Merge pull request #2777 from fosrl/dev

1.17.0-s.1
Merge pull request #2776 from fosrl/dev
2026-04-12 04:46:37 +00:00 · 2026-04-03 12:19:23 -04:00 · 2026-04-03 11:39:35 -04:00
52 changed files with 1001 additions and 1493 deletions
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -1 +0,0 @@
 * @oschwartz10612 @miloschwartz
--- a/install/config/crowdsec/traefik_config.yml
+++ b/install/config/crowdsec/traefik_config.yml
@@ -86,8 +86,6 @@ entryPoints:
    http:
      tls:
        certResolver: "letsencrypt"
      middlewares:
        - crowdsec@file
      encodedCharacters:
        allowEncodedSlash: true
        allowEncodedQuestionMark: true
--- a/messages/bg-BG.json
+++ b/messages/bg-BG.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Ключът за осигуряване е актуализиран",
    "provisioningKeysUpdatedDescription": "Вашите промени бяха запазени.",
    "provisioningKeysBannerTitle": "Ключове за осигуряване на сайта",
-    "provisioningKeysBannerDescription": "Генерирайте ключ за осигуряване и го използвайте със съединителя Newt за автоматично създаване на сайтове при първоначално стартиране - не е необходимо да се създават отделни идентификационни данни за всеки сайт.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Научете повече",
    "pendingSitesBannerTitle": "Чакащи сайтове",
-    "pendingSitesBannerDescription": "Сайтовете, които се свързват с ключ за осигуряване, ще се появят тук за преглед.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Научете повече",
    "apiKeysSettings": "Настройки на {apiKeyName}",
    "userTitle": "Управление на всички потребители",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Моля, въведете валиден номер на порт",
    "targetErrorNoSite": "Няма избран сайт",
    "targetErrorNoSiteDescription": "Моля, изберете сайт за целта",
-    "targetTargetsCleared": "Мишените са премахнати",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Всички цели са били премахнати от този ресурс",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Целта е създадена",
    "targetCreatedDescription": "Целта беше успешно създадена",
    "targetErrorCreate": "Неуспешно създаване на целта",
@@ -2348,7 +2348,7 @@
                "description": "Предприятие, 50 потребители, 50 сайта и приоритетна поддръжка."
            }
        },
-        "personalUseOnly": "Само за лична употреба (безплатен лиценз - без проверка)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Продължете към плащане"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Машинни клиенти",
    "install": "Инсталирай",
    "run": "Изпълни",
-    "envFile": "Файл за среда",
+    "envFile": "Environment File",
-    "serviceFile": "Файл за услуга",
+    "serviceFile": "Service File",
-    "enableAndStart": "Активиране и стартиране",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Показваното име на клиента, което може да се промени по-късно.",
    "clientAddress": "Клиентски адрес (Разширено)",
    "setupFailedToFetchSubnet": "Неуспешно извличане на подмрежа по подразбиране",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Без удостоверяване",
    "httpDestAuthNoneDescription": "Изпращане на заявки без заглавие за удостоверяване.",
    "httpDestAuthBearerTitle": "Bearer Токен",
-    "httpDestAuthBearerDescription": "Добавя заглавие Authorization: Bearer '<token>' към всяка заявка.",
+    "httpDestAuthBearerDescription": "Добавя заглавие за удостоверяване Bearer '<token>' към всяка заявка.",
    "httpDestAuthBearerPlaceholder": "Вашият API ключ или токен",
    "httpDestAuthBasicTitle": "Основно удостоверяване",
-    "httpDestAuthBasicDescription": "Добавя заглавие Authorization: Basic '<credentials>'. Осигурете идентификационни данни като потребителско име:парола.",
+    "httpDestAuthBasicDescription": "Добавя заглавие за удостоверяване Basic '<credentials>' към всяка заявка. Осигурете идентификационни данни като потребителско име:парола.",
    "httpDestAuthBasicPlaceholder": "потребителско име:парола",
    "httpDestAuthCustomTitle": "Персонализирано заглавие",
    "httpDestAuthCustomDescription": "Посочете персонализирано име и стойност на заглавието за удостоверяване (например X-API-Key).",
--- a/messages/cs-CZ.json
+++ b/messages/cs-CZ.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Zajišťovací klíč byl aktualizován",
    "provisioningKeysUpdatedDescription": "Vaše změny byly uloženy.",
    "provisioningKeysBannerTitle": "Klíče pro poskytování webu",
-    "provisioningKeysBannerDescription": "Vygenerujte klíč pro zřízení a použijte ho s Newt konektorem k automatickému vytvoření stránek při prvním spuštění – není potřeba nastavit samostatné přihlašovací údaje pro každou stránku.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Zjistit více",
    "pendingSitesBannerTitle": "Nevyřízené weby",
-    "pendingSitesBannerDescription": "Stránky, které se připojují pomocí klíče pro zřízení, se zde objeví ke kontrole.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Zjistit více",
    "apiKeysSettings": "Nastavení {apiKeyName}",
    "userTitle": "Spravovat všechny uživatele",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Zadejte platné číslo portu",
    "targetErrorNoSite": "Není vybrán žádný web",
    "targetErrorNoSiteDescription": "Vyberte prosím web pro cíl",
-    "targetTargetsCleared": "Cíle vymazány",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Všechny cíle byly odstraněny z tohoto zdroje",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Cíl byl vytvořen",
    "targetCreatedDescription": "Cíl byl úspěšně vytvořen",
    "targetErrorCreate": "Nepodařilo se vytvořit cíl",
@@ -2348,7 +2348,7 @@
                "description": "Podnikové funkce, 50 uživatelů, 50 míst a prioritní podpory."
            }
        },
-        "personalUseOnly": "Pouze pro osobní použití (zdarma licence - bez ověření)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Pokračovat do pokladny"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Strojoví klienti",
    "install": "Instalovat",
    "run": "Spustit",
-    "envFile": "Konfigurační soubor prostředí",
+    "envFile": "Environment File",
-    "serviceFile": "Služební soubor",
+    "serviceFile": "Service File",
-    "enableAndStart": "Povolit a spustit",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Zobrazované jméno klienta, které lze později změnit.",
    "clientAddress": "Adresa klienta (Rozšířeno)",
    "setupFailedToFetchSubnet": "Nepodařilo se načíst výchozí podsíť",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Žádné ověření",
    "httpDestAuthNoneDescription": "Odešle žádosti bez záhlaví autorizace.",
    "httpDestAuthBearerTitle": "Token na doručitele",
-    "httpDestAuthBearerDescription": "Přidává hlavičku Authorization: Bearer '<token>' k každému požadavku.",
+    "httpDestAuthBearerDescription": "Přidá autorizaci: Hlavička Bearer '<token>' ke každému požadavku.",
    "httpDestAuthBearerPlaceholder": "Váš API klíč nebo token",
    "httpDestAuthBasicTitle": "Základní ověření",
-    "httpDestAuthBasicDescription": "Přidává hlavičku Authorization: Basic '<credentials>'. Poskytněte přihlašovací údaje ve formátu uživatelské jméno:heslo.",
+    "httpDestAuthBasicDescription": "Přidá autorizaci: Základní '<credentials>' hlavička. Poskytněte přihlašovací údaje jako uživatelské jméno:password.",
    "httpDestAuthBasicPlaceholder": "uživatelské jméno:heslo",
    "httpDestAuthCustomTitle": "Vlastní záhlaví",
    "httpDestAuthCustomDescription": "Zadejte název a hodnotu vlastního HTTP hlavičky pro ověření (např. X-API-Key).",
--- a/messages/de-DE.json
+++ b/messages/de-DE.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Bereitstellungsschlüssel aktualisiert",
    "provisioningKeysUpdatedDescription": "Ihre Änderungen wurden gespeichert.",
    "provisioningKeysBannerTitle": "Website-Bereitstellungsschlüssel",
-    "provisioningKeysBannerDescription": "Generieren Sie einen Bereitstellungsschlüssel und verwenden Sie ihn mit dem Newt-Connector, um Standorte beim ersten Start automatisch zu erstellen - keine Notwendigkeit, separate Anmeldedaten für jede Seite einzurichten.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Mehr erfahren",
    "pendingSitesBannerTitle": "Ausstehende Seiten",
-    "pendingSitesBannerDescription": "Websites, die mit einem Bereitstellungsschlüssel verbunden sind, erscheinen hier zur Überprüfung.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Mehr erfahren",
    "apiKeysSettings": "{apiKeyName} Einstellungen",
    "userTitle": "Alle Benutzer verwalten",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Bitte geben Sie eine gültige Portnummer ein",
    "targetErrorNoSite": "Kein Standort ausgewählt",
    "targetErrorNoSiteDescription": "Bitte wähle einen Standort für das Ziel aus",
-    "targetTargetsCleared": "Ziele gelöscht",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Alle Ziele wurden aus dieser Ressource entfernt",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Ziel erstellt",
    "targetCreatedDescription": "Ziel wurde erfolgreich erstellt",
    "targetErrorCreate": "Fehler beim Erstellen des Ziels",
@@ -2348,7 +2348,7 @@
                "description": "Enterprise Features, 50 Benutzer, 50 Sites und Prioritätsunterstützung."
            }
        },
-        "personalUseOnly": "Nur persönliche Nutzung (kostenlose Lizenz - kein Checkout)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Weiter zur Kasse"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Maschinen-Clients",
    "install": "Installieren",
    "run": "Ausführen",
-    "envFile": "Umgebungsdatei",
+    "envFile": "Environment File",
-    "serviceFile": "Servicedatei",
+    "serviceFile": "Service File",
-    "enableAndStart": "Aktivieren und Starten",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Der Anzeigename des Clients, der später geändert werden kann.",
    "clientAddress": "Clientadresse (Erweitert)",
    "setupFailedToFetchSubnet": "Fehler beim Abrufen des Standard-Subnetzes",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Keine Authentifizierung",
    "httpDestAuthNoneDescription": "Sendet Anfragen ohne Autorisierungs-Header.",
    "httpDestAuthBearerTitle": "Bären-Token",
-    "httpDestAuthBearerDescription": "Fügt jedem Anfrage-Header eine \"Authorization: Bearer '<token>'\" hinzu.",
+    "httpDestAuthBearerDescription": "Fügt eine Berechtigung hinzu: Bearer '<token>' Header zu jeder Anfrage.",
    "httpDestAuthBearerPlaceholder": "Ihr API-Schlüssel oder Token",
    "httpDestAuthBasicTitle": "Einfacher Auth",
-    "httpDestAuthBasicDescription": "Fügt einen \"Authorization: Basic '<credentials>'\"-Header hinzu. Geben Sie die Anmeldedaten als Benutzername:Passwort an.",
+    "httpDestAuthBasicDescription": "Fügt eine Autorisierung hinzu: Basic '<credentials>' Kopfzeile hinzu. Geben Sie Anmeldedaten als Benutzername:password an.",
    "httpDestAuthBasicPlaceholder": "benutzername:password",
    "httpDestAuthCustomTitle": "Eigene Kopfzeile",
    "httpDestAuthCustomDescription": "Geben Sie einen eigenen HTTP-Header-Namen und einen Wert für die Authentifizierung an (z.B. X-API-Key).",
--- a/messages/es-ES.json
+++ b/messages/es-ES.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Clave de aprovisionamiento actualizada",
    "provisioningKeysUpdatedDescription": "Sus cambios han sido guardados.",
    "provisioningKeysBannerTitle": "Claves de aprovisionamiento del sitio",
-    "provisioningKeysBannerDescription": "Genere una clave de aprovisionamiento y utilícela con el conector Newt para crear automáticamente sitios en el primer inicio: no es necesario configurar credenciales separadas para cada sitio.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Saber más",
    "pendingSitesBannerTitle": "Sitios pendientes",
-    "pendingSitesBannerDescription": "Los sitios que se conectan utilizando una clave de aprovisionamiento aparecerán aquí para su revisión.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Saber más",
    "apiKeysSettings": "Ajustes {apiKeyName}",
    "userTitle": "Administrar todos los usuarios",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Por favor, introduzca un número de puerto válido",
    "targetErrorNoSite": "Ningún sitio seleccionado",
    "targetErrorNoSiteDescription": "Por favor, seleccione un sitio para el objetivo",
-    "targetTargetsCleared": "Objetivos eliminados",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Todos los objetivos han sido eliminados de este recurso",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Objetivo creado",
    "targetCreatedDescription": "El objetivo se ha creado correctamente",
    "targetErrorCreate": "Error al crear el objetivo",
@@ -2348,7 +2348,7 @@
                "description": "Características de la empresa, 50 usuarios, 50 sitios y soporte prioritario."
            }
        },
-        "personalUseOnly": "Solo uso personal (licencia gratuita - sin salida)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Continuar con el pago"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Clientes de la máquina",
    "install": "Instalar",
    "run": "Ejecutar",
-    "envFile": "Archivo de Entorno",
+    "envFile": "Environment File",
-    "serviceFile": "Archivo de Servicio",
+    "serviceFile": "Service File",
-    "enableAndStart": "Habilitar y empezar",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "El nombre mostrado del cliente que se puede cambiar más adelante.",
    "clientAddress": "Dirección del cliente (Avanzado)",
    "setupFailedToFetchSubnet": "No se pudo obtener la subred por defecto",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Sin autenticación",
    "httpDestAuthNoneDescription": "Envía solicitudes sin un encabezado de autorización.",
    "httpDestAuthBearerTitle": "Tóken de portador",
-    "httpDestAuthBearerDescription": "Añade un encabezado Authorization: Bearer '<token>' a cada solicitud.",
+    "httpDestAuthBearerDescription": "Añade una autorización: portador '<token>' encabezado a cada solicitud.",
    "httpDestAuthBearerPlaceholder": "Tu clave o token API",
    "httpDestAuthBasicTitle": "Auth Básica",
-    "httpDestAuthBasicDescription": "Añade un encabezado Authorization: Basic '<credenciales>'. Proporcione las credenciales como nombredeusuario:contraseña.",
+    "httpDestAuthBasicDescription": "Añade una Autorización: encabezado básico '<credentials>' . Proporcione credenciales como nombre de usuario: contraseña.",
    "httpDestAuthBasicPlaceholder": "usuario:contraseña",
    "httpDestAuthCustomTitle": "Cabecera personalizada",
    "httpDestAuthCustomDescription": "Especifique un nombre de cabecera HTTP personalizado y un valor para la autenticación (por ejemplo, X-API-Key).",
--- a/messages/fr-FR.json
+++ b/messages/fr-FR.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Clé de provisioning mise à jour",
    "provisioningKeysUpdatedDescription": "Vos modifications ont été enregistrées.",
    "provisioningKeysBannerTitle": "Clés de provisioning du site",
-    "provisioningKeysBannerDescription": "Générez une clé de provisionnement et utilisez-la avec le connecteur Newt pour créer automatiquement des sites lors du premier démarrage - sans besoin de configurer des identifiants séparés pour chaque site.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "En savoir plus",
    "pendingSitesBannerTitle": "Sites en attente",
-    "pendingSitesBannerDescription": "Les sites qui se connectent en utilisant une clé de provisionnement apparaissent ici pour révision.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "En savoir plus",
    "apiKeysSettings": "Paramètres de {apiKeyName}",
    "userTitle": "Gérer tous les utilisateurs",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Veuillez entrer un numéro de port valide",
    "targetErrorNoSite": "Aucun site sélectionné",
    "targetErrorNoSiteDescription": "Veuillez sélectionner un site pour la cible",
-    "targetTargetsCleared": "Cibles effacées",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Toutes les cibles ont été retirées de cette ressource",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Cible créée",
    "targetCreatedDescription": "La cible a été créée avec succès",
    "targetErrorCreate": "Impossible de créer la cible",
@@ -2348,7 +2348,7 @@
                "description": "Fonctionnalités d'entreprise, 50 utilisateurs, 50 sites et une prise en charge prioritaire."
            }
        },
-        "personalUseOnly": "Usage personnel uniquement (licence gratuite - pas de validation)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Continuer vers le paiement"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Clients Machines",
    "install": "Installer",
    "run": "Exécuter",
-    "envFile": "Fichier Environnement",
+    "envFile": "Environment File",
-    "serviceFile": "Fichier de Service",
+    "serviceFile": "Service File",
-    "enableAndStart": "Activer et Démarrer",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Le nom d'affichage du client qui peut être modifié plus tard.",
    "clientAddress": "Adresse du client (Avancé)",
    "setupFailedToFetchSubnet": "Impossible de récupérer le sous-réseau par défaut",
@@ -2853,7 +2853,7 @@
    "httpDestAuthBearerDescription": "Ajoute un en-tête Authorization: Bearer '<token>' à chaque requête.",
    "httpDestAuthBearerPlaceholder": "Votre clé API ou votre jeton",
    "httpDestAuthBasicTitle": "Authentification basique",
-    "httpDestAuthBasicDescription": "Ajoute un en-tête Authorization: Basic '<credentials>'. Fournissez les identifiants sous la forme nom d'utilisateur:mot de passe.",
+    "httpDestAuthBasicDescription": "Ajoute une autorisation : en-tête de base '<credentials>' . Fournissez des informations d'identification comme nom d'utilisateur:mot de passe.",
    "httpDestAuthBasicPlaceholder": "nom d'utilisateur:mot de passe",
    "httpDestAuthCustomTitle": "En-tête personnalisé",
    "httpDestAuthCustomDescription": "Spécifiez un nom d'en-tête HTTP personnalisé et une valeur pour l'authentification (par exemple X-API-Key).",
--- a/messages/it-IT.json
+++ b/messages/it-IT.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Chiave di accantonamento aggiornata",
    "provisioningKeysUpdatedDescription": "Le tue modifiche sono state salvate.",
    "provisioningKeysBannerTitle": "Chiavi Di Provvedimento Sito",
-    "provisioningKeysBannerDescription": "Genera una chiave di provisioning e usala con il connettore Newt per creare automaticamente i siti al primo avvio - non è necessario configurare credenziali separate per ogni sito.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Scopri di più",
    "pendingSitesBannerTitle": "Siti In Attesa",
-    "pendingSitesBannerDescription": "I siti che si connettono utilizzando una chiave di provisioning vengono visualizzati qui per la revisione.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Scopri di più",
    "apiKeysSettings": "Impostazioni {apiKeyName}",
    "userTitle": "Gestisci Tutti Gli Utenti",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Inserisci un numero di porta valido",
    "targetErrorNoSite": "Nessun sito selezionato",
    "targetErrorNoSiteDescription": "Si prega di selezionare un sito per l'obiettivo",
-    "targetTargetsCleared": "Obiettivi cancellati",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Tutti gli obiettivi sono stati rimossi da questa risorsa",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Destinazione creata",
    "targetCreatedDescription": "L'obiettivo è stato creato con successo",
    "targetErrorCreate": "Impossibile creare l'obiettivo",
@@ -2348,7 +2348,7 @@
                "description": "Funzionalità aziendali, 50 utenti, 50 siti e supporto prioritario."
