Merge branch 'develop'

13.0.0
update codename
2023-01-16 15:21:43 +09:00 · 2023-01-16 15:18:37 +09:00 · 2023-01-16 15:13:49 +09:00 · 2023-01-16 14:24:24 +09:00 · 2023-01-16 14:21:40 +09:00 · 2023-01-16 14:21:08 +09:00
244 changed files with 16807 additions and 21206 deletions
--- a/.config/docker_example.yml
+++ b/.config/docker_example.yml
@@ -0,0 +1,151 @@
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+# Misskey configuration
+#━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━
+
+#   ┌─────┐
+#───┘ URL └─────────────────────────────────────────────────────
+
+# Final accessible URL seen by a user.
+url: https://example.tld/
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# URL SETTINGS AFTER THAT!
+
+#   ┌───────────────────────┐
+#───┘ Port and TLS settings └───────────────────────────────────
+
+#
+# Misskey requires a reverse proxy to support HTTPS connections.
+#
+#                 +----- https://example.tld/ ------------+
+#   +------+      |+-------------+      +----------------+|
+#   | User | ---> || Proxy (443) | ---> | Misskey (3000) ||
+#   +------+      |+-------------+      +----------------+|
+#                 +---------------------------------------+
+#
+#   You need to set up a reverse proxy. (e.g. nginx)
+#   An encrypted connection with HTTPS is highly recommended
+#   because tokens may be transferred in GET requests.
+
+# The port that your Misskey server should listen on.
+port: 3000
+
+#   ┌──────────────────────────┐
+#───┘ PostgreSQL configuration └────────────────────────────────
+
+db:
+  host: db
+  port: 5432
+
+  # Database name
+  db: misskey
+
+  # Auth
+  user: example-misskey-user
+  pass: example-misskey-pass
+
+  # Whether disable Caching queries
+  #disableCache: true
+
+  # Extra Connection options
+  #extra:
+  #  ssl: true
+
+#   ┌─────────────────────┐
+#───┘ Redis configuration └─────────────────────────────────────
+
+redis:
+  host: redis
+  port: 6379
+  #family: 0  # 0=Both, 4=IPv4, 6=IPv6
+  #pass: example-pass
+  #prefix: example-prefix
+  #db: 1
+
+#   ┌─────────────────────────────┐
+#───┘ Elasticsearch configuration └─────────────────────────────
+
+#elasticsearch:
+#  host: localhost
+#  port: 9200
+#  ssl: false
+#  user:
+#  pass:
+
+#   ┌───────────────┐
+#───┘ ID generation └───────────────────────────────────────────
+
+# You can select the ID generation method.
+# You don't usually need to change this setting, but you can
+# change it according to your preferences.
+
+# Available methods:
+# aid ... Short, Millisecond accuracy
+# meid ... Similar to ObjectID, Millisecond accuracy
+# ulid ... Millisecond accuracy
+# objectid ... This is left for backward compatibility
+
+# ONCE YOU HAVE STARTED THE INSTANCE, DO NOT CHANGE THE
+# ID SETTINGS AFTER THAT!
+
+id: 'aid'
+
+#   ┌─────────────────────┐
+#───┘ Other configuration └─────────────────────────────────────
+
+# Whether disable HSTS
+#disableHsts: true
+
+# Number of worker processes
+#clusterLimit: 1
+
+# Job concurrency per worker
+# deliverJobConcurrency: 128
+# inboxJobConcurrency: 16
+
+# Job rate limiter
+# deliverJobPerSec: 128
+# inboxJobPerSec: 16
+
+# Job attempts
+# deliverJobMaxAttempts: 12
+# inboxJobMaxAttempts: 8
+
+# IP address family used for outgoing request (ipv4, ipv6 or dual)
+#outgoingAddressFamily: ipv4
+
+# Syslog option
+#syslog:
+#  host: localhost
+#  port: 514
+
+# Proxy for HTTP/HTTPS
+#proxy: http://127.0.0.1:3128
+
+proxyBypassHosts:
+  - api.deepl.com
+  - api-free.deepl.com
+  - www.recaptcha.net
+  - hcaptcha.com
+  - challenges.cloudflare.com
+
+# Proxy for SMTP/SMTPS
+#proxySmtp: http://127.0.0.1:3128   # use HTTP/1.1 CONNECT
+#proxySmtp: socks4://127.0.0.1:1080 # use SOCKS4
+#proxySmtp: socks5://127.0.0.1:1080 # use SOCKS5
+
+# Media Proxy
+#mediaProxy: https://example.com/proxy
+
+# Proxy remote files (default: false)
+#proxyRemoteFiles: true
+
+# Sign to ActivityPub GET request (default: true)
+signToActivityPubGet: true
+
+#allowedPrivateNetworks: [
+#  '127.0.0.1/32'
+#]
+
+# Upload or download file size limits (bytes)
+#maxFileSize: 262144000
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -5,6 +5,11 @@

 version: 2
 updates:
+- package-ecosystem: github-actions
+  directory: "/"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 0
 - package-ecosystem: npm
  directory: "/"
  schedule:
@@ -20,3 +25,8 @@ updates:
  schedule:
    interval: daily
  open-pull-requests-limit: 0
+- package-ecosystem: npm
+  directory: "/packages/sw"
+  schedule:
+    interval: daily
+  open-pull-requests-limit: 0
--- a/.github/workflows/check_copyright_year.yml
+++ b/.github/workflows/check_copyright_year.yml
@@ -0,0 +1,18 @@
+name: Check copyright year
+
+on:
+  push:
+    branches:
+      - master
+      - develop
+
+jobs:
+  check_copyright_year:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v3.2.0
+    - run: |
+        if [ "$(grep Copyright COPYING | sed -e 's/.*2014-\([0-9]*\) .*/\1/g')" -ne "$(date +%Y)" ]; then
+          echo "Please change copyright year!"
+          exit 1
+        fi
--- a/.github/workflows/docker-develop.yml
+++ b/.github/workflows/docker-develop.yml
@@ -10,10 +10,10 @@ jobs:
  push_to_registry:
    name: Push Docker image to Docker Hub
    runs-on: ubuntu-latest
-
+    if: github.repository == 'misskey-dev/misskey'
    steps:
      - name: Check out the repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v3
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -12,7 +12,7 @@ jobs:

    steps:
      - name: Check out the repo
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3.3.0
      - name: Docker meta
        id: meta
        uses: docker/metadata-action@v3
--- a/.github/workflows/lint.yml
+++ b/.github/workflows/lint.yml
@@ -8,22 +8,26 @@ on:
  pull_request:

 jobs:
-  yarn_install:
+  pnpm_install:
    runs-on: ubuntu-latest
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.3.0
      with:
        fetch-depth: 0
        submodules: true
-    - uses: actions/setup-node@v3.2.0
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7
+        run_install: false
+    - uses: actions/setup-node@v3.6.0
      with:
        node-version: 18.x
-        cache: 'yarn'
+        cache: 'pnpm'
    - run: corepack enable
-    - run: yarn install --immutable
+    - run: pnpm i --frozen-lockfile

  lint:
-    needs: [yarn_install]
+    needs: [pnpm_install]
    runs-on: ubuntu-latest
    continue-on-error: true
    strategy:
@@ -33,14 +37,18 @@ jobs:
        - frontend
        - sw
    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.3.0
      with:
        fetch-depth: 0
        submodules: true
-    - uses: actions/setup-node@v3.2.0
+    - uses: pnpm/action-setup@v2
+      with:
+        version: 7
+        run_install: false
+    - uses: actions/setup-node@v3.6.0
      with:
        node-version: 18.x
-        cache: 'yarn'
+        cache: 'pnpm'
    - run: corepack enable
-    - run: yarn install --immutable
-    - run: yarn workspace ${{ matrix.workspace }} run lint
+    - run: pnpm i --frozen-lockfile
+    - run: pnpm --filter ${{ matrix.workspace }} run lint
--- a/.github/workflows/pr-preview-deploy.yml
+++ b/.github/workflows/pr-preview-deploy.yml
@@ -1,7 +1,5 @@
 # Run secret-dependent integration tests only after /deploy approval
 on:
-  pull_request:
-    types: [opened, reopened, synchronize]
  repository_dispatch:
    types: [deploy-command]

@@ -12,11 +10,10 @@ jobs:
  deploy-preview-environment:
    runs-on: ubuntu-latest
    if:
-      github.event_name == 'repository_dispatch' &&
      github.event.client_payload.slash_command.sha != '' &&
      contains(github.event.client_payload.pull_request.head.sha, github.event.client_payload.slash_command.sha)
    steps:
-    - uses: actions/github-script@v5
+    - uses: actions/github-script@v6.3.3
      id: check-id
      env:
        number: ${{ github.event.client_payload.pull_request.number }}
@@ -40,7 +37,7 @@ jobs:

          return check[0].id;

-    - uses: actions/github-script@v5
+    - uses: actions/github-script@v6.3.3
      env:
        check_id: ${{ steps.check-id.outputs.result }}
        details_url: ${{ github.server_url }}/${{ github.repository }}/runs/${{ github.run_id }}
@@ -56,7 +53,7 @@ jobs:

    # Check out merge commit
    - name: Fork based /deploy checkout
-      uses: actions/checkout@v2
+      uses: actions/checkout@v3.3.0
      with:
        ref: 'refs/pull/${{ github.event.client_payload.pull_request.number }}/merge'

@@ -75,7 +72,7 @@ jobs:
        timeout: 15m

    # Update check run called "integration-fork"
-    - uses: actions/github-script@v5
+    - uses: actions/github-script@v6.3.3
      id: update-check-run
      if: ${{ always() }}
      env:
--- a/.github/workflows/pr-preview-destroy.yml
+++ b/.github/workflows/pr-preview-destroy.yml
@@ -9,6 +9,7 @@ name: Destroy preview environment
 jobs:
  destroy-preview-environment:
    runs-on: ubuntu-latest
+    if: github.repository == github.event.pull_request.head.repo.full_name
    steps:
      - name: Context
        uses: okteto/context@latest
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@@ -23,31 +23,35 @@ jobs:
        env:
          POSTGRES_DB: test-misskey
          POSTGRES_HOST_AUTH_METHOD: trust
-          YARN_CHECKSUM_BEHAVIOR: update
      redis:
        image: redis:6
        ports:
          - 56312:6379

    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.3.0
      with:
        submodules: true
+    - name: Install pnpm
+      uses: pnpm/action-setup@v2
+      with:
+        version: 7
+        run_install: false
    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3.2.0
+      uses: actions/setup-node@v3.6.0
      with:
        node-version: ${{ matrix.node-version }}
-        cache: 'yarn'
+        cache: 'pnpm'
    - run: corepack enable
-    - run: yarn install --immutable
-    - name: Check yarn.lock
-      run: git diff --exit-code yarn.lock
+    - run: pnpm i --frozen-lockfile
+    - name: Check pnpm-lock.yaml
+      run: git diff --exit-code pnpm-lock.yaml
    - name: Copy Configure
      run: cp .github/misskey/test.yml .config
    - name: Build
-      run: yarn build
+      run: pnpm build
    - name: Test
-      run: yarn jest-and-coverage
+      run: pnpm jest-and-coverage
    - name: Upload Coverage
      uses: codecov/codecov-action@v3
      with:
@@ -77,7 +81,7 @@ jobs:
          - 56312:6379

    steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3.3.0
      with:
        submodules: true
    # https://github.com/cypress-io/cypress-docker-images/issues/150
@@ -86,19 +90,22 @@ jobs:
    #  if: ${{ matrix.browser == 'firefox' }}
    #- uses: browser-actions/setup-firefox@latest
    #  if: ${{ matrix.browser == 'firefox' }}
+    - name: Install pnpm
+      uses: pnpm/action-setup@v2
+      with:
+        version: 7
+        run_install: false
    - name: Use Node.js ${{ matrix.node-version }}
-      uses: actions/setup-node@v3.2.0
+      uses: actions/setup-node@v3.6.0
      with:
        node-version: ${{ matrix.node-version }}
-        cache: 'yarn'
+        cache: 'pnpm'
    - run: corepack enable
-    - run: yarn install --immutable
-      env:
-        YARN_CHECKSUM_BEHAVIOR: update
+    - run: pnpm i --frozen-lockfile
    - name: Copy Configure
      run: cp .github/misskey/test.yml .config
    - name: Build
-      run: yarn build
+      run: pnpm build
    # https://github.com/cypress-io/cypress/issues/4351#issuecomment-559489091
    - name: ALSA Env
      run: echo -e 'pcm.!default {\n type hw\n card 0\n}\n\nctl.!default {\n type hw\n card 0\n}' > ~/.asoundrc
@@ -106,7 +113,7 @@ jobs:
      uses: cypress-io/github-action@v4
      with:
        install: false
-        start: yarn start:test
+        start: pnpm start:test
        wait-on: 'http://localhost:61812'
        headless: false
        browser: ${{ matrix.browser }}
--- a/.gitignore
+++ b/.gitignore
@@ -30,6 +30,7 @@ coverage
 # config
 /.config/*
 !/.config/example.yml
+!/.config/docker_example.yml
 !/.config/docker_example.env

 # misskey
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -0,0 +1,5 @@
+{
+    "search.exclude": {
+        "**/node_modules": true
+    }
+}
--- a/.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
+++ b/.yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
--- a/.yarn/plugins/@yarnpkg/plugin-workspace-tools.cjs
+++ b/.yarn/plugins/@yarnpkg/plugin-workspace-tools.cjs
--- a/.yarn/releases/yarn-3.3.0.cjs
+++ b/.yarn/releases/yarn-3.3.0.cjs
--- a/.yarnrc
+++ b/.yarnrc
@@ -1 +0,0 @@
-network-timeout 600000
--- a/.yarnrc.yml
+++ b/.yarnrc.yml
@@ -1,42 +0,0 @@
-httpTimeout: 600000
-
-nmHoistingLimits: none
-
-nodeLinker: pnpm
-
-packageExtensions:
-  "@bull-board/api@*":
-    peerDependencies:
-      "@bull-board/ui": "*"
-  "@tensorflow/tfjs@*":
-    dependencies:
-      long: "*"
-  chartjs-adapter-date-fns@*:
-    peerDependencies:
-      date-fns: "*"
-  consolidate@*:
-    dependencies:
-      ejs: "*"
-  # these are needed to extend fastify types
-  "@fastify/accepts@*":
-    peerDependencies:
-      fastify: "*"
-  "@fastify/cookie@*":
-    peerDependencies:
-      fastify: "*"
-  "@fastify/static@*":
-    peerDependencies:
-      fastify: "*"
-  "@fastify/view@*":
-    peerDependencies:
-      fastify: "*"
-
-plugins:
-  - path: .yarn/plugins/@yarnpkg/plugin-interactive-tools.cjs
-    spec: "@yarnpkg/plugin-interactive-tools"
-  - path: .yarn/plugins/@yarnpkg/plugin-workspace-tools.cjs
-    spec: "@yarnpkg/plugin-workspace-tools"
-
-progressBarStyle: patrick
-
-yarnPath: .yarn/releases/yarn-3.3.0.cjs
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,7 +9,7 @@
 You should also include the user name that made the change.
 -->

-## 13.0.0 (unreleased)
+## 13.0.0 (2023/01/16)

 ### TL;DR
 - New features (Role system, Misskey Play, New widgets, New charts, 🍪👈, etc)
@@ -20,7 +20,7 @@ You should also include the user name that made the change.

