
    {{end}}
    {{if .IsRedis}}
      redis:
        condition: service_healthy
    {{end}}
    networks:
      - default
      - backend
 {{end}}
    volumes:
      - ./config:/app/config
    healthcheck:
@@ -60,8 +74,56 @@ services:
      - ./config/letsencrypt:/letsencrypt # Volume to store the Let's Encrypt certificates
      - ./config/traefik/logs:/var/log/traefik # Volume to store Traefik logs
 {{if .IsPostgreSQL}}
  postgres:
    image: postgres:18
    container_name: postgres
    restart: unless-stopped
    environment:
      POSTGRES_USER: pangolin
      POSTGRES_PASSWORD: {{.IsPostgreSQLPass}}
      POSTGRES_DB: pangolin
    volumes:
      - ./postgres18:/var/lib/postgresql
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U pangolin"]
      interval: 10s
      timeout: 5s
      retries: 5
    networks:
      - backend
 {{end}}
 {{if .IsRedis}}
  redis:
    image: redis:8-trixie
    container_name: redis
    restart: unless-stopped
    command: >
      redis-server
      --save 3600 1000
      --appendonly yes
      --requirepass {{.IsRedisPass}}
    volumes:
      - ./redis8:/data
    healthcheck:
      test: ["CMD", "redis-cli", "-a", "{{.IsRedisPass}}", "ping"]
      interval: 10s
      timeout: 3s
      retries: 3
      start_period: 10s
    networks:
      - backend
 {{end}}
 networks:
  default:
    driver: bridge
-    name: pangolin
+    name: pangolin_frontend
 {{if .EnableIPv6}}    enable_ipv6: true{{end}}
 {{if or .IsPostgreSQL .IsRedis}}
  backend:
    driver: bridge
    name: pangolin_backend
    internal: true
 {{end}}
--- a/install/config/privateConfig.yml
+++ b/install/config/privateConfig.yml
@@ -0,0 +1,6 @@
 {{if .IsRedis}}
 redis:
  host: "redis"
  port: 6379
  password: "{{.IsRedisPass}}"
 {{end}}
--- a/install/go.mod
+++ b/install/go.mod
@@ -5,7 +5,7 @@ go 1.25.0
 require (
 	github.com/charmbracelet/huh v1.0.0
 	github.com/charmbracelet/lipgloss v1.1.0
-	golang.org/x/term v0.42.0
+	golang.org/x/term v0.43.0
 	gopkg.in/yaml.v3 v3.0.1
 )
@@ -33,6 +33,6 @@ require (
 	github.com/rivo/uniseg v0.4.7 // indirect
 	github.com/xo/terminfo v0.0.0-20220910002029-abceb7e1c41e // indirect
 	golang.org/x/sync v0.15.0 // indirect
-	golang.org/x/sys v0.43.0 // indirect
+	golang.org/x/sys v0.44.0 // indirect
 	golang.org/x/text v0.23.0 // indirect
 )
--- a/install/go.sum
+++ b/install/go.sum
@@ -69,10 +69,10 @@ golang.org/x/sync v0.15.0 h1:KWH3jNZsfyT6xfAfKiz6MRNmd46ByHDYaZ7KSkCtdW8=
 golang.org/x/sync v0.15.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
 golang.org/x/sys v0.0.0-20210809222454-d867a43fc93e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.43.0 h1:Rlag2XtaFTxp19wS8MXlJwTvoh8ArU6ezoyFsMyCTNI=
+golang.org/x/sys v0.44.0 h1:ildZl3J4uzeKP07r2F++Op7E9B29JRUy+a27EibtBTQ=
-golang.org/x/sys v0.43.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
+golang.org/x/sys v0.44.0/go.mod h1:4GL1E5IUh+htKOUEOaiffhrAeqysfVGipDYzABqnCmw=
-golang.org/x/term v0.42.0 h1:UiKe+zDFmJobeJ5ggPwOshJIVt6/Ft0rcfrXZDLWAWY=
+golang.org/x/term v0.43.0 h1:S4RLU2sB31O/NCl+zFN9Aru9A/Cq2aqKpTZJ6B+DwT4=
-golang.org/x/term v0.42.0/go.mod h1:Dq/D+snpsbazcBG5+F9Q1n2rXV8Ma+71xEjTRufARgY=
+golang.org/x/term v0.43.0/go.mod h1:lrhlHNdQJHO+1qVYiHfFKVuVioJIheAc3fBSMFYEIsk=
 golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
 golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
--- a/install/main.go
+++ b/install/main.go
@@ -54,9 +54,13 @@ type Config struct {
 	InstallGerbil             bool
 	TraefikBouncerKey         string
 	DoCrowdsecInstall         bool
-	EnableGeoblocking         bool
+	EnableMaxMind             bool
 	Secret                    string
 	IsEnterprise              bool
    IsPostgreSQL              bool
 	IsPostgreSQLPass          string
    IsRedis                   bool
 	IsRedisPass               string
 }
 type SupportedContainer string
@@ -123,11 +127,11 @@ func main() {
 		fmt.Println("\nConfiguration files created successfully!")
-		// Download MaxMind database if requested
+		// Download MaxMind Country / ASN database if requested
-		if config.EnableGeoblocking {
+		if config.EnableMaxMind {
-			fmt.Println("\n=== Downloading MaxMind Database ===")
+			fmt.Println("\n=== Downloading MaxMind Country and ASN Databases ===")
 			if err := downloadMaxMindDatabase(); err != nil {
-				fmt.Printf("Error downloading MaxMind database: %v\n", err)
+				fmt.Printf("Error downloading MaxMind databases: %v\n", err)
 				fmt.Println("You can download it manually later if needed.")
 			}
 		}
@@ -188,15 +192,15 @@ func main() {
 		fmt.Println("\n=== MaxMind Database Update ===")
 		if _, err := os.Stat("config/GeoLite2-Country.mmdb"); err == nil {
 			fmt.Println("MaxMind GeoLite2 Country database found.")
-			if readBool("Would you like to update the MaxMind database to the latest version?", false) {
+			if readBool("Would you like to update the MaxMind databases (Country and ASN) to the latest version?", false) {
 				if err := downloadMaxMindDatabase(); err != nil {
 					fmt.Printf("Error updating MaxMind database: %v\n", err)
 					fmt.Println("You can try updating it manually later if needed.")
 				}
 			}
 		} else {
-			fmt.Println("MaxMind GeoLite2 Country database not found.")
+			fmt.Println("MaxMind GeoLite2 Country and ASN databases not found.")
-			if readBool("Would you like to download the MaxMind GeoLite2 database for geoblocking functionality?", false) {
+			if readBool("Would you like to download the MaxMind GeoLite2 databases for blocking functionality?", false) {
 				if err := downloadMaxMindDatabase(); err != nil {
 					fmt.Printf("Error downloading MaxMind database: %v\n", err)
 					fmt.Println("You can try downloading it manually later if needed.")
@@ -204,8 +208,10 @@ func main() {
 				// Now you need to update your config file accordingly to enable geoblocking
 				fmt.Print("Please remember to update your config/config.yml file to enable geoblocking! \n\n")
 				// add   maxmind_db_path: "./config/GeoLite2-Country.mmdb" under server
-				fmt.Println("Add the following line under the 'server' section:")
+				// add   maxmind_asn_path: "./config/GeoLite2-ASN.mmdb" under server
 				fmt.Println("Add the following lines under the 'server' section:")
 				fmt.Println("  maxmind_db_path: \"./config/GeoLite2-Country.mmdb\"")
 				fmt.Println("  maxmind_asn_path: \"./config/GeoLite2-ASN.mmdb\"")
 			}
 		}
 	}
@@ -484,6 +490,17 @@ func collectUserInput() Config {
 	fmt.Println("\n=== Basic Configuration ===")
 	config.IsEnterprise = readBoolNoDefault("Do you want to install the Enterprise version of Pangolin? The EE is free for personal use or for businesses making less than 100k USD annually.")
    if config.IsEnterprise {
        config.IsRedis = readBool("Do you want to run the Redis containers locally? Required for HA.")
        if config.IsRedis {
            config.IsRedisPass = readPassword("Enter a unique password for the Redis service.")
        }
    }
    config.IsPostgreSQL = readBool("Do you want to run the PostgreSQL containers locally? Otherwise, default to the local SQLite database only.", false)
 	if config.IsPostgreSQL {
 		config.IsPostgreSQLPass = readPassword("Enter a unique password for the PostgreSQL pangolin user.")
 	}
 	config.BaseDomain = readString("Enter your base domain (no subdomain e.g. example.com)", "")
@@ -527,7 +544,7 @@ func collectUserInput() Config {
 	fmt.Println("\n=== Advanced Configuration ===")
 	config.EnableIPv6 = readBool("Is your server IPv6 capable?", true)
-	config.EnableGeoblocking = readBool("Do you want to download the MaxMind GeoLite2 database for geoblocking functionality?", true)
+	config.EnableMaxMind = readBool("Do you want to download the MaxMind GeoLite2 Country and ADN databases for blocking functionality?", true)
 	if config.DashboardDomain == "" {
 		fmt.Println("Error: Dashboard Domain name is required")
@@ -780,29 +797,42 @@ func checkPortsAvailable(port int) error {
 }
 func downloadMaxMindDatabase() error {
-	fmt.Println("Downloading MaxMind GeoLite2 Country database...")
+	fmt.Println("Downloading MaxMind GeoLite2 Country and ASN databases...")