            }
        },
-        "personalUseOnly": "Uso personale esclusivo (licenza gratuita - nessun pagamento)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Continua al Checkout"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Machine Clients",
    "install": "Installa",
    "run": "Esegui",
-    "envFile": "File di ambiente",
+    "envFile": "Environment File",
-    "serviceFile": "File di servizio",
+    "serviceFile": "Service File",
-    "enableAndStart": "Abilita e avvia",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Il nome visualizzato del client che può essere modificato in seguito.",
    "clientAddress": "Indirizzo Client (Avanzato)",
    "setupFailedToFetchSubnet": "Recupero della sottorete predefinita non riuscito",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Nessuna Autenticazione",
    "httpDestAuthNoneDescription": "Invia richieste senza intestazione autorizzazione.",
    "httpDestAuthBearerTitle": "Token Del Portatore",
-    "httpDestAuthBearerDescription": "Aggiunge un'intestazione Authorization: Bearer '<token>' a ogni richiesta.",
+    "httpDestAuthBearerDescription": "Aggiunge un'intestazione Autorizzazione: Bearer '<token>' ad ogni richiesta.",
    "httpDestAuthBearerPlaceholder": "La tua chiave API o token",
    "httpDestAuthBasicTitle": "Autenticazione Base",
-    "httpDestAuthBasicDescription": "Aggiunge un'intestazione Authorization: Basic '<credentials>'. Fornire le credenziali come username:password.",
+    "httpDestAuthBasicDescription": "Aggiunge un'autorizzazione: intestazione di base '<credentials>' . Fornisce le credenziali come username:password.",
    "httpDestAuthBasicPlaceholder": "username:password",
    "httpDestAuthCustomTitle": "Intestazione Personalizzata",
    "httpDestAuthCustomDescription": "Specifica un nome e un valore di intestazione HTTP personalizzati per l'autenticazione (ad esempio X-API-Key).",
--- a/messages/ko-KR.json
+++ b/messages/ko-KR.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "프로비저닝 키가 업데이트되었습니다",
    "provisioningKeysUpdatedDescription": "변경 사항이 저장되었습니다.",
    "provisioningKeysBannerTitle": "사이트 프로비저닝 키",
-    "provisioningKeysBannerDescription": "프로비저닝 키를 생성하고 Newt 커넥터와 함께 사용하여 첫 시작 시 사이트를 자동 생성 - 각 사이트에 대한 별도 자격 증명이 필요 없습니다.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "자세히 알아보기",
    "pendingSitesBannerTitle": "대기중인 사이트",
-    "pendingSitesBannerDescription": "프로비저닝 키를 사용하여 연결된 사이트가 검토를 위해 여기에 표시됩니다.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "자세히 알아보기",
    "apiKeysSettings": "{apiKeyName} 설정",
    "userTitle": "모든 사용자 관리",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "유효한 포트 번호를 입력하세요.",
    "targetErrorNoSite": "선택된 사이트 없음",
    "targetErrorNoSiteDescription": "대상을 위해 사이트를 선택하세요.",
-    "targetTargetsCleared": "대상이 제거됨",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "이 리소스에서 모든 대상이 제거되었습니다",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "대상 생성",
    "targetCreatedDescription": "대상이 성공적으로 생성되었습니다.",
    "targetErrorCreate": "대상 생성 실패",
@@ -2348,7 +2348,7 @@
                "description": "기업 기능, 50명의 사용자, 50개의 사이트, 우선 지원."
            }
        },
-        "personalUseOnly": "개인용으로만 사용 (무료 라이선스 - 결제 없음)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "결제로 진행"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "기계 클라이언트",
    "install": "설치",
    "run": "실행",
-    "envFile": "환경 파일",
+    "envFile": "Environment File",
-    "serviceFile": "서비스 파일",
+    "serviceFile": "Service File",
-    "enableAndStart": "활성화 및 시작",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "나중에 변경할 수 있는 클라이언트의 표시 이름입니다.",
    "clientAddress": "클라이언트 주소(고급)",
    "setupFailedToFetchSubnet": "기본값 로드 실패",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "인증 없음",
    "httpDestAuthNoneDescription": "Authorization 헤더 없이 요청을 보냅니다.",
    "httpDestAuthBearerTitle": "Bearer 토큰",
-    "httpDestAuthBearerDescription": "각 요청에 Authorization: Bearer '<token>' 헤더를 추가합니다.",
+    "httpDestAuthBearerDescription": "모든 요청에 Authorization: Bearer '<token>' 헤더를 추가합니다.",
    "httpDestAuthBearerPlaceholder": "API 키 또는 토큰",
    "httpDestAuthBasicTitle": "기본 인증",
-    "httpDestAuthBasicDescription": "Authorization: Basic '<credentials>' 헤더를 추가합니다. 자격 증명은 사용자 이름:비밀번호로 제공합니다.",
+    "httpDestAuthBasicDescription": "Authorization: Basic '<credentials>' 헤더를 추가합니다. 자격 증명은 username:password 형식으로 제공하세요.",
    "httpDestAuthBasicPlaceholder": "사용자 이름:비밀번호",
    "httpDestAuthCustomTitle": "사용자 정의 헤더",
    "httpDestAuthCustomDescription": "인증을 위한 사용자 정의 HTTP 헤더 이름 및 값을 지정하세요 (예: X-API-Key).",
--- a/messages/nb-NO.json
+++ b/messages/nb-NO.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Foreslå nøkkel oppdatert",
    "provisioningKeysUpdatedDescription": "Dine endringer er lagret.",
    "provisioningKeysBannerTitle": "Sidens bestemmende nøkler",
-    "provisioningKeysBannerDescription": "Generer en provisjonsnøkkel og bruk den med Newt-kontakten for automatisk opprettelse av nettsteder ved første oppstart - ingen behov for å sette opp separate legitimasjoner for hvert nettsted.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Lær mer",
    "pendingSitesBannerTitle": "Ventende nettsteder",
-    "pendingSitesBannerDescription": "Nettsteder som kobler seg til ved bruk av en provisjonsnøkkel vises her for vurdering.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Lær mer",
    "apiKeysSettings": "{apiKeyName} Innstillinger",
    "userTitle": "Administrer alle brukere",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Vennligst skriv inn et gyldig portnummer",
    "targetErrorNoSite": "Ingen nettsted valgt",
    "targetErrorNoSiteDescription": "Velg et nettsted for målet",
-    "targetTargetsCleared": "Mål ryddet",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Alle mål har blitt fjernet fra denne ressursen",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Mål opprettet",
    "targetCreatedDescription": "Målet har blitt opprettet",
    "targetErrorCreate": "Kunne ikke opprette målet",
@@ -2348,7 +2348,7 @@
                "description": "Enterprise features, 50 brukere, 50 nettsteder og prioritetsstøtte."
            }
        },
-        "personalUseOnly": "Kun personlig bruk (gratis lisens - ingen kasse)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Fortsett til kassen"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Maskinklienter",
    "install": "Installer",
    "run": "Kjør",
-    "envFile": "Miljøfil",
+    "envFile": "Environment File",
-    "serviceFile": "Tjenestefil",
+    "serviceFile": "Service File",
-    "enableAndStart": "Aktiver og start",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Visningsnavnet til klienten som kan endres senere.",
    "clientAddress": "Klientadresse (avansert)",
    "setupFailedToFetchSubnet": "Kunne ikke hente standard undernett",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Ingen godkjenning",
    "httpDestAuthNoneDescription": "Sender forespørsler uten autorisasjonsoverskrift.",
    "httpDestAuthBearerTitle": "Bærer Symbol",
-    "httpDestAuthBearerDescription": "Legger til en Autorisasjon: Bearer '<token>' header til hver forespørsel.",
+    "httpDestAuthBearerDescription": "Legger til en autorisasjon: Bearer '<token>' header til hver forespørsel.",
    "httpDestAuthBearerPlaceholder": "Din API-nøkkel eller token",
    "httpDestAuthBasicTitle": "Standard Auth",
-    "httpDestAuthBasicDescription": "Legger til en Autorisasjon: Basic '<credentials>' header. Gi legitimasjon som brukernavn:passord.",
+    "httpDestAuthBasicDescription": "Legger til en godkjenning: Grunnleggende '<credentials>' overskrift. Angi legitimasjon som brukernavn:passord.",
    "httpDestAuthBasicPlaceholder": "brukernavn:passord",
    "httpDestAuthCustomTitle": "Egendefinert topptekst",
    "httpDestAuthCustomDescription": "Angi et egendefinert HTTP headers navn og verdi for autentisering (f.eks X-API-Key).",
--- a/messages/nl-NL.json
+++ b/messages/nl-NL.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Provisie sleutel bijgewerkt",
    "provisioningKeysUpdatedDescription": "Uw wijzigingen zijn opgeslagen.",
    "provisioningKeysBannerTitle": "Bewerkingssleutels voor websites",
-    "provisioningKeysBannerDescription": "Genereer een inrichtingssleutel en gebruik deze met de Newt-connector om automatisch sites te maken bij de eerste opstart - er is geen behoefte om aparte inloggegevens voor elke site in te stellen.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Meer informatie",
    "pendingSitesBannerTitle": "Openstaande sites",
-    "pendingSitesBannerDescription": "Sites die verbinding maken met een inrichtingssleutel verschijnen hier voor beoordeling.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Meer informatie",
    "apiKeysSettings": "{apiKeyName} instellingen",
    "userTitle": "Alle gebruikers beheren",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Voer een geldig poortnummer in",
    "targetErrorNoSite": "Geen site geselecteerd",
    "targetErrorNoSiteDescription": "Selecteer een site voor het doel",
-    "targetTargetsCleared": "Doelen gewist",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Alle doelen zijn verwijderd van deze bron",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Doel aangemaakt",
    "targetCreatedDescription": "Doel is succesvol aangemaakt",
    "targetErrorCreate": "Kan doel niet aanmaken",
@@ -2348,7 +2348,7 @@
                "description": "Enterprise functies, 50 gebruikers, 50 sites en prioriteit ondersteuning."
            }
        },
-        "personalUseOnly": "Alleen voor persoonlijk gebruik (gratis licentie - geen afrekening)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Doorgaan naar afrekenen"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Machine Clienten",
    "install": "Installeren",
    "run": "Uitvoeren",
-    "envFile": "Omgevingsbestand",
+    "envFile": "Environment File",
-    "serviceFile": "Servicebestand",
+    "serviceFile": "Service File",
-    "enableAndStart": "Inschakelen en Starten",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "De weergavenaam van de client die later gewijzigd kan worden.",
    "clientAddress": "Klant adres (Geavanceerd)",
    "setupFailedToFetchSubnet": "Kan standaard subnet niet ophalen",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Geen authenticatie",
    "httpDestAuthNoneDescription": "Stuurt verzoeken zonder toestemmingskop.",
    "httpDestAuthBearerTitle": "Betere Token",
-    "httpDestAuthBearerDescription": "Voegt een Authorization: Bearer '<token>' header toe aan elk verzoek.",
+    "httpDestAuthBearerDescription": "Voegt een machtiging toe: Drager '<token>' header aan elke aanvraag.",
    "httpDestAuthBearerPlaceholder": "Uw API-sleutel of -token",
    "httpDestAuthBasicTitle": "Basis authenticatie",
-    "httpDestAuthBasicDescription": "Voegt een Authorization: Basic '<credentials>' header toe. Verstrek inloggegevens als gebruikersnaam:wachtwoord.",
+    "httpDestAuthBasicDescription": "Voegt een Authorizatie toe: Basis '<credentials>' kop. Geef inloggegevens op als gebruikersnaam:wachtwoord.",
    "httpDestAuthBasicPlaceholder": "Gebruikersnaam:wachtwoord",
    "httpDestAuthCustomTitle": "Aangepaste koptekst",
    "httpDestAuthCustomDescription": "Specificeer een aangepaste HTTP header naam en waarde voor authenticatie (bijv. X-API-Key).",
--- a/messages/pl-PL.json
+++ b/messages/pl-PL.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Klucz zaopatrzenia zaktualizowany",
    "provisioningKeysUpdatedDescription": "Twoje zmiany zostały zapisane.",
    "provisioningKeysBannerTitle": "Klucze Zaopatrzenia witryny",
-    "provisioningKeysBannerDescription": "Wygeneruj klucz provisioning i użyj go z konektorem Newt do automatycznego tworzenia witryn przy pierwszym uruchomieniu - nie ma potrzeby konfigurowania oddzielnych poświadczeń dla każdej witryny.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Dowiedz się więcej",
    "pendingSitesBannerTitle": "Witryny oczekujące",
-    "pendingSitesBannerDescription": "Witryny, które łączą się za pomocą klucza provisioning, pojawią się tutaj do przeglądu.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Dowiedz się więcej",
    "apiKeysSettings": "Ustawienia {apiKeyName}",
    "userTitle": "Zarządzaj wszystkimi użytkownikami",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Wprowadź prawidłowy numer portu",
    "targetErrorNoSite": "Nie wybrano witryny",
    "targetErrorNoSiteDescription": "Wybierz witrynę docelową",
-    "targetTargetsCleared": "Cele wyczyszczone",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Wszystkie cele zostały usunięte z tego zasobu",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Cel utworzony",
    "targetCreatedDescription": "Cel został utworzony pomyślnie",
    "targetErrorCreate": "Nie udało się utworzyć celu",
@@ -2348,7 +2348,7 @@
                "description": "Cechy przedsiębiorstw, 50 użytkowników, 50 obiektów i wsparcie priorytetowe."
            }
        },
-        "personalUseOnly": "Tylko do użytku osobistego (darmowa licencja - bez płatności)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Przejdź do zamówienia"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Klienci maszyn",
    "install": "Zainstaluj",
    "run": "Uruchom",
-    "envFile": "Plik środowiska",
+    "envFile": "Environment File",
-    "serviceFile": "Plik serwisu",
+    "serviceFile": "Service File",
-    "enableAndStart": "Włącz i Uruchom",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Wyświetlana nazwa klienta, która może zostać zmieniona później.",
    "clientAddress": "Adres klienta (Zaawansowany)",
    "setupFailedToFetchSubnet": "Nie udało się pobrać domyślnej podsieci",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Brak uwierzytelniania",
    "httpDestAuthNoneDescription": "Wysyła żądania bez nagłówka autoryzacji.",
    "httpDestAuthBearerTitle": "Token Bearer",
-    "httpDestAuthBearerDescription": "Dodaje nagłówek Authorization: Bearer '<token>' do każdego żądania.",
+    "httpDestAuthBearerDescription": "Dodaje autoryzację: nagłówek Bearer '<token>' do każdego żądania.",
    "httpDestAuthBearerPlaceholder": "Twój klucz API lub token",
    "httpDestAuthBasicTitle": "Podstawowa Autoryzacja",
-    "httpDestAuthBasicDescription": "Dodaje nagłówek Authorization: Basic '<credentials>'. Podaj poświadczenia w formacie użytkownik:hasło.",
+    "httpDestAuthBasicDescription": "Dodaje Autoryzacja: Nagłówek Basic '<credentials>' . Podaj poświadczenia jako nazwę użytkownika: hasło.",
    "httpDestAuthBasicPlaceholder": "Nazwa użytkownika:hasło",
    "httpDestAuthCustomTitle": "Niestandardowy nagłówek",
    "httpDestAuthCustomDescription": "Określ niestandardową nazwę nagłówka HTTP i wartość dla uwierzytelniania (np. X-API-Key).",
--- a/messages/pt-PT.json
+++ b/messages/pt-PT.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Chave de provisionamento atualizada",
    "provisioningKeysUpdatedDescription": "Suas alterações foram salvas.",
    "provisioningKeysBannerTitle": "Chaves de provisionamento do site",
-    "provisioningKeysBannerDescription": "Gere uma chave de provisionamento e use-a com o conector Newt para criar sites automaticamente na primeira inicialização - sem necessidade de configurar credenciais separadas para cada site.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Saiba mais",
    "pendingSitesBannerTitle": "Sites pendentes",
-    "pendingSitesBannerDescription": "Sites que se conectam usando uma chave de provisionamento aparecem aqui para revisão.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Saiba mais",
    "apiKeysSettings": "Configurações de {apiKeyName}",
    "userTitle": "Gerir Todos os Utilizadores",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Por favor, digite um número de porta válido",
    "targetErrorNoSite": "Nenhum site selecionado",
    "targetErrorNoSiteDescription": "Selecione um site para o destino",
-    "targetTargetsCleared": "Alvos limpos",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Todos os alvos foram removidos deste recurso",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Destino criado",
    "targetCreatedDescription": "O alvo foi criado com sucesso",
    "targetErrorCreate": "Falha ao criar destino",
@@ -2348,7 +2348,7 @@
                "description": "Recursos de empresa, 50 usuários, 50 sites e apoio prioritário."
            }
        },
-        "personalUseOnly": "Uso pessoal apenas (licença gratuita - sem checkout)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Continuar com checkout"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Clientes de máquina",
    "install": "Instale",
    "run": "Executar",
-    "envFile": "Arquivo de Ambiente",
+    "envFile": "Environment File",
-    "serviceFile": "Arquivo de Serviço",
+    "serviceFile": "Service File",
-    "enableAndStart": "Ativar e Iniciar",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "O nome de exibição do cliente que pode ser alterado mais tarde.",
    "clientAddress": "Endereço do Cliente (Avançado)",
    "setupFailedToFetchSubnet": "Falha ao buscar a subrede padrão",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Sem Autenticação",
    "httpDestAuthNoneDescription": "Envia pedidos sem um cabeçalho de autorização.",
    "httpDestAuthBearerTitle": "Token do portador",
-    "httpDestAuthBearerDescription": "Adiciona um cabeçalho Authorization: Bearer '<token>' a cada solicitação.",
+    "httpDestAuthBearerDescription": "Adiciona uma autorização: Bearer '<token>' header a cada requisição.",
    "httpDestAuthBearerPlaceholder": "Sua chave de API ou token",
    "httpDestAuthBasicTitle": "Autenticação básica",
-    "httpDestAuthBasicDescription": "Adiciona um cabeçalho Authorization: Basic '<credentials>'. Forneça as credenciais como username:password.",
+    "httpDestAuthBasicDescription": "Adiciona uma Autorização: cabeçalho '<credentials>' básico. Forneça credenciais como nome de usuário:senha.",
    "httpDestAuthBasicPlaceholder": "Usuário:password",
    "httpDestAuthCustomTitle": "Cabeçalho personalizado",
    "httpDestAuthCustomDescription": "Especifique um nome e valor de cabeçalho HTTP personalizado para autenticação (por exemplo, X-API-Key).",
--- a/messages/ru-RU.json
+++ b/messages/ru-RU.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Ключ подготовки обновлен",
    "provisioningKeysUpdatedDescription": "Ваши изменения были сохранены.",
    "provisioningKeysBannerTitle": "Ключи подготовки сайта",
-    "provisioningKeysBannerDescription": "Создайте ключ настройки и используйте его с соединителем Newt для автоматического создания сайтов при первом запуске — нет необходимости настраивать отдельные учетные данные для каждого сайта.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Узнать больше",
    "pendingSitesBannerTitle": "Ожидающие сайты",
-    "pendingSitesBannerDescription": "Сайты, подключающиеся с помощью ключа настройки, отображаются здесь для проверки.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Узнать больше",
    "apiKeysSettings": "Настройки {apiKeyName}",
    "userTitle": "Управление всеми пользователями",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Пожалуйста, введите правильный номер порта",
    "targetErrorNoSite": "Сайт не выбран",
    "targetErrorNoSiteDescription": "Пожалуйста, выберите сайт для цели",
-    "targetTargetsCleared": "Цели очищены",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Все цели удалены из этого ресурса",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Цель создана",
    "targetCreatedDescription": "Цель была успешно создана",
    "targetErrorCreate": "Не удалось создать цель",
@@ -2348,7 +2348,7 @@
                "description": "Функции предприятия, 50 пользователей, 50 сайтов, а также приоритетная поддержка."
            }
        },
-        "personalUseOnly": "Только для личного использования (бесплатная лицензия - без оформления на кассе)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Продолжить оформление заказа"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Машинные клиенты",
    "install": "Установить",
    "run": "Запустить",
-    "envFile": "Файл окружения",
+    "envFile": "Environment File",
-    "serviceFile": "Сервисный файл",
+    "serviceFile": "Service File",
-    "enableAndStart": "Включить и запустить",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Отображаемое имя клиента, которое может быть изменено позже.",
    "clientAddress": "Адрес клиента (Дополнительно)",
    "setupFailedToFetchSubnet": "Не удалось получить подсеть по умолчанию",
@@ -2853,7 +2853,7 @@
    "httpDestAuthBearerDescription": "Добавляет заголовок Authorization: Bearer '<token>' к каждому запросу.",
    "httpDestAuthBearerPlaceholder": "Ваш ключ API или токен",
    "httpDestAuthBasicTitle": "Базовая авторизация",
-    "httpDestAuthBasicDescription": "Добавляет заголовок Authorization: Basic '<credentials>'. Укажите учетные данные в формате username:password.",
+    "httpDestAuthBasicDescription": "Добавляет Authorization: Basic '<credentials>' header. Предоставьте учетные данные в качестве имени пользователя:password.",
    "httpDestAuthBasicPlaceholder": "имя пользователя:пароль",
    "httpDestAuthCustomTitle": "Пользовательский заголовок",
    "httpDestAuthCustomDescription": "Укажите пользовательское имя заголовка HTTP и значение для аутентификации (например, X-API-Key).",
--- a/messages/tr-TR.json
+++ b/messages/tr-TR.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "Tedarik anahtarı güncellendi",
    "provisioningKeysUpdatedDescription": "Değişiklikleriniz kaydedildi.",
    "provisioningKeysBannerTitle": "Site Tedarik Anahtarları",
-    "provisioningKeysBannerDescription": "Bir sağlama anahtarı oluşturun ve ilk başlangıçta siteleri otomatik olarak oluşturmak için Newt bağlayıcısını kullanın - her site için ayrı kimlik bilgileri ayarlamaya gerek yok.",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "Daha fazla bilgi",
    "pendingSitesBannerTitle": "Bekleyen Siteler",
-    "pendingSitesBannerDescription": "Bir sağlama anahtarı kullanarak bağlanan siteler, inceleme için burada görünür.",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "Daha fazla bilgi",
    "apiKeysSettings": "{apiKeyName} Ayarları",
    "userTitle": "Tüm Kullanıcıları Yönet",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "Lütfen geçerli bir port numarası girin",
    "targetErrorNoSite": "Hiçbir site seçili değil",
    "targetErrorNoSiteDescription": "Lütfen hedef için bir site seçin",
-    "targetTargetsCleared": "Hedefler temizlendi",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "Bu kaynaktan tüm hedefler kaldırıldı",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "Hedef oluşturuldu",
    "targetCreatedDescription": "Hedef başarıyla oluşturuldu",
    "targetErrorCreate": "Hedef oluşturma başarısız oldu",
@@ -2348,7 +2348,7 @@
                "description": "Kurumsal özellikler, 50 kullanıcı, 50 site ve öncelikli destek."