 ### Notable features
 - ロール機能
-	- 従来より柔軟にユーザーの権限を管理できます。例えば、「インスタンスのパトロンはアンテナを30個まで作れる」「基本的にLTLは見れないが、許可した人だけ見れる」「招待制インスタンスだけどユーザーなら誰でも他者を招待できる」のような運用はもちろん、「ローカルユーザーかつアカウント作成から1日未満のユーザーはパブリックな投稿を行えない」のように複数条件を組み合わせて、自動でロールを付与する設定も可能です。
+	- 従来より柔軟にユーザーのポリシーを管理できます。例えば、「インスタンスのパトロンはアンテナを30個まで作れる」「基本的にLTLは見れないが、許可した人だけ見れる」「招待制インスタンスだけどユーザーなら誰でも他者を招待できる」のような運用はもちろん、「ローカルユーザーかつアカウント作成から1日未満のユーザーはパブリックな投稿を行えない」のように複数条件を組み合わせて、自動でロールを付与する設定も可能です。
 - Misskey Play
 	- 従来の動的なPagesに代わる、新しいプラットフォームです。動的なコンテンツ(アプリケーション)に特化していて、Pagesに比べてはるかに柔軟なアプリケーションを作成可能です。

@@ -31,8 +31,7 @@ You should also include the user name that made the change.
 	- Misskey not using 15 specific features at 13.0.0, but may do so in the future.
 - Elasticsearchのサポートが削除されました
 	- 代わりに今後任意の検索プロバイダを設定できる仕組みを構想しています。その仕組みを使えば今まで通りElasticsearchも利用できます
- Migrate to Yarn Berry (v3.2.1) @ThatOneCalculator
-	- You may have to `yarn run clean-all`, `sudo corepack enable` and `yarn set version berry` before running `yarn install` if you're still on yarn classic
+- Yarnからpnpmに移行されました
 - インスタンスブロックはサブドメインにも適用されるようになります
 - ロールの導入に伴い、いくつかの機能がロールと統合されました
 	- モデレーターはロールに統合されました。今までのモデレーター情報は失われるため、予めモデレーター一覧を記録しておき、アップデート後にモデレーターロールを作りアサインし直してください。
@@ -52,6 +51,7 @@ You should also include the user name that made the change.
 	- 0.12.x未満のプラグインは読み込むことはできません
 - iOS15以下のデバイスはサポートされなくなりました
 - Firefox110以下はサポートされなくなりました
+  - 109でもContainerQueriesのフラグを有効にする事で問題なく使用できます

 #### For app developers
 - API: metaのレスポンスに`emojis`プロパティが含まれなくなりました
@@ -63,6 +63,7 @@ You should also include the user name that made the change.
 - API: `user`および`note`エンティティに`emojis`プロパティが含まれなくなりました
 - API: `user`エンティティに`avatarColor`および`bannerColor`プロパティが含まれなくなりました
 - API: `instance`エンティティに`latestStatus`、`lastCommunicatedAt`、`latestRequestSentAt`プロパティが含まれなくなりました
+- API: `instance`エンティティの`caughtAt`は`firstRetrievedAt`に名前が変わりました

 ### Improvements
 - Role system @syuilo
@@ -73,16 +74,22 @@ You should also include the user name that made the change.
 - Push notification of Antenna note @tamaina
 - AVIF support @tamaina
 - Add Cloudflare Turnstile CAPTCHA support @CyberRex0
+- レートリミットをユーザーごとに調整可能に @syuilo
 - 非モデレーターでも、権限を持つロールをアサインされたユーザーはインスタンスの招待コードを発行できるように @syuilo
 - 非モデレーターでも、権限を持つロールをアサインされたユーザーはカスタム絵文字の追加、編集、削除を行えるように @syuilo
+- クリップおよびクリップ内のノートの作成可能数を設定可能に @syuilo
+- ユーザーリストおよびユーザーリスト内のユーザーの作成可能数を設定可能に @syuilo
 - ハードワードミュートの最大文字数を設定可能に @syuilo
 - Webhookの作成可能数を設定可能に @syuilo
+- ノートをピン留めできる数を設定可能に @syuilo
 - Server: signToActivityPubGet is set to true by default @syuilo
 - Server: improve syslog performance @syuilo
 - Server: Use undici instead of node-fetch and got @tamaina
 - Server: Judge instance block by endsWith @tamaina
 - Server: improve note scoring for featured notes @CyberRex0
 - Server: アンケート選択肢の文字数制限を緩和 @syuilo
+- Server: プロフィールの文字数制限を緩和 @syuilo
+- Server: add rate limits for some endpoints @syuilo
 - Server: improve stats api performance @syuilo
 - Server: improve nodeinfo performance @syuilo
 - Server: delete outdated notifications regularly to improve db performance @syuilo
@@ -94,6 +101,7 @@ You should also include the user name that made the change.
 - Client: Add link to user RSS feed in profile menu @ssmucny
 - Client: Compress non-animated PNG files @saschanaz
 - Client: YouTube window player @sim1222
+- Client: show readable error when rate limit exceeded @syuilo
 - Client: enhance dashboard of control panel @syuilo
 - Client: Vite is upgraded to v4 @syuilo, @tamaina
 - Client: HMR is available while yarn dev @tamaina
@@ -115,11 +123,13 @@ You should also include the user name that made the change.
 - Client: add new mfm function (position, fg, bg) @syuilo
 - Client: show fireworks when visit user who today is birthday @syuilo
 - Client: show bot warning on screen when logged in as bot account @syuilo
+- Client: AiScriptからカスタム絵文字一覧を参照できるように @syuilo
 - Client: improve overall performance of client @syuilo
 - Client: ui tweaks @syuilo
 - Client: clicker game @syuilo

 ### Bugfixes
+- Server: Fix @tensorflow/tfjs-core's MODULE_NOT_FOUND error @ikuradon
 - Server: 引用内の文章がnyaizeされてしまう問題を修正 @kabo2468
 - Server: Bug fix for Pinned Users lookup on instance @squidicuzz
 - Server: Fix peers API returning suspended instances @ineffyble
--- a/2
+++ b/2
@@ -1,5 +1,5 @@
 Unless otherwise stated this repository is
-Copyright © 2014-2022 syuilo and contributers
+Copyright © 2014-2023 syuilo and contributers

 And is distributed under The GNU Affero General Public License Version 3, you should have received a copy of the license file as LICENSE.

--- a/43
+++ b/43
@@ -1,6 +1,6 @@
-FROM node:18.13.0-bullseye AS builder
+ARG NODE_VERSION=18.13.0-bullseye

-ARG NODE_ENV=production
+FROM node:${NODE_VERSION} AS builder

 RUN apt-get update \
 	&& apt-get install -y --no-install-recommends \
@@ -8,38 +8,47 @@ RUN apt-get update \

 WORKDIR /misskey

-COPY [".yarnrc.yml", "package.json", "yarn.lock", "./"]
-COPY [".yarn", "./.yarn"]
+COPY ["pnpm-lock.yaml", "pnpm-workspace.yaml", "package.json", "./"]
 COPY ["scripts", "./scripts"]
 COPY ["packages/backend/package.json", "./packages/backend/"]
 COPY ["packages/frontend/package.json", "./packages/frontend/"]
 COPY ["packages/sw/package.json", "./packages/sw/"]

-RUN yarn install --immutable
+RUN npm i -g pnpm
+RUN pnpm i --frozen-lockfile

 COPY . ./

+ARG NODE_ENV=production
+
 RUN git submodule update --init
-RUN yarn build
+RUN pnpm build

-FROM node:18.13.0-bullseye-slim AS runner
+FROM node:${NODE_VERSION}-slim AS runner

-WORKDIR /misskey
+ARG UID="991"
+ARG GID="991"

 RUN apt-get update \
 	&& apt-get install -y --no-install-recommends \
 	ffmpeg tini \
 	&& apt-get -y clean \
-	&& rm -rf /var/lib/apt/lists/*
+	&& rm -rf /var/lib/apt/lists/* \
+	&& groupadd -g "${GID}" misskey \
+	&& useradd -l -u "${UID}" -g "${GID}" -m -d /misskey misskey

-COPY --from=builder /misskey/.yarn/install-state.gz ./.yarn/install-state.gz
-COPY --from=builder /misskey/node_modules ./node_modules
-COPY --from=builder /misskey/built ./built
-COPY --from=builder /misskey/packages/backend/node_modules ./packages/backend/node_modules
-COPY --from=builder /misskey/packages/backend/built ./packages/backend/built
-COPY --from=builder /misskey/packages/frontend/node_modules ./packages/frontend/node_modules
-COPY . ./
+RUN npm i -g pnpm
+USER misskey
+WORKDIR /misskey
+
+COPY --chown=misskey:misskey --from=builder /misskey/node_modules ./node_modules
+COPY --chown=misskey:misskey --from=builder /misskey/built ./built
+COPY --chown=misskey:misskey --from=builder /misskey/packages/backend/node_modules ./packages/backend/node_modules
+COPY --chown=misskey:misskey --from=builder /misskey/packages/backend/built ./packages/backend/built
+COPY --chown=misskey:misskey --from=builder /misskey/packages/frontend/node_modules ./packages/frontend/node_modules
+COPY --chown=misskey:misskey --from=builder /misskey/fluent-emojis /misskey/fluent-emojis
+COPY --chown=misskey:misskey . ./

 ENV NODE_ENV=production
 ENTRYPOINT ["/usr/bin/tini", "--"]
-CMD ["yarn", "run", "migrateandstart"]
+CMD ["pnpm", "run", "migrateandstart"]
--- a/cypress/e2e/widgets.cy.js
+++ b/cypress/e2e/widgets.cy.js
@@ -29,17 +29,17 @@ describe('After user signed in', () => {

 	it('first widget should be removed', () => {
 		cy.get('.mk-widget-edit').click();
-		cy.get('.customize-container:first-child .remove._button').click();
-		cy.get('.customize-container').should('have.length', 2);
+		cy.get('.data-cy-customize-container:first-child .data-cy-customize-container-remove._button').click();
+		cy.get('.data-cy-customize-container').should('have.length', 2);
 	});

 	function buildWidgetTest(widgetName) {
 		it(`${widgetName} widget should get added`, () => {
 			cy.get('.mk-widget-edit').click();
 			cy.get('.mk-widget-select select').select(widgetName, { force: true });
-			cy.get('.bg._modalBg.transparent').click({ multiple: true, force: true });
+			cy.get('.data-cy-bg._modalBg.data-cy-transparent').click({ multiple: true, force: true });
 			cy.get('.mk-widget-add').click({ force: true });
-			cy.get(`.mkw-${widgetName}`).should('exist');
+			cy.get(`.data-cy-mkw-${widgetName}`).should('exist');
 		});
 	}

--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,11 @@ services:
      - db
      - redis
 #      - es
+    depends_on:
+      db:
+        condition: service_healthy
+      redis:
+        condition: service_healthy
    ports:
      - "3000:3000"
    networks:
@@ -24,6 +29,10 @@ services:
      - internal_network
    volumes:
      - ./redis:/data
+    healthcheck:
+      test: "redis-cli ping"
+      interval: 5s
+      retries: 20

  db:
    restart: always
@@ -34,6 +43,10 @@ services:
      - .config/docker.env
    volumes:
      - ./db:/var/lib/postgresql/data
+    healthcheck:
+      test: "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"
+      interval: 5s
+      retries: 20