-	// Download the GeoLite2 Country database
+	// Download the GeoLite2 Country databases
 	if err := run("curl", "-L", "-o", "GeoLite2-Country.tar.gz",
 		"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-Country.tar.gz"); err != nil {
-		return fmt.Errorf("failed to download GeoLite2 database: %v", err)
+		return fmt.Errorf("failed to download GeoLite2 Country database: %v", err)
 	}
 	if err := run("curl", "-L", "-o", "GeoLite2-ASN.tar.gz",
 		"https://github.com/GitSquared/node-geolite2-redist/raw/refs/heads/master/redist/GeoLite2-ASN.tar.gz"); err != nil {
 		return fmt.Errorf("failed to download GeoLite2 ASN database: %v", err)
 	}
-	// Extract the database
+	// Extract the Country database
 	if err := run("tar", "-xzf", "GeoLite2-Country.tar.gz"); err != nil {
-		return fmt.Errorf("failed to extract GeoLite2 database: %v", err)
+		return fmt.Errorf("failed to extract GeoLite2 Country database: %v", err)
 	}
 	if err := run("tar", "-xzf", "GeoLite2-ASN.tar.gz"); err != nil {
 		return fmt.Errorf("failed to extract GeoLite2 ASN database: %v", err)
 	}
 	// Find the .mmdb file and move it to the config directory
 	if err := run("bash", "-c", "mv GeoLite2-Country_*/GeoLite2-Country.mmdb config/"); err != nil {
-		return fmt.Errorf("failed to move GeoLite2 database to config directory: %v", err)
+		return fmt.Errorf("failed to move GeoLite2 Country database to config directory: %v", err)
 	}
 	if err := run("bash", "-c", "mv GeoLite2-ASN_*/GeoLite2-ASN.mmdb config/"); err != nil {
 		return fmt.Errorf("failed to move GeoLite2 ASN database to config directory: %v", err)
 	}
 	// Clean up the downloaded files
-	if err := run("rm", "-rf", "GeoLite2-Country.tar.gz", "GeoLite2-Country_*"); err != nil {
+	if err := run("sh", "-c", "rm -rf GeoLite2-Country.tar.gz GeoLite2-Country_*"); err != nil {
-		fmt.Printf("Warning: failed to clean up temporary files: %v\n", err)
+		fmt.Printf("Warning: failed to clean up temporary country files: %v\n", err)
 	}
 	if err := run("sh", "-c", "rm -rf GeoLite2-ASN.tar.gz GeoLite2-ASN_*"); err != nil {
 		fmt.Printf("Warning: failed to clean up temporary ASN files: %v\n", err)
 	}
-	fmt.Println("MaxMind GeoLite2 Country database downloaded successfully!")
+	fmt.Println("MaxMind GeoLite2 Country and ASN database downloaded successfully!")
 	return nil
 }
--- a/next.config.ts
+++ b/next.config.ts
@@ -5,12 +5,7 @@ const withNextIntl = createNextIntlPlugin();
 const nextConfig: NextConfig = {
    reactStrictMode: false,
-    eslint: {
+    reactCompiler: true,
        ignoreDuringBuilds: true
    },
    experimental: {
        reactCompiler: true
    },
    output: "standalone"
 };
--- a/package-lock.json
+++ b/package-lock.json
--- a/package.json
+++ b/package.json
@@ -32,11 +32,11 @@
        "format": "prettier --write ."
    },
    "dependencies": {
-        "@asteasolutions/zod-to-openapi": "8.4.1",
+        "@asteasolutions/zod-to-openapi": "8.5.0",
-        "@aws-sdk/client-s3": "3.1011.0",
+        "@aws-sdk/client-s3": "3.1056.0",
-        "@faker-js/faker": "10.3.0",
+        "@faker-js/faker": "10.4.0",
-        "@headlessui/react": "2.2.9",
+        "@headlessui/react": "2.2.10",
-        "@hookform/resolvers": "5.2.2",
+        "@hookform/resolvers": "5.4.0",
        "@monaco-editor/react": "4.7.0",
        "@node-rs/argon2": "2.0.2",
        "@oslojs/crypto": "1.0.1",
@@ -59,16 +59,17 @@
        "@radix-ui/react-tabs": "1.1.13",
        "@radix-ui/react-toast": "1.2.15",
        "@radix-ui/react-tooltip": "1.2.8",
-        "@react-email/components": "1.0.8",
+        "@react-email/body": "0.3.0",
-        "@react-email/render": "2.0.4",
+        "@react-email/components": "1.0.12",
-        "@react-email/tailwind": "2.0.5",
+        "@react-email/render": "2.0.8",
        "@react-email/tailwind": "2.0.7",
        "@simplewebauthn/browser": "13.3.0",
-        "@simplewebauthn/server": "13.3.0",
+        "@simplewebauthn/server": "13.3.1",
        "@tailwindcss/forms": "0.5.11",
-        "@tanstack/react-query": "5.90.21",
+        "@tanstack/react-query": "5.100.14",
        "@tanstack/react-table": "8.21.3",
        "arctic": "3.7.0",
-        "axios": "1.15.0",
+        "axios": "1.16.1",
        "better-sqlite3": "11.9.1",
        "canvas-confetti": "1.9.4",
        "class-variance-authority": "0.7.1",
@@ -80,77 +81,76 @@
        "d3": "7.9.0",
        "drizzle-orm": "0.45.2",
        "express": "5.2.1",
-        "express-rate-limit": "8.3.0",
+        "express-rate-limit": "8.5.2",
        "glob": "13.0.6",
-        "helmet": "8.1.0",
+        "helmet": "8.2.0",
        "http-errors": "2.0.1",
        "input-otp": "1.4.2",
-        "ioredis": "5.10.0",
+        "ioredis": "5.11.0",
        "jmespath": "0.16.0",
        "js-yaml": "4.1.1",
        "jsonwebtoken": "9.0.3",
-        "lucide-react": "0.577.0",
+        "lucide-react": "1.17.0",
-        "maxmind": "5.0.5",
+        "maxmind": "5.0.6",
        "moment": "2.30.1",
-        "next": "15.5.15",
+        "next": "16.2.6",
-        "next-intl": "4.8.3",
+        "next-intl": "4.13.0",
        "next-themes": "0.4.6",
        "nextjs-toploader": "3.9.17",
        "node-cache": "5.1.2",
-        "nodemailer": "8.0.5",
+        "nodemailer": "8.0.9",
        "oslo": "1.2.1",
-        "pg": "8.20.0",
+        "pg": "8.21.0",
-        "posthog-node": "5.28.0",
+        "posthog-node": "5.35.6",
        "qrcode.react": "4.2.0",
-        "react": "19.2.4",
+        "react": "19.2.6",
        "react-day-picker": "9.14.0",
-        "react-dom": "19.2.4",
+        "react-dom": "19.2.6",
        "react-easy-sort": "1.8.0",
-        "react-hook-form": "7.71.2",
+        "react-hook-form": "7.76.1",
        "react-icons": "5.6.0",
-        "recharts": "2.15.4",
+        "recharts": "3.8.1",
        "reodotdev": "1.1.0",
-        "resend": "6.9.2",
+        "semver": "7.8.1",
        "semver": "7.7.4",
        "sshpk": "1.18.0",
-        "stripe": "20.4.1",
+        "stripe": "22.2.0",
        "swagger-ui-express": "5.0.1",
-        "tailwind-merge": "3.5.0",
+        "tailwind-merge": "3.6.0",
        "topojson-client": "3.1.0",
        "tw-animate-css": "1.4.0",
-        "use-debounce": "10.1.0",
+        "use-debounce": "10.1.1",
-        "uuid": "13.0.0",
+        "uuid": "14.0.0",
        "vaul": "1.1.2",
        "visionscarto-world-atlas": "1.0.0",
        "winston": "3.19.0",
        "winston-daily-rotate-file": "5.0.0",
-        "ws": "8.19.0",
+        "ws": "8.21.0",
-        "yaml": "2.8.3",
+        "yaml": "2.9.0",
        "yargs": "18.0.0",
-        "zod": "4.3.6",
+        "zod": "4.4.3",
        "zod-validation-error": "5.0.0"
    },
    "devDependencies": {
-        "@dotenvx/dotenvx": "1.54.1",
+        "@dotenvx/dotenvx": "1.69.1",
        "@esbuild-plugins/tsconfig-paths": "0.1.2",
-        "@react-email/preview-server": "5.2.10",
+        "@react-email/ui": "^6.5.0",
-        "@tailwindcss/postcss": "4.2.2",
+        "@tailwindcss/postcss": "4.3.0",
-        "@tanstack/react-query-devtools": "5.91.3",
+        "@tanstack/react-query-devtools": "5.100.14",
        "@types/better-sqlite3": "7.6.13",
        "@types/cookie-parser": "1.4.10",
        "@types/cors": "2.8.19",
        "@types/crypto-js": "4.2.2",
        "@types/d3": "7.4.3",
        "@types/express": "5.0.6",
-        "@types/express-session": "1.18.2",
+        "@types/express-session": "1.19.0",
        "@types/jmespath": "0.15.2",
        "@types/js-yaml": "4.0.9",
        "@types/jsonwebtoken": "9.0.10",
-        "@types/node": "25.3.5",
+        "@types/node": "25.9.1",
-        "@types/nodemailer": "7.0.11",
+        "@types/nodemailer": "8.0.0",
        "@types/nprogress": "0.2.3",
-        "@types/pg": "8.18.0",
+        "@types/pg": "8.20.0",
-        "@types/react": "19.2.14",
+        "@types/react": "19.2.15",
        "@types/react-dom": "19.2.3",
        "@types/semver": "7.7.1",
        "@types/sshpk": "1.17.4",
@@ -160,21 +160,22 @@
        "@types/yargs": "17.0.35",
        "babel-plugin-react-compiler": "1.0.0",
        "drizzle-kit": "0.31.10",
-        "esbuild": "0.27.4",
+        "esbuild": "0.28.0",
-        "esbuild-node-externals": "1.20.1",
+        "esbuild-node-externals": "1.22.0",
-        "eslint": "10.0.3",
+        "eslint": "10.4.0",
-        "eslint-config-next": "16.1.7",
+        "eslint-config-next": "16.2.6",
-        "postcss": "8.5.8",
+        "postcss": "8.5.15",
-        "prettier": "3.8.1",
+        "prettier": "3.8.3",
-        "react-email": "5.2.10",
+        "react-email": "6.5.0",
-        "tailwindcss": "4.2.2",
+        "tailwindcss": "4.3.0",
-        "tsc-alias": "1.8.16",
+        "tsc-alias": "1.8.17",
-        "tsx": "4.21.0",
+        "tsx": "4.22.3",
-        "typescript": "5.9.3",
+        "typescript": "6.0.3",
-        "typescript-eslint": "8.56.1"
+        "typescript-eslint": "8.60.0"
    },
    "overrides": {
-        "esbuild": "0.27.4",
+        "esbuild": "0.28.0",
-        "dompurify": "3.3.2"
+        "dompurify": "3.4.0",
        "postcss": "8.5.15"
    }
 }
--- a/server/index.ts
+++ b/server/index.ts
@@ -1,5 +1,5 @@
 #! /usr/bin/env node
-import "./extendZod.ts";
+import "./extendZod";
 import { runSetupFunctions } from "./setup";
 import { createApiServer } from "./apiServer";
--- a/server/integrationApiServer.ts
+++ b/server/integrationApiServer.ts
@@ -152,11 +152,17 @@ function getOpenApiDocumentation() {
            if (!hasExistingResponses) {
                def.route.responses = {
-                    "*": {
+                    "200": {
-                        description: "",
+                        description: "Successful response",
                        content: {
                            "application/json": {
-                                schema: z.object({})
+                                schema: z.object({
                                    data: z.unknown().nullable(),
                                    success: z.boolean(),
                                    error: z.boolean(),
                                    message: z.string(),
                                    status: z.number()
                                })
                            }
                        }
                    }
--- a/server/lib/blueprints/clientResources.ts
+++ b/server/lib/blueprints/clientResources.ts
@@ -3,6 +3,7 @@ import {
    clientSiteResources,
    domains,
    orgDomains,
    roleActions,
    roles,
    roleSiteResources,
    Site,
@@ -19,6 +20,7 @@ import { sites } from "@server/db";
 import { eq, and, ne, inArray, or, isNotNull } from "drizzle-orm";
 import { Config } from "./types";
 import logger from "@server/logger";
 import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
 import { getNextAvailableAliasAddress } from "../ip";
 import { createCertificate } from "#dynamic/routers/certificates/createCertificate";