            }
        },
-        "personalUseOnly": "Kişisel kullanım için (ücretsiz lisans - ödeme yok)",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "Ödemeye Devam Et"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "Makine İstemcileri",
    "install": "Yükle",
    "run": "Çalıştır",
-    "envFile": "Ortam Dosyası",
+    "envFile": "Environment File",
-    "serviceFile": "Servis Dosyası",
+    "serviceFile": "Service File",
-    "enableAndStart": "Etkinleştir ve Başlat",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "Daha sonra değiştirilebilecek istemcinin görünen adı.",
    "clientAddress": "İstemci Adresi (Gelişmiş)",
    "setupFailedToFetchSubnet": "Varsayılan alt ağ alınamadı",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "Kimlik Doğrulama Yok",
    "httpDestAuthNoneDescription": "Yetkilendirme başlığı olmadan istekler gönderir.",
    "httpDestAuthBearerTitle": "Taşıyıcı Jetonu",
-    "httpDestAuthBearerDescription": "Her isteğe bir Yetkilendirme: Taşıyıcı '<token>' üst bilgisi ekler.",
+    "httpDestAuthBearerDescription": "Her isteğe bir Yetkilendirme: Taşıyıcı '<token>' başlığı ekler.",
    "httpDestAuthBearerPlaceholder": "API anahtarınız veya jetonunuz",
    "httpDestAuthBasicTitle": "Temel Kimlik Doğrulama",
-    "httpDestAuthBasicDescription": "Bir Yetkilendirme: Temel '<credentials>' üst bilgisi ekler. Kimlik bilgilerini kullanıcı adı:şifre olarak sağlayın.",
+    "httpDestAuthBasicDescription": "Authorization: Temel '<belirtecikler>' başlığı ekler. Yetkilendirmeleri kullanıcı adı:şifre olarak sağlayın.",
    "httpDestAuthBasicPlaceholder": "kullanıcı adı:şifre",
    "httpDestAuthCustomTitle": "Özel Başlık",
    "httpDestAuthCustomDescription": "Kimlik doğrulama için özel bir HTTP başlık adı ve değer belirtin (örn. X-API-Key).",
--- a/messages/zh-CN.json
+++ b/messages/zh-CN.json
@@ -371,10 +371,10 @@
    "provisioningKeysUpdated": "置备密钥已更新",
    "provisioningKeysUpdatedDescription": "您的更改已保存。",
    "provisioningKeysBannerTitle": "站点置备密钥",
-    "provisioningKeysBannerDescription": "生成一个供应密钥，并将其与 Newt 连接器一起使用，以在首次启动时自动创建站点 - 无需为每个站点设置单独的凭据。",
+    "provisioningKeysBannerDescription": "Generate a provisioning key and use it with the Newt connector to automatically create sites on first startup - no need to set up separate credentials for each site.",
    "provisioningKeysBannerButtonText": "了解更多",
    "pendingSitesBannerTitle": "待定站点",
-    "pendingSitesBannerDescription": "使用供应密钥连接的站点将在此显示以供审核。",
+    "pendingSitesBannerDescription": "Sites that connect using a provisioning key appear here for review.",
    "pendingSitesBannerButtonText": "了解更多",
    "apiKeysSettings": "{apiKeyName} 设置",
    "userTitle": "管理所有用户",
@@ -624,8 +624,8 @@
    "targetErrorInvalidPortDescription": "请输入有效的端口号",
    "targetErrorNoSite": "没有选择站点",
    "targetErrorNoSiteDescription": "请选择目标站点",
-    "targetTargetsCleared": "目标已清除",
+    "targetTargetsCleared": "Targets cleared",
-    "targetTargetsClearedDescription": "所有目标已从此资源中移除",
+    "targetTargetsClearedDescription": "All targets have been removed from this resource",
    "targetCreated": "目标已创建",
    "targetCreatedDescription": "目标已成功创建",
    "targetErrorCreate": "创建目标失败",
@@ -2348,7 +2348,7 @@
                "description": "企业特征、50个用户、50个站点和优先支持。"
            }
        },
-        "personalUseOnly": "仅限个人使用（免费许可 - 无需结账）",
+        "personalUseOnly": "Personal use only (free license - no checkout)",
        "buttons": {
            "continueToCheckout": "继续签出"
        },
@@ -2609,9 +2609,9 @@
    "machineClients": "机器客户端",
    "install": "安装",
    "run": "运行",
-    "envFile": "环境文件",
+    "envFile": "Environment File",
-    "serviceFile": "服务文件",
+    "serviceFile": "Service File",
-    "enableAndStart": "启用并启动",
+    "enableAndStart": "Enable and Start",
    "clientNameDescription": "可以稍后更改的客户端的显示名称。",
    "clientAddress": "客户端地址 (高级)",
    "setupFailedToFetchSubnet": "获取默认子网失败",
@@ -2850,10 +2850,10 @@
    "httpDestAuthNoneTitle": "无身份验证",
    "httpDestAuthNoneDescription": "在没有授权头的情况下发送请求。",
    "httpDestAuthBearerTitle": "持有者令牌",
-    "httpDestAuthBearerDescription": "在每个请求中添加授权：Bearer “<token>” 头。",
+    "httpDestAuthBearerDescription": "添加授权：每个请求的标题为 '<token>'。",
    "httpDestAuthBearerPlaceholder": "您的 API 密钥或令牌",
    "httpDestAuthBasicTitle": "基本认证",
-    "httpDestAuthBasicDescription": "添加一个Authorization: Basic \"<凭据>\" 标头。 以用户名：密码形式提供凭据。",
+    "httpDestAuthBasicDescription": "添加授权：基本 '<credentials>' 头。提供用户名：密码的凭据。",
    "httpDestAuthBasicPlaceholder": "用户名:密码",
    "httpDestAuthCustomTitle": "自定义标题",
    "httpDestAuthCustomDescription": "指定自定义 HTTP 头名称和身份验证值 (例如，X-API 键)。",
--- a/server/db/pg/schema/schema.ts
+++ b/server/db/pg/schema/schema.ts
@@ -222,18 +222,12 @@ export const exitNodes = pgTable("exitNodes", {
 export const siteResources = pgTable("siteResources", {
    // this is for the clients
    siteResourceId: serial("siteResourceId").primaryKey(),
    siteId: integer("siteId")
        .notNull()
        .references(() => sites.siteId, { onDelete: "cascade" }),
    orgId: varchar("orgId")
        .notNull()
        .references(() => orgs.orgId, { onDelete: "cascade" }),
    networkId: integer("networkId").references(() => networks.networkId, {
        onDelete: "set null"
    }),
    defaultNetworkId: integer("defaultNetworkId").references(
        () => networks.networkId,
        {
            onDelete: "restrict"
        }
    ),
    niceId: varchar("niceId").notNull(),
    name: varchar("name").notNull(),
    mode: varchar("mode").$type<"host" | "cidr">().notNull(), // "host" | "cidr" | "port"
@@ -253,32 +247,6 @@ export const siteResources = pgTable("siteResources", {
        .default("site")
 });
 export const networks = pgTable("networks", {
    networkId: serial("networkId").primaryKey(),
    niceId: text("niceId"),
    name: text("name"),
    scope: varchar("scope")
        .$type<"global" | "resource">()
        .notNull()
        .default("global"),
    orgId: varchar("orgId")
        .references(() => orgs.orgId, {
            onDelete: "cascade"
        })
        .notNull()
 });
 export const siteNetworks = pgTable("siteNetworks", {
    siteId: integer("siteId")
        .notNull()
        .references(() => sites.siteId, {
            onDelete: "cascade"
        }),
    networkId: integer("networkId")
        .notNull()
        .references(() => networks.networkId, { onDelete: "cascade" })
 });
 export const clientSiteResources = pgTable("clientSiteResources", {
    clientId: integer("clientId")
        .notNull()
@@ -1138,4 +1106,3 @@ export type RequestAuditLog = InferSelectModel<typeof requestAuditLog>;
 export type RoundTripMessageTracker = InferSelectModel<
    typeof roundTripMessageTracker
 >;
 export type Network = InferSelectModel<typeof networks>;
--- a/server/db/sqlite/schema/schema.ts
+++ b/server/db/sqlite/schema/schema.ts
@@ -92,9 +92,6 @@ export const sites = sqliteTable("sites", {
    exitNodeId: integer("exitNode").references(() => exitNodes.exitNodeId, {
        onDelete: "set null"
    }),
    networkId: integer("networkId").references(() => networks.networkId, {
        onDelete: "set null"
    }),
    name: text("name").notNull(),
    pubKey: text("pubKey"),
    subnet: text("subnet"),
@@ -253,16 +250,12 @@ export const siteResources = sqliteTable("siteResources", {
    siteResourceId: integer("siteResourceId").primaryKey({
        autoIncrement: true
    }),
    siteId: integer("siteId")
        .notNull()
        .references(() => sites.siteId, { onDelete: "cascade" }),
    orgId: text("orgId")
        .notNull()
        .references(() => orgs.orgId, { onDelete: "cascade" }),
    networkId: integer("networkId").references(() => networks.networkId, {
        onDelete: "set null"
    }),
    defaultNetworkId: integer("defaultNetworkId").references(
        () => networks.networkId,
        { onDelete: "restrict" }
    ),
    niceId: text("niceId").notNull(),
    name: text("name").notNull(),
    mode: text("mode").$type<"host" | "cidr">().notNull(), // "host" | "cidr" | "port"
@@ -284,30 +277,6 @@ export const siteResources = sqliteTable("siteResources", {
        .default("site")
 });
 export const networks = sqliteTable("networks", {
    networkId: integer("networkId").primaryKey({ autoIncrement: true }),
    niceId: text("niceId"),
    name: text("name"),
    scope: text("scope")
        .$type<"global" | "resource">()
        .notNull()
        .default("global"),
    orgId: text("orgId")
        .notNull()
        .references(() => orgs.orgId, { onDelete: "cascade" })
 });
 export const siteNetworks = sqliteTable("siteNetworks", {
    siteId: integer("siteId")
        .notNull()
        .references(() => sites.siteId, {
            onDelete: "cascade"
        }),
    networkId: integer("networkId")
        .notNull()
        .references(() => networks.networkId, { onDelete: "cascade" })
 });
 export const clientSiteResources = sqliteTable("clientSiteResources", {
    clientId: integer("clientId")
        .notNull()
@@ -1226,7 +1195,6 @@ export type ApiKey = InferSelectModel<typeof apiKeys>;
 export type ApiKeyAction = InferSelectModel<typeof apiKeyActions>;
 export type ApiKeyOrg = InferSelectModel<typeof apiKeyOrg>;
 export type SiteResource = InferSelectModel<typeof siteResources>;
 export type Network = InferSelectModel<typeof networks>;
 export type OrgDomains = InferSelectModel<typeof orgDomains>;
 export type SetupToken = InferSelectModel<typeof setupTokens>;
 export type HostMeta = InferSelectModel<typeof hostMeta>;
--- a/server/lib/blueprints/applyBlueprint.ts
+++ b/server/lib/blueprints/applyBlueprint.ts
@@ -121,8 +121,8 @@ export async function applyBlueprint({
            for (const result of clientResourcesResults) {
                if (
                    result.oldSiteResource &&
-                    JSON.stringify(result.newSites?.sort()) !==
+                    result.oldSiteResource.siteId !=
-                        JSON.stringify(result.oldSites?.sort())
+                        result.newSiteResource.siteId
                ) {
                    // query existing associations
                    const existingRoleIds = await trx
@@ -222,46 +222,38 @@ export async function applyBlueprint({
                        trx
                    );
                } else {
-                    let good = true;
+                    const [newSite] = await trx
-                    for (const newSite of result.newSites) {
+                        .select()
-                        const [site] = await trx
+                        .from(sites)
-                            .select()
+                        .innerJoin(newts, eq(sites.siteId, newts.siteId))
-                            .from(sites)
+                        .where(
-                            .innerJoin(newts, eq(sites.siteId, newts.siteId))
+                            and(
-                            .where(
+                                eq(sites.siteId, result.newSiteResource.siteId),
-                                and(
+                                eq(sites.orgId, orgId),
-                                    eq(sites.siteId, newSite.siteId),
+                                eq(sites.type, "newt"),
-                                    eq(sites.orgId, orgId),
+                                isNotNull(sites.pubKey)
                                    eq(sites.type, "newt"),
                                    isNotNull(sites.pubKey)
                                )
                            )
-                            .limit(1);
+                        )
-
+                        .limit(1);
                        if (!site) {
                            logger.debug(
                                `No newt sites found for client resource ${result.newSiteResource.siteResourceId}, skipping target update`
                            );
                            good = false;
                            break;
                        }
                    if (!newSite) {
                        logger.debug(
-                            `Updating client resource ${result.newSiteResource.siteResourceId} on site ${newSite.siteId}`
+                            `No newt site found for client resource ${result.newSiteResource.siteResourceId}, skipping target update`
                        );
                    }
                    if (!good) {
                        continue;
                    }
                    logger.debug(
                        `Updating client resource ${result.newSiteResource.siteResourceId} on site ${newSite.sites.siteId}`
                    );
                    await handleMessagingForUpdatedSiteResource(
                        result.oldSiteResource,
                        result.newSiteResource,
-                        result.newSites.map((site) => ({
+                        {
-                            siteId: site.siteId,
+                            siteId: newSite.sites.siteId,
-                            orgId: result.newSiteResource.orgId
+                            orgId: newSite.sites.orgId
-                        })),
+                        },
                        trx
                    );
                }
--- a/server/lib/blueprints/clientResources.ts
+++ b/server/lib/blueprints/clientResources.ts
@@ -3,15 +3,12 @@ import {
    clientSiteResources,
    roles,
    roleSiteResources,
    Site,
    SiteResource,
    siteNetworks,
    siteResources,
    Transaction,
    userOrgs,
    users,
-    userSiteResources,
+    userSiteResources
    networks
 } from "@server/db";
 import { sites } from "@server/db";
 import { eq, and, ne, inArray, or } from "drizzle-orm";
@@ -22,8 +19,6 @@ import { getNextAvailableAliasAddress } from "../ip";
 export type ClientResourcesResults = {
    newSiteResource: SiteResource;
    oldSiteResource?: SiteResource;
    newSites: { siteId: number }[];
    oldSites: { siteId: number }[];
 }[];
 export async function updateClientResources(
@@ -48,70 +43,36 @@ export async function updateClientResources(
            )
            .limit(1);
-        const existingSiteIds = existingResource?.networkId
+        const resourceSiteId = resourceData.site;
-            ? await trx
+        let site;
                  .select({ siteId: sites.siteId })
                  .from(siteNetworks)
                  .where(eq(siteNetworks.networkId, existingResource.networkId))
            : [];
-        let allSites: { siteId: number }[] = [];
+        if (resourceSiteId) {
-        if (resourceData.site) {
+            // Look up site by niceId
-            let siteSingle;
+            [site] = await trx
-            const resourceSiteId = resourceData.site;
+                .select({ siteId: sites.siteId })
-
+                .from(sites)
-            if (resourceSiteId) {
+                .where(
-                // Look up site by niceId
+                    and(
-                [siteSingle] = await trx
+                        eq(sites.niceId, resourceSiteId),
-                    .select({ siteId: sites.siteId })
+                        eq(sites.orgId, orgId)
                    .from(sites)
                    .where(
                        and(
                            eq(sites.niceId, resourceSiteId),
                            eq(sites.orgId, orgId)
                        )
                    )
-                    .limit(1);
+                )
-            } else if (siteId) {
+                .limit(1);
-                // Use the provided siteId directly, but verify it belongs to the org
+        } else if (siteId) {
-                [siteSingle] = await trx
+            // Use the provided siteId directly, but verify it belongs to the org
-                    .select({ siteId: sites.siteId })
+            [site] = await trx
-                    .from(sites)
+                .select({ siteId: sites.siteId })
-                    .where(
+                .from(sites)
-                        and(eq(sites.siteId, siteId), eq(sites.orgId, orgId))
+                .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId)))
-                    )
+                .limit(1);
-                    .limit(1);
+        } else {
-            } else {
+            throw new Error(`Target site is required`);
                throw new Error(`Target site is required`);
            }
            if (!siteSingle) {
                throw new Error(
                    `Site not found: ${resourceSiteId} in org ${orgId}`
                );
            }
            allSites.push(siteSingle);
        }
-        if (resourceData.sites) {
+        if (!site) {
-            for (const siteNiceId of resourceData.sites) {
+            throw new Error(
-                const [site] = await trx
+                `Site not found: ${resourceSiteId} in org ${orgId}`
-                    .select({ siteId: sites.siteId })
+            );
                    .from(sites)
                    .where(
                        and(
                            eq(sites.niceId, siteNiceId),
                            eq(sites.orgId, orgId)
                        )
                    )
                    .limit(1);
                if (!site) {
                    throw new Error(
                        `Site not found: ${siteId} in org ${orgId}`
                    );
                }
                allSites.push(site);
            }
        }
        if (existingResource) {
@@ -120,6 +81,7 @@ export async function updateClientResources(
                .update(siteResources)
                .set({
                    name: resourceData.name || resourceNiceId,
                    siteId: site.siteId,
                    mode: resourceData.mode,
                    destination: resourceData.destination,
                    enabled: true, // hardcoded for now
@@ -140,21 +102,6 @@ export async function updateClientResources(
            const siteResourceId = existingResource.siteResourceId;
            const orgId = existingResource.orgId;
            if (updatedResource.networkId) {
                await trx
                    .delete(siteNetworks)
                    .where(
                        eq(siteNetworks.networkId, updatedResource.networkId)
                    );
                for (const site of allSites) {
                    await trx.insert(siteNetworks).values({
                        siteId: site.siteId,
                        networkId: updatedResource.networkId
                    });
                }
            }
            await trx
                .delete(clientSiteResources)
                .where(eq(clientSiteResources.siteResourceId, siteResourceId));
@@ -257,9 +204,7 @@ export async function updateClientResources(
            results.push({
                newSiteResource: updatedResource,
-                oldSiteResource: existingResource,
+                oldSiteResource: existingResource
                newSites: allSites,
                oldSites: existingSiteIds
            });
        } else {
            let aliasAddress: string | null = null;
@@ -268,22 +213,13 @@ export async function updateClientResources(
                aliasAddress = await getNextAvailableAliasAddress(orgId);
            }
            const [network] = await trx
                .insert(networks)
                .values({
                    scope: "resource",
                    orgId: orgId
                })
                .returning();
            // Create new resource
            const [newResource] = await trx
                .insert(siteResources)
                .values({
                    orgId: orgId,
                    siteId: site.siteId,
                    niceId: resourceNiceId,
                    networkId: network.networkId,
                    defaultNetworkId: network.networkId,
                    name: resourceData.name || resourceNiceId,
                    mode: resourceData.mode,
                    destination: resourceData.destination,
@@ -299,13 +235,6 @@ export async function updateClientResources(
            const siteResourceId = newResource.siteResourceId;
            for (const site of allSites) {
                await trx.insert(siteNetworks).values({
                    siteId: site.siteId,
                    networkId: network.networkId
                });
            }
            const [adminRole] = await trx
                .select()
                .from(roles)
@@ -395,11 +324,7 @@ export async function updateClientResources(
                `Created new client resource ${newResource.name} (${newResource.siteResourceId}) for org ${orgId}`
            );
-            results.push({
+            results.push({ newSiteResource: newResource });
                newSiteResource: newResource,
                newSites: allSites,
                oldSites: existingSiteIds
            });
        }
    }
--- a/server/lib/blueprints/types.ts
+++ b/server/lib/blueprints/types.ts
@@ -326,8 +326,7 @@ export const ClientResourceSchema = z
    .object({
        name: z.string().min(1).max(255),
        mode: z.enum(["host", "cidr"]),
-        site: z.string(), // DEPRECATED IN FAVOR OF sites
+        site: z.string(),
        sites: z.array(z.string()).optional().default([]),
        // protocol: z.enum(["tcp", "udp"]).optional(),
        // proxyPort: z.int().positive().optional(),
        // destinationPort: z.int().positive().optional(),
--- a/server/lib/rebuildClientAssociations.ts
+++ b/server/lib/rebuildClientAssociations.ts
@@ -11,11 +11,11 @@ import {
    roleSiteResources,
    Site,
    SiteResource,
    siteNetworks,
    siteResources,
    sites,
    Transaction,
    userOrgRoles,
    userOrgs,
    userSiteResources
 } from "@server/db";
 import { and, eq, inArray, ne } from "drizzle-orm";
@@ -48,23 +48,15 @@ export async function getClientSiteResourceAccess(
    siteResource: SiteResource,
    trx: Transaction | typeof db = db
 ) {
-    // get all sites associated with this siteResource via its network
+    // get the site
-    const sitesList = siteResource.networkId
+    const [site] = await trx
-        ? await trx
+        .select()
-              .select()
+        .from(sites)
-              .from(sites)
+        .where(eq(sites.siteId, siteResource.siteId))
-              .innerJoin(
+        .limit(1);
                  siteNetworks,
                  eq(siteNetworks.siteId, sites.siteId)
              )
              .where(eq(siteNetworks.networkId, siteResource.networkId))
              .then((rows) => rows.map((row) => row.sites))
        : [];
-    if (sitesList.length === 0) {
+    if (!site) {
-        logger.warn(
+        throw new Error(`Site with ID ${siteResource.siteId} not found`);
            `No sites found for siteResource ${siteResource.siteResourceId} with networkId ${siteResource.networkId}`
        );
    }
    const roleIds = await trx
@@ -145,7 +137,7 @@ export async function getClientSiteResourceAccess(
    const mergedAllClientIds = mergedAllClients.map((c) => c.clientId);
    return {
-        sitesList,
+        site,
        mergedAllClients,
        mergedAllClientIds
    };
@@ -161,51 +153,40 @@ export async function rebuildClientAssociationsFromSiteResource(
        subnet: string | null;
    }[];
 }> {
-    const { sitesList, mergedAllClients, mergedAllClientIds } =
+    const siteId = siteResource.siteId;
    const { site, mergedAllClients, mergedAllClientIds } =
        await getClientSiteResourceAccess(siteResource, trx);
    /////////// process the client-siteResource associations ///////////
-    // get all of the clients associated with other resources in the same network,
+    // get all of the clients associated with other resources on this site
-    // joined through siteNetworks so we know which siteId each client belongs to
+    const allUpdatedClientsFromOtherResourcesOnThisSite = await trx
-    const allUpdatedClientsFromOtherResourcesOnThisSite = siteResource.networkId
+        .select({
-        ? await trx
+            clientId: clientSiteResourcesAssociationsCache.clientId
-              .select({
+        })
-                  clientId: clientSiteResourcesAssociationsCache.clientId,
+        .from(clientSiteResourcesAssociationsCache)
-                  siteId: siteNetworks.siteId
+        .innerJoin(
-              })
+            siteResources,
-              .from(clientSiteResourcesAssociationsCache)
+            eq(
-              .innerJoin(
+                clientSiteResourcesAssociationsCache.siteResourceId,
-                  siteResources,
+                siteResources.siteResourceId
-                  eq(
+            )
-                      clientSiteResourcesAssociationsCache.siteResourceId,
+        )
-                      siteResources.siteResourceId
+        .where(
-                  )
+            and(
-              )
+                eq(siteResources.siteId, siteId),
-              .innerJoin(
+                ne(siteResources.siteResourceId, siteResource.siteResourceId)
-                  siteNetworks,
+            )
-                  eq(siteNetworks.networkId, siteResources.networkId)
+        );
              )
              .where(
                  and(
                      eq(siteResources.networkId, siteResource.networkId),
                      ne(
                          siteResources.siteResourceId,
                          siteResource.siteResourceId
                      )
                  )
              )
        : [];
-    // Build a per-site map so the loop below can check by siteId rather than
+    const allClientIdsFromOtherResourcesOnThisSite = Array.from(
-    // across the entire network.