 #  es:
 #    restart: always
--- a/locales/ar-SA.yml
+++ b/locales/ar-SA.yml
@@ -818,6 +818,12 @@ cannotLoad: "تعذر التحميل"
 like: "أعجبني"
 show: "المظهر"
 color: "اللون"
+_role:
+  priority: "الأولوية"
+  _priority:
+    low: "منخفضة"
+    middle: "متوسط"
+    high: "عالية"
 _emailUnavailable:
  used: "هذا البريد الإلكتروني مستخدم"
  format: "صيغة البريد الإلكتروني غير صالحة"
@@ -841,6 +847,7 @@ _accountDelete:
 _ad:
  back: "رجوع"
  reduceFrequencyOfThisAd: "قلل عرض هذا الإعلان"
+  hide: "لا تظهره بتاتًا"
 _forgotPassword:
  enterEmail: "أدخل البريد الإلكتروني المرتبط بحسابك لكي يرسل إليك رابط لإعادة تعيين كلمة المرور."
  ifNoEmail: "إذا لم تربط حسابك ببريد إلكتروني سيتوجب عليك التواصل مع مدير الموقع."
--- a/locales/bn-BD.yml
+++ b/locales/bn-BD.yml
@@ -854,6 +854,12 @@ account: "অ্যাকাউন্টগুলি"
 like: "পছন্দ করা"
 show: "প্রদর্শন"
 color: "রং"
+_role:
+  priority: "অগ্রাধিকার"
+  _priority:
+    low: "নিম্ন"
+    middle: "মাঝারি"
+    high: "উচ্চ"
 _emailUnavailable:
  used: "এই ইমেইল ঠিকানাটি ইতোমধ্যে ব্যবহৃত হয়েছে"
  format: "এই ইমেল ঠিকানাটি সঠিকভাবে লিখা হয়নি"
@@ -878,6 +884,7 @@ _accountDelete:
 _ad:
  back: "পিছনে"
  reduceFrequencyOfThisAd: "এই বিজ্ঞাপনটি কম দেখান"
+  hide: "দেখাবেন না"
 _forgotPassword:
  enterEmail: "আপনি আপনার অ্যাকাউন্টের জন্য নিবন্ধিত ইমেল ঠিকানা লিখুন. সেই ঠিকানায় একটি পাসওয়ার্ড রিসেট লিঙ্ক পাঠানো হবে।"
  ifNoEmail: "আপনি যদি নিবন্ধনের সময় ই-মেইল ঠিকানা না দিয়ে থাকেন, তাহলে অনুগ্রহ করে প্রশাসকের সাথে যোগাযোগ করুন।"
--- a/locales/cs-CZ.yml
+++ b/locales/cs-CZ.yml
@@ -612,6 +612,12 @@ fast: "Rychlá"
 account: "Účty"
 show: "Zobrazit"
 color: "Barva"
+_role:
+  priority: "Priorita"
+  _priority:
+    low: "Nízká"
+    middle: "Střední"
+    high: "Vysoká"
 _ad:
  back: "Zpět"
 _gallery:
--- a/locales/de-DE.yml
+++ b/locales/de-DE.yml
@@ -931,26 +931,66 @@ undefined: "Undefiniert"
 assign: "Zuweisen"
 unassign: "Entfernen"
 color: "Farbe"
+manageCustomEmojis: "Benutzerdefinierte Emojis verwalten"
+youCannotCreateAnymore: "Du hast das Erstellungslimit erreicht."
+cannotPerformTemporary: "Vorübergehend nicht verfügbar"
+cannotPerformTemporaryDescription: "Diese Aktion ist wegen des Überschreitenes des Ausführungslimits temporär nicht verfügbar. Bitte versuche es nach einiger Zeit erneut."
 _role:
  new: "Rolle erstellen"
  edit: "Rolle bearbeiten"
  name: "Rollenname"
  description: "Rollenbeschreibung"
  permission: "Rollenberechtigungen"
+  descriptionOfPermission: "<b>Moderatoren</b> können grundlegende Verwaltungsaufgaben erledigen.\n<b>Administratoren</b> können alle Einstellungen der Instanz verwalten."
+  assignTarget: "Zuweisungsart"
+  descriptionOfAssignTarget: "<b>Manuell</b> bedeutet, dass die Liste der Benutzer einer Rolle manuell verwaltet wird.\n<b>Konditionell</b> bedeutet, dass die Liste der Benutzer einer Rolle durch eine Bedingung automatisch verwaltet wird."
+  manual: "Manuell"
+  conditional: "Konditional"
+  condition: "Bedingung"
+  isConditionalRole: "Dies ist eine konditionale Rolle."
  isPublic: "Öffentliche Rolle"
  descriptionOfIsPublic: "Ist dies aktiviert, so kann jeder die Liste der Benutzer, die dieser Rolle zugewiesen sind, einsehen. Zusätzlich wird diese Rolle im Profil zugewiesener Benutzer angezeigt."
  options: "Optionen"
+  policies: "Richtlinien"
  baseRole: "Rollenvorlage"
  useBaseValue: "Wert der Rollenvorlage verwenden"
  chooseRoleToAssign: "Zuzuweisende Rolle auswählen"
  canEditMembersByModerator: "Moderatoren können Benutzern diese Rolle zuweisen"
  descriptionOfCanEditMembersByModerator: "Wenn aktiviert, so können Moderatoren und Adminstratoren anderen Benutzern diese Rolle zuweisen bzw. diese Zuweisung aufheben. Wenn deaktiviert, so ist es nur Administratoren möglich, Zuweisungen dieser Rolle zu verwalten."
+  priority: "Priorität"
+  _priority:
+    low: "Niedrig"
+    middle: "Mittel"
+    high: "Hoch"
  _options:
    gtlAvailable: "Kann auf die globale Chronik zugreifen"
    ltlAvailable: "Kann auf die lokale Chronik zugreifen"
    canPublicNote: "Kann öffentliche Notizen erstellen"
+    canInvite: "Einladungscodes für diese Instanz erstellen"
+    canManageCustomEmojis: "Benutzerdefinierte Emojis verwalten"
    driveCapacity: "Drive-Kapazität"
+    pinMax: "Maximale Anzahl an angehefteten Notizen"
    antennaMax: "Maximale Anzahl an Antennen"
+    wordMuteMax: "Maximale Zeichenlänge für Wortstummschaltungen"
+    webhookMax: "Maximale Anzahl an Webhooks"
+    clipMax: "Maximale Anzahl an Clips"
+    noteEachClipsMax: "Maximale Anzahl an Notizen innerhalb eines Clips"
+    userListMax: "Maximale Anzahl an Benutzern in einer Benutzerliste"
+    userEachUserListsMax: "Maximale Anzahl an Benutzerlisten"
+    rateLimitFactor: "Versuchsanzahl"
+    descriptionOfRateLimitFactor: "Je niedriger desto weniger restriktiv, je höher destro restriktiver."
+  _condition:
+    isLocal: "Lokaler Benutzer"
+    isRemote: "Benutzer fremder Instanz"
+    createdLessThan: "Kontoerstellung liegt weniger als X zurück"
+    createdMoreThan: "Kontoerstellung liegt mehr als X zurück"
+    followersLessThanOrEq: "Hat X oder weniger Follower"
+    followersMoreThanOrEq: "Hat X oder mehr Follower"
+    followingLessThanOrEq: "Folgt X oder weniger Benutzern"
+    followingMoreThanOrEq: "Folgt X oder mehr Benutzern"
+    and: "UND-Bedingung"
+    or: "ODER-Bedingung"
+    not: "NICHT-Bedingung"
 _sensitiveMediaDetection:
  description: "Ermöglicht eine Erleichterung der Servermoderation durch die automatische Erkennungen von NSFW-Medien unter Verwendung von Machine Learning. Hierdurch wird die Serverlast etwas erhöht."
  sensitivity: "Erkennungssensitivität"
@@ -983,6 +1023,7 @@ _accountDelete:
 _ad:
  back: "Zurück"
  reduceFrequencyOfThisAd: "Diese Werbung weniger anzeigen"
+  hide: "Nie anzeigen"
 _forgotPassword:
  enterEmail: "Gib die Email-Adresse ein, mit der du dich registriert hast. An diese wird ein Link gesendet, mit dem du dein Passwort zurücksetzen kannst."
  ifNoEmail: "Solltest du bei der Registrierung keine Email-Adresse angegeben haben, wende dich bitte an den Administrator."
--- a/locales/en-US.yml
+++ b/locales/en-US.yml
@@ -931,26 +931,69 @@ undefined: "Undefined"
 assign: "Assign"
 unassign: "Unassign"
 color: "Color"
+manageCustomEmojis: "Manage Custom Emojis"
+youCannotCreateAnymore: "You've hit the creation limit."
+cannotPerformTemporary: "Temporarily unavailable"
+cannotPerformTemporaryDescription: "This action cannot be performed temporarily due to exceeding the execution limit. Please wait for a while and then try again."
+preset: "Presets"
+selectFromPresets: "Choose from presets"
 _role:
  new: "New role"
  edit: "Edit role"
  name: "Role name"
  description: "Role description"
  permission: "Role permissions"
+  descriptionOfPermission: "<b>Moderators</b> can perform basic moderation operations.\n<b>Administrators</b> can change all settings of the instance."
+  assignTarget: "Assignment type"
+  descriptionOfAssignTarget: "<b>Manual</b> to manually change who is part of this role and who is not.\n<b>Conditional</b> to have users be automatically assigned and removed from this role based on a condition."
+  manual: "Manual"
+  conditional: "Conditional"
+  condition: "Condition"
+  isConditionalRole: "This is a conditional role."
  isPublic: "Public role"
  descriptionOfIsPublic: "Anyone will be able to view a list of users assigned to this role. In addition, this role will be displayed in the profiles of assigned users."
  options: "Role options"
+  policies: "Policies"
  baseRole: "Base role"
  useBaseValue: "Use base role value"
  chooseRoleToAssign: "Select the role to assign"
  canEditMembersByModerator: "Allow moderators to edit the list members of this role"
  descriptionOfCanEditMembersByModerator: "When turned on, moderators as well as administrators will be able to assign and unassign users to this role. When turned off, only administrators will be able to assign users."
+  priority: "Priority"
+  _priority:
+    low: "Low"
+    middle: "Medium"
+    high: "High"
  _options:
    gtlAvailable: "Viewing the global timeline"
    ltlAvailable: "Viewing the local timeline"
    canPublicNote: "Can send public notes"
+    canInvite: "Create instance invite codes"
+    canManageCustomEmojis: "Manage Custom Emojis"
    driveCapacity: "Drive capacity"
+    pinMax: "Maximum number of pinned notes"
    antennaMax: "Maximum number of antennas"
+    wordMuteMax: "Maximum number of characters allowed in word mutes"
+    webhookMax: "Maximum number of Webhooks"
+    clipMax: "Maximum number of Clips"
+    noteEachClipsMax: "Maximum number of notes within a clip"
+    userListMax: "Maximum number of user lists"
+    userEachUserListsMax: "Maximum number of users within a user list"
+    rateLimitFactor: "Rate limit"
+    descriptionOfRateLimitFactor: "Lower rate limits are less restrictive, higher ones more restrictive. "
+    canHideAds: "Remove ads"
+  _condition:
+    isLocal: "Local user"
+    isRemote: "Remote user"
+    createdLessThan: "Less than X has passed since account creation"
+    createdMoreThan: "More than X has passed since account creation"
+    followersLessThanOrEq: "Has X or fewer followers"
+    followersMoreThanOrEq: "Has X or more followers"
+    followingLessThanOrEq: "Follows X or fewer accounts"
+    followingMoreThanOrEq: "Follows X or more accounts"
+    and: "AND-Condition"
+    or: "OR-Condition"
+    not: "NOT-Condition"
 _sensitiveMediaDetection:
  description: "Reduces the effort of server moderation through automatically recognizing NSFW media via Machine Learning. This will slightly increase the load on the server."
  sensitivity: "Detection sensitivity"
@@ -983,6 +1026,7 @@ _accountDelete:
 _ad:
  back: "Back"
  reduceFrequencyOfThisAd: "Show this ad less"
+  hide: "Never show"
 _forgotPassword:
  enterEmail: "Enter the email address you used to register. A link with which you can reset your password will then be sent to it."
  ifNoEmail: "If you did not use an email during registration, please contact the instance administrator instead."
--- a/locales/es-ES.yml
+++ b/locales/es-ES.yml
@@ -919,6 +919,12 @@ numberOfProfileView: "Número de vistas de perfil"
 like: "¡Muy bien!"
 show: "Apariencia"
 color: "Color"
+_role:
+  priority: "Prioridad"
+  _priority:
+    low: "Baja"
+    middle: "Mediano"
+    high: "Alta"
 _sensitiveMediaDetection:
  description: "Reduce el esfuerzo de la moderación el el servidor a través del reconocimiento automático de contenido NSFW usando 'Machine Learning'. Esto puede incrementar ligeramente la carga en el servidor."
  sensitivity: "Sensibilidad de detección"
@@ -951,6 +957,7 @@ _accountDelete:
 _ad:
  back: "Deseleccionar"
  reduceFrequencyOfThisAd: "Mostrar menos este anuncio."
+  hide: "No mostrar"
 _forgotPassword:
  enterEmail: "Ingrese el correo usado para registrar la cuenta. Se enviará un link para resetear la contraseña."
  ifNoEmail: "Si no utilizó un correo para crear la cuenta, contáctese con el administrador."
--- a/locales/fr-FR.yml
+++ b/locales/fr-FR.yml
@@ -916,6 +916,12 @@ show: "Affichage"
 neverShow: "Ne plus afficher"
 remindMeLater: "Peut-être plus tard"
 color: "Couleur"
+_role:
+  priority: "Priorité"
+  _priority:
+    low: "Basse"
+    middle: "Moyen"
+    high: "Haute"
 _sensitiveMediaDetection:
  description: "L'apprentissage automatique peut être utilisé pour détecter automatiquement les médias sensibles à modérer. La sollicitation des serveurs augmente légèrement."
  sensitivity: "Sensibilité de la détection"
@@ -948,6 +954,7 @@ _accountDelete:
 _ad:
  back: "Retour"
  reduceFrequencyOfThisAd: "Voir cette publicité moins souvent"
+  hide: "Cacher "
 _forgotPassword:
  enterEmail: "Entrez ici l'adresse e-mail que vous avez enregistrée pour votre compte. Un lien vous permettant de réinitialiser votre mot de passe sera envoyé à cette adresse."
  ifNoEmail: "Si vous n'avez pas enregistré d'adresse e-mail, merci de contacter l'administrateur·rice de votre instance."
--- a/locales/id-ID.yml
+++ b/locales/id-ID.yml
@@ -860,6 +860,12 @@ unlike: "Tidak Suka"
 numberOfLikes: "Jumlah yang disukai"
 show: "Tampilkan"
 color: "Warna"
+_role:
+  priority: "Prioritas"
+  _priority:
+    low: "Rendah"
+    middle: "Sedang"
+    high: "Tinggi"
 _emailUnavailable:
  used: "Alamat surel ini telah digunakan"
  format: "Format tidak valid."
@@ -884,6 +890,7 @@ _accountDelete:
 _ad:
  back: "Kembali"
  reduceFrequencyOfThisAd: "Tampilkan iklan ini lebih sedikit"
+  hide: "Jangan tampilkan"
 _forgotPassword:
  enterEmail: "Masukkan alamat surel yang kamu gunakan pada saat mendaftar. Sebuah tautan untuk mengatur ulang kata sandi kamu akan dikirimkan ke alamat surel tersebut."
  ifNoEmail: "Apabila kamu tidak menggunakan surel pada saat pendaftaran, mohon hubungi admin segera."
--- a/locales/it-IT.yml
+++ b/locales/it-IT.yml
@@ -8,7 +8,7 @@ search: "Cerca"
 notifications: "Notifiche"
 username: "Nome utente"
 password: "Password"
-forgotPassword: "Hai dimenticato la tua password?"
+forgotPassword: "Hai dimenticato la password?"
 fetchingAsApObject: "Recuperando dal Fediverso..."
 ok: "OK"
 gotIt: "Ho capito"
@@ -325,7 +325,7 @@ connectService: "Connessione"
 disconnectService: "Disconnessione "
 enableLocalTimeline: "Abilita Timeline locale"
 enableGlobalTimeline: "Abilita Timeline federata"
-disablingTimelinesInfo: "Anche se disabiliti queste timeline, gli amministratori e i moderatori potranno sempre accederci."
+disablingTimelinesInfo: "Anche disabilitandole, gli Amministratori e i Moderatori potranno comunque accedervi."
 registration: "Iscriviti"
 enableRegistration: "Permettere nuove registrazioni"
 invite: "Invita"
@@ -340,7 +340,7 @@ pinnedUsers: "Utenti in evidenza"
 pinnedUsersDescription: "Elenca gli/le utenti che vuoi fissare in cima alla pagina \"Esplora\", un@ per riga."
 pinnedPages: "Pagine in evidenza"
 pinnedPagesDescription: "Specifica il percorso delle pagine che vuoi fissare in cima alla pagina dell'istanza. Una pagina per riga."
-pinnedClipId: "ID della nota in evidenza"
+pinnedClipId: "ID della Clip in evidenza"
 pinnedNotes: "Nota fissata"
 hcaptcha: "hCaptcha"
 enableHcaptcha: "Abilita hCaptcha"
@@ -651,11 +651,11 @@ random: "Casuale"
 system: "Sistema"
 switchUi: "Cambiare interfaccia"
 desktop: "Desktop"
-clip: "Nota"
+clip: "Clip"
 createNew: "Crea"
-optional: "Opzionale"
-createNewClip: "Nuova Nota"
-unclip: "Rimuovi la nota"
+optional: "facoltativo"
+createNewClip: "Crea una Clip"
+unclip: "Togli Nota dalla Clip"
 confirmToUnclipAlreadyClippedNote: "Questa nota è già inclusa in \"{name}\". Si desidera escludere la nota?"
 public: "Pubblica"
 i18nInfo: "Misskey è tradotto in diverse lingue da volontari. Anche tu puoi contribuire su {link}."
@@ -924,7 +924,73 @@ neverShow: "Non mostrare più"
 remindMeLater: "Rimanda"
 didYouLikeMisskey: "Ti piace Misskey?"
 pleaseDonate: "Misskey è il software libero utilizzato su {host}. Offrendo una donazione è più facile continuare a svilupparlo!"
+roles: "Ruoli"
+role: "Ruolo"
+normalUser: "Profilo standard"
+undefined: "Indefinito"
+assign: "Assegna"
+unassign: "Disassegna"
 color: "Colore"
+manageCustomEmojis: "Gestisci le emoji personalizzate"
+youCannotCreateAnymore: "Non puoi creare, hai raggiunto il limite."
+cannotPerformTemporary: "Indisponibilità temporanea"
+cannotPerformTemporaryDescription: "L'attività non può essere svolta, poiché si è raggiunto il limite di esecuzioni possibili. Per favore, riprova più tardi."
+_role:
+  new: "Nuovo ruolo"
+  edit: "Modifica ruolo"
+  name: "Nome del ruolo"
+  description: "Descrizione del ruolo"
+  permission: "Permessi globali del ruolo"
+  descriptionOfPermission: "<b>Moderatori</b> possono svolgere le attività di moderazione basilari.\n<b>Amministratori</b> possono modificare la configurazione dell'istanza."
+  assignTarget: "Modalità di assegnazione del ruolo"
+  descriptionOfAssignTarget: "<b>Manuale</b>: per assegnare manualmente questo ruolo ai profili.\n<b>Condizionale</b>: per assegnare o rimuovere automaticamente questo ruolo ai profili, a precise condizioni."
+  manual: "Manuale"
+  conditional: "Condizionale"
+  condition: "Condizioni"
+  isConditionalRole: "Questo è un ruolo condizionato"
+  isPublic: "Ruolo pubblico"
+  descriptionOfIsPublic: "La lista di profili assegnati a questo ruolo è visibile a chiunque. Inoltre, il nome del ruolo verrà mostrato pubblicamente nei relativi profili."
+  options: "Opzioni del ruolo"
+  policies: "Policy"
+  baseRole: "Ruolo di base"
+  useBaseValue: "Eredita dal ruolo base"
+  chooseRoleToAssign: "Seleziona il ruolo da assegnare"
+  canEditMembersByModerator: "Anche i Moderatori assegnano profili a questo ruolo"
+  descriptionOfCanEditMembersByModerator: "Se disattivo, potranno farlo solamente gli Amministratori."
+  priority: "Priorità"
+  _priority:
+    low: "Bassa"
+    middle: "Medio"
+    high: "Alta"
+  _options:
+    gtlAvailable: "Disponibilità della Timeline Federata"
+    ltlAvailable: "Disponibilità della Timeline Locale"
+    canPublicNote: "Può scrivere Note con Visibilità Pubblica"
+    canInvite: "Genera codici di invito all'istanza"
+    canManageCustomEmojis: "Gestire le emoji personalizzate"
+    driveCapacity: "Capienza del Drive"
+    pinMax: "Quantità massima di Note in primo piano"
+    antennaMax: "Quantità massima di Antenne"
+    wordMuteMax: "Lunghezza massima del filtro parole"
+    webhookMax: "Quantità massima di Webhook"
+    clipMax: "Quantità massima di Clip"
+    noteEachClipsMax: "Quantità massima di Note nella Clip"
+    userListMax: "Quantità massima di liste"
+    userEachUserListsMax: "Quantità massima di profili per lista"
+    rateLimitFactor: "Limite del rapporto"
+    descriptionOfRateLimitFactor: "I rapporti più bassi sono meno restrittivi, quelli più alti lo sono di più."
+  _condition:
+    isLocal: "Profilo locale"
+    isRemote: "Profilo remoto"
+    createdLessThan: "Creato meno di"
+    createdMoreThan: "Creato più di"
+    followersLessThanOrEq: "Ha meno di N follower"
+    followersMoreThanOrEq: "Ha più di N follower"
+    followingLessThanOrEq: "Segue N profili o meno"
+    followingMoreThanOrEq: "Segue N profili o più"
+    and: "E"
+    or: "O"
+    not: "NON"
 _sensitiveMediaDetection:
  description: "L'apprendimento automatico può essere utilizzato per individuare automaticamente i media sensibili da moderare. Il carico del server aumenta leggermente."
  sensitivity: "Sensibilità di rilevamento"
@@ -957,6 +1023,7 @@ _accountDelete:
 _ad:
  back: "Indietro"
  reduceFrequencyOfThisAd: "Visualizza questa pubblicità meno spesso"
+  hide: "Nascondi"
 _forgotPassword:
  enterEmail: "Inserisci l'indirizzo di posta elettronica che hai registrato nel tuo profilo. Il collegamento necessario per ripristinare la password verrà inviato a questo indirizzo."
  ifNoEmail: "Se nessun indirizzo e-mail è stato registrato, si prega di contattare l'amministratore·trice dell'istanza."
@@ -1340,7 +1407,7 @@ _cw:
 _poll:
  noOnlyOneChoice: "Sono necessarie almeno 2 risposte"
  choiceN: "Opzione {n}"
-  noMore: "Hai aggiunto il numero massimo di opzioni."
+  noMore: "Hai raggiunto il limite di opzioni."
  canMultipleVote: "Possibilità di risposte multiple"
  expiration: "Scadenza"
  infinite: "Non scade"
--- a/locales/ja-JP.yml
+++ b/locales/ja-JP.yml
@@ -932,6 +932,11 @@ assign: "アサイン"
 unassign: "アサインを解除"
 color: "色"
 manageCustomEmojis: "カスタム絵文字の管理"
+youCannotCreateAnymore: "これ以上作成することはできません。"
+cannotPerformTemporary: "一時的に利用できません"
+cannotPerformTemporaryDescription: "操作回数が制限を超過するため一時的に利用できません。しばらく時間を置いてから再度お試しください。"
+preset: "プリセット"
+selectFromPresets: "プリセットから選択"