@@ -332,8 +334,7 @@ export async function updateClientResources(
            }
            if (resourceData.roles.length > 0) {
-                // Re-add specified roles but we need to get the roleIds from the role name in the array
+                const existingRoles = await trx
                const rolesToUpdate = await trx
                    .select()
                    .from(roles)
                    .where(
@@ -343,7 +344,28 @@ export async function updateClientResources(
                        )
                    );
-                const roleIds = rolesToUpdate.map((role) => role.roleId);
+                const foundNames = new Set(existingRoles.map((r) => r.name));
                const missingNames = resourceData.roles.filter(
                    (n) => !foundNames.has(n)
                );
                for (const name of missingNames) {
                    const [created] = await trx
                        .insert(roles)
                        .values({ name, orgId })
                        .returning();
                    await trx.insert(roleActions).values(
                        defaultRoleAllowedActions.map((action) => ({
                            roleId: created.roleId,
                            actionId: action,
                            orgId
                        }))
                    );
                    existingRoles.push(created);
                    logger.info(`Auto-created role "${name}" in org ${orgId} from blueprint`);
                }
                const roleIds = existingRoles.map((role) => role.roleId);
                await trx
                    .insert(roleSiteResources)
@@ -444,8 +466,7 @@ export async function updateClientResources(
            });
            if (resourceData.roles.length > 0) {
-                // get roleIds from role names
+                const existingRoles = await trx
                const rolesToUpdate = await trx
                    .select()
                    .from(roles)
                    .where(
@@ -455,7 +476,28 @@ export async function updateClientResources(
                        )
                    );
-                const roleIds = rolesToUpdate.map((role) => role.roleId);
+                const foundNames = new Set(existingRoles.map((r) => r.name));
                const missingNames = resourceData.roles.filter(
                    (n) => !foundNames.has(n)
                );
                for (const name of missingNames) {
                    const [created] = await trx
                        .insert(roles)
                        .values({ name, orgId })
                        .returning();
                    await trx.insert(roleActions).values(
                        defaultRoleAllowedActions.map((action) => ({
                            roleId: created.roleId,
                            actionId: action,
                            orgId
                        }))
                    );
                    existingRoles.push(created);
                    logger.info(`Auto-created role "${name}" in org ${orgId} from blueprint`);
                }
                const roleIds = existingRoles.map((role) => role.roleId);
                await trx
                    .insert(roleSiteResources)
--- a/server/lib/blueprints/proxyResources.ts
+++ b/server/lib/blueprints/proxyResources.ts
@@ -8,6 +8,7 @@ import {
    resourcePincode,
    resourceRules,
    resourceWhitelist,
    roleActions,
    roleResources,
    roles,
    Target,
@@ -36,6 +37,7 @@ import { isValidRegionId } from "@server/db/regions";
 import { isLicensedOrSubscribed } from "#dynamic/lib/isLicencedOrSubscribed";
 import { fireHealthCheckUnknownAlert } from "@server/lib/alerts";
 import { tierMatrix } from "../billing/tierMatrix";
 import { defaultRoleAllowedActions } from "@server/routers/role/createRole";
 export type ProxyResourcesResults = {
    proxyResource: Resource;
@@ -925,14 +927,26 @@ async function syncRoleResources(
        .where(eq(roleResources.resourceId, resourceId));
    for (const roleName of ssoRoles) {
-        const [role] = await trx
+        let [role] = await trx
            .select()
            .from(roles)
            .where(and(eq(roles.name, roleName), eq(roles.orgId, orgId)))
            .limit(1);
        if (!role) {
-            throw new Error(`Role not found: ${roleName} in org ${orgId}`);
+            const [created] = await trx
                .insert(roles)
                .values({ name: roleName, orgId })
                .returning();
            await trx.insert(roleActions).values(
                defaultRoleAllowedActions.map((action) => ({
                    roleId: created.roleId,
                    actionId: action,
                    orgId
                }))
            );
            role = created;
            logger.info(`Auto-created role "${roleName}" in org ${orgId} from blueprint`);
        }
        if (role.isAdmin) {
--- a/server/lib/ip.ts
+++ b/server/lib/ip.ts
@@ -873,7 +873,13 @@ export const portRangeStringSchema = z
            message:
                'Port range must be "*" for all ports, or a comma-separated list of ports and ranges (e.g., "80,443,8000-9000"). Ports must be between 1 and 65535, and ranges must have start <= end.'
        }
-    );
+    )
    .openapi({
        type: "string",
        description:
            'Port range string. Use "*" for all ports, a comma-separated list of ports, or ranges (e.g., "80,443,8000-9000"). Ports must be between 1 and 65535.',
        example: "80,443,8000-9000"
    });
 /**
 * Parses a port range string into an array of port range objects
--- a/server/lib/openapi/createApiResponseSchema.ts
+++ b/server/lib/openapi/createApiResponseSchema.ts
@@ -0,0 +1,11 @@
 import { z } from "zod";
 export function createApiResponseSchema<T extends z.ZodTypeAny>(dataSchema: T) {
    return z.object({
        data: dataSchema.nullable(),
        success: z.boolean(),
        error: z.boolean(),
        message: z.string(),
        status: z.number()
    });
 }
--- a/server/lib/requestParams.ts
+++ b/server/lib/requestParams.ts
@@ -0,0 +1,11 @@
 export function getFirstString(value: unknown): string | undefined {
    if (typeof value === "string") {
        return value;
    }
    if (Array.isArray(value) && typeof value[0] === "string") {
        return value[0];
    }
    return undefined;
 }
--- a/server/middlewares/integration/verifyAccessTokenAccess.ts
+++ b/server/middlewares/integration/verifyAccessTokenAccess.ts
@@ -4,6 +4,7 @@ import { resourceAccessToken, resources, apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyAccessTokenAccess(
    req: Request,
@@ -12,7 +13,7 @@ export async function verifyApiKeyAccessTokenAccess(
 ) {
    try {
        const apiKey = req.apiKey;
-        const accessTokenId = req.params.accessTokenId;
+        const accessTokenId = getFirstString(req.params.accessTokenId);
        if (!apiKey) {
            return next(
@@ -20,6 +21,12 @@ export async function verifyApiKeyAccessTokenAccess(
            );
        }
        if (!accessTokenId) {
            return next(
                createHttpError(HttpCode.BAD_REQUEST, "Invalid access token ID")
            );
        }
        const [accessToken] = await db
            .select()
            .from(resourceAccessToken)
--- a/server/middlewares/integration/verifyApiKeyApiKeyAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyApiKeyAccess.ts
@@ -4,6 +4,7 @@ import { apiKeys, apiKeyOrg } from "@server/db";
 import { and, eq, or } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyApiKeyAccess(
    req: Request,
@@ -14,8 +15,10 @@ export async function verifyApiKeyApiKeyAccess(
        const { apiKey: callerApiKey } = req;
        const apiKeyId =
-            req.params.apiKeyId || req.body.apiKeyId || req.query.apiKeyId;
+            getFirstString(req.params.apiKeyId) ||
-        const orgId = req.params.orgId;
+            getFirstString(req.body.apiKeyId) ||
            getFirstString(req.query.apiKeyId);
        const orgId = getFirstString(req.params.orgId);
        if (!callerApiKey) {
            return next(
--- a/server/middlewares/integration/verifyApiKeyDomainAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyDomainAccess.ts
@@ -3,6 +3,7 @@ import { db, domains, orgDomains, apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyDomainAccess(
    req: Request,
@@ -12,8 +13,10 @@ export async function verifyApiKeyDomainAccess(
    try {
        const apiKey = req.apiKey;
        const domainId =
-            req.params.domainId || req.body.domainId || req.query.domainId;
+            getFirstString(req.params.domainId) ||
-        const orgId = req.params.orgId;
+            getFirstString(req.body.domainId) ||
            getFirstString(req.query.domainId);
        const orgId = getFirstString(req.params.orgId);
        if (!apiKey) {
            return next(
@@ -27,6 +30,12 @@ export async function verifyApiKeyDomainAccess(
            );
        }
        if (!orgId) {
            return next(
                createHttpError(HttpCode.BAD_REQUEST, "Invalid organization ID")
            );
        }
        if (apiKey.isRoot) {
            // Root keys can access any domain in any org
            return next();
--- a/server/middlewares/integration/verifyApiKeyIdpAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyIdpAccess.ts
@@ -4,6 +4,7 @@ import { idp, idpOrg, apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyIdpAccess(
    req: Request,
@@ -12,8 +13,12 @@ export async function verifyApiKeyIdpAccess(
 ) {
    try {
        const apiKey = req.apiKey;
-        const idpId = req.params.idpId || req.body.idpId || req.query.idpId;
+        const idpIdRaw =
-        const orgId = req.params.orgId;
+            getFirstString(req.params.idpId) ||
            getFirstString(req.body.idpId) ||
            getFirstString(req.query.idpId);
        const idpId = Number.parseInt(idpIdRaw ?? "", 10);
        const orgId = getFirstString(req.params.orgId);
        if (!apiKey) {
            return next(
@@ -27,7 +32,7 @@ export async function verifyApiKeyIdpAccess(
            );
        }
-        if (!idpId) {
+        if (Number.isNaN(idpId)) {
            return next(
                createHttpError(HttpCode.BAD_REQUEST, "Invalid IDP ID")
            );
--- a/server/middlewares/integration/verifyApiKeyOrgAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyOrgAccess.ts
@@ -4,6 +4,7 @@ import { apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyOrgAccess(
    req: Request,
@@ -12,7 +13,7 @@ export async function verifyApiKeyOrgAccess(
 ) {
    try {
        const apiKeyId = req.apiKey?.apiKeyId;
-        const orgId = req.params.orgId;
+        const orgId = getFirstString(req.params.orgId);
        if (!apiKeyId) {
            return next(