+        new Set(
-    const clientsFromOtherResourcesBySite = new Map<number, Set<number>>();
+            allUpdatedClientsFromOtherResourcesOnThisSite.map(
-    for (const row of allUpdatedClientsFromOtherResourcesOnThisSite) {
+                (row) => row.clientId
-        if (!clientsFromOtherResourcesBySite.has(row.siteId)) {
+            )
-            clientsFromOtherResourcesBySite.set(row.siteId, new Set());
+        )
-        }
+    );
        clientsFromOtherResourcesBySite.get(row.siteId)!.add(row.clientId);
    }
    const existingClientSiteResources = await trx
        .select({
@@ -279,90 +260,82 @@ export async function rebuildClientAssociationsFromSiteResource(
    /////////// process the client-site associations ///////////
-    for (const site of sitesList) {
+    const existingClientSites = await trx
-        const siteId = site.siteId;
+        .select({
            clientId: clientSitesAssociationsCache.clientId
        })
        .from(clientSitesAssociationsCache)
        .where(eq(clientSitesAssociationsCache.siteId, siteResource.siteId));
-        const existingClientSites = await trx
+    const existingClientSiteIds = existingClientSites.map(
-            .select({
+        (row) => row.clientId
-                clientId: clientSitesAssociationsCache.clientId
+    );
            })
            .from(clientSitesAssociationsCache)
            .where(eq(clientSitesAssociationsCache.siteId, siteId));
-        const existingClientSiteIds = existingClientSites.map(
+    // Get full client details for existing clients (needed for sending delete messages)
-            (row) => row.clientId
+    const existingClients = await trx
-        );
+        .select({
            clientId: clients.clientId,
            pubKey: clients.pubKey,
            subnet: clients.subnet
        })
        .from(clients)
        .where(inArray(clients.clientId, existingClientSiteIds));
-        // Get full client details for existing clients (needed for sending delete messages)
+    const clientSitesToAdd = mergedAllClientIds.filter(
-        const existingClients =
+        (clientId) =>
-            existingClientSiteIds.length > 0
+            !existingClientSiteIds.includes(clientId) &&
-                ? await trx
+            !allClientIdsFromOtherResourcesOnThisSite.includes(clientId) // dont remove if there is still another connection for another site resource
-                      .select({
+    );
                          clientId: clients.clientId,
                          pubKey: clients.pubKey,
                          subnet: clients.subnet
                      })
                      .from(clients)
                      .where(inArray(clients.clientId, existingClientSiteIds))
                : [];
-        const otherResourceClientIds = clientsFromOtherResourcesBySite.get(siteId) ?? new Set<number>();
+    const clientSitesToInsert = clientSitesToAdd.map((clientId) => ({
        clientId,
        siteId
    }));
-        const clientSitesToAdd = mergedAllClientIds.filter(
+    if (clientSitesToInsert.length > 0) {
-            (clientId) =>
+        await trx
-                !existingClientSiteIds.includes(clientId) &&
+            .insert(clientSitesAssociationsCache)
-                !otherResourceClientIds.has(clientId) // dont add if already connected via another site resource
+            .values(clientSitesToInsert)
-        );
+            .returning();
        const clientSitesToInsert = clientSitesToAdd.map((clientId) => ({
            clientId,
            siteId
        }));
        if (clientSitesToInsert.length > 0) {
            await trx
                .insert(clientSitesAssociationsCache)
                .values(clientSitesToInsert)
                .returning();
        }
        // Now remove any client-site associations that should no longer exist
        const clientSitesToRemove = existingClientSiteIds.filter(
            (clientId) =>
                !mergedAllClientIds.includes(clientId) &&
                !otherResourceClientIds.has(clientId) // dont remove if there is still another connection for another site resource
        );
        if (clientSitesToRemove.length > 0) {
            await trx
                .delete(clientSitesAssociationsCache)
                .where(
                    and(
                        eq(clientSitesAssociationsCache.siteId, siteId),
                        inArray(
                            clientSitesAssociationsCache.clientId,
                            clientSitesToRemove
                        )
                    )
                );
        }
        // Now handle the messages to add/remove peers on both the newt and olm sides
        await handleMessagesForSiteClients(
            site,
            siteId,
            mergedAllClients,
            existingClients,
            clientSitesToAdd,
            clientSitesToRemove,
            trx
        );
    }
    // Now remove any client-site associations that should no longer exist
    const clientSitesToRemove = existingClientSiteIds.filter(
        (clientId) =>
            !mergedAllClientIds.includes(clientId) &&
            !allClientIdsFromOtherResourcesOnThisSite.includes(clientId) // dont remove if there is still another connection for another site resource
    );
    if (clientSitesToRemove.length > 0) {
        await trx
            .delete(clientSitesAssociationsCache)
            .where(
                and(
                    eq(clientSitesAssociationsCache.siteId, siteId),
                    inArray(
                        clientSitesAssociationsCache.clientId,
                        clientSitesToRemove
                    )
                )
            );
    }
    /////////// send the messages ///////////
    // Now handle the messages to add/remove peers on both the newt and olm sides
    await handleMessagesForSiteClients(
        site,
        siteId,
        mergedAllClients,
        existingClients,
        clientSitesToAdd,
        clientSitesToRemove,
        trx
    );
    // Handle subnet proxy target updates for the resource associations
    await handleSubnetProxyTargetUpdates(
        siteResource,
        sitesList,
        mergedAllClients,
        existingResourceClients,
        clientSiteResourcesToAdd,
@@ -651,7 +624,6 @@ export async function updateClientSiteDestinations(
 async function handleSubnetProxyTargetUpdates(
    siteResource: SiteResource,
    sitesList: Site[],
    allClients: {
        clientId: number;
        pubKey: string | null;
@@ -666,138 +638,125 @@ async function handleSubnetProxyTargetUpdates(
    clientSiteResourcesToRemove: number[],
    trx: Transaction | typeof db = db
 ): Promise<void> {
-    const proxyJobs: Promise<any>[] = [];
+    // Get the newt for this site
-    const olmJobs: Promise<any>[] = [];
+    const [newt] = await trx
        .select()
        .from(newts)
        .where(eq(newts.siteId, siteResource.siteId))
        .limit(1);
-    for (const siteData of sitesList) {
+    if (!newt) {
-        const siteId = siteData.siteId;
+        logger.warn(
            `Newt not found for site ${siteResource.siteId}, skipping subnet proxy target updates`
        );
        return;
    }
-        // Get the newt for this site
+    const proxyJobs = [];
-        const [newt] = await trx
+    const olmJobs = [];
-            .select()
+    // Generate targets for added associations
-            .from(newts)
+    if (clientSiteResourcesToAdd.length > 0) {
-            .where(eq(newts.siteId, siteId))
+        const addedClients = allClients.filter((client) =>
-            .limit(1);
+            clientSiteResourcesToAdd.includes(client.clientId)
        );
-        if (!newt) {
+        if (addedClients.length > 0) {
-            logger.warn(
+            const targetToAdd = generateSubnetProxyTargetV2(
-                `Newt not found for site ${siteId}, skipping subnet proxy target updates`
+                siteResource,
-            );
+                addedClients
            continue;
        }
        // Generate targets for added associations
        if (clientSiteResourcesToAdd.length > 0) {
            const addedClients = allClients.filter((client) =>
                clientSiteResourcesToAdd.includes(client.clientId)
            );
-            if (addedClients.length > 0) {
+            if (targetToAdd) {
-                const targetToAdd = generateSubnetProxyTargetV2(
+                proxyJobs.push(
-                    siteResource,
+                    addSubnetProxyTargets(
-                    addedClients
+                        newt.newtId,
                        [targetToAdd],
                        newt.version
                    )
                );
            }
-                if (targetToAdd) {
+            for (const client of addedClients) {
-                    proxyJobs.push(
+                olmJobs.push(
-                        addSubnetProxyTargets(
+                    addPeerData(
-                            newt.newtId,
+                        client.clientId,
-                            [targetToAdd],
+                        siteResource.siteId,
-                            newt.version
+                        generateRemoteSubnets([siteResource]),
-                        )
+                        generateAliasConfig([siteResource])
-                    );
+                    )
-                }
+                );
                for (const client of addedClients) {
                    olmJobs.push(
                        addPeerData(
                            client.clientId,
                            siteId,
                            generateRemoteSubnets([siteResource]),
                            generateAliasConfig([siteResource])
                        )
                    );
                }
            }
        }
    }
-        // here we use the existingSiteResource from BEFORE we updated the destination so we dont need to worry about updating destinations here
+    // here we use the existingSiteResource from BEFORE we updated the destination so we dont need to worry about updating destinations here
-        // Generate targets for removed associations
+    // Generate targets for removed associations
-        if (clientSiteResourcesToRemove.length > 0) {
+    if (clientSiteResourcesToRemove.length > 0) {
-            const removedClients = existingClients.filter((client) =>
+        const removedClients = existingClients.filter((client) =>
-                clientSiteResourcesToRemove.includes(client.clientId)
+            clientSiteResourcesToRemove.includes(client.clientId)
        );
        if (removedClients.length > 0) {
            const targetToRemove = generateSubnetProxyTargetV2(
                siteResource,
                removedClients
            );
-            if (removedClients.length > 0) {
+            if (targetToRemove) {
-                const targetToRemove = generateSubnetProxyTargetV2(
+                proxyJobs.push(
-                    siteResource,
+                    removeSubnetProxyTargets(
-                    removedClients
+                        newt.newtId,
                        [targetToRemove],
                        newt.version
                    )
                );
            }
-                if (targetToRemove) {
+            for (const client of removedClients) {
-                    proxyJobs.push(
+                // Check if this client still has access to another resource on this site with the same destination
-                        removeSubnetProxyTargets(
+                const destinationStillInUse = await trx
-                            newt.newtId,
+                    .select()
-                            [targetToRemove],
+                    .from(siteResources)
-                            newt.version
+                    .innerJoin(
                        clientSiteResourcesAssociationsCache,
                        eq(
                            clientSiteResourcesAssociationsCache.siteResourceId,
                            siteResources.siteResourceId
                        )
-                    );
+                    )
-                }
+                    .where(
-
+                        and(
                for (const client of removedClients) {
                    // Check if this client still has access to another resource
                    // on this specific site with the same destination. We scope
                    // by siteId (via siteNetworks) rather than networkId because
                    // removePeerData operates per-site — a resource on a different
                    // site sharing the same network should not block removal here.
                    const destinationStillInUse = await trx
                        .select()
                        .from(siteResources)
                        .innerJoin(
                            clientSiteResourcesAssociationsCache,
                            eq(
-                                clientSiteResourcesAssociationsCache.siteResourceId,
+                                clientSiteResourcesAssociationsCache.clientId,
-                                siteResources.siteResourceId
+                                client.clientId
                            ),
                            eq(siteResources.siteId, siteResource.siteId),
                            eq(
                                siteResources.destination,
                                siteResource.destination
                            ),
                            ne(
                                siteResources.siteResourceId,
                                siteResource.siteResourceId
                            )
                        )
                        .innerJoin(
                            siteNetworks,
                            eq(siteNetworks.networkId, siteResources.networkId)
                        )
                        .where(
                            and(
                                eq(
                                    clientSiteResourcesAssociationsCache.clientId,
                                    client.clientId
                                ),
                                eq(siteNetworks.siteId, siteId),
                                eq(
                                    siteResources.destination,
                                    siteResource.destination
                                ),
                                ne(
                                    siteResources.siteResourceId,
                                    siteResource.siteResourceId
                                )
                            )
                        );
                    // Only remove remote subnet if no other resource uses the same destination
                    const remoteSubnetsToRemove =
                        destinationStillInUse.length > 0
                            ? []
                            : generateRemoteSubnets([siteResource]);
                    olmJobs.push(
                        removePeerData(
                            client.clientId,
                            siteId,
                            remoteSubnetsToRemove,
                            generateAliasConfig([siteResource])
                        )
                    );
-                }
+
                // Only remove remote subnet if no other resource uses the same destination
                const remoteSubnetsToRemove =
                    destinationStillInUse.length > 0
                        ? []
                        : generateRemoteSubnets([siteResource]);
                olmJobs.push(
                    removePeerData(
                        client.clientId,
                        siteResource.siteId,
                        remoteSubnetsToRemove,
                        generateAliasConfig([siteResource])
                    )
                );
            }
        }
    }
@@ -904,25 +863,10 @@ export async function rebuildClientAssociationsFromClient(
                  )
            : [];
-    // Group by siteId for site-level associations — look up via siteNetworks since
+    // Group by siteId for site-level associations
-    // siteResources no longer carries a direct siteId column.