 _role:
  new: "ロールの作成"
@@ -949,11 +954,17 @@ _role:
  isPublic: "ロールを公開"
  descriptionOfIsPublic: "ロールにアサインされたユーザーを誰でも見ることができます。また、ユーザーのプロフィールでこのロールが表示されます。"
  options: "オプション"
+  policies: "ポリシー"
  baseRole: "ベースロール"
  useBaseValue: "ベースロールの値を使用"
  chooseRoleToAssign: "アサインするロールを選択"
  canEditMembersByModerator: "モデレーターのメンバー編集を許可"
  descriptionOfCanEditMembersByModerator: "オンにすると、管理者に加えてモデレーターもこのロールへユーザーをアサイン/アサイン解除できるようになります。オフにすると管理者のみが行えます。"
+  priority: "優先度"
+  _priority:
+    low: "低"
+    middle: "中"
+    high: "高"
  _options:
    gtlAvailable: "グローバルタイムラインの閲覧"
    ltlAvailable: "ローカルタイムラインの閲覧"
@@ -961,9 +972,17 @@ _role:
    canInvite: "インスタンス招待コードの発行"
    canManageCustomEmojis: "カスタム絵文字の管理"
    driveCapacity: "ドライブ容量"
+    pinMax: "ノートのピン留めの最大数"
    antennaMax: "アンテナの作成可能数"
    wordMuteMax: "ワードミュートの最大文字数"
    webhookMax: "Webhookの作成可能数"
+    clipMax: "クリップの作成可能数"
+    noteEachClipsMax: "クリップ内のノートの最大数"
+    userListMax: "ユーザーリストの作成可能数"
+    userEachUserListsMax: "ユーザーリスト内のユーザーの最大数"
+    rateLimitFactor: "レートリミット"
+    descriptionOfRateLimitFactor: "小さいほど制限が緩和され、大きいほど制限が強化されます。"
+    canHideAds: "広告の非表示"
  _condition:
    isLocal: "ローカルユーザー"
    isRemote: "リモートユーザー"
@@ -1014,6 +1033,7 @@ _accountDelete:
 _ad:
  back: "戻る"
  reduceFrequencyOfThisAd: "この広告の表示頻度を下げる"
+  hide: "表示しない"