@@ -45,7 +46,7 @@ export async function verifyApiKeyOrgAccess(
        }
        if (!req.apiKeyOrg) {
-            next(
+            return next(
                createHttpError(
                    HttpCode.FORBIDDEN,
                    "Key does not have access to this organization"
--- a/server/middlewares/integration/verifyApiKeySiteResourceAccess.ts
+++ b/server/middlewares/integration/verifyApiKeySiteResourceAccess.ts
@@ -4,6 +4,7 @@ import { siteResources, apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeySiteResourceAccess(
    req: Request,
@@ -12,7 +13,8 @@ export async function verifyApiKeySiteResourceAccess(
 ) {
    try {
        const apiKey = req.apiKey;
-        const siteResourceId = parseInt(req.params.siteResourceId);
+        const siteResourceIdRaw = getFirstString(req.params.siteResourceId);
        const siteResourceId = Number.parseInt(siteResourceIdRaw ?? "", 10);
        if (!apiKey) {
            return next(
@@ -20,7 +22,7 @@ export async function verifyApiKeySiteResourceAccess(
            );
        }
-        if (!siteResourceId) {
+        if (Number.isNaN(siteResourceId)) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,
--- a/server/middlewares/integration/verifyApiKeyTargetAccess.ts
+++ b/server/middlewares/integration/verifyApiKeyTargetAccess.ts
@@ -4,6 +4,7 @@ import { resources, targets, apiKeyOrg } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyTargetAccess(
    req: Request,
@@ -12,7 +13,8 @@ export async function verifyApiKeyTargetAccess(
 ) {
    try {
        const apiKey = req.apiKey;
-        const targetId = parseInt(req.params.targetId);
+        const targetIdRaw = getFirstString(req.params.targetId);
        const targetId = Number.parseInt(targetIdRaw ?? "", 10);
        if (!apiKey) {
            return next(
@@ -20,7 +22,7 @@ export async function verifyApiKeyTargetAccess(
            );
        }
-        if (isNaN(targetId)) {
+        if (Number.isNaN(targetId)) {
            return next(
                createHttpError(HttpCode.BAD_REQUEST, "Invalid target ID")
            );
--- a/server/middlewares/verifyAccessTokenAccess.ts
+++ b/server/middlewares/verifyAccessTokenAccess.ts
@@ -7,6 +7,7 @@ import HttpCode from "@server/types/HttpCode";
 import { canUserAccessResource } from "@server/auth/canUserAccessResource";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyAccessTokenAccess(
    req: Request,
@@ -14,7 +15,7 @@ export async function verifyAccessTokenAccess(
    next: NextFunction
 ) {
    const userId = req.user!.userId;
-    const accessTokenId = req.params.accessTokenId;
+    const accessTokenId = getFirstString(req.params.accessTokenId);
    if (!userId) {
        return next(
@@ -22,6 +23,12 @@ export async function verifyAccessTokenAccess(
        );
    }
    if (!accessTokenId) {
        return next(
            createHttpError(HttpCode.BAD_REQUEST, "Invalid access token ID")
        );
    }
    const [accessToken] = await db
        .select()
        .from(resourceAccessToken)
@@ -87,7 +94,7 @@ export async function verifyAccessTokenAccess(
        }
        if (!req.userOrg) {
-            next(
+            return next(
                createHttpError(
                    HttpCode.FORBIDDEN,
                    "User does not have access to this organization"
--- a/server/middlewares/verifyApiKeyAccess.ts
+++ b/server/middlewares/verifyApiKeyAccess.ts
@@ -6,6 +6,7 @@ import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyApiKeyAccess(
    req: Request,
@@ -14,9 +15,24 @@ export async function verifyApiKeyAccess(
 ) {
    try {
        const userId = req.user!.userId;
-        const apiKeyId =
+        const apiKeyIdFromParams = getFirstString(req.params?.apiKeyId);
-            req.params.apiKeyId || req.body.apiKeyId || req.query.apiKeyId;
+        const apiKeyIdFromBody = getFirstString(req.body?.apiKeyId);
-        const orgId = req.params.orgId;
+
        if (
            apiKeyIdFromParams &&
            apiKeyIdFromBody &&
            apiKeyIdFromParams !== apiKeyIdFromBody
        ) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,
                    "API key ID provided in both URL and body with different values"
                )
            );
        }
        const apiKeyId = apiKeyIdFromParams || apiKeyIdFromBody;
        const orgId = getFirstString(req.params.orgId);
        if (!userId) {
            return next(
@@ -104,10 +120,7 @@ export async function verifyApiKeyAccess(
            }
        }
-        req.userOrgRoleIds = await getUserOrgRoleIds(
+        req.userOrgRoleIds = await getUserOrgRoleIds(req.userOrg.userId, orgId);
            req.userOrg.userId,
            orgId
        );
        return next();
    } catch (error) {
--- a/server/middlewares/verifyDomainAccess.ts
+++ b/server/middlewares/verifyDomainAccess.ts
@@ -6,6 +6,7 @@ import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyDomainAccess(
    req: Request,
@@ -14,9 +15,8 @@ export async function verifyDomainAccess(
 ) {
    try {
        const userId = req.user!.userId;
-        const domainId =
+        const domainId = getFirstString(req.params.domainId);
-            req.params.domainId;
+        const orgId = getFirstString(req.params.orgId);
        const orgId = req.params.orgId;
        if (!userId) {
            return next(
@@ -62,10 +62,7 @@ export async function verifyDomainAccess(
                .select()
                .from(userOrgs)
                .where(
-                    and(
+                    and(eq(userOrgs.userId, userId), eq(userOrgs.orgId, orgId))
                        eq(userOrgs.userId, userId),
                        eq(userOrgs.orgId, orgId)
                    )
                )
                .limit(1);
            req.userOrg = userOrgRole[0];
--- a/server/middlewares/verifyLimits.ts
+++ b/server/middlewares/verifyLimits.ts
@@ -3,6 +3,7 @@ import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { usageService } from "@server/lib/billing/usageService";
 import { build } from "@server/build";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyLimits(
    req: Request,
@@ -13,7 +14,10 @@ export async function verifyLimits(
        return next();
    }
-    const orgId = req.userOrgId || req.apiKeyOrg?.orgId || req.params.orgId;
+    const orgId =
        req.userOrgId ||
        req.apiKeyOrg?.orgId ||
        getFirstString(req.params.orgId);
    if (!orgId) {
        return next(); // its fine if we silently fail here because this is not critical to operation or security and its better user experience if we dont fail
--- a/server/middlewares/verifyOrgAccess.ts
+++ b/server/middlewares/verifyOrgAccess.ts
@@ -6,6 +6,7 @@ import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyOrgAccess(
    req: Request,
@@ -13,7 +14,7 @@ export async function verifyOrgAccess(
    next: NextFunction
 ) {
    const userId = req.user!.userId;
-    const orgId = req.params.orgId;
+    const orgId = getFirstString(req.params.orgId);
    if (!userId) {
        return next(
--- a/server/middlewares/verifySiteProvisioningKeyAccess.ts
+++ b/server/middlewares/verifySiteProvisioningKeyAccess.ts
@@ -1,10 +1,16 @@
 import { Request, Response, NextFunction } from "express";
-import { db, userOrgs, siteProvisioningKeys, siteProvisioningKeyOrg } from "@server/db";
+import {
    db,
    userOrgs,
    siteProvisioningKeys,
    siteProvisioningKeyOrg
 } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifySiteProvisioningKeyAccess(
    req: Request,
@@ -13,8 +19,10 @@ export async function verifySiteProvisioningKeyAccess(
 ) {
    try {
        const userId = req.user!.userId;
-        const siteProvisioningKeyId = req.params.siteProvisioningKeyId;
+        const siteProvisioningKeyId = getFirstString(
-        const orgId = req.params.orgId;
+            req.params.siteProvisioningKeyId
        );
        const orgId = getFirstString(req.params.orgId);
        if (!userId) {
            return next(
@@ -80,10 +88,7 @@ export async function verifySiteProvisioningKeyAccess(
                .where(
                    and(
                        eq(userOrgs.userId, userId),
-                        eq(
+                        eq(userOrgs.orgId, row.siteProvisioningKeyOrg.orgId)
                            userOrgs.orgId,
                            row.siteProvisioningKeyOrg.orgId
                        )
                    )
                )
                .limit(1);
--- a/server/middlewares/verifyTargetAccess.ts
+++ b/server/middlewares/verifyTargetAccess.ts
@@ -7,6 +7,7 @@ import HttpCode from "@server/types/HttpCode";
 import { canUserAccessResource } from "../auth/canUserAccessResource";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyTargetAccess(
    req: Request,
@@ -14,7 +15,8 @@ export async function verifyTargetAccess(
    next: NextFunction
 ) {
    const userId = req.user!.userId;
-    const targetId = parseInt(req.params.targetId);
+    const targetIdRaw = getFirstString(req.params.targetId);
    const targetId = Number.parseInt(targetIdRaw ?? "", 10);
    if (!userId) {
        return next(
--- a/server/middlewares/verifyUserIsOrgOwner.ts
+++ b/server/middlewares/verifyUserIsOrgOwner.ts
@@ -4,6 +4,7 @@ import { userOrgs } from "@server/db";
 import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyUserIsOrgOwner(
    req: Request,
@@ -11,7 +12,7 @@ export async function verifyUserIsOrgOwner(
    next: NextFunction
 ) {
    const userId = req.user!.userId;
-    const orgId = req.params.orgId;
+    const orgId = getFirstString(req.params.orgId);
    if (!userId) {
        return next(
--- a/server/private/middlewares/verifyCertificateAccess.ts
+++ b/server/private/middlewares/verifyCertificateAccess.ts
@@ -19,6 +19,7 @@ import { eq, and } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import logger from "@server/logger";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyCertificateAccess(
    req: Request,
@@ -27,11 +28,43 @@ export async function verifyCertificateAccess(
 ) {
    try {
        // Assume user/org access is already verified
-        const orgId = req.params.orgId;
+        const orgId = getFirstString(req.params.orgId);
-        const certId =
+
-            req.params.certId || req.body?.certId || req.query?.certId;
+        const certIdFromParams = getFirstString(req.params?.certId);
-        let domainId =
+        const certIdFromBody = getFirstString(req.body?.certId);
-            req.params.domainId || req.body?.domainId || req.query?.domainId;
+
        if (
            certIdFromParams &&
            certIdFromBody &&
            certIdFromParams !== certIdFromBody
        ) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,
                    "Certificate ID provided in both URL and body with different values"
                )
            );
        }