+    const newSiteIds = Array.from(
-    const networkIds = Array.from(
+        new Set(newSiteResources.map((sr) => sr.siteId))
        new Set(
            newSiteResources
                .map((sr) => sr.networkId)
                .filter((id): id is number => id !== null)
        )
    );
    const newSiteIds =
        networkIds.length > 0
            ? await trx
                  .select({ siteId: siteNetworks.siteId })
                  .from(siteNetworks)
                  .where(inArray(siteNetworks.networkId, networkIds))
                  .then((rows) =>
                      Array.from(new Set(rows.map((r) => r.siteId)))
                  )
            : [];
    /////////// Process client-siteResource associations ///////////
@@ -1195,45 +1139,13 @@ async function handleMessagesForClientResources(
            resourcesToAdd.includes(r.siteResourceId)
        );
        // Build (resource, siteId) pairs by looking up siteNetworks for each resource's networkId
        const addedNetworkIds = Array.from(
            new Set(
                addedResources
                    .map((r) => r.networkId)
                    .filter((id): id is number => id !== null)
            )
        );
        const addedSiteNetworkRows =
            addedNetworkIds.length > 0
                ? await trx
                      .select({
                          networkId: siteNetworks.networkId,
                          siteId: siteNetworks.siteId
                      })
                      .from(siteNetworks)
                      .where(inArray(siteNetworks.networkId, addedNetworkIds))
                : [];
        const addedNetworkToSites = new Map<number, number[]>();
        for (const row of addedSiteNetworkRows) {
            if (!addedNetworkToSites.has(row.networkId)) {
                addedNetworkToSites.set(row.networkId, []);
            }
            addedNetworkToSites.get(row.networkId)!.push(row.siteId);
        }
        // Group by site for proxy updates
        const addedBySite = new Map<number, SiteResource[]>();
        for (const resource of addedResources) {
-            const siteIds =
+            if (!addedBySite.has(resource.siteId)) {
-                resource.networkId != null
+                addedBySite.set(resource.siteId, []);
                    ? (addedNetworkToSites.get(resource.networkId) ?? [])
                    : [];
            for (const siteId of siteIds) {
                if (!addedBySite.has(siteId)) {
                    addedBySite.set(siteId, []);
                }
                addedBySite.get(siteId)!.push(resource);
            }
            addedBySite.get(resource.siteId)!.push(resource);
        }
        // Add subnet proxy targets for each site
@@ -1275,7 +1187,7 @@ async function handleMessagesForClientResources(
                    olmJobs.push(
                        addPeerData(
                            client.clientId,
-                            siteId,
+                            resource.siteId,
                            generateRemoteSubnets([resource]),
                            generateAliasConfig([resource])
                        )
@@ -1287,7 +1199,7 @@ async function handleMessagesForClientResources(
                        error.message.includes("not found")
                    ) {
                        logger.debug(
-                            `Olm data not found for client ${client.clientId} and site ${siteId}, skipping addition`
+                            `Olm data not found for client ${client.clientId} and site ${resource.siteId}, skipping removal`
                        );
                    } else {
                        throw error;
@@ -1304,45 +1216,13 @@ async function handleMessagesForClientResources(
            .from(siteResources)
            .where(inArray(siteResources.siteResourceId, resourcesToRemove));
        // Build (resource, siteId) pairs via siteNetworks
        const removedNetworkIds = Array.from(
            new Set(
                removedResources
                    .map((r) => r.networkId)
                    .filter((id): id is number => id !== null)
            )
        );
        const removedSiteNetworkRows =
            removedNetworkIds.length > 0
                ? await trx
                      .select({
                          networkId: siteNetworks.networkId,
                          siteId: siteNetworks.siteId
                      })
                      .from(siteNetworks)
                      .where(inArray(siteNetworks.networkId, removedNetworkIds))
                : [];
        const removedNetworkToSites = new Map<number, number[]>();
        for (const row of removedSiteNetworkRows) {
            if (!removedNetworkToSites.has(row.networkId)) {
                removedNetworkToSites.set(row.networkId, []);
            }
            removedNetworkToSites.get(row.networkId)!.push(row.siteId);
        }
        // Group by site for proxy updates
        const removedBySite = new Map<number, SiteResource[]>();
        for (const resource of removedResources) {
-            const siteIds =
+            if (!removedBySite.has(resource.siteId)) {
-                resource.networkId != null
+                removedBySite.set(resource.siteId, []);
                    ? (removedNetworkToSites.get(resource.networkId) ?? [])
                    : [];
            for (const siteId of siteIds) {
                if (!removedBySite.has(siteId)) {
                    removedBySite.set(siteId, []);
                }
                removedBySite.get(siteId)!.push(resource);
            }
            removedBySite.get(resource.siteId)!.push(resource);
        }
        // Remove subnet proxy targets for each site
@@ -1380,11 +1260,7 @@ async function handleMessagesForClientResources(
                }
                try {
-                    // Check if this client still has access to another resource
+                    // Check if this client still has access to another resource on this site with the same destination
                    // on this specific site with the same destination. We scope
                    // by siteId (via siteNetworks) rather than networkId because
                    // removePeerData operates per-site — a resource on a different
                    // site sharing the same network should not block removal here.
                    const destinationStillInUse = await trx
                        .select()
                        .from(siteResources)
@@ -1395,17 +1271,13 @@ async function handleMessagesForClientResources(
                                siteResources.siteResourceId
                            )
                        )
                        .innerJoin(
                            siteNetworks,
                            eq(siteNetworks.networkId, siteResources.networkId)
                        )
                        .where(
                            and(
                                eq(
                                    clientSiteResourcesAssociationsCache.clientId,
                                    client.clientId
                                ),
-                                eq(siteNetworks.siteId, siteId),
+                                eq(siteResources.siteId, resource.siteId),
                                eq(
                                    siteResources.destination,
                                    resource.destination
@@ -1427,7 +1299,7 @@ async function handleMessagesForClientResources(
                    olmJobs.push(
                        removePeerData(
                            client.clientId,
-                            siteId,
+                            resource.siteId,
                            remoteSubnetsToRemove,
                            generateAliasConfig([resource])
                        )
@@ -1439,7 +1311,7 @@ async function handleMessagesForClientResources(
                        error.message.includes("not found")
                    ) {
                        logger.debug(
-                            `Olm data not found for client ${client.clientId} and site ${siteId}, skipping removal`
+                            `Olm data not found for client ${client.clientId} and site ${resource.siteId}, skipping removal`
                        );
                    } else {
                        throw error;
--- a/server/lib/traefik/getTraefikConfig.ts
+++ b/server/lib/traefik/getTraefikConfig.ts
@@ -479,7 +479,10 @@ export async function getTraefikConfig(
                        // TODO: HOW TO HANDLE ^^^^^^ BETTER
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
                            target.site.online ||
                            target.site.type === "local" ||
                            target.site.type === "wireguard"
                        );
                        return (
@@ -492,7 +495,7 @@ export async function getTraefikConfig(
                                    if (target.health == "unhealthy") {
                                        return false;
                                    }
-
+                                    
                                    // If any sites are online, exclude offline sites
                                    if (anySitesOnline && !target.site.online) {
                                        return false;
@@ -607,7 +610,10 @@ export async function getTraefikConfig(
                    servers: (() => {
                        // Check if any sites are online
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
                            target.site.online ||
                            target.site.type === "local" ||
                            target.site.type === "wireguard"
                        );
                        return targets
@@ -615,7 +621,7 @@ export async function getTraefikConfig(
                                if (!target.enabled) {
                                    return false;
                                }
-
+                                
                                // If any sites are online, exclude offline sites
                                if (anySitesOnline && !target.site.online) {
                                    return false;
--- a/server/private/lib/logStreaming/LogStreamingManager.ts
+++ b/server/private/lib/logStreaming/LogStreamingManager.ts
@@ -23,8 +23,6 @@ import {
 } from "@server/db";
 import logger from "@server/logger";
 import { and, eq, gt, desc, max, sql } from "drizzle-orm";
 import { decrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 import {
    LogType,
    LOG_TYPES,
@@ -274,20 +272,19 @@ export class LogStreamingManager {
            return;
        }
-        // Decrypt and parse config – skip destination if either step fails
+        // Parse config – skip destination if config is unparseable
-        let configFromDb: HttpConfig;
+        let config: HttpConfig;
        try {
-            const decryptedConfig = decrypt(dest.config, config.getRawConfig().server.secret!);
+            config = JSON.parse(dest.config) as HttpConfig;
            configFromDb = JSON.parse(decryptedConfig) as HttpConfig;
        } catch (err) {
            logger.error(
-                `LogStreamingManager: destination ${dest.destinationId} has invalid or undecryptable config`,
+                `LogStreamingManager: destination ${dest.destinationId} has invalid JSON config`,
                err
            );
            return;
        }
-        const provider = this.createProvider(dest.type, configFromDb);
+        const provider = this.createProvider(dest.type, config);
        if (!provider) {
            logger.warn(
                `LogStreamingManager: unsupported destination type "${dest.type}" ` +
--- a/server/private/lib/traefik/getTraefikConfig.ts
+++ b/server/private/lib/traefik/getTraefikConfig.ts
@@ -671,7 +671,10 @@ export async function getTraefikConfig(
                        // TODO: HOW TO HANDLE ^^^^^^ BETTER
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
                            target.site.online ||
                            target.site.type === "local" ||
                            target.site.type === "wireguard"
                        );
                        return (
@@ -799,7 +802,10 @@ export async function getTraefikConfig(
                    servers: (() => {
                        // Check if any sites are online
                        const anySitesOnline = targets.some(
-                            (target) => target.site.online
+                            (target) =>
                            target.site.online ||
                            target.site.type === "local" ||
                            target.site.type === "wireguard"
                        );
                        return targets
--- a/server/private/routers/eventStreamingDestination/createEventStreamingDestination.ts
+++ b/server/private/routers/eventStreamingDestination/createEventStreamingDestination.ts
@@ -22,8 +22,6 @@ import createHttpError from "http-errors";
 import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { encrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 const paramsSchema = z.strictObject({
    orgId: z.string().nonempty()
@@ -89,10 +87,7 @@ export async function createEventStreamingDestination(
            );
        }
-        const { type, config: configToSet, enabled } = parsedBody.data;
+        const { type, config, enabled } = parsedBody.data;
        const key = config.getRawConfig().server.secret!;
        const encryptedConfig = encrypt(configToSet, key);
        const now = Date.now();
@@ -101,7 +96,7 @@ export async function createEventStreamingDestination(
            .values({
                orgId,
                type,
-                config: encryptedConfig,
+                config,
                enabled,
                createdAt: now,
                updatedAt: now,
--- a/server/private/routers/eventStreamingDestination/listEventStreamingDestinations.ts
+++ b/server/private/routers/eventStreamingDestination/listEventStreamingDestinations.ts
@@ -22,8 +22,6 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { eq, sql } from "drizzle-orm";
 import { decrypt } from "@server/lib/crypto";
 import config from "@server/lib/config";
 const paramsSchema = z.strictObject({
    orgId: z.string().nonempty()
@@ -123,22 +121,9 @@ export async function listEventStreamingDestinations(
            .from(eventStreamingDestinations)
            .where(eq(eventStreamingDestinations.orgId, orgId));
        const key = config.getRawConfig().server.secret!;
        const decryptedList = list.map((dest) => {
            try {
                return { ...dest, config: decrypt(dest.config, key) };
            } catch (err) {
                logger.error(
                    `listEventStreamingDestinations: failed to decrypt config for destination ${dest.destinationId}`,
                    err
                );
                return { ...dest, config: "" };
            }
        });
        return response<ListEventStreamingDestinationsResponse>(res, {
            data: {
-                destinations: decryptedList,
+                destinations: list,
                pagination: {
                    total: count,
                    limit,
--- a/server/private/routers/eventStreamingDestination/updateEventStreamingDestination.ts
+++ b/server/private/routers/eventStreamingDestination/updateEventStreamingDestination.ts
@@ -22,8 +22,7 @@ import logger from "@server/logger";
 import { fromError } from "zod-validation-error";
 import { OpenAPITags, registry } from "@server/openApi";
 import { and, eq } from "drizzle-orm";
-import { encrypt } from "@server/lib/crypto";
+
 import config from "@server/lib/config";
 const paramsSchema = z
    .object({
@@ -111,17 +110,14 @@ export async function updateEventStreamingDestination(
            );
        }
-        const { type, config: configToUpdate, enabled, sendAccessLogs, sendActionLogs, sendConnectionLogs, sendRequestLogs } = parsedBody.data;
+        const { type, config, enabled, sendAccessLogs, sendActionLogs, sendConnectionLogs, sendRequestLogs } = parsedBody.data;
        const updateData: Record<string, unknown> = {
            updatedAt: Date.now()
        };
        if (type !== undefined) updateData.type = type;
-        if (configToUpdate !== undefined) {
+        if (config !== undefined) updateData.config = config;
            const key = config.getRawConfig().server.secret!;
            updateData.config = encrypt(configToUpdate, key);
        }
        if (enabled !== undefined) updateData.enabled = enabled;
        if (sendAccessLogs !== undefined) updateData.sendAccessLogs = sendAccessLogs;
        if (sendActionLogs !== undefined) updateData.sendActionLogs = sendActionLogs;
--- a/server/private/routers/ssh/signSshKey.ts
+++ b/server/private/routers/ssh/signSshKey.ts
@@ -21,7 +21,7 @@ import {
    roles,
    roundTripMessageTracker,
    siteResources,
-    siteNetworks,
+    sites,
    userOrgs
 } from "@server/db";
 import { logAccessAudit } from "#private/lib/logAccessAudit";
@@ -63,12 +63,10 @@ const bodySchema = z
 export type SignSshKeyResponse = {
    certificate: string;
    messageIds: number[];
    messageId: number;
    sshUsername: string;
    sshHost: string;
    resourceId: number;
    siteIds: number[];
    siteId: number;
    keyId: string;
    validPrincipals: string[];
@@ -262,7 +260,10 @@ export async function signSshKey(
                .update(userOrgs)
                .set({ pamUsername: usernameToUse })
                .where(
-                    and(eq(userOrgs.orgId, orgId), eq(userOrgs.userId, userId))
+                    and(
                        eq(userOrgs.orgId, orgId),
                        eq(userOrgs.userId, userId)
                    )
                );
        } else {
            usernameToUse = userOrg.pamUsername;
@@ -394,12 +395,21 @@ export async function signSshKey(
            homedir = roleRows[0].sshCreateHomeDir ?? null;
        }
-        const sites = await db
+        // get the site
-            .select({ siteId: siteNetworks.siteId })
+        const [newt] = await db
-            .from(siteNetworks)
+            .select()
-            .where(eq(siteNetworks.networkId, resource.networkId!));
+            .from(newts)
            .where(eq(newts.siteId, resource.siteId))
            .limit(1);
-        const siteIds = sites.map((site) => site.siteId);
+        if (!newt) {
            return next(
                createHttpError(
                    HttpCode.INTERNAL_SERVER_ERROR,
                    "Site associated with resource not found"
                )
            );
        }
        // Sign the public key
        const now = BigInt(Math.floor(Date.now() / 1000));
@@ -413,65 +423,44 @@ export async function signSshKey(
            validBefore: now + validFor
        });
-        const messageIds: number[] = [];
+        const [message] = await db
-        for (const siteId of siteIds) {
+            .insert(roundTripMessageTracker)
-            // get the site
+            .values({
-            const [newt] = await db
+                wsClientId: newt.newtId,
-                .select()
+                messageType: `newt/pam/connection`,
-                .from(newts)
+                sentAt: Math.floor(Date.now() / 1000)
-                .where(eq(newts.siteId, siteId))
+            })
-                .limit(1);
+            .returning();
-            if (!newt) {
+        if (!message) {
-                return next(
+            return next(
-                    createHttpError(
+                createHttpError(
-                        HttpCode.INTERNAL_SERVER_ERROR,
+                    HttpCode.INTERNAL_SERVER_ERROR,
-                        "Site associated with resource not found"
+                    "Failed to create message tracker entry"
-                    )
+                )
-                );
+            );
            }
            const [message] = await db
                .insert(roundTripMessageTracker)
                .values({
                    wsClientId: newt.newtId,
                    messageType: `newt/pam/connection`,
                    sentAt: Math.floor(Date.now() / 1000)
                })
                .returning();
            if (!message) {
                return next(
                    createHttpError(
                        HttpCode.INTERNAL_SERVER_ERROR,
                        "Failed to create message tracker entry"
                    )
                );
            }
            messageIds.push(message.messageId);
            await sendToClient(newt.newtId, {
                type: `newt/pam/connection`,
                data: {
                    messageId: message.messageId,
                    orgId: orgId,
                    agentPort: resource.authDaemonPort ?? 22123,
                    externalAuthDaemon: resource.authDaemonMode === "remote",
                    agentHost: resource.destination,
                    caCert: caKeys.publicKeyOpenSSH,
                    username: usernameToUse,
                    niceId: resource.niceId,
                    metadata: {
                        sudoMode: sudoMode,
                        sudoCommands: parsedSudoCommands,
                        homedir: homedir,
                        groups: parsedGroups
                    }
                }
            });
        }
        await sendToClient(newt.newtId, {
            type: `newt/pam/connection`,
            data: {
                messageId: message.messageId,
                orgId: orgId,
                agentPort: resource.authDaemonPort ?? 22123,
                externalAuthDaemon: resource.authDaemonMode === "remote",
                agentHost: resource.destination,
                caCert: caKeys.publicKeyOpenSSH,
                username: usernameToUse,
                niceId: resource.niceId,
                metadata: {
                    sudoMode: sudoMode,
                    sudoCommands: parsedSudoCommands,
                    homedir: homedir,
                    groups: parsedGroups
                }
            }
        });
        const expiresIn = Number(validFor); // seconds
        let sshHost;
@@ -491,7 +480,7 @@ export async function signSshKey(
            metadata: JSON.stringify({
                resourceId: resource.siteResourceId,
                resource: resource.name,
-                siteIds: siteIds
+                siteId: resource.siteId,
            })
        });
@@ -516,13 +505,11 @@ export async function signSshKey(
        return response<SignSshKeyResponse>(res, {
            data: {
                certificate: cert.certificate,
-                messageIds: messageIds,
+                messageId: message.messageId,
                messageId: messageIds[0], // just pick the first one for backward compatibility
                sshUsername: usernameToUse,
                sshHost: sshHost,
                resourceId: resource.siteResourceId,
-                siteIds: siteIds,
+                siteId: resource.siteId,
                siteId: siteIds[0], // just pick the first one for backward compatibility
                keyId: cert.keyId,
                validPrincipals: cert.validPrincipals,
                validAfter: cert.validAfter.toISOString(),
--- a/server/routers/gerbil/receiveBandwidth.ts
+++ b/server/routers/gerbil/receiveBandwidth.ts
@@ -171,8 +171,9 @@ export async function flushSiteBandwidthToDb(): Promise<void> {
                }
                // PostgreSQL: batch UPDATE … FROM (VALUES …) — single round-trip per chunk.
-                const valuesList = chunk.map(([publicKey, { bytesIn, bytesOut }]) =>
+                const valuesList = chunk.map(
-                    sql`(${publicKey}::text, ${bytesIn}::real, ${bytesOut}::real)`
+                    ([publicKey, { bytesIn, bytesOut }]) =>
                        sql`(${publicKey}, ${bytesIn}::bigint, ${bytesOut}::bigint)`
                );
                const valuesClause = sql.join(valuesList, sql`, `);
                return dbQueryRows<{ orgId: string; pubKey: string }>(sql`
--- a/server/routers/newt/buildConfiguration.ts
+++ b/server/routers/newt/buildConfiguration.ts
@@ -4,10 +4,8 @@ import {
    clientSitesAssociationsCache,
    db,
    ExitNode,
    networks,
    resources,
    Site,
    siteNetworks,
    siteResources,
    targetHealthCheck,
    targets
@@ -139,14 +137,11 @@ export async function buildClientConfigurationForNewtClient(
    // Filter out any null values from peers that didn't have an olm
    const validPeers = peers.filter((peer) => peer !== null);
-    // Get all enabled site resources for this site by joining through siteNetworks and networks
+    // Get all enabled site resources for this site
    const allSiteResources = await db
        .select()
        .from(siteResources)
-        .innerJoin(networks, eq(siteResources.networkId, networks.networkId))
+        .where(eq(siteResources.siteId, siteId));
        .innerJoin(siteNetworks, eq(networks.networkId, siteNetworks.networkId))
        .where(eq(siteNetworks.siteId, siteId))
        .then((rows) => rows.map((r) => r.siteResources));
    const targetsToSend: SubnetProxyTargetV2[] = [];
--- a/server/routers/newt/pingAccumulator.ts
+++ b/server/routers/newt/pingAccumulator.ts
@@ -1,6 +1,6 @@
 import { db } from "@server/db";
 import { sites, clients, olms } from "@server/db";
-import { inArray } from "drizzle-orm";
+import { eq, inArray } from "drizzle-orm";
 import logger from "@server/logger";
 /**
@@ -21,7 +21,7 @@ import logger from "@server/logger";
 */
 const FLUSH_INTERVAL_MS = 10_000; // Flush every 10 seconds
-const MAX_RETRIES = 5;
+const MAX_RETRIES = 2;
 const BASE_DELAY_MS = 50;
 // ── Site (newt) pings ──────────────────────────────────────────────────
@@ -36,14 +36,6 @@ const pendingOlmArchiveResets: Set<string> = new Set();
 let flushTimer: NodeJS.Timeout | null = null;
 /**
 * Guard that prevents two flush cycles from running concurrently.
 * setInterval does not await async callbacks, so without this a slow flush
 * (e.g. due to DB latency) would overlap with the next scheduled cycle and
 * the two concurrent bulk UPDATEs would deadlock each other.
 */
 let isFlushing = false;
 // ── Public API ─────────────────────────────────────────────────────────
 /**
@@ -80,12 +72,6 @@ export function recordClientPing(
 /**
 * Flush all accumulated site pings to the database.
 *
 * Each batch of up to BATCH_SIZE rows is written with a **single** UPDATE
 * statement. We use the maximum timestamp across the batch so that `lastPing`
 * reflects the most recent ping seen for any site in the group. This avoids
 * the multi-statement transaction that previously created additional
 * row-lock ordering hazards.