 _forgotPassword:
  enterEmail: "アカウントに登録したメールアドレスを入力してください。そのアドレス宛てに、パスワードリセット用のリンクが送信されます。"
--- a/locales/ja-KS.yml
+++ b/locales/ja-KS.yml
@@ -926,29 +926,74 @@ didYouLikeMisskey: "Misskeyを気に入っとっただけましたん？"
 pleaseDonate: "Misskeyは{host}が使用している無料のソフトウェアやで。これからも開発を続けれるように、寄付したってな～。"
 roles: "ロール"
 role: "ロール"
+normalUser: "一般ユーザー"
 undefined: "未定義"
 assign: "アサイン"
 unassign: "アサインを解除"
 color: "色"
+manageCustomEmojis: "カスタム絵文字の管理"
+youCannotCreateAnymore: "これ以上作れなさそうや"
+cannotPerformTemporary: "一時的に利用できへんで"
+cannotPerformTemporaryDescription: "操作回数が制限を超えたから一時的に利用できへんくなったで。ちょっと時間置いてからもう一回やってやー。"
+preset: "プリセット"
+selectFromPresets: "プリセットから選ぶ"
 _role:
  new: "ロールの作成"
  edit: "ロールの編集"
  name: "ロール名"
  description: "ロールの説明"
+  permission: "ロールの権限"
+  descriptionOfPermission: "<b>モデレーター</b>は基本的なモデレーションに関わる操作を行えるで。\n<b>管理者</b>はインスタンスの全ての設定を変更できるで。"
+  assignTarget: "アサインターゲット"
+  descriptionOfAssignTarget: "<b>マニュアル</b>は誰がこのロールに含まれてるかを手動で管理するで。\n<b>コンディショナル</b>は条件を設定して、それに合うユーザーが自動で含まれるようになるで。"
+  manual: "マニュアル"
+  conditional: "コンディショナル"
+  condition: "条件"
+  isConditionalRole: "これはコンディショナルロールやで"
  isPublic: "ロールを公開"
  descriptionOfIsPublic: "ロールにアサインされたユーザーを誰でも見ることができるで。そんで、ユーザーのプロフィールでこのロールが表示されるで。"
  options: "オプション"
+  policies: "ポリシー"
  baseRole: "ベースロール"
  useBaseValue: "ベースロールの値を使用"
  chooseRoleToAssign: "アサインするロールを選択"
  canEditMembersByModerator: "モデレーターのメンバー編集を許可"
  descriptionOfCanEditMembersByModerator: "オンにすると、管理者に加えてモデレーターもこのロールへユーザーをアサイン/アサイン解除できるようになるで。オフにすると管理者のみが行えるで。"
+  priority: "優先度"
+  _priority:
+    low: "低い"
+    middle: "中"
+    high: "高い"
  _options:
    gtlAvailable: "グローバルタイムラインの閲覧"
    ltlAvailable: "ローカルタイムラインの閲覧"
    canPublicNote: "パブリック投稿の許可"
+    canInvite: "インスタンス招待コードの発行"
+    canManageCustomEmojis: "カスタム絵文字の管理"
    driveCapacity: "ドライブ容量"
+    pinMax: "ノートのピン留めの最大数"
    antennaMax: "アンテナの作成可能数"
+    wordMuteMax: "ワードミュートの最大文字数"
+    webhookMax: "Webhockの作成可能数"
+    clipMax: "クリップの作成可能数"
+    noteEachClipsMax: "クリップ内のノートの最大数"
+    userListMax: "ユーザーリストの作成可能数"
+    userEachUserListsMax: "ユーザーリスト内のユーザーの最大数"
+    rateLimitFactor: "レートリミット"
+    descriptionOfRateLimitFactor: "ちっちゃいほど制限が緩くなって、大きいほど制限されるで。"
+    canHideAds: "広告を表示させへん"
+  _condition:
+    isLocal: "ローカルユーザー"
+    isRemote: "リモートユーザー"
+    createdLessThan: "アカウント作成から～以内"
+    createdMoreThan: "アカウント作成から～経過"
+    followersLessThanOrEq: "フォロワー数が～以下"
+    followersMoreThanOrEq: "フォロワー数が～以上"
+    followingLessThanOrEq: "フォロー数が～以下"
+    followingMoreThanOrEq: "フォロー数が～以上"
+    and: "～かつ～"
+    or: "～または～"
+    not: "～ではない"
 _sensitiveMediaDetection:
  description: "機械学習を使って自動でセンシティブなメディアを検出して、モデレーションに役立てることができるで。サーバーの負荷が少し増えてまうなあ。"
  sensitivity: "検出感度やで"
@@ -981,6 +1026,7 @@ _accountDelete:
 _ad:
  back: "戻る"
  reduceFrequencyOfThisAd: "この広告の表示頻度を下げるで"
+  hide: "表示せん"
 _forgotPassword:
  enterEmail: "アカウントに登録したメールアドレスをここに入力してや。そのアドレス宛に、パスワードリセット用のリンクが送られるから待っててな～。"
  ifNoEmail: "メールアドレスを登録してへんのやったら、管理者まで教えてな～。"
--- a/locales/ko-KR.yml
+++ b/locales/ko-KR.yml
@@ -907,7 +907,7 @@ subscribePushNotification: "푸시 알림 켜기"
 unsubscribePushNotification: "푸시 알림 끄기"
 pushNotificationAlreadySubscribed: "푸시 알림이 이미 켜져 있습니다"
 pushNotificationNotSupported: "브라우저나 인스턴스에서 푸시 알림이 지원되지 않습니다"
-sendPushNotificationReadMessage: "푸시 알림이니 메시지를 읽으면 푸시 알림을 삭제합니다"
+sendPushNotificationReadMessage: "푸시 알림이나 메시지를 읽은 뒤 푸시 알림을 삭제"
 sendPushNotificationReadMessageCaption: "「{emptyPushNotificationMessage}」이라는 알림이 잠깐 표시됩니다. 기기의 전력 소비량이 증가할 수 있습니다."
 windowMaximize: "최대화"
 windowRestore: "복구"
@@ -926,29 +926,71 @@ didYouLikeMisskey: "Misskey가 마음에 드시나요?"
 pleaseDonate: "{host}은(는) 무료 소프트웨어 Misskey를 사용합니다. 후원을 통해 저희의 개발이 이어질 수 있게 도와주세요!"
 roles: "역할"
 role: "역할"
+normalUser: "일반 사용자"
 undefined: "정의되지 않음"
 assign: "할당"
 unassign: "할당 취소"
 color: "색"
+manageCustomEmojis: "커스텀 이모지 관리"
+youCannotCreateAnymore: "더 이상 생성할 수 없습니다."
+cannotPerformTemporary: "일시적으로 사용할 수 없음"
+cannotPerformTemporaryDescription: "조작 횟수 제한을 초과하여 일시적으로 사용이 불가합니다. 잠시 후 다시 시도해 주세요."
 _role:
  new: "새 역할 생성"
  edit: "역할 수정"
  name: "역할 이름"
  description: "역할 설명"
+  permission: "역할의 권한"
+  descriptionOfPermission: "<b>모더레이터</b>는 기본적인 중재와 관련된 작업을 수행할 수 있습니다.\n<b>관리자</b>는 인스턴스의 모든 설정을 변경할 수 있습니다."
+  assignTarget: "할당 대상"
+  descriptionOfAssignTarget: "<b>수동</b>을 선택하면 누가 이 역할에 포함되는지를 수동으로 관리할 수 있습니다.\n<b>조건부</b>를 선택하면 조건을 설정해 일치하는 사용자를 자동으로 포함되게 할 수 있습니다."
+  manual: "수동"
+  conditional: "조건부"
+  condition: "조건"
+  isConditionalRole: "조건부 역할입니다."
  isPublic: "공개 역할"
  descriptionOfIsPublic: "역할에 할당된 사용자를 누구나 볼 수 있습니다. 또한 사용자 프로필에 이 역할이 표시됩니다."
  options: "옵션"
+  policies: "정책"
  baseRole: "기본 역할"
  useBaseValue: "기본값 사용"
  chooseRoleToAssign: "할당할 역할 선택"
  canEditMembersByModerator: "모더레이터의 역할 수정 허용"
  descriptionOfCanEditMembersByModerator: "이 옵션을 켜면 모더레이터도 이 역할에 사용자를 추가하거나 삭제할 수 있습니다. 꺼져 있으면 관리자만 가능합니다."
+  priority: "우선순위"
+  _priority:
+    low: "낮음"
+    middle: "보통"
+    high: "높음"
  _options:
    gtlAvailable: "글로벌 타임라인 보이기"
    ltlAvailable: "로컬 타임라인 보이기"
    canPublicNote: "공개 노트 허용"
+    canInvite: "인스턴스 초대 코드 발행"
+    canManageCustomEmojis: "커스텀 이모지 관리"
    driveCapacity: "드라이브 용량"
+    pinMax: "고정할 수 있는 노트 수"
    antennaMax: "최대 안테나 생성 허용 수"
+    wordMuteMax: "뮤트할 수 있는 단어의 수"
+    webhookMax: "생성할 수 있는 WebHook의 수"
+    clipMax: "생성할 수 있는 클립 수"
+    noteEachClipsMax: "각 클립에 추가할 수 있는 노트 수"
+    userListMax: "생성할 수 있는 리스트 수"
+    userEachUserListsMax: "리스트당 최대 사용자 수"
+    rateLimitFactor: "속도 제한"
+    descriptionOfRateLimitFactor: "작을수록 제한이 완화되고, 클수록 제한이 강화됩니다."
+  _condition:
+    isLocal: "로컬 사용자"
+    isRemote: "리모트 사용자"
+    createdLessThan: "다음 일수 이내에 가입한 유저"
+    createdMoreThan: "다음 일수 이상 활동한 유저"
+    followersLessThanOrEq: "팔로워 수가 다음 이하인 유저"
+    followersMoreThanOrEq: "팔로워 수가 다음 이상인 유저"
+    followingLessThanOrEq: "팔로잉 수가 다음 이하인 유저"
+    followingMoreThanOrEq: "팔로잉 수가 다음 이상인 유저"
+    and: "다음을 모두 만족"
+    or: "다음을 하나라도 만족"
+    not: "다음을 만족하지 않음"
 _sensitiveMediaDetection:
  description: "기계학습을 통해 자동으로 민감한 미디어를 탐지하여, 모더레이션에 참고할 수 있도록 합니다. 서버의 부하를 약간 증가시킵니다."
  sensitivity: "탐지 민감도"
@@ -981,6 +1023,7 @@ _accountDelete:
 _ad:
  back: "뒤로"
  reduceFrequencyOfThisAd: "이 광고의 표시 빈도 낮추기"
+  hide: "보이지 않음"
 _forgotPassword:
  enterEmail: "여기에 계정에 등록한 메일 주소를 입력해 주세요. 입력한 메일 주소로 비밀번호 재설정 링크를 발송합니다."
  ifNoEmail: "메일 주소를 등록하지 않은 경우, 관리자에 문의해 주십시오."
@@ -1352,7 +1395,7 @@ _widgets:
  aiscript: "AiScript 콘솔"
  aiscriptApp: "AiScript 앱"
  aichan: "아이"
-  userList: "사용자 목록"
+  userList: "유저 리스트"
  _userList:
    chooseList: "리스트 선택"
  clicker: "클리커"
--- a/locales/pl-PL.yml
+++ b/locales/pl-PL.yml
@@ -869,6 +869,12 @@ loggedInAsBot: "Jesteś obecnie zalogowany/a jako bot"
 like: "Polub"
 show: "Wyświetlanie"
 color: "Kolor"
+_role:
+  priority: "Priorytet"
+  _priority:
+    low: "Niski"
+    middle: "Średnie"
+    high: "Wysoki"
 _sensitiveMediaDetection:
  description: "Zmniejsza wysiłek związany z moderacją serwera dzięki automatycznemu rozpoznawaniu zawartości NSFW za pomocą uczenia maszynowego. To nieznacznie zwiększy obciążenie serwera."
  setSensitiveFlagAutomatically: "Oznacz jako NSFW"
@@ -896,6 +902,7 @@ _accountDelete:
 _ad:
  back: "Wróć"
  reduceFrequencyOfThisAd: "Pokazuj tę reklamę rzadziej"
+  hide: "Nigdy nie pokazuj"
 _forgotPassword:
  enterEmail: "Wpisz adres e-mail użyty do rejestracji. Zostanie do niego wysłany link, za pomocą którego możesz zresetować hasło."
  ifNoEmail: "Jeżeli nie podano adresu e-mail podczas rejestracji, skontaktuj się z administratorem zamiast tego."
--- a/locales/ro-RO.yml
+++ b/locales/ro-RO.yml
@@ -648,6 +648,9 @@ sent: "Trimite"
 searchByGoogle: "Caută"
 file: "Fișiere"
 show: "Arată"
+_role:
+  _priority:
+    middle: "Mediu"
 _email:
  _follow:
    title: "te-a urmărit"
--- a/locales/ru-RU.yml
+++ b/locales/ru-RU.yml
@@ -867,6 +867,12 @@ windowRestore: "Восстановить"
 like: "Нравится!"
 show: "Отображение"
 color: "Цвет"
+_role:
+  priority: "Приоритет"
+  _priority:
+    low: "Низкий"
+    middle: "Средне"
+    high: "Высокий"
 _sensitiveMediaDetection:
  description: "Машинное обучение может быть использовано для автоматического обнаружения чувствительных медиа для модерации. Нагрузка на сервер увеличивается незначительно."
  setSensitiveFlagAutomatically: "Установить флаг NSFW"
@@ -894,6 +900,7 @@ _accountDelete:
 _ad:
  back: "Выход"
  reduceFrequencyOfThisAd: "Реже показывать эту рекламу"
+  hide: "Не показывать"
 _forgotPassword:
  enterEmail: "Введите адрес электронной почты, который ввели при регистрации. На неё будет выслана ссылка для смены пароля."
  ifNoEmail: "Если вы не ввели свой адрес электронной почты, свяжитесь с администратором ресурса, чтобы сменить пароль."
--- a/locales/sk-SK.yml
+++ b/locales/sk-SK.yml
@@ -918,6 +918,12 @@ remindMeLater: "Pripomenúť neskôr"
 didYouLikeMisskey: "Páči sa vám Misskey?"
 pleaseDonate: "Misskey je bezplatný softvér, ktorý používa {host}. Prosím, prispejte, aby sme ho mohli ďalej rozvíjať!"
 color: "Farba"
+_role:
+  priority: "Priorita"
+  _priority:
+    low: "Málo"
+    middle: "Stredné"
+    high: "Vysoká"
 _sensitiveMediaDetection:
  description: "Strojové učenie sa použije na automatickú detekciu citlivých médií na účely ich moderovania. Mierne sa zvýši zaťaženie servera."
  sensitivity: "Citlivosť detekcie"
@@ -950,6 +956,7 @@ _accountDelete:
 _ad:
  back: "Späť"
  reduceFrequencyOfThisAd: "Túto reklamu zobrazovať menej"
+  hide: "Nikdy nezobrazovať"
 _forgotPassword:
  enterEmail: "Zadajte emailovú adresu, ktorú ste použili pri registrácii. Pošleme vám na ňu odkaz, cez ktorý si môžete obnoviť heslo."
  ifNoEmail: "Ak ste pri registrácii nepoužili email, prosím kontaktujte administrátora."
--- a/locales/th-TH.yml
+++ b/locales/th-TH.yml
@@ -926,15 +926,25 @@ didYouLikeMisskey: "คุณเคยชอบ Misskey ไหม?"
 pleaseDonate: "{host} ใช้ซอฟต์แวร์ฟรี Misskey เราขอขอบคุณการบริจาคของคุณอย่างสูงเพื่อให้การพัฒนา Misskey สามารถดำเนินต่อไปได้นะ!"
 roles: "บทบาท"
 role: "บทบาท"
+normalUser: "ผู้ใช้มาตรฐาน"
 undefined: "ไม่ได้กำหนด"
 assign: "กำหนด"
 unassign: "ยังไม่มอบหมาย"
 color: "สี"
+manageCustomEmojis: "จัดการอีโมจิแบบกำหนดเอง"
 _role:
  new: "บทบาทใหม่"
  edit: "แก้ไขบทบาท"
  name: "ชื่อบทบาท"
  description: "คำอธิบายบทบาท"
+  permission: "สิทธิ์ตามบทบาท"
+  descriptionOfPermission: "<b>ผู้ดูแลกลั่นกรองเนื้อหา</b> สามารถดำเนินการดูแลขั้นพื้นฐานได้นะ\n<b>ผู้ดูแลระบบ</b> สามารถเปลี่ยนการตั้งค่าทั้งหมดของอินสแตนซ์ได้นะ"
+  assignTarget: "กำหนดเป้าหมาย"
+  descriptionOfAssignTarget: "<b>แมนนวล</b> เพื่อเปลี่ยนผู้ที่เป็นส่วนหนึ่งของบทบาทนี้และใครที่ไม่ใช่ด้วยตนเอง\n<b>เงื่อนไข</b> เพื่อให้ผู้ใช้ได้รับการกำหนดและนำออกจากบทบาทนี้โดยอัตโนมัติตามเงื่อนไขชุดหนึ่ง"
+  manual: "ปรับเอง"
+  conditional: "มีเงื่อนไข"
+  condition: "เงื่อนไข"
+  isConditionalRole: "นี่คือบทบาทที่มีเงื่อนไข"
  isPublic: "บทบาทสาธารณะ"
  descriptionOfIsPublic: "ทุกคนสามารถดูได้ว่าผู้ใช้งานนั้นได้รับมอบหมายบทบาทด้วยหรือไม่ \n\nบทบาทจะแสดงในโปรไฟล์ของผู้ใช้ด้วย"
  options: "ตัวเลือกบทบาท"
@@ -943,12 +953,31 @@ _role:
  chooseRoleToAssign: "เลือกบทบาทที่ต้องการกำหนด"
  canEditMembersByModerator: "อนุญาตให้ผู้ดูแลแก้ไขสมาชิก"
  descriptionOfCanEditMembersByModerator: "เมื่อเปิดใช้ ผู้ดูแลนอกเหนือจากผู้ดูแลระบบแล้ว จะสามารถกำหนดและยกเลิกการมอบหมายบทบาทนี้ให้กับผู้ใช้ได้ เมื่อปิด เฉพาะผู้ดูแลระบบเท่านั้นที่จะสามารถกำหนดผู้ใช้ได้นะ"
+  priority: "ลำดับความสำคัญ"
+  _priority:
+    low: "ต่ำ"
+    middle: "ปานกลาง"
+    high: "สูง"
  _options:
    gtlAvailable: "การดูไทม์ไลน์ทั่วโลก"
    ltlAvailable: "การดูไทม์ไลน์ในท้องถิ่น"
    canPublicNote: "สามารถส่งโน้ตสาธารณะ"
+    canInvite: "สร้างรหัสเชิญอินสแตนซ์"
+    canManageCustomEmojis: "จัดการอีโมจิแบบกำหนดเอง"
    driveCapacity: "ความจุของไดรฟ์"
    antennaMax: "จำนวนสูงสุดของเสาอากาศ"
+  _condition:
+    isLocal: "ผู้ใช้ภายใน"
+    isRemote: "ผู้ใช้ระยะไกล"
+    createdLessThan: "สร้างน้อยกว่า"
+    createdMoreThan: "สร้างมากกว่า"
+    followersLessThanOrEq: "จำนวนผู้ติดตามน้อยกว่าหรือเท่ากับ\n"
+    followersMoreThanOrEq: "จำนวนผู้ติดตามมากกว่าหรือเท่ากับ\n"
+    followingLessThanOrEq: "จำนวนบัญชีต่อไปนี้คือ น้อยกว่าหรือเท่ากับ"
+    followingMoreThanOrEq: "จำนวนบัญชีต่อไปนี้คือ มากกว่าหรือเท่ากับ"
+    and: "และ"
+    or: "หรือ"
+    not: "ไม่"
 _sensitiveMediaDetection:
  description: "ลดความพยายามในการดูแลเซิร์ฟเวอร์ผ่านการจดจำสื่อ NSFW โดยอัตโนมัติผ่านการเรียนรู้ของเครื่อง การทำสิ่งนี้อาจจะเพิ่มภาระบนเซิร์ฟเวอร์เล็กน้อย"
  sensitivity: "การตรวจจับความไว"
@@ -981,6 +1010,7 @@ _accountDelete:
 _ad:
  back: "ย้อนกลับ"
  reduceFrequencyOfThisAd: "แสดงโฆษณานี้ให้น้อยลง"
+  hide: "ไม่ต้องแสดง"
 _forgotPassword:
  enterEmail: "ป้อนที่อยู่อีเมลที่คุณเคยใช้ในการลงทะเบียนไว้ ลิงก์ที่คุณสามารถรีเซ็ตรหัสผ่านได้นั้นจะถูกส่งไปนะ"
  ifNoEmail: "ถ้าหากคุณไม่ได้ใช้อีเมลระหว่างการลงทะเบียน กรุณาติดต่อผู้ดูแลระบบอินสแตนซ์แทนนะ"
--- a/locales/uk-UA.yml
+++ b/locales/uk-UA.yml
@@ -895,6 +895,12 @@ caption: "Підпис"
 like: "Вподобати"
 show: "Відображення"
 color: "Колір"
+_role:
+  priority: "Пріоритет"
+  _priority:
+    low: "Низький"
+    middle: "Середній"
+    high: "Високий"
 _sensitiveMediaDetection:
  sensitivity: "Чутливість детектування"
  setSensitiveFlagAutomatically: "Позначити як NSFW"
@@ -920,6 +926,7 @@ _accountDelete:
 _ad:
  back: "Назад"
  reduceFrequencyOfThisAd: "Показувати цю рекламу менше"
+  hide: "Не відображати"
 _gallery:
  my: "Моя галерея"
  liked: "Вподобане"
--- a/locales/vi-VN.yml
+++ b/locales/vi-VN.yml
@@ -897,6 +897,12 @@ move: "Di chuyển"
 like: "Thích"
 show: "Hiển thị"
 color: "Màu sắc"
+_role:
+  priority: "Ưu tiên"
+  _priority:
+    low: "Thấp"
+    middle: "Vừa"
+    high: "Cao"
 _sensitiveMediaDetection:
  description: "Giảm nỗ lực kiểm duyệt máy chủ thông qua việc tự động nhận dạng media NSFW thông qua học máy. Điều này sẽ làm tăng một chút áp lực trên máy chủ."
  sensitivity: "Phát hiện nhạy cảm"
@@ -929,6 +935,7 @@ _accountDelete:
 _ad:
  back: "Quay lại"
  reduceFrequencyOfThisAd: "Hiện ít lại"
+  hide: "Không hiển thị"
 _forgotPassword:
  enterEmail: "Nhập địa chỉ email bạn đã sử dụng để đăng ký. Một liên kết mà bạn có thể đặt lại mật khẩu của mình sau đó sẽ được gửi đến nó."
  ifNoEmail: "Nếu bạn không sử dụng email lúc đăng ký, vui lòng liên hệ với quản trị viên."
--- a/locales/zh-CN.yml
+++ b/locales/zh-CN.yml
@@ -931,41 +931,68 @@ undefined: "未定义"
 assign: "分配"
 unassign: "取消分配"
 color: "颜色"
+manageCustomEmojis: "管理自定义表情符号"
+youCannotCreateAnymore: "抱歉，您无法再创建更多了。"
+cannotPerformTemporary: "暂时不可用"
+cannotPerformTemporaryDescription: "因操作过于频繁，暂时不可用，请稍后再试。"
+preset: "預設值"
+selectFromPresets: "從預設值中選擇"
 _role:
  new: "创建角色"
  edit: "编辑角色"
-  name: "用户组名称"
-  description: "用户组的描述"
-  permission: "用户组的权限"
+  name: "角色名称"
+  description: "角色描述"
+  permission: "角色权限"
  descriptionOfPermission: "<b>监察员</b>可以执行基本的审核操作。\n<b>管理员</b>可以更改实例的所有设置。"
  assignTarget: "授权对象"
-  descriptionOfAssignTarget: "<b>手动</b>指手动选择谁被包括在这个用户组中。\n<b>符合条件</b>指设置条件以自动包括符合条件的用户。"
+  descriptionOfAssignTarget: "<b>手动</b>指手动选择谁被包括在这个角色中。\n<b>符合条件</b>指设置条件以自动包括符合条件的用户。"
  manual: "手动"
  conditional: "符合条件"
  condition: "条件"
-  isConditionalRole: "这是一个条件控制的用户组。"
-  isPublic: "公开用户组"
-  descriptionOfIsPublic: "任何人都可以看到分配该用户组的用户，用户的个人资料也将显示该用户组。"
+  isConditionalRole: "这是一个条件控制的角色。"
+  isPublic: "角色公开"
+  descriptionOfIsPublic: "任何人都可以看到分配该角色的用户。而用户的个人资料也将显示该角色。"
  options: "选项"
+  policies: "策略"
  baseRole: "基本角色"
  useBaseValue: "使用基本角色的值"
  chooseRoleToAssign: "选择要分配的角色"
-  canEditMembersByModerator: "允许版主编辑成员"
-  descriptionOfCanEditMembersByModerator: "如果选中，版主和管理员都能够为用户分配/取消分配角色。如果未选中，则只有管理员可以执行此操作。"
+  canEditMembersByModerator: "允许监察者编辑成员"
+  descriptionOfCanEditMembersByModerator: "如果选中，监察者和管理员都能够为用户分配/取消分配角色。如果未选中，则只有管理员可以执行此操作。"
+  priority: "优先级"
+  _priority:
+    low: "低"
+    middle: "中"
+    high: "高"
  _options:
    gtlAvailable: "查看全局时间线"
    ltlAvailable: "查看本地时间线"
    canPublicNote: "允许公开发帖"
+    canInvite: "发放实例邀请码"
+    canManageCustomEmojis: "管理自定义表情符号"
    driveCapacity: "网盘容量"
+    pinMax: "帖子置顶数量限制"
    antennaMax: "可创建的最大天线数量"
+    wordMuteMax: "屏蔽词的字数限制"
+    webhookMax: "Webhook 创建数量限制"
+    clipMax: "便签创建数量限制"
+    noteEachClipsMax: "单个便签内的贴文数量限制"
+    userListMax: "用户列表创建数量限制"
+    userEachUserListsMax: "单个用户列表内用户数量限制"
+    rateLimitFactor: "速率限制"
+    descriptionOfRateLimitFactor: "值越小限制越少，值越大限制越多。"
  _condition:
    isLocal: "是本地用户"
    isRemote: "是远程用户"
    createdLessThan: "账户创建时间少于"
    createdMoreThan: "账户创建时间超过"
-    and: "全部符合"
-    or: "任一符合"
-    not: "不符合"
+    followersLessThanOrEq: "关注者不多于"
+    followersMoreThanOrEq: "关注者不少于"
+    followingLessThanOrEq: "关注中不多于"
+    followingMoreThanOrEq: "关注中不少于"
+    and: "符合以下全部条件"
+    or: "符合以下任一条件"
+    not: "不符合以下任何条件"
 _sensitiveMediaDetection:
  description: "可以使用机器学习技术自动检测敏感媒体，以便进行审核。服务器负载将略微增加。"
  sensitivity: "检测敏感度"
@@ -998,6 +1025,7 @@ _accountDelete:
 _ad:
  back: "返回"
  reduceFrequencyOfThisAd: "减少此广告的频率"
+  hide: "不显示"
 _forgotPassword:
  enterEmail: "请输入您验证账号时用的电子邮箱地址，密码重置链接将发送至该邮箱上。"
  ifNoEmail: "如果您没有使用电子邮件地址进行验证，请联系管理员。"
--- a/locales/zh-TW.yml
+++ b/locales/zh-TW.yml
@@ -324,7 +324,7 @@ integration: "整合"
 connectService: "己連結"
 disconnectService: "己斷開 "
 enableLocalTimeline: "開啟本地時間軸"
-enableGlobalTimeline: "啟用公開時間軸"
+enableGlobalTimeline: "啟用全域時間軸"
 disablingTimelinesInfo: "為了方便，即使您關閉了時間線功能，管理員和審核員仍可以繼續使用。"
 registration: "註冊"
 enableRegistration: "開啟新使用者註冊"
@@ -388,7 +388,7 @@ aboutMisskey: "關於 Misskey"
 administrator: "管理員"
 token: "權杖"
 twoStepAuthentication: "兩階段驗證"
-moderator: "審核員"
+moderator: "監察員"
 moderation: "言論調節"
 nUsersMentioned: "提到了{n}"
 securityKey: "安全金鑰"
@@ -869,7 +869,7 @@ recommended: "推薦"
 check: "檢查"
 driveCapOverrideLabel: "更改這個使用者的雲端硬碟容量上限"
 driveCapOverrideCaption: "如果指定0以下的值，就會被取消。"
-requireAdminForView: "必須以管理者帳號登入才可以檢視。"
+requireAdminForView: "必須以管理員帳號登入才可以檢視。"
 isSystemAccount: "由系統自動建立與管理的帳號。"
 typeToConfirm: "要執行這項操作，請輸入 {x} "
 deleteAccount: "刪除帳號"
@@ -931,29 +931,59 @@ undefined: "未定義"
 assign: "指派"
 unassign: "取消指派"
 color: "顏色"
+manageCustomEmojis: "管理自訂表情符號"
+cannotPerformTemporary: "暫時無法進行"
+cannotPerformTemporaryDescription: "由於超過操作次數限制，暫時無法進行。請過一段時間之後再嘗試。"
 _role:
  new: "建立角色"
  edit: "編輯角色"
  name: "角色名稱"
  description: "角色描述 "
  permission: "角色的權限"
-  descriptionOfPermission: "<b>審核員</b>執行與審核相關的基本操作。\n<b>管理者</b>能變更實例的全部設定。"
+  descriptionOfPermission: "<b>審核員</b>執行與審核相關的基本操作。\n<b>管理員</b>能變更實例的全部設定。"
  assignTarget: "指派目標"
+  descriptionOfAssignTarget: "<b>手動</b>是以手動管理這個角色包含的人員。\n<b>符合條件</b>是設定條件以自動包含符合條件的使用者。"
  manual: "手動"
+  conditional: "符合條件"
  condition: "條件"
  isConditionalRole: "這是條件角色。"
  isPublic: "角色為公開"
+  descriptionOfIsPublic: "任何人都可以看到被指派了角色的使用者。此外，使用者的個人檔案將顯示這個角色。"
  options: "選項"
+  policies: "政策"
  baseRole: "基本角色"
  useBaseValue: "使用基本角色的值"
  chooseRoleToAssign: "選擇要指派的角色"
+  canEditMembersByModerator: "允許編輯監察員的成員"
+  descriptionOfCanEditMembersByModerator: "如果開啟，管理員與監察員都可以為使用者指派/解除指派該角色。如果關閉，則只有管理員可以執行。"
+  priority: "優先級"
+  _priority:
+    low: "低"
+    middle: "中"
+    high: "高"
  _options:
+    gtlAvailable: "瀏覽全域時間軸"
+    ltlAvailable: "瀏覽本地時間軸"
+    canPublicNote: "允許公開貼文"
+    canInvite: "發行實例邀請碼"
+    canManageCustomEmojis: "管理自訂表情符號"
    driveCapacity: "雲端硬碟容量"
+    pinMax: "置頂貼文的最大數量"
+    antennaMax: "可建立的天線數量"
+    webhookMax: "可建立的Webhook數量"
+    clipMax: "可建立的摘錄數量"
  _condition:
    isLocal: "本地使用者"
    isRemote: "遠端使用者"
    createdLessThan: "自建立帳戶開始～以內"
    createdMoreThan: "自建立帳戶開始～經過"
+    followersLessThanOrEq: "追隨者人數在～以下"
+    followersMoreThanOrEq: "追隨者人數在～以上"
+    followingLessThanOrEq: "追隨人數在～以下"
+    followingMoreThanOrEq: "追隨人數在～以上"
+    and: "～和～"
+    or: "～或～"
+    not: "～否"
 _sensitiveMediaDetection:
  description: "您可以使用機器學習自動檢測敏感媒體並將其用於審核。 伺服器的負荷會稍微增加。"
  sensitivity: "檢測敏感度"
@@ -986,6 +1016,7 @@ _accountDelete:
 _ad:
  back: "返回"
  reduceFrequencyOfThisAd: "降低此廣告的頻率 "
+  hide: "隱藏"
 _forgotPassword:
  enterEmail: "請輸入您的帳戶註冊的電子郵件地址。 密碼重置連結將被發送到該電子郵件地址。"
  ifNoEmail: "如果您還沒有註冊您的電子郵件地址，請聯繫管理員。 "
--- a/package.json
+++ b/package.json
@@ -1,12 +1,12 @@
 {
 	"name": "misskey",
-	"version": "13.0.0-rc.2",
-	"codename": "indigo",
+	"version": "13.0.0",
+	"codename": "nasubi",
 	"repository": {
 		"type": "git",
 		"url": "https://github.com/misskey-dev/misskey.git"
 	},
-	"packageManager": "yarn@3.3.0",
+	"packageManager": "pnpm@7.24.3",
 	"workspaces": [
 		"packages/frontend",
 		"packages/backend",
@@ -15,27 +15,27 @@
 	"private": true,
 	"scripts": {
 		"build-pre": "node ./scripts/build-pre.js",
-		"build": "yarn build-pre && yarn workspaces foreach run build && yarn run gulp",
+		"build": "pnpm build-pre && pnpm -r build && pnpm gulp",
 		"start": "cd packages/backend && node ./built/boot/index.js",
 		"start:test": "cd packages/backend && cross-env NODE_ENV=test node ./built/boot/index.js",
-		"init": "yarn migrate",
-		"migrate": "cd packages/backend && yarn run typeorm migration:run -d ormconfig.js",
-		"migrateandstart": "yarn migrate && yarn start",
-		"gulp": "gulp build",
-		"watch": "yarn dev",
+		"init": "pnpm migrate",
+		"migrate": "cd packages/backend && pnpm typeorm migration:run -d ormconfig.js",
+		"migrateandstart": "pnpm migrate && pnpm start",
+		"gulp": "pnpm exec gulp build",
+		"watch": "pnpm dev",
 		"dev": "node ./scripts/dev.js",
-		"lint": "yarn workspaces foreach run lint",
-		"cy:open": "cypress open --browser --e2e --config-file=cypress.config.ts",
-		"cy:run": "cypress run",
-		"e2e": "start-server-and-test start:test http://localhost:61812 cy:run",
-		"jest": "cd packages/backend && cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --forceExit --runInBand",
-		"jest-and-coverage": "cd packages/backend && cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --coverage --forceExit --runInBand",
-		"test": "yarn jest",
-		"test-and-coverage": "yarn jest-and-coverage",
-		"format": "gulp format",
+		"lint": "pnpm -r lint",
+		"cy:open": "pnpm cypress open --browser --e2e --config-file=cypress.config.ts",
+		"cy:run": "pnpm cypress run",
+		"e2e": "pnpm start-server-and-test start:test http://localhost:61812 cy:run",
+		"jest": "cd packages/backend && pnpm cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --forceExit --runInBand",
+		"jest-and-coverage": "cd packages/backend && pnpm cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --coverage --forceExit --runInBand",
+		"test": "pnpm jest",
+		"test-and-coverage": "pnpm jest-and-coverage",
+		"format": "pnpm exec gulp format",
 		"clean": "node ./scripts/clean.js",
 		"clean-all": "node ./scripts/clean-all.js",
-		"cleanall": "yarn clean-all"
+		"cleanall": "pnpm clean-all"
 	},
 	"resolutions": {
 		"chokidar": "^3.3.1",
@@ -48,17 +48,20 @@
 		"gulp-rename": "2.0.0",
 		"gulp-replace": "1.1.4",
 		"gulp-terser": "2.1.0",
-		"js-yaml": "4.1.0"
+		"js-yaml": "4.1.0",
+		"typescript": "4.9.4"
 	},
 	"devDependencies": {
 		"@types/gulp": "4.0.10",
 		"@types/gulp-rename": "2.0.1",
-		"@typescript-eslint/eslint-plugin": "5.48.0",
-		"@typescript-eslint/parser": "5.48.0",
+		"@typescript-eslint/eslint-plugin": "5.48.1",
+		"@typescript-eslint/parser": "5.48.1",
 		"cross-env": "7.0.3",
 		"cypress": "12.3.0",
 		"eslint": "^8.31.0",
-		"start-server-and-test": "1.15.2",
-		"typescript": "4.9.4"
+		"start-server-and-test": "1.15.2"
+	},
+	"optionalDependencies": {
+		"@tensorflow/tfjs-core": "^4.2.0"
 	}
 }
--- a/packages/backend/migration/1673783015567-Policies.js
+++ b/packages/backend/migration/1673783015567-Policies.js
@@ -0,0 +1,13 @@
+export class Policies1673783015567 {
+    name = 'Policies1673783015567'
+
+    async up(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "role" RENAME COLUMN "options" TO "policies"`);
+				await queryRunner.query(`ALTER TABLE "meta" RENAME COLUMN "defaultRoleOverride" TO "policies"`);
+    }
+
+    async down(queryRunner) {
+				await queryRunner.query(`ALTER TABLE "meta" RENAME COLUMN "policies" TO "defaultRoleOverride"`);
+        await queryRunner.query(`ALTER TABLE "role" RENAME COLUMN "policies" TO "options"`);
+    }
+}
--- a/packages/backend/migration/1673812883772-firstRetrievedAt.js
+++ b/packages/backend/migration/1673812883772-firstRetrievedAt.js
@@ -0,0 +1,11 @@
+export class firstRetrievedAt1673812883772 {
+    name = 'firstRetrievedAt1673812883772'
+
+    async up(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "instance" RENAME COLUMN "caughtAt" TO "firstRetrievedAt"`);
+    }
+
+    async down(queryRunner) {
+        await queryRunner.query(`ALTER TABLE "instance" RENAME COLUMN "firstRetrievedAt" TO "caughtAt"`);
+    }
+}
--- a/packages/backend/package.json
+++ b/packages/backend/package.json
@@ -6,32 +6,32 @@
 	"scripts": {
 		"start": "node ./built/index.js",
 		"start:test": "NODE_ENV=test node ./built/index.js",
-		"migrate": "typeorm migration:run -d ormconfig.js",
+		"migrate": "pnpm typeorm migration:run -d ormconfig.js",
 		"build": "tsc -p tsconfig.json || echo done. && tsc-alias -p tsconfig.json",
 		"watch": "node watch.mjs",
 		"lint": "tsc --noEmit && eslint --quiet \"src/**/*.ts\"",
 		"jest": "cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --forceExit --runInBand",
 		"jest-and-coverage": "cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --coverage --forceExit --runInBand",
 		"jest-clear": "cross-env NODE_ENV=test node --experimental-vm-modules --experimental-import-meta-resolve node_modules/jest/bin/jest.js --clearCache",
-		"test": "yarn jest",
-		"test-and-coverage": "yarn jest-and-coverage"
+		"test": "pnpm jest",
+		"test-and-coverage": "pnpm jest-and-coverage"
 	},
 	"optionalDependencies": {
 		"@tensorflow/tfjs": "^4.1.0",
 		"@tensorflow/tfjs-node": "4.1.0"
 	},
 	"dependencies": {
-		"@bull-board/api": "^4.10.1",
-		"@bull-board/fastify": "^4.10.1",
-		"@bull-board/ui": "^4.10.1",
+		"@bull-board/api": "^4.10.2",
+		"@bull-board/fastify": "^4.10.2",
+		"@bull-board/ui": "^4.10.2",
 		"@discordapp/twemoji": "14.0.2",
 		"@fastify/accepts": "4.1.0",
 		"@fastify/cookie": "^8.3.0",
 		"@fastify/cors": "8.2.0",
 		"@fastify/http-proxy": "^8.4.0",
-		"@fastify/multipart": "7.3.0",
-		"@fastify/static": "6.6.0",
-		"@fastify/view": "7.3.0",
+		"@fastify/multipart": "7.4.0",
+		"@fastify/static": "6.6.1",
+		"@fastify/view": "7.4.0",
 		"@nestjs/common": "9.2.1",
 		"@nestjs/core": "9.2.1",
 		"@nestjs/testing": "9.2.1",
@@ -41,7 +41,7 @@
 		"ajv": "8.12.0",
 		"archiver": "5.3.1",
 		"autwh": "0.1.0",
-		"aws-sdk": "2.1289.0",
+		"aws-sdk": "2.1295.0",
 		"bcryptjs": "2.4.3",
 		"blurhash": "2.0.4",
 		"bull": "4.10.2",
@@ -58,7 +58,7 @@
 		"escape-regexp": "0.0.1",
 		"fastify": "4.11.0",
 		"feed": "4.2.2",
-		"file-type": "18.0.0",
+		"file-type": "18.1.0",
 		"fluent-ffmpeg": "2.1.2",
 		"form-data": "^4.0.0",
 		"got": "12.5.3",
@@ -67,7 +67,7 @@
 		"ip-cidr": "3.0.11",
 		"is-svg": "4.3.2",
 		"js-yaml": "4.1.0",
-		"jsdom": "20.0.3",
+		"jsdom": "21.0.0",
 		"json5": "2.2.3",
 		"json5-loader": "4.0.1",
 		"jsonld": "8.1.0",
@@ -77,7 +77,7 @@
 		"misskey-js": "0.0.14",
 		"ms": "3.0.0-canary.1",
 		"nested-property": "4.0.0",
-		"nodemailer": "6.8.0",
+		"nodemailer": "6.9.0",
 		"nsfwjs": "2.4.2",
 		"oauth": "^0.10.0",
 		"os-utils": "0.0.14",
@@ -87,7 +87,7 @@
 		"probe-image-size": "7.2.3",
 		"promise-limit": "2.7.0",
 		"pug": "3.0.2",
-		"punycode": "2.1.1",
+		"punycode": "2.2.0",
 		"pureimage": "0.3.15",
 		"qrcode": "1.5.1",
 		"random-seed": "0.3.0",
@@ -109,26 +109,27 @@
 		"stringz": "2.1.0",
 		"summaly": "2.7.0",
 		"syslog-pro": "git+https://github.com/misskey-dev/SyslogPro#0.2.9-misskey.2",
-		"systeminformation": "5.17.1",
+		"systeminformation": "5.17.3",
 		"tinycolor2": "1.5.2",
 		"tmp": "0.2.1",
 		"tsc-alias": "1.8.2",
 		"tsconfig-paths": "4.1.2",
 		"twemoji-parser": "14.0.0",
 		"typeorm": "0.3.11",
+		"typescript": "4.9.4",
 		"ulid": "2.3.0",
-		"undici": "^5.14.0",
+		"undici": "^5.15.0",
 		"unzipper": "0.10.11",
 		"uuid": "9.0.0",
 		"vary": "1.1.2",
 		"web-push": "3.5.0",
 		"websocket": "1.0.34",
-		"ws": "8.11.0",
+		"ws": "8.12.0",
 		"xev": "3.0.2"
 	},
 	"devDependencies": {
-		"@redocly/openapi-core": "1.0.0-beta.117",
-		"@swc/core": "1.3.25",
+		"@redocly/openapi-core": "1.0.0-beta.120",
+		"@swc/core": "1.3.26",
 		"@swc/jest": "0.2.24",
 		"@types/accepts": "1.3.5",
 		"@types/archiver": "5.3.1",
@@ -172,15 +173,14 @@
 		"@types/web-push": "3.3.2",
 		"@types/websocket": "1.0.5",
 		"@types/ws": "8.5.4",
-		"@typescript-eslint/eslint-plugin": "5.48.0",
-		"@typescript-eslint/parser": "5.48.0",
+		"@typescript-eslint/eslint-plugin": "5.48.1",
+		"@typescript-eslint/parser": "5.48.1",
 		"cross-env": "7.0.3",
 		"eslint": "8.31.0",
-		"eslint-plugin-import": "2.26.0",
+		"eslint-plugin-import": "2.27.4",
 		"execa": "6.1.0",
 		"jest": "29.3.1",
 		"jest-mock": "^29.3.1",
-		"node-fetch": "3.3.0",
-		"typescript": "4.9.4"
+		"node-fetch": "3.3.0"
 	}
 }
--- a/packages/backend/src/core/DriveService.ts
+++ b/packages/backend/src/core/DriveService.ts
@@ -479,8 +479,8 @@ export class DriveService {
 		if (user && !isLink) {
 			const usage = await this.driveFileEntityService.calcDriveUsageOf(user);