        const certId = certIdFromParams || certIdFromBody;
        const domainIdFromParams = getFirstString(req.params?.domainId);
        const domainIdFromBody = getFirstString(req.body?.domainId);
        if (
            domainIdFromParams &&
            domainIdFromBody &&
            domainIdFromParams !== domainIdFromBody
        ) {
            return next(
                createHttpError(
                    HttpCode.BAD_REQUEST,
                    "Domain ID provided in both URL and body with different values"
                )
            );
        }
        let domainId = domainIdFromParams || domainIdFromBody;
        if (!orgId) {
            return next(
@@ -65,7 +98,7 @@ export async function verifyCertificateAccess(
                );
            }
-            domainId = cert.domainId;
+            domainId = cert.domainId ?? undefined;
            if (!domainId) {
                return next(
                    createHttpError(
--- a/server/private/middlewares/verifyIdpAccess.ts
+++ b/server/private/middlewares/verifyIdpAccess.ts
@@ -17,6 +17,7 @@ import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyIdpAccess(
    req: Request,
@@ -25,8 +26,12 @@ export async function verifyIdpAccess(
 ) {
    try {
        const userId = req.user!.userId;
-        const idpId = req.params.idpId || req.body.idpId || req.query.idpId;
+        const idpIdRaw =
-        const orgId = req.params.orgId;
+            getFirstString(req.params.idpId) ||
            getFirstString(req.body?.idpId) ||
            getFirstString(req.query?.idpId);
        const idpId = Number.parseInt(idpIdRaw ?? "", 10);
        const orgId = getFirstString(req.params.orgId);
        if (!userId) {
            return next(
@@ -40,7 +45,7 @@ export async function verifyIdpAccess(
            );
        }
-        if (!idpId) {
+        if (Number.isNaN(idpId)) {
            return next(
                createHttpError(HttpCode.BAD_REQUEST, "Invalid key ID")
            );
--- a/server/private/middlewares/verifyRemoteExitNodeAccess.ts
+++ b/server/private/middlewares/verifyRemoteExitNodeAccess.ts
@@ -18,6 +18,7 @@ import { and, eq } from "drizzle-orm";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { getUserOrgRoleIds } from "@server/lib/userOrgRoles";
 import { getFirstString } from "@server/lib/requestParams";
 export async function verifyRemoteExitNodeAccess(
    req: Request,
@@ -25,11 +26,11 @@ export async function verifyRemoteExitNodeAccess(
    next: NextFunction
 ) {
    const userId = req.user!.userId; // Assuming you have user information in the request
-    const orgId = req.params.orgId;
+    const orgId = getFirstString(req.params.orgId);
    const remoteExitNodeId =
-        req.params.remoteExitNodeId ||
+        getFirstString(req.params.remoteExitNodeId) ||
-        req.body.remoteExitNodeId ||
+        getFirstString(req.body?.remoteExitNodeId) ||
-        req.query.remoteExitNodeId;
+        getFirstString(req.query?.remoteExitNodeId);
    if (!userId) {
        return next(
@@ -37,6 +38,15 @@ export async function verifyRemoteExitNodeAccess(
        );
    }
    if (!orgId || !remoteExitNodeId) {
        return next(
            createHttpError(
                HttpCode.BAD_REQUEST,
                "Invalid organization or remote exit node ID"
            )
        );
    }
    try {
        const [remoteExitNode] = await db
            .select()
--- a/server/private/routers/alertRule/createAlertRule.ts
+++ b/server/private/routers/alertRule/createAlertRule.ts
@@ -202,7 +202,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function createAlertRule(
--- a/server/private/routers/alertRule/deleteAlertRule.ts
+++ b/server/private/routers/alertRule/deleteAlertRule.ts
@@ -38,7 +38,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteAlertRule(
--- a/server/private/routers/alertRule/getAlertRule.ts
+++ b/server/private/routers/alertRule/getAlertRule.ts
@@ -49,7 +49,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function getAlertRule(
--- a/server/private/routers/alertRule/listAlertRules.ts
+++ b/server/private/routers/alertRule/listAlertRules.ts
@@ -95,7 +95,22 @@ registry.registerPath({
        query: querySchema,
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function listAlertRules(
--- a/server/private/routers/alertRule/updateAlertRule.ts
+++ b/server/private/routers/alertRule/updateAlertRule.ts
@@ -13,6 +13,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { db } from "@server/db";
 import {
    alertRules,
@@ -148,6 +149,10 @@ const bodySchema = z
 export type UpdateAlertRuleResponse = {
    alertRuleId: number;
 };
 const UpdateAlertRuleResponseDataSchema = z.object({
    alertRuleId: z.number()
 });
 registry.registerPath({
    method: "post",
@@ -164,7 +169,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(UpdateAlertRuleResponseDataSchema)
                }
            }
        }
    }
 });
 export async function updateAlertRule(
--- a/server/private/routers/approvals/processPendingApproval.ts
+++ b/server/private/routers/approvals/processPendingApproval.ts
@@ -24,7 +24,7 @@ import type { NextFunction, Request, Response } from "express";
 const paramsSchema = z.strictObject({
    orgId: z.string(),
-    approvalId: z.string().transform(Number).pipe(z.int().positive())
+    approvalId: z.coerce.number().int().positive()
 });
 const bodySchema = z.strictObject({
--- a/server/private/routers/auditLogs/exportAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/exportAccessAuditLog.ts
@@ -18,6 +18,7 @@ import { OpenAPITags } from "@server/openApi";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { fromError } from "zod-validation-error";
 import { z } from "zod";
 import logger from "@server/logger";
 import {
    queryAccessAuditLogsParams,
@@ -37,7 +38,22 @@ registry.registerPath({
        query: queryAccessAuditLogsQuery,
        params: queryAccessAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function exportAccessAuditLogs(
--- a/server/private/routers/auditLogs/exportActionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportActionAuditLog.ts
@@ -18,6 +18,7 @@ import { OpenAPITags } from "@server/openApi";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { fromError } from "zod-validation-error";
 import { z } from "zod";
 import logger from "@server/logger";
 import {
    queryActionAuditLogsParams,
@@ -37,7 +38,22 @@ registry.registerPath({
        query: queryActionAuditLogsQuery,
        params: queryActionAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function exportActionAuditLogs(
--- a/server/private/routers/auditLogs/exportConnectionAuditLog.ts
+++ b/server/private/routers/auditLogs/exportConnectionAuditLog.ts
@@ -18,6 +18,7 @@ import { OpenAPITags } from "@server/openApi";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { fromError } from "zod-validation-error";
 import { z } from "zod";
 import logger from "@server/logger";
 import {
    queryConnectionAuditLogsParams,
@@ -37,7 +38,22 @@ registry.registerPath({
        query: queryConnectionAuditLogsQuery,
        params: queryConnectionAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function exportConnectionAuditLogs(
--- a/server/private/routers/auditLogs/queryAccessAuditLog.ts
+++ b/server/private/routers/auditLogs/queryAccessAuditLog.ts
@@ -93,6 +93,20 @@ export const queryAccessAuditLogsCombined = queryAccessAuditLogsQuery.merge(
 );
 type Q = z.infer<typeof queryAccessAuditLogsCombined>;
 function sortNamedFilterOptions<T extends { id: number; name: string | null }>(
    items: T[]
 ): T[] {
    return [...items].sort((a, b) => {
        const nameA = a.name ?? "";
        const nameB = b.name ?? "";
        if (nameA < nameB) return -1;
        if (nameA > nameB) return 1;
        return a.id - b.id;
    });
 }
 function getWhere(data: Q) {
    return and(
        gt(accessAuditLog.timestamp, data.timeStart),
@@ -308,7 +322,7 @@ async function queryUniqueFilterAttributes(
        actors: uniqueActors
            .map((row) => row.actor)
            .filter((actor): actor is string => actor !== null),
-        resources: resourcesWithNames,
+        resources: sortNamedFilterOptions(resourcesWithNames),
        locations: uniqueLocations
            .map((row) => row.locations)
            .filter((location): location is string => location !== null)
@@ -324,7 +338,22 @@ registry.registerPath({
        query: queryAccessAuditLogsQuery,
        params: queryAccessAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function queryAccessAuditLogs(
--- a/server/private/routers/auditLogs/queryActionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryActionAuditLog.ts
@@ -165,7 +165,22 @@ registry.registerPath({
        query: queryActionAuditLogsQuery,
        params: queryActionAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function queryActionAuditLogs(
--- a/server/private/routers/auditLogs/queryConnectionAuditLog.ts
+++ b/server/private/routers/auditLogs/queryConnectionAuditLog.ts
@@ -107,6 +107,20 @@ export const queryConnectionAuditLogsCombined =
    queryConnectionAuditLogsQuery.merge(queryConnectionAuditLogsParams);
 type Q = z.infer<typeof queryConnectionAuditLogsCombined>;
 function sortNamedFilterOptions<T extends { id: number; name: string | null }>(
    items: T[]
 ): T[] {
    return [...items].sort((a, b) => {
        const nameA = a.name ?? "";
        const nameB = b.name ?? "";
        if (nameA < nameB) return -1;
        if (nameA > nameB) return 1;
        return a.id - b.id;
    });
 }
 function getWhere(data: Q) {
    return and(
        gt(connectionAuditLog.startedAt, data.timeStart),
@@ -425,7 +439,7 @@ async function queryUniqueFilterAttributes(
            .map((row) => row.destAddr)
            .filter((addr): addr is string => addr !== null),
        clients: clientsWithNames,
-        resources: resourcesWithNames,
+        resources: sortNamedFilterOptions(resourcesWithNames),
        users: usersWithEmails
    };
 }
@@ -439,7 +453,22 @@ registry.registerPath({
        query: queryConnectionAuditLogsQuery,
        params: queryConnectionAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function queryConnectionAuditLogs(
--- a/server/private/routers/billing/getOrgUsage.ts
+++ b/server/private/routers/billing/getOrgUsage.ts
@@ -39,7 +39,22 @@ const getOrgSchema = z.strictObject({
 //     request: {
 //         params: getOrgSchema
 //     },
-//     responses: {}
+// responses: {
 // 200: {
 // description: "Successful response",
 // content: {
 // "application/json": {
 // schema: z.object({
 // data: z.unknown().nullable(),
 // success: z.boolean(),
 // error: z.boolean(),
 // message: z.string(),
 // status: z.number()
 // })
 // }
 // }
 // }
 // }
 // });
 export async function getOrgUsage(
--- a/server/private/routers/certificates/getCertificate.ts
+++ b/server/private/routers/certificates/getCertificate.ts