 */
 async function flushSitePingsToDb(): Promise<void> {
    if (pendingSitePings.size === 0) {
@@ -97,35 +83,55 @@ async function flushSitePingsToDb(): Promise<void> {
    const pingsToFlush = new Map(pendingSitePings);
    pendingSitePings.clear();
-    const entries = Array.from(pingsToFlush.entries());
+    // Sort by siteId for consistent lock ordering (prevents deadlocks)
    const sortedEntries = Array.from(pingsToFlush.entries()).sort(
        ([a], [b]) => a - b
    );
    const BATCH_SIZE = 50;
-    for (let i = 0; i < entries.length; i += BATCH_SIZE) {
+    for (let i = 0; i < sortedEntries.length; i += BATCH_SIZE) {
-        const batch = entries.slice(i, i + BATCH_SIZE);
+        const batch = sortedEntries.slice(i, i + BATCH_SIZE);
        // Use the latest timestamp in the batch so that `lastPing` always
        // moves forward. Using a single timestamp for the whole batch means
        // we only ever need one UPDATE statement (no transaction).
        const maxTimestamp = Math.max(...batch.map(([, ts]) => ts));
        const siteIds = batch.map(([id]) => id);
        try {
            await withRetry(async () => {
-                await db
+                // Group by timestamp for efficient bulk updates
-                    .update(sites)
+                const byTimestamp = new Map<number, number[]>();
-                    .set({
+                for (const [siteId, timestamp] of batch) {
-                        online: true,
+                    const group = byTimestamp.get(timestamp) || [];
-                        lastPing: maxTimestamp
+                    group.push(siteId);
-                    })
+                    byTimestamp.set(timestamp, group);
-                    .where(inArray(sites.siteId, siteIds));
+                }
                if (byTimestamp.size === 1) {
                    const [timestamp, siteIds] = Array.from(
                        byTimestamp.entries()
                    )[0];
                    await db
                        .update(sites)
                        .set({
                            online: true,
                            lastPing: timestamp
                        })
                        .where(inArray(sites.siteId, siteIds));
                } else {
                    await db.transaction(async (tx) => {
                        for (const [timestamp, siteIds] of byTimestamp) {
                            await tx
                                .update(sites)
                                .set({
                                    online: true,
                                    lastPing: timestamp
                                })
                                .where(inArray(sites.siteId, siteIds));
                        }
                    });
                }
            }, "flushSitePingsToDb");
        } catch (error) {
            logger.error(
                `Failed to flush site ping batch (${batch.length} sites), re-queuing for next cycle`,
                { error }
            );
            // Re-queue only if the preserved timestamp is newer than any
            // update that may have landed since we snapshotted.
            for (const [siteId, timestamp] of batch) {
                const existing = pendingSitePings.get(siteId);
                if (!existing || existing < timestamp) {
@@ -138,8 +144,6 @@ async function flushSitePingsToDb(): Promise<void> {
 /**
 * Flush all accumulated client (OLM) pings to the database.
 *
 * Same single-UPDATE-per-batch approach as `flushSitePingsToDb`.
 */
 async function flushClientPingsToDb(): Promise<void> {
    if (pendingClientPings.size === 0 && pendingOlmArchiveResets.size === 0) {
@@ -155,25 +159,51 @@ async function flushClientPingsToDb(): Promise<void> {
    // ── Flush client pings ─────────────────────────────────────────────
    if (pingsToFlush.size > 0) {
-        const entries = Array.from(pingsToFlush.entries());
+        const sortedEntries = Array.from(pingsToFlush.entries()).sort(
            ([a], [b]) => a - b
        );
        const BATCH_SIZE = 50;
-        for (let i = 0; i < entries.length; i += BATCH_SIZE) {
+        for (let i = 0; i < sortedEntries.length; i += BATCH_SIZE) {
-            const batch = entries.slice(i, i + BATCH_SIZE);
+            const batch = sortedEntries.slice(i, i + BATCH_SIZE);
            const maxTimestamp = Math.max(...batch.map(([, ts]) => ts));
            const clientIds = batch.map(([id]) => id);
            try {
                await withRetry(async () => {
-                    await db
+                    const byTimestamp = new Map<number, number[]>();
-                        .update(clients)
+                    for (const [clientId, timestamp] of batch) {
-                        .set({
+                        const group = byTimestamp.get(timestamp) || [];
-                            lastPing: maxTimestamp,
+                        group.push(clientId);
-                            online: true,
+                        byTimestamp.set(timestamp, group);
-                            archived: false
+                    }
-                        })
+
-                        .where(inArray(clients.clientId, clientIds));
+                    if (byTimestamp.size === 1) {
                        const [timestamp, clientIds] = Array.from(
                            byTimestamp.entries()
                        )[0];
                        await db
                            .update(clients)
                            .set({
                                lastPing: timestamp,
                                online: true,
                                archived: false
                            })
                            .where(inArray(clients.clientId, clientIds));
                    } else {
                        await db.transaction(async (tx) => {
                            for (const [timestamp, clientIds] of byTimestamp) {
                                await tx
                                    .update(clients)
                                    .set({
                                        lastPing: timestamp,
                                        online: true,
                                        archived: false
                                    })
                                    .where(
                                        inArray(clients.clientId, clientIds)
                                    );
                            }
                        });
                    }
                }, "flushClientPingsToDb");
            } catch (error) {
                logger.error(
@@ -230,12 +260,7 @@ export async function flushPingsToDb(): Promise<void> {
 /**
 * Simple retry wrapper with exponential backoff for transient errors
- * (deadlocks, connection timeouts, unexpected disconnects).
+ * (connection timeouts, unexpected disconnects).
 *
 * PostgreSQL deadlocks (40P01) are always safe to retry: the database
 * guarantees exactly one winner per deadlock pair, so the loser just needs
 * to try again. MAX_RETRIES is intentionally higher than typical connection
 * retry budgets to give deadlock victims enough chances to succeed.
 */
 async function withRetry<T>(
    operation: () => Promise<T>,
@@ -252,8 +277,7 @@ async function withRetry<T>(
                const jitter = Math.random() * baseDelay;
                const delay = baseDelay + jitter;
                logger.warn(
-                    `Transient DB error in ${context}, retrying attempt ${attempt}/${MAX_RETRIES} after ${delay.toFixed(0)}ms`,
+                    `Transient DB error in ${context}, retrying attempt ${attempt}/${MAX_RETRIES} after ${delay.toFixed(0)}ms`
                    { code: error?.code ?? error?.cause?.code }
                );
                await new Promise((resolve) => setTimeout(resolve, delay));
                continue;
@@ -264,14 +288,14 @@ async function withRetry<T>(
 }
 /**
- * Detect transient errors that are safe to retry.
+ * Detect transient connection errors that are safe to retry.
 */
 function isTransientError(error: any): boolean {
    if (!error) return false;
    const message = (error.message || "").toLowerCase();
    const causeMessage = (error.cause?.message || "").toLowerCase();
-    const code = error.code || error.cause?.code || "";
+    const code = error.code || "";
    // Connection timeout / terminated
    if (
@@ -284,17 +308,12 @@ function isTransientError(error: any): boolean {
        return true;
    }
-    // PostgreSQL deadlock detected — always safe to retry (one winner guaranteed)
+    // PostgreSQL deadlock
    if (code === "40P01" || message.includes("deadlock")) {
        return true;
    }
-    // PostgreSQL serialization failure
+    // ECONNRESET, ECONNREFUSED, EPIPE
    if (code === "40001") {
        return true;
    }
    // ECONNRESET, ECONNREFUSED, EPIPE, ETIMEDOUT
    if (
        code === "ECONNRESET" ||
        code === "ECONNREFUSED" ||
@@ -318,26 +337,12 @@ export function startPingAccumulator(): void {
    }
    flushTimer = setInterval(async () => {
        // Skip this tick if the previous flush is still in progress.
        // setInterval does not await async callbacks, so without this guard
        // two flush cycles can run concurrently and deadlock each other on
        // overlapping bulk UPDATE statements.
        if (isFlushing) {
            logger.debug(
                "Ping accumulator: previous flush still in progress, skipping cycle"
            );
            return;
        }
        isFlushing = true;
        try {
            await flushPingsToDb();
        } catch (error) {
            logger.error("Unhandled error in ping accumulator flush", {
                error
            });
        } finally {
            isFlushing = false;
        }
    }, FLUSH_INTERVAL_MS);
@@ -359,22 +364,7 @@ export async function stopPingAccumulator(): Promise<void> {
        flushTimer = null;
    }
-    // Final flush to persist any remaining pings.
+    // Final flush to persist any remaining pings
    // Wait for any in-progress flush to finish first so we don't race.
    if (isFlushing) {
        logger.debug(
            "Ping accumulator: waiting for in-progress flush before stopping…"
        );
        await new Promise<void>((resolve) => {
            const poll = setInterval(() => {
                if (!isFlushing) {
                    clearInterval(poll);
                    resolve();
                }
            }, 50);
        });
    }
    try {
        await flushPingsToDb();
    } catch (error) {
@@ -389,4 +379,4 @@ export async function stopPingAccumulator(): Promise<void> {
 */
 export function getPendingPingCount(): number {
    return pendingSitePings.size + pendingClientPings.size;
-}
+}
--- a/server/routers/newt/registerNewt.ts
+++ b/server/routers/newt/registerNewt.ts
@@ -27,7 +27,7 @@ import { build } from "@server/build";
 import { usageService } from "@server/lib/billing/usageService";
 import { FeatureId } from "@server/lib/billing";
 import { INSPECT_MAX_BYTES } from "buffer";
-import { getNextAvailableClientSubnet } from "@server/lib/ip";
+import { v } from "@faker-js/faker/dist/airline-Dz1uGqgJ";
 const bodySchema = z.object({
    provisioningKey: z.string().nonempty(),
@@ -152,11 +152,6 @@ export async function registerNewt(
                createHttpError(HttpCode.NOT_FOUND, "Organization not found")
            );
        }
        if (!org.subnet) {
            return next(
                createHttpError(HttpCode.INTERNAL_SERVER_ERROR, "Organization subnet not found")
            );
        }
        // SaaS billing check
        if (build == "saas") {
@@ -195,20 +190,6 @@ export async function registerNewt(
        let newSiteId: number | undefined;
        await db.transaction(async (trx) => {
            const newClientAddress = await getNextAvailableClientSubnet(orgId);
            if (!newClientAddress) {
                return next(
                    createHttpError(
                        HttpCode.INTERNAL_SERVER_ERROR,
                        "No available subnet found"
                    )
                );
            }
            let clientAddress = newClientAddress.split("/")[0];
            clientAddress = `${clientAddress}/${org.subnet!.split("/")[1]}`; // we want the block size of the whole org
            // Create the site (type "newt", name = niceId)
            const [newSite] = await trx
                .insert(sites)
@@ -216,7 +197,6 @@ export async function registerNewt(
                    orgId,
                    name: name || niceId,
                    niceId,
                    address: clientAddress,
                    type: "newt",
                    dockerSocketEnabled: true,
                    status: keyRecord.approveNewSites ? "approved" : "pending",
--- a/server/routers/olm/buildConfiguration.ts
+++ b/server/routers/olm/buildConfiguration.ts
@@ -4,8 +4,6 @@ import {
    clientSitesAssociationsCache,
    db,
    exitNodes,
    networks,
    siteNetworks,
    siteResources,
    sites
 } from "@server/db";
@@ -61,17 +59,9 @@ export async function buildSiteConfigurationForOlmClient(
                    clientSiteResourcesAssociationsCache.siteResourceId
                )
            )
            .innerJoin(
                networks,
                eq(siteResources.networkId, networks.networkId)
            )
            .innerJoin(
                siteNetworks,
                eq(networks.networkId, siteNetworks.networkId)
            )
            .where(
                and(
-                    eq(siteNetworks.siteId, site.siteId),
+                    eq(siteResources.siteId, site.siteId),
                    eq(
                        clientSiteResourcesAssociationsCache.clientId,
                        client.clientId
@@ -79,7 +69,6 @@ export async function buildSiteConfigurationForOlmClient(
                )
            );
        if (jitMode) {
            // Add site configuration to the array
            siteConfigurations.push({
--- a/server/routers/olm/handleOlmServerInitAddPeerHandshake.ts
+++ b/server/routers/olm/handleOlmServerInitAddPeerHandshake.ts
@@ -4,12 +4,10 @@ import {
    db,
    exitNodes,
    Site,
-    siteNetworks,
+    siteResources
    siteResources,
    sites
 } from "@server/db";
 import { MessageHandler } from "@server/routers/ws";
-import { clients, Olm } from "@server/db";
+import { clients, Olm, sites } from "@server/db";
 import { and, eq, or } from "drizzle-orm";
 import logger from "@server/logger";
 import { initPeerAddHandshake } from "./peers";
@@ -46,31 +44,20 @@ export const handleOlmServerInitAddPeerHandshake: MessageHandler = async (
    const { siteId, resourceId, chainId } = message.data;
-    const sendCancel = async () => {
+    let site: Site | null = null;
        await sendToClient(
            olm.olmId,
            {
                type: "olm/wg/peer/chain/cancel",
                data: { chainId }
            },
            { incrementConfigVersion: false }
        ).catch((error) => {
            logger.warn(`Error sending message:`, error);
        });
    };
    let sitesToProcess: Site[] = [];
    if (siteId) {
        // get the site
        const [siteRes] = await db
            .select()
            .from(sites)
            .where(eq(sites.siteId, siteId))
            .limit(1);
        if (siteRes) {
-            sitesToProcess = [siteRes];
+            site = siteRes;
        }
-    } else if (resourceId) {
+    }
    if (resourceId && !site) {
        const resources = await db
            .select()
            .from(siteResources)
@@ -85,17 +72,27 @@ export const handleOlmServerInitAddPeerHandshake: MessageHandler = async (
            );
        if (!resources || resources.length === 0) {
-            logger.error(
+            logger.error(`handleOlmServerPeerAddMessage: Resource not found`);
-                `handleOlmServerInitAddPeerHandshake: Resource not found`
+            // cancel the request from the olm side to not keep doing this
-            );
+            await sendToClient(
-            await sendCancel();
+                olm.olmId,
                {
                    type: "olm/wg/peer/chain/cancel",
                    data: {
                        chainId
                    }
                },
                { incrementConfigVersion: false }
            ).catch((error) => {
                logger.warn(`Error sending message:`, error);
            });
            return;
        }
        if (resources.length > 1) {
            // error but this should not happen because the nice id cant contain a dot and the alias has to have a dot and both have to be unique within the org so there should never be multiple matches
            logger.error(
-                `handleOlmServerInitAddPeerHandshake: Multiple resources found matching the criteria`
+                `handleOlmServerPeerAddMessage: Multiple resources found matching the criteria`
            );
            return;
        }
@@ -120,120 +117,125 @@ export const handleOlmServerInitAddPeerHandshake: MessageHandler = async (
        if (currentResourceAssociationCaches.length === 0) {
            logger.error(
-                `handleOlmServerInitAddPeerHandshake: Client ${client.clientId} does not have access to resource ${resource.siteResourceId}`
+                `handleOlmServerPeerAddMessage: Client ${client.clientId} does not have access to resource ${resource.siteResourceId}`
            );
-            await sendCancel();
+            // cancel the request from the olm side to not keep doing this
            await sendToClient(
                olm.olmId,
                {
                    type: "olm/wg/peer/chain/cancel",
                    data: {
                        chainId
                    }
                },
                { incrementConfigVersion: false }
            ).catch((error) => {
                logger.warn(`Error sending message:`, error);
            });
            return;
        }
-        if (!resource.networkId) {
+        const siteIdFromResource = resource.siteId;
        // get the site
        const [siteRes] = await db
            .select()
            .from(sites)
            .where(eq(sites.siteId, siteIdFromResource));
        if (!siteRes) {
            logger.error(
-                `handleOlmServerInitAddPeerHandshake: Resource ${resource.siteResourceId} has no network`
+                `handleOlmServerPeerAddMessage: Site with ID ${site} not found`
            );
            await sendCancel();
            return;
        }
-        // Get all sites associated with this resource's network via siteNetworks
+        site = siteRes;
        const siteRows = await db
            .select({ siteId: siteNetworks.siteId })
            .from(siteNetworks)
            .where(eq(siteNetworks.networkId, resource.networkId));
        if (!siteRows || siteRows.length === 0) {
            logger.error(
                `handleOlmServerInitAddPeerHandshake: No sites found for resource ${resource.siteResourceId}`
            );
            await sendCancel();
            return;
        }
        // Fetch full site objects for all network members
        const foundSites = await Promise.all(
            siteRows.map(async ({ siteId: sid }) => {
                const [s] = await db
                    .select()
                    .from(sites)
                    .where(eq(sites.siteId, sid))
                    .limit(1);
                return s ?? null;
            })
        );
        sitesToProcess = foundSites.filter((s): s is Site => s !== null);
    }
-    if (sitesToProcess.length === 0) {
+    if (!site) {
-        logger.error(
+        logger.error(`handleOlmServerPeerAddMessage: Site not found`);
            `handleOlmServerInitAddPeerHandshake: No sites to process`
        );
        await sendCancel();
        return;
    }
-    let handshakeInitiated = false;
+    // check if the client can access this site using the cache
    const currentSiteAssociationCaches = await db
        .select()
        .from(clientSitesAssociationsCache)
        .where(
            and(
                eq(clientSitesAssociationsCache.clientId, client.clientId),
                eq(clientSitesAssociationsCache.siteId, site.siteId)
            )
        );
-    for (const site of sitesToProcess) {
+    if (currentSiteAssociationCaches.length === 0) {
-        // Check if the client can access this site using the cache
+        logger.error(
-        const currentSiteAssociationCaches = await db
+            `handleOlmServerPeerAddMessage: Client ${client.clientId} does not have access to site ${site.siteId}`
-            .select()
+        );
-            .from(clientSitesAssociationsCache)
+        // cancel the request from the olm side to not keep doing this
-            .where(
+        await sendToClient(
-                and(
+            olm.olmId,
                    eq(clientSitesAssociationsCache.clientId, client.clientId),
                    eq(clientSitesAssociationsCache.siteId, site.siteId)
                )
            );
        if (currentSiteAssociationCaches.length === 0) {
            logger.warn(
                `handleOlmServerInitAddPeerHandshake: Client ${client.clientId} does not have access to site ${site.siteId}, skipping`
            );
            continue;
        }
        if (!site.exitNodeId) {
            logger.error(
                `handleOlmServerInitAddPeerHandshake: Site ${site.siteId} has no exit node, skipping`
            );
            continue;
        }
        const [exitNode] = await db
            .select()
            .from(exitNodes)
            .where(eq(exitNodes.exitNodeId, site.exitNodeId));
        if (!exitNode) {
            logger.error(
                `handleOlmServerInitAddPeerHandshake: Exit node not found for site ${site.siteId}, skipping`
            );
            continue;
        }
        // Trigger the peer add handshake — if the peer was already added this will be a no-op
        await initPeerAddHandshake(
            client.clientId,
            {
-                siteId: site.siteId,
+                type: "olm/wg/peer/chain/cancel",
-                exitNode: {
+                data: {
-                    publicKey: exitNode.publicKey,
+                    chainId
                    endpoint: exitNode.endpoint
                }
            },
-            olm.olmId,
+            { incrementConfigVersion: false }
-            chainId
+        ).catch((error) => {
-        );
+            logger.warn(`Error sending message:`, error);
-
+        });
-        handshakeInitiated = true;
+        return;
    }
-    if (!handshakeInitiated) {
+    if (!site.exitNodeId) {
        logger.error(
-            `handleOlmServerInitAddPeerHandshake: No accessible sites with valid exit nodes found, cancelling chain`
+            `handleOlmServerPeerAddMessage: Site with ID ${site.siteId} has no exit node`
        );
-        await sendCancel();
+        // cancel the request from the olm side to not keep doing this
        await sendToClient(
            olm.olmId,
            {
                type: "olm/wg/peer/chain/cancel",
                data: {
                    chainId
                }
            },
            { incrementConfigVersion: false }
        ).catch((error) => {
            logger.warn(`Error sending message:`, error);
        });
        return;
    }
    // get the exit node from the side