-			const role = await this.roleService.getUserRoleOptions(user.id);
-			const driveCapacity = 1024 * 1024 * role.driveCapacityMb;
+			const policies = await this.roleService.getUserPolicies(user.id);
+			const driveCapacity = 1024 * 1024 * policies.driveCapacityMb;
 			this.registerLogger.debug('drive capacity override applied');
 			this.registerLogger.debug(`overrideCap: ${driveCapacity}bytes, usage: ${usage}bytes, u+s: ${usage + info.size}bytes`);

--- a/packages/backend/src/core/FederatedInstanceService.ts
+++ b/packages/backend/src/core/FederatedInstanceService.ts
@@ -34,7 +34,7 @@ export class FederatedInstanceService {
 			const i = await this.instancesRepository.insert({
 				id: this.idService.genId(),
 				host,
-				caughtAt: new Date(),
+				firstRetrievedAt: new Date(),
 			}).then(x => this.instancesRepository.findOneByOrFail(x.identifiers[0]));
 	
 			this.cache.set(host, i);
--- a/packages/backend/src/core/NoteCreateService.ts
+++ b/packages/backend/src/core/NoteCreateService.ts
@@ -226,7 +226,7 @@ export class NoteCreateService {
 		if (data.channel != null) data.localOnly = true;

 		if (data.visibility === 'public' && data.channel == null) {
-			if ((await this.roleService.getUserRoleOptions(user.id)).canPublicNote === false) {
+			if ((await this.roleService.getUserPolicies(user.id)).canPublicNote === false) {
 				data.visibility = 'home';
 			}
 		}
--- a/packages/backend/src/core/NotePiningService.ts
+++ b/packages/backend/src/core/NotePiningService.ts
@@ -12,6 +12,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { ApDeliverManagerService } from '@/core/activitypub/ApDeliverManagerService.js';
 import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
 import { bindThis } from '@/decorators.js';
+import { RoleService } from '@/core/RoleService.js';

@Injectable()
 export class NotePiningService {
@@ -30,6 +31,7 @@ export class NotePiningService {

 		private userEntityService: UserEntityService,
 		private idService: IdService,
+		private roleService: RoleService,
 		private relayService: RelayService,
 		private apDeliverManagerService: ApDeliverManagerService,
 		private apRendererService: ApRendererService,
@@ -55,7 +57,7 @@ export class NotePiningService {

 		const pinings = await this.userNotePiningsRepository.findBy({ userId: user.id });

-		if (pinings.length >= 5) {
+		if (pinings.length >= (await this.roleService.getUserPolicies(user.id)).pinLimit) {
 			throw new IdentifiableError('15a018eb-58e5-4da1-93be-330fcc5e4e1a', 'You can not pin notes any more.');
 		}

--- a/packages/backend/src/core/RoleService.ts
+++ b/packages/backend/src/core/RoleService.ts
@@ -8,33 +8,47 @@ import { DI } from '@/di-symbols.js';
 import { bindThis } from '@/decorators.js';
 import { MetaService } from '@/core/MetaService.js';
 import { UserCacheService } from '@/core/UserCacheService.js';
-import { RoleCondFormulaValue } from '@/models/entities/Role.js';
+import type { RoleCondFormulaValue } from '@/models/entities/Role.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { StreamMessages } from '@/server/api/stream/types.js';
 import type { OnApplicationShutdown } from '@nestjs/common';