@@ -115,7 +115,22 @@ registry.registerPath({
            orgId: z.string()
        })
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function getCertificate(
--- a/server/private/routers/certificates/restartCertificate.ts
+++ b/server/private/routers/certificates/restartCertificate.ts
@@ -25,7 +25,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const restartCertificateParamsSchema = z.strictObject({
-    certId: z.string().transform(stoi).pipe(z.int().positive()),
+    certId: z.coerce.number().int().positive(),
    orgId: z.string()
 });
@@ -36,11 +36,26 @@ registry.registerPath({
    tags: ["Certificate"],
    request: {
        params: z.object({
-            certId: z.string().transform(stoi).pipe(z.int().positive()),
+            certId: z.coerce.number().int().positive(),
            orgId: z.string()
        })
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function restartCertificate(
--- a/server/private/routers/domain/checkDomainNamespaceAvailability.ts
+++ b/server/private/routers/domain/checkDomainNamespaceAvailability.ts
@@ -42,7 +42,22 @@ registry.registerPath({
        params: paramsSchema,
        query: querySchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function checkDomainNamespaceAvailability(
--- a/server/private/routers/domain/listDomainNamespaces.ts
+++ b/server/private/routers/domain/listDomainNamespaces.ts
@@ -25,6 +25,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { isSubscribed } from "#private/lib/isSubscribed";
 import { build } from "@server/build";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 const paramsSchema = z.strictObject({});
@@ -65,6 +66,20 @@ export type ListDomainNamespacesResponse = {
    pagination: { total: number; limit: number; offset: number };
 };
 const ListDomainNamespacesResponseDataSchema = z.object({
    domainNamespaces: z.array(
        z.object({
            domainNamespaceId: z.string(),
            domainId: z.string()
        })
    ),
    pagination: z.object({
        total: z.number(),
        limit: z.number(),
        offset: z.number()
    })
 });
 registry.registerPath({
    method: "get",
    path: "/domains/namepaces",
@@ -73,7 +88,18 @@ registry.registerPath({
    request: {
        query: querySchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(
                        ListDomainNamespacesResponseDataSchema
                    )
                }
            }
        }
    }
 });
 export async function listDomainNamespaces(
--- a/server/private/routers/eventStreamingDestination/createEventStreamingDestination.ts
+++ b/server/private/routers/eventStreamingDestination/createEventStreamingDestination.ts
@@ -13,6 +13,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { db } from "@server/db";
 import { eventStreamingDestinations } from "@server/db";
 import { logStreamingManager } from "#private/lib/logStreaming";
@@ -42,6 +43,10 @@ const bodySchema = z.strictObject({
 export type CreateEventStreamingDestinationResponse = {
    destinationId: number;
 };
 const CreateEventStreamingDestinationResponseDataSchema = z.object({
    destinationId: z.number()
 });
 registry.registerPath({
    method: "put",
@@ -58,7 +63,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(CreateEventStreamingDestinationResponseDataSchema)
                }
            }
        }
    }
 });
 export async function createEventStreamingDestination(
--- a/server/private/routers/eventStreamingDestination/deleteEventStreamingDestination.ts
+++ b/server/private/routers/eventStreamingDestination/deleteEventStreamingDestination.ts
@@ -38,7 +38,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteEventStreamingDestination(
--- a/server/private/routers/eventStreamingDestination/listEventStreamingDestinations.ts
+++ b/server/private/routers/eventStreamingDestination/listEventStreamingDestinations.ts
@@ -24,6 +24,7 @@ import { OpenAPITags, registry } from "@server/openApi";
 import { eq, sql } from "drizzle-orm";
 import { decrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 const paramsSchema = z.strictObject({
    orgId: z.string().nonempty()
@@ -67,6 +68,31 @@ export type ListEventStreamingDestinationsResponse = {
    };
 };
 const ListEventStreamingDestinationsResponseDataSchema = z.object({
    destinations: z.array(
        z.object({
            destinationId: z.number(),
            orgId: z.string(),
            type: z.string(),
            config: z.string(),
            enabled: z.boolean(),
            lastError: z.string().nullable(),
            lastErrorAt: z.number().nullable(),
            createdAt: z.number(),
            updatedAt: z.number(),
            sendConnectionLogs: z.boolean(),
            sendRequestLogs: z.boolean(),
            sendActionLogs: z.boolean(),
            sendAccessLogs: z.boolean()
        })
    ),
    pagination: z.object({
        total: z.number(),
        limit: z.number(),
        offset: z.number()
    })
 });
 async function query(orgId: string, limit: number, offset: number) {
    const res = await db
        .select()
@@ -88,7 +114,18 @@ registry.registerPath({
        query: querySchema,
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(
                        ListEventStreamingDestinationsResponseDataSchema
                    )
                }
            }
        }
    }
 });
 export async function listEventStreamingDestinations(
--- a/server/private/routers/eventStreamingDestination/updateEventStreamingDestination.ts
+++ b/server/private/routers/eventStreamingDestination/updateEventStreamingDestination.ts
@@ -13,6 +13,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { db } from "@server/db";
 import { eventStreamingDestinations } from "@server/db";
 import response from "@server/lib/response";
@@ -45,6 +46,10 @@ const bodySchema = z.strictObject({
 export type UpdateEventStreamingDestinationResponse = {
    destinationId: number;
 };
 const UpdateEventStreamingDestinationResponseDataSchema = z.object({
    destinationId: z.number()
 });
 registry.registerPath({
    method: "post",
@@ -61,7 +66,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(UpdateEventStreamingDestinationResponseDataSchema)
                }
            }
        }
    }
 });
 export async function updateEventStreamingDestination(
--- a/server/private/routers/generatedLicense/generateNewLicense.ts
+++ b/server/private/routers/generatedLicense/generateNewLicense.ts
@@ -16,40 +16,44 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
 import { getFirstString } from "@server/lib/requestParams";
 import privateConfig from "#private/lib/config";
 import { GenerateNewLicenseResponse } from "@server/routers/generatedLicense/types";
 export interface CreateNewLicenseResponse {
-  data: Data
+    data: Data;
-  success: boolean
+    success: boolean;
-  error: boolean
+    error: boolean;
-  message: string
+    message: string;
-  status: number
+    status: number;
 }
 export interface Data {
-  licenseKey: LicenseKey
+    licenseKey: LicenseKey;
 }
 export interface LicenseKey {
-  id: number
+    id: number;
-  instanceName: any
+    instanceName: any;
-  instanceId: string
+    instanceId: string;
-  licenseKey: string
+    licenseKey: string;
-  tier: string
+    tier: string;
-  type: string
+    type: string;
-  quantity: number
+    quantity: number;
-  quantity_2: number
+    quantity_2: number;
-  isValid: boolean
+    isValid: boolean;
-  updatedAt: string
+    updatedAt: string;
-  createdAt: string
+    createdAt: string;
-  expiresAt: string
+    expiresAt: string;
-  paidFor: boolean
+    paidFor: boolean;
-  orgId: string
+    orgId: string;
-  metadata: string
+    metadata: string;
 }
-export async function createNewLicense(orgId: string, licenseData: any): Promise<CreateNewLicenseResponse> {
+export async function createNewLicense(
    orgId: string,
    licenseData: any
 ): Promise<CreateNewLicenseResponse> {
    try {
        const response = await fetch(
            `${privateConfig.getRawPrivateConfig().server.fossorial_api}/api/v1/license-internal/enterprise/${orgId}/create`, // this says enterprise but it does both
@@ -80,7 +84,7 @@ export async function generateNewLicense(
    next: NextFunction
 ): Promise<any> {
    try {
-        const { orgId } = req.params;
+        const orgId = getFirstString(req.params.orgId);
        if (!orgId) {
            return next(
--- a/server/private/routers/generatedLicense/listGeneratedLicenses.ts
+++ b/server/private/routers/generatedLicense/listGeneratedLicenses.ts
@@ -16,6 +16,7 @@ import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { response as sendResponse } from "@server/lib/response";
 import { getFirstString } from "@server/lib/requestParams";
 import privateConfig from "#private/lib/config";
 import {
    GeneratedLicenseKey,
@@ -55,7 +56,7 @@ export async function listSaasLicenseKeys(
    next: NextFunction
 ): Promise<any> {
    try {
-        const { orgId } = req.params;
+        const orgId = getFirstString(req.params.orgId);
        if (!orgId) {
            return next(
--- a/server/private/routers/healthChecks/createHealthCheck.ts
+++ b/server/private/routers/healthChecks/createHealthCheck.ts
@@ -13,6 +13,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { db, targetHealthCheck, newts, sites } from "@server/db";
 import { eq } from "drizzle-orm";
 import response from "@server/lib/response";
@@ -52,6 +53,10 @@ const bodySchema = z.strictObject({
 export type CreateHealthCheckResponse = {
    targetHealthCheckId: number;
 };
 const CreateHealthCheckResponseDataSchema = z.object({
    targetHealthCheckId: z.number()
 });
 registry.registerPath({
    method: "put",
@@ -68,7 +73,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(CreateHealthCheckResponseDataSchema)
                }
            }
        }
    }
 });
 export async function createHealthCheck(
--- a/server/private/routers/healthChecks/deleteHealthCheck.ts
+++ b/server/private/routers/healthChecks/deleteHealthCheck.ts
@@ -41,7 +41,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteHealthCheck(
--- a/server/private/routers/healthChecks/listHealthChecks.ts
+++ b/server/private/routers/healthChecks/listHealthChecks.ts
@@ -68,7 +68,22 @@ registry.registerPath({
        params: paramsSchema,
        query: querySchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function listHealthChecks(
--- a/server/private/routers/healthChecks/updateHealthCheck.ts
+++ b/server/private/routers/healthChecks/updateHealthCheck.ts
@@ -13,6 +13,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { db, targetHealthCheck, newts, sites } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -81,6 +82,29 @@ export type UpdateHealthCheckResponse = {
    hcHealthyThreshold: number | null;
    hcUnhealthyThreshold: number | null;
 };
 const UpdateHealthCheckResponseDataSchema = z.object({