    const [exitNode] = await db
        .select()
        .from(exitNodes)
        .where(eq(exitNodes.exitNodeId, site.exitNodeId));
    if (!exitNode) {
        logger.error(
            `handleOlmServerPeerAddMessage: Site with ID ${site.siteId} has no exit node`
        );
        return;
    }
    // also trigger the peer add handshake in case the peer was not already added to the olm and we need to hole punch
    // if it has already been added this will be a no-op
    await initPeerAddHandshake(
        // this will kick off the add peer process for the client
        client.clientId,
        {
            siteId: site.siteId,
            exitNode: {
                publicKey: exitNode.publicKey,
                endpoint: exitNode.endpoint
            }
        },
        olm.olmId,
        chainId
    );
    return;
-};
+};
--- a/server/routers/olm/handleOlmServerPeerAddMessage.ts
+++ b/server/routers/olm/handleOlmServerPeerAddMessage.ts
@@ -1,25 +1,43 @@
 import {
    Client,
    clientSiteResourcesAssociationsCache,
    db,
-    networks,
+    ExitNode,
-    siteNetworks,
+    Org,
    orgs,
    roleClients,
    roles,
    siteResources,
    Transaction,
    userClients,
    userOrgs,
    users
 } from "@server/db";
 import { MessageHandler } from "@server/routers/ws";
 import {
    clients,
    clientSitesAssociationsCache,
    exitNodes,
    Olm,
    olms,
    sites
 } from "@server/db";
 import { and, eq, inArray, isNotNull, isNull } from "drizzle-orm";
 import { addPeer, deletePeer } from "../newt/peers";
 import logger from "@server/logger";
 import { listExitNodes } from "#dynamic/lib/exitNodes";
 import {
    generateAliasConfig,
    getNextAvailableClientSubnet
 } from "@server/lib/ip";
 import { generateRemoteSubnets } from "@server/lib/ip";
 import { rebuildClientAssociationsFromClient } from "@server/lib/rebuildClientAssociations";
 import { checkOrgAccessPolicy } from "#dynamic/lib/checkOrgAccessPolicy";
 import { validateSessionToken } from "@server/auth/sessions/app";
 import config from "@server/lib/config";
 import {
    addPeer as newtAddPeer,
    deletePeer as newtDeletePeer
 } from "@server/routers/newt/peers";
 export const handleOlmServerPeerAddMessage: MessageHandler = async (
@@ -135,21 +153,13 @@ export const handleOlmServerPeerAddMessage: MessageHandler = async (
                clientSiteResourcesAssociationsCache.siteResourceId
            )
        )
        .innerJoin(
            networks,
            eq(siteResources.networkId, networks.networkId)
        )
        .innerJoin(
            siteNetworks,
            and(
                eq(networks.networkId, siteNetworks.networkId),
                eq(siteNetworks.siteId, site.siteId)
            )
        )
        .where(
-            eq(
+            and(
-                clientSiteResourcesAssociationsCache.clientId,
+                eq(siteResources.siteId, site.siteId),
-                client.clientId
+                eq(
                    clientSiteResourcesAssociationsCache.clientId,
                    client.clientId
                )
            )
        );
--- a/server/routers/site/deleteSite.ts
+++ b/server/routers/site/deleteSite.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, Site, siteNetworks, siteResources } from "@server/db";
+import { db, Site, siteResources } from "@server/db";
 import { newts, newtSessions, sites } from "@server/db";
 import { eq } from "drizzle-orm";
 import response from "@server/lib/response";
@@ -71,23 +71,18 @@ export async function deleteSite(
                    await deletePeer(site.exitNodeId!, site.pubKey);
                }
            } else if (site.type == "newt") {
-                const networks = await trx
+                // delete all of the site resources on this site
-                    .select({ networkId: siteNetworks.networkId })
+                const siteResourcesOnSite = trx
-                    .from(siteNetworks)
+                    .delete(siteResources)
-                    .where(eq(siteNetworks.siteId, siteId));
+                    .where(eq(siteResources.siteId, siteId))
                    .returning();
                // loop through them
-                for (const network of await networks) {
+                for (const removedSiteResource of await siteResourcesOnSite) {
-                    const [siteResource] = await trx
+                    await rebuildClientAssociationsFromSiteResource(
-                        .select()
+                        removedSiteResource,
-                        .from(siteResources)
+                        trx
-                        .where(eq(siteResources.networkId, network.networkId));
+                    );
                    if (siteResource) {
                        await rebuildClientAssociationsFromSiteResource(
                            siteResource,
                            trx
                        );
                    }
                }
                // get the newt on the site by querying the newt table for siteId
--- a/server/routers/siteResource/createSiteResource.ts
+++ b/server/routers/siteResource/createSiteResource.ts
@@ -5,8 +5,6 @@ import {
    orgs,
    roles,
    roleSiteResources,
    siteNetworks,
    networks,
    SiteResource,
    siteResources,
    sites,
@@ -25,7 +23,7 @@ import response from "@server/lib/response";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 import HttpCode from "@server/types/HttpCode";
-import { and, eq, inArray } from "drizzle-orm";
+import { and, eq } from "drizzle-orm";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
 import { z } from "zod";
@@ -39,7 +37,7 @@ const createSiteResourceSchema = z
    .strictObject({
        name: z.string().min(1).max(255),
        mode: z.enum(["host", "cidr", "port"]),
-        siteIds: z.array(z.int()),
+        siteId: z.int(),
        // protocol: z.enum(["tcp", "udp"]).optional(),
        // proxyPort: z.int().positive().optional(),
        // destinationPort: z.int().positive().optional(),
@@ -161,7 +159,7 @@ export async function createSiteResource(
        const { orgId } = parsedParams.data;
        const {
            name,
-            siteIds,
+            siteId,
            mode,
            // protocol,
            // proxyPort,
@@ -180,16 +178,14 @@ export async function createSiteResource(
        } = parsedBody.data;
        // Verify the site exists and belongs to the org
-        const sitesToAssign = await db
+        const [site] = await db
            .select()
            .from(sites)
-            .where(and(inArray(sites.siteId, siteIds), eq(sites.orgId, orgId)))
+            .where(and(eq(sites.siteId, siteId), eq(sites.orgId, orgId)))
            .limit(1);
-        if (sitesToAssign.length !== siteIds.length) {
+        if (!site) {
-            return next(
+            return next(createHttpError(HttpCode.NOT_FOUND, "Site not found"));
                createHttpError(HttpCode.NOT_FOUND, "Some site not found")
            );
        }
        const [org] = await db
@@ -291,29 +287,12 @@ export async function createSiteResource(
        let newSiteResource: SiteResource | undefined;
        await db.transaction(async (trx) => {
            const [network] = await trx
                .insert(networks)
                .values({
                    scope: "resource",
                    orgId: orgId
                })
                .returning();
            if (!network) {
                return next(
                    createHttpError(
                        HttpCode.INTERNAL_SERVER_ERROR,
                        `Failed to create network`
                    )
                );
            }
            // Create the site resource
            const insertValues: typeof siteResources.$inferInsert = {
                siteId,
                niceId,
                orgId,
                name,
                networkId: network.networkId,
                mode: mode as "host" | "cidr",
                destination,
                enabled,
@@ -338,13 +317,6 @@ export async function createSiteResource(
            //////////////////// update the associations ////////////////////
            for (const siteId of siteIds) {
                await trx.insert(siteNetworks).values({
                    siteId: siteId,
                    networkId: network.networkId
                });
            }
            const [adminRole] = await trx
                .select()
                .from(roles)
@@ -387,21 +359,16 @@ export async function createSiteResource(
                );
            }
-            for (const siteToAssign of sitesToAssign) {
+            const [newt] = await trx
-                const [newt] = await trx
+                .select()
-                    .select()
+                .from(newts)
-                    .from(newts)
+                .where(eq(newts.siteId, site.siteId))
-                    .where(eq(newts.siteId, siteToAssign.siteId))
+                .limit(1);
                    .limit(1);
-                if (!newt) {
+            if (!newt) {
-                    return next(
+                return next(
-                        createHttpError(
+                    createHttpError(HttpCode.NOT_FOUND, "Newt not found")
-                            HttpCode.NOT_FOUND,
+                );
                            `Newt not found for site ${siteToAssign.siteId}`
                        )
                    );
                }
            }
            await rebuildClientAssociationsFromSiteResource(
@@ -420,7 +387,7 @@ export async function createSiteResource(
        }
        logger.info(
-            `Created site resource ${newSiteResource.siteResourceId} for org ${orgId}`
+            `Created site resource ${newSiteResource.siteResourceId} for site ${siteId}`
        );
        return response(res, {
--- a/server/routers/siteResource/deleteSiteResource.ts
+++ b/server/routers/siteResource/deleteSiteResource.ts
@@ -70,18 +70,17 @@ export async function deleteSiteResource(
                .where(and(eq(siteResources.siteResourceId, siteResourceId)))
                .returning();
-            // not sure why this is here...
+            const [newt] = await trx
-            // const [newt] = await trx
+                .select()
-            //     .select()
+                .from(newts)
-            //     .from(newts)
+                .where(eq(newts.siteId, removedSiteResource.siteId))
-            //     .where(eq(newts.siteId, removedSiteResource.siteId))
+                .limit(1);
            //     .limit(1);
-            // if (!newt) {
+            if (!newt) {
-            //     return next(
+                return next(
-            //         createHttpError(HttpCode.NOT_FOUND, "Newt not found")
+                    createHttpError(HttpCode.NOT_FOUND, "Newt not found")
-            //     );
+                );
-            // }
+            }
            await rebuildClientAssociationsFromSiteResource(
                removedSiteResource,
--- a/server/routers/siteResource/getSiteResource.ts
+++ b/server/routers/siteResource/getSiteResource.ts
@@ -17,34 +17,38 @@ const getSiteResourceParamsSchema = z.strictObject({
        .transform((val) => (val ? Number(val) : undefined))
        .pipe(z.int().positive().optional())
        .optional(),
    siteId: z.string().transform(Number).pipe(z.int().positive()),
    niceId: z.string().optional(),
    orgId: z.string()
 });
 async function query(
    siteResourceId?: number,
    siteId?: number,
    niceId?: string,
    orgId?: string
 ) {
-    if (siteResourceId && orgId) {
+    if (siteResourceId && siteId && orgId) {
        const [siteResource] = await db
            .select()
            .from(siteResources)
            .where(
                and(
                    eq(siteResources.siteResourceId, siteResourceId),
                    eq(siteResources.siteId, siteId),
                    eq(siteResources.orgId, orgId)
                )
            )
            .limit(1);
        return siteResource;
-    } else if (niceId && orgId) {
+    } else if (niceId && siteId && orgId) {
        const [siteResource] = await db
            .select()
            .from(siteResources)
            .where(
                and(
                    eq(siteResources.niceId, niceId),
                    eq(siteResources.siteId, siteId),
                    eq(siteResources.orgId, orgId)
                )
            )
@@ -80,6 +84,7 @@ registry.registerPath({
    request: {
        params: z.object({
            niceId: z.string(),
            siteId: z.number(),
            orgId: z.string()
        })
    },
@@ -102,10 +107,10 @@ export async function getSiteResource(
            );
        }
-        const { siteResourceId, niceId, orgId } = parsedParams.data;
+        const { siteResourceId, siteId, niceId, orgId } = parsedParams.data;
        // Get the site resource
-        const siteResource = await query(siteResourceId, niceId, orgId);
+        const siteResource = await query(siteResourceId, siteId, niceId, orgId);
        if (!siteResource) {
            return next(
--- a/server/routers/siteResource/listAllSiteResourcesByOrg.ts
+++ b/server/routers/siteResource/listAllSiteResourcesByOrg.ts
@@ -1,4 +1,4 @@
-import { db, SiteResource, siteNetworks, siteResources, sites } from "@server/db";
+import { db, SiteResource, siteResources, sites } from "@server/db";
 import response from "@server/lib/response";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
@@ -73,10 +73,9 @@ const listAllSiteResourcesByOrgQuerySchema = z.object({
 export type ListAllSiteResourcesByOrgResponse = PaginatedResponse<{
    siteResources: (SiteResource & {
-        siteIds: number[];
+        siteName: string;
-        siteNames: string[];
+        siteNiceId: string;
-        siteNiceIds: string[];
+        siteAddress: string | null;
        siteAddresses: (string | null)[];
    })[];
 }>;
@@ -84,6 +83,7 @@ function querySiteResourcesBase() {
    return db
        .select({
            siteResourceId: siteResources.siteResourceId,
            siteId: siteResources.siteId,
            orgId: siteResources.orgId,
            niceId: siteResources.niceId,
            name: siteResources.name,
@@ -100,20 +100,14 @@ function querySiteResourcesBase() {
            disableIcmp: siteResources.disableIcmp,
            authDaemonMode: siteResources.authDaemonMode,
            authDaemonPort: siteResources.authDaemonPort,
-            networkId: siteResources.networkId,
+            siteName: sites.name,
-            defaultNetworkId: siteResources.defaultNetworkId,
+            siteNiceId: sites.niceId,
-            siteNames: sql<string[]>`array_agg(${sites.name})`,
+            siteAddress: sites.address
            siteNiceIds: sql<string[]>`array_agg(${sites.niceId})`,
            siteIds: sql<number[]>`array_agg(${sites.siteId})`,
            siteAddresses: sql<(string | null)[]>`array_agg(${sites.address})`
        })
        .from(siteResources)
-        .innerJoin(siteNetworks, eq(siteResources.networkId, siteNetworks.networkId))
+        .innerJoin(sites, eq(siteResources.siteId, sites.siteId));
        .innerJoin(sites, eq(siteNetworks.siteId, sites.siteId))
        .groupBy(siteResources.siteResourceId);
 }
 registry.registerPath({
    method: "get",
    path: "/org/{orgId}/site-resources",
--- a/server/routers/siteResource/listSiteResources.ts
+++ b/server/routers/siteResource/listSiteResources.ts
@@ -1,6 +1,6 @@
 import { Request, Response, NextFunction } from "express";
 import { z } from "zod";
-import { db, networks, siteNetworks } from "@server/db";
+import { db } from "@server/db";
 import { siteResources, sites, SiteResource } from "@server/db";
 import response from "@server/lib/response";
 import HttpCode from "@server/types/HttpCode";
@@ -108,21 +108,13 @@ export async function listSiteResources(
            return next(createHttpError(HttpCode.NOT_FOUND, "Site not found"));
        }
-        // Get site resources by joining networks to siteResources via siteNetworks
+        // Get site resources
        const siteResourcesList = await db
            .select()
-            .from(siteNetworks)
+            .from(siteResources)
            .innerJoin(
                networks,
                eq(siteNetworks.networkId, networks.networkId)
            )
            .innerJoin(
                siteResources,
                eq(siteResources.networkId, networks.networkId)
            )
            .where(
                and(
-                    eq(siteNetworks.siteId, siteId),
+                    eq(siteResources.siteId, siteId),
                    eq(siteResources.orgId, orgId)
                )
            )
@@ -136,7 +128,6 @@ export async function listSiteResources(
            .limit(limit)
            .offset(offset);
        return response(res, {
            data: { siteResources: siteResourcesList },
            success: true,
--- a/server/routers/siteResource/updateSiteResource.ts
+++ b/server/routers/siteResource/updateSiteResource.ts
@@ -7,18 +7,12 @@ import {
    orgs,
    roles,
    roleSiteResources,
    siteNetworks,
    SiteResource,
    siteResources,
    sites,
    networks,
    Transaction,
    userSiteResources
 } from "@server/db";
 import response from "@server/lib/response";
 import { eq, and, ne, inArray } from "drizzle-orm";
 import { OpenAPITags, registry } from "@server/openApi";
 import { updatePeerData, updateTargets } from "@server/routers/client/targets";
 import { tierMatrix } from "@server/lib/billing/tierMatrix";
 import {
    generateAliasConfig,
@@ -28,8 +22,12 @@ import {
    portRangeStringSchema
 } from "@server/lib/ip";
 import { rebuildClientAssociationsFromSiteResource } from "@server/lib/rebuildClientAssociations";
 import response from "@server/lib/response";
 import logger from "@server/logger";
 import { OpenAPITags, registry } from "@server/openApi";
 import { updatePeerData, updateTargets } from "@server/routers/client/targets";
 import HttpCode from "@server/types/HttpCode";
 import { and, eq, ne } from "drizzle-orm";
 import { NextFunction, Request, Response } from "express";
 import createHttpError from "http-errors";
 import { z } from "zod";
@@ -42,8 +40,7 @@ const updateSiteResourceParamsSchema = z.strictObject({
 const updateSiteResourceSchema = z
    .strictObject({
        name: z.string().min(1).max(255).optional(),
-        siteIds: z.array(z.int()),
+        siteId: z.int(),
        // niceId: z.string().min(1).max(255).regex(/^[a-zA-Z0-9-]+$/, "niceId can only contain letters, numbers, and dashes").optional(),
        niceId: z
            .string()
            .min(1)
@@ -175,7 +172,7 @@ export async function updateSiteResource(
        const { siteResourceId } = parsedParams.data;
        const {
            name,
-            siteIds, // because it can change
+            siteId, // because it can change
            niceId,
            mode,
            destination,
@@ -191,6 +188,16 @@ export async function updateSiteResource(
            authDaemonMode
        } = parsedBody.data;
        const [site] = await db
            .select()
            .from(sites)
            .where(eq(sites.siteId, siteId))
            .limit(1);
        if (!site) {
            return next(createHttpError(HttpCode.NOT_FOUND, "Site not found"));
        }
        // Check if site resource exists
        const [existingSiteResource] = await db
            .select()
@@ -230,24 +237,6 @@ export async function updateSiteResource(
            );
        }
        // Verify the site exists and belongs to the org
        const sitesToAssign = await db
            .select()
            .from(sites)
            .where(
                and(
                    inArray(sites.siteId, siteIds),
                    eq(sites.orgId, existingSiteResource.orgId)
                )
            )
            .limit(1);
        if (sitesToAssign.length !== siteIds.length) {
            return next(
                createHttpError(HttpCode.NOT_FOUND, "Some site not found")
            );
        }
        // Only check if destination is an IP address
        const isIp = z
            .union([z.ipv4(), z.ipv6()])
@@ -265,24 +254,25 @@ export async function updateSiteResource(
            );
        }
-        let sitesChanged = false;
+        let existingSite = site;
-        const existingSiteIds = existingSiteResource.networkId
+        let siteChanged = false;
-            ? await db
+        if (existingSiteResource.siteId !== siteId) {
-                  .select()
+            siteChanged = true;
-                  .from(siteNetworks)
+            // get the existing site
-                  .where(
+            [existingSite] = await db
-                      eq(siteNetworks.networkId, existingSiteResource.networkId)
+                .select()
-                  )
+                .from(sites)
-            : [];
+                .where(eq(sites.siteId, existingSiteResource.siteId))
                .limit(1);
-        const existingSiteIdSet = new Set(existingSiteIds.map((s) => s.siteId));
+            if (!existingSite) {
-        const newSiteIdSet = new Set(siteIds);
+                return next(
-
+                    createHttpError(
-        if (
+                        HttpCode.NOT_FOUND,
-            existingSiteIdSet.size !== newSiteIdSet.size ||
+                        "Existing site not found"
-            ![...existingSiteIdSet].every((id) => newSiteIdSet.has(id))
+                    )
-        ) {
+                );
-            sitesChanged = true;
+            }
        }
        // make sure the alias is unique within the org if provided
@@ -312,7 +302,7 @@ export async function updateSiteResource(
        let updatedSiteResource: SiteResource | undefined;
        await db.transaction(async (trx) => {
            // if the site is changed we need to delete and recreate the resource to avoid complications with the rebuild function otherwise we can just update in place
-            if (sitesChanged) {
+            if (siteChanged) {
                // delete the existing site resource
                await trx
                    .delete(siteResources)
@@ -353,6 +343,7 @@ export async function updateSiteResource(
                    .update(siteResources)
                    .set({
                        name,
                        siteId,
                        niceId,
                        mode,
                        destination,
@@ -456,6 +447,7 @@ export async function updateSiteResource(
                    .update(siteResources)
                    .set({
                        name: name,
                        siteId: siteId,
                        mode: mode,
                        destination: destination,
                        enabled: enabled,
@@ -472,23 +464,6 @@ export async function updateSiteResource(
                //////////////////// update the associations ////////////////////
                // delete the site - site resources associations
                await trx
                    .delete(siteNetworks)
                    .where(
                        eq(
                            siteNetworks.networkId,
                            updatedSiteResource.networkId!
                        )
                    );
                for (const siteId of siteIds) {
                    await trx.insert(siteNetworks).values({
                        siteId: siteId,
                        networkId: updatedSiteResource.networkId!