    targetHealthCheckId: z.number(),
    name: z.string().nullable(),
    siteId: z.number().nullable(),
    hcEnabled: z.boolean(),
    hcHealth: z.string().nullable(),
    hcMode: z.string().nullable(),
    hcHostname: z.string().nullable(),
    hcPort: z.number().nullable(),
    hcPath: z.string().nullable(),
    hcScheme: z.string().nullable(),
    hcMethod: z.string().nullable(),
    hcInterval: z.number().nullable(),
    hcUnhealthyInterval: z.number().nullable(),
    hcTimeout: z.number().nullable(),
    hcHeaders: z.string().nullable(),
    hcFollowRedirects: z.boolean().nullable(),
    hcStatus: z.number().nullable(),
    hcTlsServerName: z.string().nullable(),
    hcHealthyThreshold: z.number().nullable(),
    hcUnhealthyThreshold: z.number().nullable()
 });
 registry.registerPath({
    method: "post",
@@ -97,7 +121,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(UpdateHealthCheckResponseDataSchema)
                }
            }
        }
    }
 });
 export async function updateHealthCheck(
--- a/server/private/routers/orgIdp/createOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/createOrgOidcIdp.ts
@@ -63,7 +63,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function createOrgOidcIdp(
--- a/server/private/routers/orgIdp/deleteOrgIdp.ts
+++ b/server/private/routers/orgIdp/deleteOrgIdp.ts
@@ -38,7 +38,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteOrgIdp(
--- a/server/private/routers/orgIdp/getOrgIdp.ts
+++ b/server/private/routers/orgIdp/getOrgIdp.ts
@@ -56,7 +56,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function getOrgIdp(
--- a/server/private/routers/orgIdp/listOrgIdps.ts
+++ b/server/private/routers/orgIdp/listOrgIdps.ts
@@ -72,7 +72,22 @@ registry.registerPath({
        query: querySchema,
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function listOrgIdps(
--- a/server/private/routers/orgIdp/updateOrgOidcIdp.ts
+++ b/server/private/routers/orgIdp/updateOrgOidcIdp.ts
@@ -13,6 +13,7 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { db, idpOrg } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -54,6 +55,10 @@ const bodySchema = z.strictObject({
 export type UpdateOrgIdpResponse = {
    idpId: number;
 };
 const UpdateOrgIdpResponseDataSchema = z.object({
    idpId: z.number()
 });
 registry.registerPath({
    method: "post",
@@ -70,7 +75,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(UpdateOrgIdpResponseDataSchema)
                }
            }
        }
    }
 });
 export async function updateOrgOidcIdp(
--- a/server/private/routers/re-key/reGenerateClientSecret.ts
+++ b/server/private/routers/re-key/reGenerateClientSecret.ts
@@ -28,7 +28,7 @@ import { OlmErrorCodes, sendOlmError } from "@server/routers/olm/error";
 import { sendTerminateClient } from "@server/routers/client/terminate";
 const reGenerateSecretParamsSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 const reGenerateSecretBodySchema = z.strictObject({
--- a/server/private/routers/re-key/reGenerateSiteSecret.ts
+++ b/server/private/routers/re-key/reGenerateSiteSecret.ts
@@ -27,7 +27,7 @@ import { getAllowedIps } from "@server/routers/target/helpers";
 import { disconnectClient, sendToClient } from "#private/routers/ws";
 const updateSiteParamsSchema = z.strictObject({
-    siteId: z.string().transform(Number).pipe(z.int().positive())
+    siteId: z.coerce.number().int().positive()
 });
 const updateSiteBodySchema = z.strictObject({
--- a/server/private/routers/ssh/signSshKey.ts
+++ b/server/private/routers/ssh/signSshKey.ts
@@ -93,7 +93,22 @@ export type SignSshKeyResponse = {
 //             }
 //         }
 //     },
-//     responses: {}
+// responses: {
 // 200: {
 // description: "Successful response",
 // content: {
 // "application/json": {
 // schema: z.object({
 // data: z.unknown().nullable(),
 // success: z.boolean(),
 // error: z.boolean(),
 // message: z.string(),
 // status: z.number()
 // })
 // }
 // }
 // }
 // }
 // });
 export async function signSshKey(
--- a/server/private/routers/user/addUserRole.ts
+++ b/server/private/routers/user/addUserRole.ts
@@ -27,7 +27,7 @@ import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAs
 const addUserRoleParamsSchema = z.strictObject({
    userId: z.string(),
-    roleId: z.string().transform(stoi).pipe(z.number())
+    roleId: z.coerce.number()
 });
 registry.registerPath({
@@ -38,7 +38,22 @@ registry.registerPath({
    request: {
        params: addUserRoleParamsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function addUserRole(
--- a/server/private/routers/user/removeUserRole.ts
+++ b/server/private/routers/user/removeUserRole.ts
@@ -27,7 +27,7 @@ import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAs
 const removeUserRoleParamsSchema = z.strictObject({
    userId: z.string(),
-    roleId: z.string().transform(stoi).pipe(z.number())
+    roleId: z.coerce.number()
 });
 registry.registerPath({
@@ -39,7 +39,22 @@ registry.registerPath({
    request: {
        params: removeUserRoleParamsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function removeUserRole(
--- a/server/routers/accessToken/deleteAccessToken.ts
+++ b/server/routers/accessToken/deleteAccessToken.ts
@@ -22,7 +22,22 @@ registry.registerPath({
    request: {
        params: deleteAccessTokenParamsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteAccessToken(
--- a/server/routers/accessToken/generateAccessToken.ts
+++ b/server/routers/accessToken/generateAccessToken.ts
@@ -31,7 +31,7 @@ export const generateAccessTokenBodySchema = z.strictObject({
 });
 export const generateAccssTokenParamsSchema = z.strictObject({
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type GenerateAccessTokenResponse = Omit<
@@ -54,7 +54,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function generateAccessToken(
--- a/server/routers/accessToken/listAccessTokens.ts
+++ b/server/routers/accessToken/listAccessTokens.ts
@@ -129,7 +129,22 @@ registry.registerPath({
        }),
        query: listAccessTokensSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 registry.registerPath({
@@ -143,7 +158,22 @@ registry.registerPath({
        }),
        query: listAccessTokensSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function listAccessTokens(
--- a/server/routers/apiKeys/createOrgApiKey.ts
+++ b/server/routers/apiKeys/createOrgApiKey.ts
@@ -2,6 +2,7 @@ import { NextFunction, Request, Response } from "express";
 import { db } from "@server/db";
 import HttpCode from "@server/types/HttpCode";
 import { z } from "zod";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 import { apiKeyOrg, apiKeys } from "@server/db";
 import { fromError } from "zod-validation-error";
 import createHttpError from "http-errors";
@@ -32,6 +33,14 @@ export type CreateOrgApiKeyResponse = {
    lastChars: string;
    createdAt: string;
 };
 const CreateOrgApiKeyResponseDataSchema = z.object({
    apiKeyId: z.string(),
    name: z.string(),
    apiKey: z.string(),
    lastChars: z.string(),
    createdAt: z.string()
 });
 registry.registerPath({
    method: "put",
@@ -48,7 +57,16 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(CreateOrgApiKeyResponseDataSchema)
                }
            }
        }
    }
 });
 export async function createOrgApiKey(
--- a/server/routers/apiKeys/deleteApiKey.ts
+++ b/server/routers/apiKeys/deleteApiKey.ts
@@ -22,7 +22,22 @@ registry.registerPath({
    request: {
        params: paramsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteApiKey(
--- a/server/routers/apiKeys/listApiKeyActions.ts
+++ b/server/routers/apiKeys/listApiKeyActions.ts
@@ -9,6 +9,7 @@ import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { eq } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 const paramsSchema = z.object({
    apiKeyId: z.string().nonempty()
@@ -44,6 +45,19 @@ export type ListApiKeyActionsResponse = {
    pagination: { total: number; limit: number; offset: number };
 };
 const ListApiKeyActionsResponseDataSchema = z.object({
    actions: z.array(
        z.object({
            actionId: z.string()
        })
    ),
    pagination: z.object({
        total: z.number(),
        limit: z.number(),
        offset: z.number()
    })
 });
 registry.registerPath({
    method: "get",
    path: "/org/{orgId}/api-key/{apiKeyId}/actions",
@@ -53,7 +67,18 @@ registry.registerPath({
        params: paramsSchema,
        query: querySchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(
                        ListApiKeyActionsResponseDataSchema
                    )
                }
            }
        }
    }
 });
 export async function listApiKeyActions(
--- a/server/routers/apiKeys/listOrgApiKeys.ts
+++ b/server/routers/apiKeys/listOrgApiKeys.ts
@@ -9,6 +9,7 @@ import { z } from "zod";
 import { fromError } from "zod-validation-error";
 import { eq, and } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 import { createApiResponseSchema } from "@server/lib/openapi/createApiResponseSchema";
 const querySchema = z.object({
    limit: z
@@ -48,6 +49,23 @@ export type ListOrgApiKeysResponse = {
    pagination: { total: number; limit: number; offset: number };
 };
 const ListOrgApiKeysResponseDataSchema = z.object({
    apiKeys: z.array(
        z.object({
            apiKeyId: z.string(),
            orgId: z.string(),
            lastChars: z.string(),
            createdAt: z.string(),
            name: z.string()
        })
    ),
    pagination: z.object({
        total: z.number(),
        limit: z.number(),
        offset: z.number()
    })
 });
 registry.registerPath({
    method: "get",
    path: "/org/{orgId}/api-keys",
@@ -57,7 +75,18 @@ registry.registerPath({
        params: paramsSchema,
        query: querySchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: createApiResponseSchema(
                        ListOrgApiKeysResponseDataSchema
                    )
                }
            }
        }
    }
 });
 export async function listOrgApiKeys(
--- a/server/routers/apiKeys/setApiKeyActions.ts
+++ b/server/routers/apiKeys/setApiKeyActions.ts
@@ -36,7 +36,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function setApiKeyActions(
--- a/server/routers/auditLogs/exportRequestAuditLog.ts
+++ b/server/routers/auditLogs/exportRequestAuditLog.ts
@@ -5,6 +5,7 @@ import { OpenAPITags } from "@server/openApi";
 import createHttpError from "http-errors";
 import HttpCode from "@server/types/HttpCode";
 import { fromError } from "zod-validation-error";
 import { z } from "zod";
 import logger from "@server/logger";
 import {
    queryAccessAuditLogsQuery,
@@ -28,7 +29,22 @@ registry.registerPath({
        }),
        params: queryRequestAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function exportRequestAuditLogs(
--- a/server/routers/auditLogs/queryRequestAnalytics.ts
+++ b/server/routers/auditLogs/queryRequestAnalytics.ts
@@ -1,4 +1,4 @@
-import { logsDb, requestAuditLog, driver, primaryLogsDb } from "@server/db";
+import { logsDb, requestAuditLog, driver } from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
@@ -74,12 +74,12 @@ async function query(query: Q) {
        );
    }
-    const [all] = await primaryLogsDb
+    const [all] = await logsDb
        .select({ total: count() })
        .from(requestAuditLog)
        .where(baseConditions);
-    const [blocked] = await primaryLogsDb
+    const [blocked] = await logsDb
        .select({ total: count() })
        .from(requestAuditLog)
        .where(and(baseConditions, eq(requestAuditLog.action, false)));
@@ -90,7 +90,7 @@ async function query(query: Q) {
    const DISTINCT_LIMIT = 500;
-    const requestsPerCountry = await primaryLogsDb
+    const requestsPerCountry = await logsDb
        .selectDistinct({
            code: requestAuditLog.location,
            count: totalQ
@@ -118,7 +118,7 @@ async function query(query: Q) {
    const booleanTrue = driver === "pg" ? sql`true` : sql`1`;
    const booleanFalse = driver === "pg" ? sql`false` : sql`0`;
-    const requestsPerDay = await primaryLogsDb
+    const requestsPerDay = await logsDb
        .select({
            day: groupByDayFunction.as("day"),
            allowedCount:
@@ -156,7 +156,22 @@ registry.registerPath({
        query: queryAccessAuditLogsQuery,
        params: queryRequestAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export type QueryRequestAnalyticsResponse = Awaited<ReturnType<typeof query>>;
--- a/server/routers/auditLogs/queryRequestAuditLog.ts
+++ b/server/routers/auditLogs/queryRequestAuditLog.ts
@@ -1,4 +1,4 @@
-import { logsDb, primaryLogsDb, requestAuditLog, resources, siteResources, db, primaryDb } from "@server/db";
+import { logsDb, requestAuditLog, resources, siteResources, db, primaryDb } from "@server/db";
 import { registry } from "@server/openApi";
 import { NextFunction } from "express";
 import { Request, Response } from "express";
@@ -86,6 +86,20 @@ export const queryRequestAuditLogsCombined = queryAccessAuditLogsQuery.merge(
 );
 type Q = z.infer<typeof queryRequestAuditLogsCombined>;
 function sortNamedFilterOptions<T extends { id: number; name: string | null }>(
    items: T[]
 ): T[] {
    return [...items].sort((a, b) => {
        const nameA = a.name ?? "";
        const nameB = b.name ?? "";
        if (nameA < nameB) return -1;
        if (nameA > nameB) return 1;
        return a.id - b.id;
    });
 }
 function getWhere(data: Q) {
    return and(
        gt(requestAuditLog.timestamp, data.timeStart),
@@ -110,7 +124,7 @@ function getWhere(data: Q) {
 }
 export function queryRequest(data: Q) {
-    return primaryLogsDb
+    return logsDb
        .select({
            id: requestAuditLog.id,
                timestamp: requestAuditLog.timestamp,
@@ -211,7 +225,7 @@ async function enrichWithResourceDetails(logs: Awaited<ReturnType<typeof queryRe
 }
 export function countRequestQuery(data: Q) {
-    const countQuery = primaryLogsDb
+    const countQuery = logsDb
        .select({ count: count() })
        .from(requestAuditLog)
        .where(getWhere(data));
@@ -227,7 +241,22 @@ registry.registerPath({
        query: queryAccessAuditLogsQuery,
        params: queryRequestAuditLogsParams
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 async function queryUniqueFilterAttributes(
@@ -254,34 +283,34 @@ async function queryUniqueFilterAttributes(
        uniqueResources,
        uniqueSiteResources
    ] = await Promise.all([
-        primaryLogsDb
+        logsDb
            .selectDistinct({ actor: requestAuditLog.actor })
            .from(requestAuditLog)
            .where(baseConditions)
            .limit(DISTINCT_LIMIT + 1),
-        primaryLogsDb
+        logsDb
            .selectDistinct({ locations: requestAuditLog.location })
            .from(requestAuditLog)
            .where(baseConditions)
            .limit(DISTINCT_LIMIT + 1),
-        primaryLogsDb
+        logsDb
            .selectDistinct({ hosts: requestAuditLog.host })
            .from(requestAuditLog)
            .where(baseConditions)
            .limit(DISTINCT_LIMIT + 1),
-        primaryLogsDb
+        logsDb
            .selectDistinct({ paths: requestAuditLog.path })
            .from(requestAuditLog)
            .where(baseConditions)
            .limit(DISTINCT_LIMIT + 1),
-        primaryLogsDb
+        logsDb
            .selectDistinct({
                id: requestAuditLog.resourceId
            })
            .from(requestAuditLog)
            .where(baseConditions)
            .limit(DISTINCT_LIMIT + 1),
-        primaryLogsDb
+        logsDb
            .selectDistinct({
                id: requestAuditLog.siteResourceId
            })
@@ -353,7 +382,7 @@ async function queryUniqueFilterAttributes(
        actors: uniqueActors
            .map((row) => row.actor)
            .filter((actor): actor is string => actor !== null),
-        resources: resourcesWithNames,
+        resources: sortNamedFilterOptions(resourcesWithNames),
        locations: uniqueLocations
            .map((row) => row.locations)
            .filter((location): location is string => location !== null),
--- a/server/routers/auth/checkResourceSession.ts
+++ b/server/routers/auth/checkResourceSession.ts
@@ -9,7 +9,7 @@ import logger from "@server/logger";
 export const params = z.strictObject({
    token: z.string(),
-    resourceId: z.string().transform(Number).pipe(z.int().positive())
+    resourceId: z.coerce.number().int().positive()
 });
 export type CheckResourceSessionParams = z.infer<typeof params>;
--- a/server/routers/auth/lookupUser.ts
+++ b/server/routers/auth/lookupUser.ts
@@ -51,7 +51,22 @@ export type LookupUserResponse = {
 //     request: {
 //         body: lookupBodySchema
 //     },
-//     responses: {}
+// responses: {
 // 200: {
 // description: "Successful response",
 // content: {
 // "application/json": {
 // schema: z.object({
 // data: z.unknown().nullable(),
 // success: z.boolean(),
 // error: z.boolean(),
 // message: z.string(),
 // status: z.number()
 // })
 // }
 // }
 // }
 // }
 // });
 export async function lookupUser(
--- a/server/routers/auth/securityKey.ts
+++ b/server/routers/auth/securityKey.ts
@@ -25,6 +25,7 @@ import { UserType } from "@server/types/UserTypes";
 import { verifyPassword } from "@server/auth/password";
 import { unauthorized } from "@server/auth/unauthorizedResponse";
 import { verifyTotpCode } from "@server/auth/totp";
 import { getFirstString } from "@server/lib/requestParams";
 // The RP ID is the domain name of your application
 const rpID = (() => {
@@ -406,7 +407,12 @@ export async function deleteSecurityKey(
    res: Response,
    next: NextFunction
 ): Promise<any> {
-    const { credentialId: encodedCredentialId } = req.params;
+    const encodedCredentialId = getFirstString(req.params.credentialId);
    if (!encodedCredentialId) {
        return next(
            createHttpError(HttpCode.BAD_REQUEST, "Invalid credential ID")
        );
    }
    const credentialId = decodeURIComponent(encodedCredentialId);
    const user = req.user as User;
--- a/server/routers/blueprints/applyJSONBlueprint.ts
+++ b/server/routers/blueprints/applyJSONBlueprint.ts
@@ -31,7 +31,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function applyJSONBlueprint(
--- a/server/routers/blueprints/applyYAMLBlueprint.ts
+++ b/server/routers/blueprints/applyYAMLBlueprint.ts
@@ -54,7 +54,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function applyYAMLBlueprint(
--- a/server/routers/blueprints/getBlueprint.ts
+++ b/server/routers/blueprints/getBlueprint.ts
@@ -7,13 +7,12 @@ import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
 import createHttpError from "http-errors";
 import logger from "@server/logger";
 import stoi from "@server/lib/stoi";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { BlueprintData } from "./types";
 const getBlueprintSchema = z.strictObject({
-    blueprintId: z.string().transform(stoi).pipe(z.int().positive()),
+    blueprintId: z.coerce.number().int().positive(),
    orgId: z.string()
 });
@@ -57,7 +56,22 @@ registry.registerPath({
    request: {
        params: getBlueprintSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function getBlueprint(
--- a/server/routers/blueprints/listBlueprints.ts
+++ b/server/routers/blueprints/listBlueprints.ts
@@ -74,7 +74,22 @@ registry.registerPath({
        }),
        query: listBluePrintsSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function listBlueprints(
--- a/server/routers/client/archiveClient.ts
+++ b/server/routers/client/archiveClient.ts
@@ -11,7 +11,7 @@ import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 const archiveClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
@@ -22,7 +22,22 @@ registry.registerPath({
    request: {
        params: archiveClientSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function archiveClient(
--- a/server/routers/client/blockClient.ts
+++ b/server/routers/client/blockClient.ts
@@ -13,7 +13,7 @@ import { sendTerminateClient } from "./terminate";
 import { OlmErrorCodes } from "../olm/error";
 const blockClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
@@ -24,7 +24,22 @@ registry.registerPath({
    request: {
        params: blockClientSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function blockClient(
--- a/server/routers/client/createClient.ts
+++ b/server/routers/client/createClient.ts
@@ -59,7 +59,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function createClient(
--- a/server/routers/client/createUserClient.ts
+++ b/server/routers/client/createUserClient.ts
@@ -60,7 +60,22 @@ registry.registerPath({
            }
        }
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function createUserClient(
--- a/server/routers/client/deleteClient.ts
+++ b/server/routers/client/deleteClient.ts
@@ -14,7 +14,7 @@ import { sendTerminateClient } from "./terminate";
 import { OlmErrorCodes } from "../olm/error";
 const deleteClientSchema = z.strictObject({
-    clientId: z.string().transform(Number).pipe(z.int().positive())
+    clientId: z.coerce.number().int().positive()
 });
 registry.registerPath({
@@ -25,7 +25,22 @@ registry.registerPath({
    request: {
        params: deleteClientSchema
    },
-    responses: {}
+    responses: {
        200: {
            description: "Successful response",
            content: {
                "application/json": {
                    schema: z.object({
                        data: z.unknown().nullable(),
                        success: z.boolean(),
                        error: z.boolean(),
                        message: z.string(),
                        status: z.number()
                    })
                }
            }
        }
    }
 });
 export async function deleteClient(
--- a/Show More
+++ b/Show More