                    });
                }
                await trx
                    .delete(clientSiteResources)
                    .where(
@@ -558,15 +533,14 @@ export async function updateSiteResource(
                    );
                }
-                logger.info(`Updated site resource ${siteResourceId}`);
+                logger.info(
                    `Updated site resource ${siteResourceId} for site ${siteId}`
                );
                await handleMessagingForUpdatedSiteResource(
                    existingSiteResource,
                    updatedSiteResource,
-                    siteIds.map((siteId) => ({
+                    { siteId: site.siteId, orgId: site.orgId },
                        siteId,
                        orgId: existingSiteResource.orgId
                    })),
                    trx
                );
            }
@@ -593,7 +567,7 @@ export async function updateSiteResource(
 export async function handleMessagingForUpdatedSiteResource(
    existingSiteResource: SiteResource | undefined,
    updatedSiteResource: SiteResource,
-    sites: { siteId: number; orgId: string }[],
+    site: { siteId: number; orgId: string },
    trx: Transaction
 ) {
    logger.debug(
@@ -630,112 +604,105 @@ export async function handleMessagingForUpdatedSiteResource(
    // if the existingSiteResource is undefined (new resource) we don't need to do anything here, the rebuild above handled it all
    if (destinationChanged || aliasChanged || portRangesChanged) {
-        for (const site of sites) {
+        const [newt] = await trx
-            const [newt] = await trx
+            .select()
-                .select()
+            .from(newts)
-                .from(newts)
+            .where(eq(newts.siteId, site.siteId))
-                .where(eq(newts.siteId, site.siteId))
+            .limit(1);
                .limit(1);
-            if (!newt) {
+        if (!newt) {
-                throw new Error(
+            throw new Error(
-                    "Newt not found for site during site resource update"
+                "Newt not found for site during site resource update"
-                );
+            );
            }
            // Only update targets on newt if destination changed
            if (destinationChanged || portRangesChanged) {
                const oldTarget = generateSubnetProxyTargetV2(
                    existingSiteResource,
                    mergedAllClients
                );
                const newTarget = generateSubnetProxyTargetV2(
                    updatedSiteResource,
                    mergedAllClients
                );
                await updateTargets(
                    newt.newtId,
                    {
                        oldTargets: oldTarget ? [oldTarget] : [],
                        newTargets: newTarget ? [newTarget] : []
                    },
                    newt.version
                );
            }
            const olmJobs: Promise<void>[] = [];
            for (const client of mergedAllClients) {
                // does this client have access to another resource on this site that has the same destination still? if so we dont want to remove it from their olm yet
                // todo: optimize this query if needed
                const oldDestinationStillInUseSites = await trx
                    .select()
                    .from(siteResources)
                    .innerJoin(
                        clientSiteResourcesAssociationsCache,
                        eq(
                            clientSiteResourcesAssociationsCache.siteResourceId,
                            siteResources.siteResourceId
                        )
                    )
                    .innerJoin(
                        siteNetworks,
                        eq(siteNetworks.networkId, siteResources.networkId)
                    )
                    .where(
                        and(
                            eq(
                                clientSiteResourcesAssociationsCache.clientId,
                                client.clientId
                            ),
                            eq(siteNetworks.siteId, site.siteId),
                            eq(
                                siteResources.destination,
                                existingSiteResource.destination
                            ),
                            ne(
                                siteResources.siteResourceId,
                                existingSiteResource.siteResourceId
                            )
                        )
                    );
                const oldDestinationStillInUseByASite =
                    oldDestinationStillInUseSites.length > 0;
                // we also need to update the remote subnets on the olms for each client that has access to this site
                olmJobs.push(
                    updatePeerData(
                        client.clientId,
                        site.siteId,
                        destinationChanged
                            ? {
                                  oldRemoteSubnets:
                                      !oldDestinationStillInUseByASite
                                          ? generateRemoteSubnets([
                                                existingSiteResource
                                            ])
                                          : [],
                                  newRemoteSubnets: generateRemoteSubnets([
                                      updatedSiteResource
                                  ])
                              }
                            : undefined,
                        aliasChanged
                            ? {
                                  oldAliases: generateAliasConfig([
                                      existingSiteResource
                                  ]),
                                  newAliases: generateAliasConfig([
                                      updatedSiteResource
                                  ])
                              }
                            : undefined
                    )
                );
            }
            await Promise.all(olmJobs);
        }
        // Only update targets on newt if destination changed
        if (destinationChanged || portRangesChanged) {
            const oldTarget = generateSubnetProxyTargetV2(
                existingSiteResource,
                mergedAllClients
            );
            const newTarget = generateSubnetProxyTargetV2(
                updatedSiteResource,
                mergedAllClients
            );
            await updateTargets(
                newt.newtId,
                {
                    oldTargets: oldTarget ? [oldTarget] : [],
                    newTargets: newTarget ? [newTarget] : []
                },
                newt.version
            );
        }
        const olmJobs: Promise<void>[] = [];
        for (const client of mergedAllClients) {
            // does this client have access to another resource on this site that has the same destination still? if so we dont want to remove it from their olm yet
            // todo: optimize this query if needed
            const oldDestinationStillInUseSites = await trx
                .select()
                .from(siteResources)
                .innerJoin(
                    clientSiteResourcesAssociationsCache,
                    eq(
                        clientSiteResourcesAssociationsCache.siteResourceId,
                        siteResources.siteResourceId
                    )
                )
                .where(
                    and(
                        eq(
                            clientSiteResourcesAssociationsCache.clientId,
                            client.clientId
                        ),
                        eq(siteResources.siteId, site.siteId),
                        eq(
                            siteResources.destination,
                            existingSiteResource.destination
                        ),
                        ne(
                            siteResources.siteResourceId,
                            existingSiteResource.siteResourceId
                        )
                    )
                );
            const oldDestinationStillInUseByASite =
                oldDestinationStillInUseSites.length > 0;
            // we also need to update the remote subnets on the olms for each client that has access to this site
            olmJobs.push(
                updatePeerData(
                    client.clientId,
                    updatedSiteResource.siteId,
                    destinationChanged
                        ? {
                              oldRemoteSubnets: !oldDestinationStillInUseByASite
                                  ? generateRemoteSubnets([
                                        existingSiteResource
                                    ])
                                  : [],
                              newRemoteSubnets: generateRemoteSubnets([
                                  updatedSiteResource
                              ])
                          }
                        : undefined,
                    aliasChanged
                        ? {
                              oldAliases: generateAliasConfig([
                                  existingSiteResource
                              ]),
                              newAliases: generateAliasConfig([
                                  updatedSiteResource
                              ])
                          }
                        : undefined
                )
            );
        }
        await Promise.all(olmJobs);
    }
 }
--- a/server/setup/scriptsPg/1.17.0.ts
+++ b/server/setup/scriptsPg/1.17.0.ts
@@ -235,9 +235,7 @@ export default async function migration() {
            for (const row of existingUserInviteRoles) {
                await db.execute(sql`
                    INSERT INTO "userInviteRoles" ("inviteId", "roleId")
-                    SELECT ${row.inviteId}, ${row.roleId}
+                    VALUES (${row.inviteId}, ${row.roleId})
                    WHERE EXISTS (SELECT 1 FROM "userInvites" WHERE "inviteId" = ${row.inviteId})
                      AND EXISTS (SELECT 1 FROM "roles" WHERE "roleId" = ${row.roleId})
                    ON CONFLICT DO NOTHING
                `);
            }
@@ -260,10 +258,7 @@ export default async function migration() {
            for (const row of existingUserOrgRoles) {
                await db.execute(sql`
                    INSERT INTO "userOrgRoles" ("userId", "orgId", "roleId")
-                    SELECT ${row.userId}, ${row.orgId}, ${row.roleId}
+                    VALUES (${row.userId}, ${row.orgId}, ${row.roleId})
                    WHERE EXISTS (SELECT 1 FROM "user" WHERE "id" = ${row.userId})
                      AND EXISTS (SELECT 1 FROM "orgs" WHERE "orgId" = ${row.orgId})
                      AND EXISTS (SELECT 1 FROM "roles" WHERE "roleId" = ${row.roleId})
                    ON CONFLICT DO NOTHING
                `);
            }
--- a/server/setup/scriptsSqlite/1.17.0.ts
+++ b/server/setup/scriptsSqlite/1.17.0.ts
@@ -145,7 +145,7 @@ export default async function migration() {
            ).run();
            db.prepare(
-                `INSERT INTO '__new_userOrgs'("userId", "orgId", "isOwner", "autoProvisioned", "pamUsername") SELECT "userId", "orgId", "isOwner", "autoProvisioned", "pamUsername" FROM 'userOrgs' WHERE EXISTS (SELECT 1 FROM 'user' WHERE id = userOrgs.userId) AND EXISTS (SELECT 1 FROM 'orgs' WHERE orgId = userOrgs.orgId);`
+                `INSERT INTO '__new_userOrgs'("userId", "orgId", "isOwner", "autoProvisioned", "pamUsername") SELECT "userId", "orgId", "isOwner", "autoProvisioned", "pamUsername" FROM 'userOrgs';`
            ).run();
            db.prepare(`DROP TABLE 'userOrgs';`).run();
            db.prepare(
@@ -246,15 +246,12 @@ export default async function migration() {
        // Re-insert the preserved invite role assignments into the new userInviteRoles table
        if (existingUserInviteRoles.length > 0) {
            const insertUserInviteRole = db.prepare(
-                `INSERT OR IGNORE INTO 'userInviteRoles' ("inviteId", "roleId")
+                `INSERT OR IGNORE INTO 'userInviteRoles' ("inviteId", "roleId") VALUES (?, ?)`
                 SELECT ?, ?
                 WHERE EXISTS (SELECT 1 FROM 'userInvites' WHERE inviteId = ?)
                   AND EXISTS (SELECT 1 FROM 'roles' WHERE roleId = ?)`
            );
            const insertAll = db.transaction(() => {
                for (const row of existingUserInviteRoles) {
-                    insertUserInviteRole.run(row.inviteId, row.roleId, row.inviteId, row.roleId);
+                    insertUserInviteRole.run(row.inviteId, row.roleId);
                }
            });
@@ -268,16 +265,12 @@ export default async function migration() {
        // Re-insert the preserved role assignments into the new userOrgRoles table
        if (existingUserOrgRoles.length > 0) {
            const insertUserOrgRole = db.prepare(
-                `INSERT OR IGNORE INTO 'userOrgRoles' ("userId", "orgId", "roleId")
+                `INSERT OR IGNORE INTO 'userOrgRoles' ("userId", "orgId", "roleId") VALUES (?, ?, ?)`
                 SELECT ?, ?, ?
                 WHERE EXISTS (SELECT 1 FROM 'user' WHERE id = ?)
                   AND EXISTS (SELECT 1 FROM 'orgs' WHERE orgId = ?)
                   AND EXISTS (SELECT 1 FROM 'roles' WHERE roleId = ?)`
            );
            const insertAll = db.transaction(() => {
                for (const row of existingUserOrgRoles) {
-                    insertUserOrgRole.run(row.userId, row.orgId, row.roleId, row.userId, row.orgId, row.roleId);
+                    insertUserOrgRole.run(row.userId, row.orgId, row.roleId);
                }
            });
--- a/src/app/[orgId]/settings/domains/[domainId]/page.tsx
+++ b/src/app/[orgId]/settings/domains/[domainId]/page.tsx
@@ -10,7 +10,6 @@ import { authCookieHeader } from "@app/lib/api/cookies";
 import { GetDNSRecordsResponse } from "@server/routers/domain";
 import DNSRecordsTable from "@app/components/DNSRecordTable";
 import DomainCertForm from "@app/components/DomainCertForm";
 import { build } from "@server/build";
 interface DomainSettingsPageProps {
    params: Promise<{ domainId: string; orgId: string }>;
@@ -66,14 +65,12 @@ export default async function DomainSettingsPage({
                )}
            </div>
            <div className="space-y-6">
-                {build != "oss" && env.flags.usePangolinDns ? (
+                <DomainInfoCard
-                    <DomainInfoCard
+                    failed={domain.failed}
-                        failed={domain.failed}
+                    verified={domain.verified}
-                        verified={domain.verified}
+                    type={domain.type}
-                        type={domain.type}
+                    errorMessage={domain.errorMessage}
-                        errorMessage={domain.errorMessage}
+                />
                    />
                ) : null}
                <DNSRecordsTable records={dnsRecords} type={domain.type} />
--- a/src/app/[orgId]/settings/logs/connection/page.tsx
+++ b/src/app/[orgId]/settings/logs/connection/page.tsx
@@ -491,7 +491,7 @@ export default function ConnectionLogsPage() {
                );
            },
            cell: ({ row }) => {
-                const clientType = row.original.userId ? "user" : "machine";
+                const clientType = row.original.clientType === "olm" ? "machine" : "user";
                if (row.original.clientName && row.original.clientNiceId) {
                    return (
                        <Link
--- a/src/app/[orgId]/settings/resources/client/page.tsx
+++ b/src/app/[orgId]/settings/resources/client/page.tsx
@@ -60,17 +60,17 @@ export default async function ClientResourcesPage(
                id: siteResource.siteResourceId,
                name: siteResource.name,
                orgId: params.orgId,
-                siteNames: siteResource.siteNames,
+                siteName: siteResource.siteName,
-                siteAddresses: siteResource.siteAddresses || null,
+                siteAddress: siteResource.siteAddress || null,
                mode: siteResource.mode || ("port" as any),
                // protocol: siteResource.protocol,
                // proxyPort: siteResource.proxyPort,
-                siteIds: siteResource.siteIds,
+                siteId: siteResource.siteId,
                destination: siteResource.destination,
                // destinationPort: siteResource.destinationPort,
                alias: siteResource.alias || null,
                aliasAddress: siteResource.aliasAddress || null,
-                siteNiceIds: siteResource.siteNiceIds,
+                siteNiceId: siteResource.siteNiceId,
                niceId: siteResource.niceId,
                tcpPortRangeString: siteResource.tcpPortRangeString || null,
                udpPortRangeString: siteResource.udpPortRangeString || null,
--- a/src/components/ClientResourcesTable.tsx
+++ b/src/components/ClientResourcesTable.tsx
@@ -21,7 +21,6 @@ import {
    ArrowUp10Icon,
    ArrowUpDown,
    ArrowUpRight,
    ChevronDown,
    ChevronsUpDownIcon,
    MoreHorizontal
 } from "lucide-react";
@@ -44,14 +43,14 @@ export type InternalResourceRow = {
    id: number;
    name: string;
    orgId: string;
-    siteNames: string[];
+    siteName: string;
-    siteAddresses: (string | null)[];
+    siteAddress: string | null;
    siteIds: number[];
    siteNiceIds: string[];
    // mode: "host" | "cidr" | "port";
    mode: "host" | "cidr";
    // protocol: string | null;
    // proxyPort: number | null;
    siteId: number;
    siteNiceId: string;
    destination: string;
    // destinationPort: number | null;
    alias: string | null;
@@ -137,60 +136,6 @@ export default function ClientResourcesTable({
        }
    };
    function SiteCell({ resourceRow }: { resourceRow: InternalResourceRow }) {
        const { siteNames, siteNiceIds, orgId } = resourceRow;
        if (!siteNames || siteNames.length === 0) {
            return <span>-</span>;
        }
        if (siteNames.length === 1) {
            return (
                <Link
                    href={`/${orgId}/settings/sites/${siteNiceIds[0]}`}
                >
                    <Button variant="outline">
                        {siteNames[0]}
                        <ArrowUpRight className="ml-2 h-4 w-4" />
                    </Button>
                </Link>
            );
        }
        return (
            <DropdownMenu>
                <DropdownMenuTrigger asChild>
                    <Button
                        variant="outline"
                        size="sm"
                        className="flex items-center gap-2"
                    >
                        <span>
                            {siteNames.length} {t("sites")}
                        </span>
                        <ChevronDown className="h-3 w-3" />
                    </Button>
                </DropdownMenuTrigger>
                <DropdownMenuContent align="start">
                    {siteNames.map((siteName, idx) => (
                        <DropdownMenuItem
                            key={siteNiceIds[idx]}
                            asChild
                        >
                            <Link
                                href={`/${orgId}/settings/sites/${siteNiceIds[idx]}`}
                                className="flex items-center gap-2 cursor-pointer"
                            >
                                {siteName}
                                <ArrowUpRight className="h-3 w-3" />
                            </Link>
                        </DropdownMenuItem>
                    ))}
                </DropdownMenuContent>
            </DropdownMenu>
        );
    }
    const internalColumns: ExtendedColumnDef<InternalResourceRow>[] = [
        {
            accessorKey: "name",
@@ -240,11 +185,21 @@ export default function ClientResourcesTable({
            }
        },
        {
-            accessorKey: "siteNames",
+            accessorKey: "siteName",
            friendlyName: t("site"),
            header: () => <span className="p-3">{t("site")}</span>,
            cell: ({ row }) => {
-                return <SiteCell resourceRow={row.original} />;
+                const resourceRow = row.original;
                return (
                    <Link
                        href={`/${resourceRow.orgId}/settings/sites/${resourceRow.siteNiceId}`}
                    >
                        <Button variant="outline">
                            {resourceRow.siteName}
                            <ArrowUpRight className="ml-2 h-4 w-4" />
                        </Button>
                    </Link>
                );
            }
        },
        {
@@ -444,7 +399,7 @@ export default function ClientResourcesTable({
                    onConfirm={async () =>
                        deleteInternalResource(
                            selectedInternalResource!.id,
-                            selectedInternalResource!.siteIds[0]
+                            selectedInternalResource!.siteId
                        )
                    }
                    string={selectedInternalResource.name}
@@ -478,11 +433,7 @@ export default function ClientResourcesTable({
                <EditInternalResourceDialog
                    open={isEditDialogOpen}
                    setOpen={setIsEditDialogOpen}
-                    resource={{
+                    resource={editingResource}
                        ...editingResource,
                        siteName: editingResource.siteNames[0] ?? "",
                        siteId: editingResource.siteIds[0]
                    }}
                    orgId={orgId}
                    sites={sites}
                    onSuccess={() => {
--- a/src/components/CreateDomainForm.tsx
+++ b/src/components/CreateDomainForm.tsx
@@ -154,7 +154,7 @@ export default function CreateDomainForm({
    const punycodePreview = useMemo(() => {
        if (!baseDomain) return "";
-        const punycode = toPunycode(baseDomain.toLowerCase());
+        const punycode = toPunycode(baseDomain);
        return punycode !== baseDomain.toLowerCase() ? punycode : "";
    }, [baseDomain]);
@@ -239,24 +239,21 @@ export default function CreateDomainForm({
                            className="space-y-4"
                            id="create-domain-form"
                        >
-                            {build != "oss" && env.flags.usePangolinDns ? (
+                            <FormField
-                                <FormField
+                                control={form.control}
-                                    control={form.control}
+                                name="type"
-                                    name="type"
+                                render={({ field }) => (
-                                    render={({ field }) => (
+                                    <FormItem>
-                                        <FormItem>
+                                        <StrategySelect
-                                            <StrategySelect
+                                            options={domainOptions}
-                                                options={domainOptions}
+                                            defaultValue={field.value}
-                                                defaultValue={field.value}
+                                            onChange={field.onChange}
-                                                onChange={field.onChange}
+                                            cols={1}
-                                                cols={1}
+                                        />
-                                            />
+                                        <FormMessage />
-                                            <FormMessage />
+                                    </FormItem>
-                                        </FormItem>
+                                )}
-                                    )}
+                            />
                                />
                            ) : null}
                            <FormField
                                control={form.control}
                                name="baseDomain"
--- a/src/components/PendingSitesTable.tsx
+++ b/src/components/PendingSitesTable.tsx
@@ -333,8 +333,7 @@ export default function PendingSitesTable({
                        "jupiter",
                        "saturn",
                        "uranus",
-                        "neptune",
+                        "neptune"
                        "pluto"
                    ].includes(originalRow.exitNodeName.toLowerCase());
                if (isCloudNode) {
--- a/src/components/SitesTable.tsx
+++ b/src/components/SitesTable.tsx
@@ -342,8 +342,7 @@ export default function SitesTable({
                        "jupiter",
                        "saturn",
                        "uranus",
-                        "neptune",
+                        "neptune"
                        "pluto"
                    ].includes(originalRow.exitNodeName.toLowerCase());
                if (isCloudNode) {
Author	SHA1	Message	Date
Owen Schwartz	16e7233a3e	Merge pull request #2777 from fosrl/dev 1.17.0-s.1	2026-04-03 12:19:23 -04:00
Owen Schwartz	1f74e1b320	Merge pull request #2776 from fosrl/dev 1.17.0-s.0	2026-04-03 11:39:35 -04:00