-export type RoleOptions = {
+export type RolePolicies = {
 	gtlAvailable: boolean;
 	ltlAvailable: boolean;
 	canPublicNote: boolean;
 	canInvite: boolean;
 	canManageCustomEmojis: boolean;
+	canHideAds: boolean;
 	driveCapacityMb: number;
+	pinLimit: number;
 	antennaLimit: number;
 	wordMuteLimit: number;
 	webhookLimit: number;
+	clipLimit: number;
+	noteEachClipsLimit: number;
+	userListLimit: number;
+	userEachUserListsLimit: number;
+	rateLimitFactor: number;
 };

-export const DEFAULT_ROLE: RoleOptions = {
+export const DEFAULT_POLICIES: RolePolicies = {
 	gtlAvailable: true,
 	ltlAvailable: true,
 	canPublicNote: true,
 	canInvite: false,
 	canManageCustomEmojis: false,
+	canHideAds: false,
 	driveCapacityMb: 100,
+	pinLimit: 5,
 	antennaLimit: 5,
 	wordMuteLimit: 200,
 	webhookLimit: 3,
+	clipLimit: 10,
+	noteEachClipsLimit: 200,
+	userListLimit: 10,
+	userEachUserListsLimit: 50,
+	rateLimitFactor: 1,
 };

@Injectable()
@@ -183,29 +197,45 @@ export class RoleService implements OnApplicationShutdown {
 	}

 	@bindThis
-	public async getUserRoleOptions(userId: User['id'] | null): Promise<RoleOptions> {
+	public async getUserPolicies(userId: User['id'] | null): Promise<RolePolicies> {
 		const meta = await this.metaService.fetch();
-		const baseRoleOptions = { ...DEFAULT_ROLE, ...meta.defaultRoleOverride };
+		const basePolicies = { ...DEFAULT_POLICIES, ...meta.policies };

-		if (userId == null) return baseRoleOptions;
+		if (userId == null) return basePolicies;

 		const roles = await this.getUserRoles(userId);

-		function getOptionValues(option: keyof RoleOptions) {
-			if (roles.length === 0) return [baseRoleOptions[option]];
-			return roles.map(role => (role.options[option] && (role.options[option].useDefault !== true)) ? role.options[option].value : baseRoleOptions[option]);
+		function calc<T extends keyof RolePolicies>(name: T, aggregate: (values: RolePolicies[T][]) => RolePolicies[T]) {
+			if (roles.length === 0) return basePolicies[name];
+
+			const policies = roles.map(role => role.policies[name] ?? { priority: 0, useDefault: true });
+
+			const p2 = policies.filter(policy => policy.priority === 2);
+			if (p2.length > 0) return aggregate(p2.map(policy => policy.useDefault ? basePolicies[name] : policy.value));
+
+			const p1 = policies.filter(policy => policy.priority === 1);
+			if (p1.length > 0) return aggregate(p1.map(policy => policy.useDefault ? basePolicies[name] : policy.value));
+
+			return aggregate(policies.map(policy => policy.useDefault ? basePolicies[name] : policy.value));
 		}

 		return {
-			gtlAvailable: getOptionValues('gtlAvailable').some(x => x === true),
-			ltlAvailable: getOptionValues('ltlAvailable').some(x => x === true),
-			canPublicNote: getOptionValues('canPublicNote').some(x => x === true),
-			canInvite: getOptionValues('canInvite').some(x => x === true),
-			canManageCustomEmojis: getOptionValues('canManageCustomEmojis').some(x => x === true),
-			driveCapacityMb: Math.max(...getOptionValues('driveCapacityMb')),
-			antennaLimit: Math.max(...getOptionValues('antennaLimit')),
-			wordMuteLimit: Math.max(...getOptionValues('wordMuteLimit')),
-			webhookLimit: Math.max(...getOptionValues('webhookLimit')),
+			gtlAvailable: calc('gtlAvailable', vs => vs.some(v => v === true)),
+			ltlAvailable: calc('ltlAvailable', vs => vs.some(v => v === true)),
+			canPublicNote: calc('canPublicNote', vs => vs.some(v => v === true)),
+			canInvite: calc('canInvite', vs => vs.some(v => v === true)),
+			canManageCustomEmojis: calc('canManageCustomEmojis', vs => vs.some(v => v === true)),
+			canHideAds: calc('canHideAds', vs => vs.some(v => v === true)),
+			driveCapacityMb: calc('driveCapacityMb', vs => Math.max(...vs)),
+			pinLimit: calc('pinLimit', vs => Math.max(...vs)),
+			antennaLimit: calc('antennaLimit', vs => Math.max(...vs)),
+			wordMuteLimit: calc('wordMuteLimit', vs => Math.max(...vs)),
+			webhookLimit: calc('webhookLimit', vs => Math.max(...vs)),
+			clipLimit: calc('clipLimit', vs => Math.max(...vs)),
+			noteEachClipsLimit: calc('noteEachClipsLimit', vs => Math.max(...vs)),
+			userListLimit: calc('userListLimit', vs => Math.max(...vs)),
+			userEachUserListsLimit: calc('userEachUserListsLimit', vs => Math.max(...vs)),
+			rateLimitFactor: calc('rateLimitFactor', vs => Math.max(...vs)),
 		};
 	}

--- a/packages/backend/src/core/UserListService.ts
+++ b/packages/backend/src/core/UserListService.ts
@@ -10,6 +10,7 @@ import { DI } from '@/di-symbols.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { ProxyAccountService } from '@/core/ProxyAccountService.js';
 import { bindThis } from '@/decorators.js';
+import { RoleService } from '@/core/RoleService.js';

@Injectable()
 export class UserListService {
@@ -23,13 +24,21 @@ export class UserListService {
 		private userEntityService: UserEntityService,
 		private idService: IdService,
 		private userFollowingService: UserFollowingService,
+		private roleService: RoleService,
 		private globalEventServie: GlobalEventService,
 		private proxyAccountService: ProxyAccountService,
 	) {
 	}

 	@bindThis
-	public async push(target: User, list: UserList) {
+	public async push(target: User, list: UserList, me: User) {
+		const currentCount = await this.userListJoiningsRepository.countBy({
+			userListId: list.id,
+		});
+		if (currentCount > (await this.roleService.getUserPolicies(me.id)).userEachUserListsLimit) {
+			throw new Error('Too many users');
+		}
+
 		await this.userListJoiningsRepository.insert({
 			id: this.idService.genId(),
 			createdAt: new Date(),
--- a/packages/backend/src/core/entities/InstanceEntityService.ts
+++ b/packages/backend/src/core/entities/InstanceEntityService.ts
@@ -29,7 +29,7 @@ export class InstanceEntityService {
 		const meta = await this.metaService.fetch();
 		return {
 			id: instance.id,
-			caughtAt: instance.caughtAt.toISOString(),
+			firstRetrievedAt: instance.firstRetrievedAt.toISOString(),
 			host: instance.host,
 			usersCount: instance.usersCount,
 			notesCount: instance.notesCount,
--- a/packages/backend/src/core/entities/RoleEntityService.ts
+++ b/packages/backend/src/core/entities/RoleEntityService.ts
@@ -6,7 +6,7 @@ import type { Packed } from '@/misc/schema.js';
 import type { User } from '@/models/entities/User.js';
 import type { Role } from '@/models/entities/Role.js';
 import { bindThis } from '@/decorators.js';
-import { DEFAULT_ROLE } from '@/core/RoleService.js';
+import { DEFAULT_POLICIES } from '@/core/RoleService.js';
 import { UserEntityService } from './UserEntityService.js';

@Injectable()
@@ -40,10 +40,11 @@ export class RoleEntityService {
 			roleId: role.id,
 		});

-		const roleOptions = { ...role.options };
-		for (const [k, v] of Object.entries(DEFAULT_ROLE)) {
-			if (roleOptions[k] == null) roleOptions[k] = {
+		const policies = { ...role.policies };
+		for (const [k, v] of Object.entries(DEFAULT_POLICIES)) {
+			if (policies[k] == null) policies[k] = {
 				useDefault: true,
+				priority: 0,
 				value: v,
 			};
 		}
@@ -61,7 +62,7 @@ export class RoleEntityService {
 			isAdministrator: role.isAdministrator,
 			isModerator: role.isModerator,
 			canEditMembersByModerator: role.canEditMembersByModerator,
-			options: roleOptions,
+			policies: policies,
 			usersCount: assigns.length,
 			...(opts.detail ? {
 				users: this.userEntityService.packMany(assigns.map(x => x.userId), me),
--- a/packages/backend/src/core/entities/UserEntityService.ts
+++ b/packages/backend/src/core/entities/UserEntityService.ts
@@ -423,7 +423,7 @@ export class UserEntityService implements OnModuleInit {
 				bannerUrl: user.banner ? this.driveFileEntityService.getPublicUrl(user.banner, false) : null,
 				bannerBlurhash: user.banner?.blurhash ?? null,
 				isLocked: user.isLocked,
-				isSilenced: this.roleService.getUserRoleOptions(user.id).then(r => !r.canPublicNote),
+				isSilenced: this.roleService.getUserPolicies(user.id).then(r => !r.canPublicNote),
 				isSuspended: user.isSuspended ?? falsy,
 				description: profile!.description,
 				location: profile!.location,
@@ -496,7 +496,7 @@ export class UserEntityService implements OnModuleInit {
 			} : {}),

 			...(opts.includeSecrets ? {
-				role: this.roleService.getUserRoleOptions(user.id),
+				policies: this.roleService.getUserPolicies(user.id),
 				email: profile!.email,
 				emailVerified: profile!.emailVerified,
 				securityKeysList: profile!.twoFactorEnabled
--- a/packages/backend/src/models/entities/Instance.ts
+++ b/packages/backend/src/models/entities/Instance.ts
@@ -13,7 +13,7 @@ export class Instance {
 	@Column('timestamp with time zone', {
 		comment: 'The caught date of the Instance.',
 	})
-	public caughtAt: Date;
+	public firstRetrievedAt: Date;

 	/**
 	 * ホスト
--- a/packages/backend/src/models/entities/Meta.ts
+++ b/packages/backend/src/models/entities/Meta.ts
@@ -458,5 +458,5 @@ export class Meta {
 	@Column('jsonb', {
 		default: { },
 	})
-	public defaultRoleOverride: Record<string, any>;
+	public policies: Record<string, any>;
 }
--- a/packages/backend/src/models/entities/Role.ts
+++ b/packages/backend/src/models/entities/Role.ts
@@ -136,8 +136,9 @@ export class Role {
 	@Column('jsonb', {
 		default: { },
 	})
-	public options: Record<string, {
+	public policies: Record<string, {
 		useDefault: boolean;
+		priority: number;
 		value: any;
 	}>;
 }
--- a/packages/backend/src/models/entities/User.ts
+++ b/packages/backend/src/models/entities/User.ts
@@ -232,6 +232,6 @@ export type CacheableUser = CacheableLocalUser | CacheableRemoteUser;
 export const localUsernameSchema = { type: 'string', pattern: /^\w{1,20}$/.toString().slice(1, -1) } as const;
 export const passwordSchema = { type: 'string', minLength: 1 } as const;
 export const nameSchema = { type: 'string', minLength: 1, maxLength: 50 } as const;
-export const descriptionSchema = { type: 'string', minLength: 1, maxLength: 500 } as const;
+export const descriptionSchema = { type: 'string', minLength: 1, maxLength: 1500 } as const;
 export const locationSchema = { type: 'string', minLength: 1, maxLength: 50 } as const;
 export const birthdaySchema = { type: 'string', pattern: /^([0-9]{4})-([0-9]{2})-([0-9]{2})$/.toString().slice(1, -1) } as const;
--- a/packages/backend/src/models/schema/federation-instance.ts
+++ b/packages/backend/src/models/schema/federation-instance.ts
@@ -6,7 +6,7 @@ export const packedFederationInstanceSchema = {
 			optional: false, nullable: false,
 			format: 'id',
 		},
-		caughtAt: {
+		firstRetrievedAt: {
 			type: 'string',
 			optional: false, nullable: false,
 			format: 'date-time',
--- a/packages/backend/src/queue/processors/ImportUserListsProcessorService.ts
+++ b/packages/backend/src/queue/processors/ImportUserListsProcessorService.ts
@@ -10,10 +10,10 @@ import { DownloadService } from '@/core/DownloadService.js';
 import { UserListService } from '@/core/UserListService.js';
 import { IdService } from '@/core/IdService.js';
 import { UtilityService } from '@/core/UtilityService.js';
+import { bindThis } from '@/decorators.js';
 import { QueueLoggerService } from '../QueueLoggerService.js';
 import type Bull from 'bull';
 import type { DbUserImportJobData } from '../types.js';
-import { bindThis } from '@/decorators.js';

@Injectable()
 export class ImportUserListsProcessorService {
@@ -102,7 +102,7 @@ export class ImportUserListsProcessorService {

 				if (await this.userListJoiningsRepository.findOneBy({ userListId: list!.id, userId: target.id }) != null) continue;

-				this.userListService.push(target, list!);
+				this.userListService.push(target, list!, user);
 			} catch (e) {
 				this.logger.warn(`Error in line:${linenum} ${e}`);
 			}
--- a/packages/backend/src/server/NodeinfoServerService.ts
+++ b/packages/backend/src/server/NodeinfoServerService.ts
@@ -10,7 +10,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { bindThis } from '@/decorators.js';
 import NotesChart from '@/core/chart/charts/notes.js';
 import UsersChart from '@/core/chart/charts/users.js';
-import { DEFAULT_ROLE } from '@/core/RoleService.js';
+import { DEFAULT_POLICIES } from '@/core/RoleService.js';
 import type { FastifyInstance, FastifyPluginOptions } from 'fastify';

 const nodeinfo2_1path = '/nodeinfo/2.1';
@@ -74,7 +74,7 @@ export class NodeinfoServerService {

 			const proxyAccount = meta.proxyAccountId ? await this.userEntityService.pack(meta.proxyAccountId).catch(() => null) : null;

-			const baseRoleOptions = { ...DEFAULT_ROLE, ...meta.defaultRoleOverride };
+			const basePolicies = { ...DEFAULT_POLICIES, ...meta.policies };

 			return {
 				software: {
@@ -105,8 +105,8 @@ export class NodeinfoServerService {
 					repositoryUrl: meta.repositoryUrl,
 					feedbackUrl: meta.feedbackUrl,
 					disableRegistration: meta.disableRegistration,
-					disableLocalTimeline: !baseRoleOptions.ltlAvailable,
-					disableGlobalTimeline: !baseRoleOptions.gtlAvailable,
+					disableLocalTimeline: !basePolicies.ltlAvailable,
+					disableGlobalTimeline: !basePolicies.gtlAvailable,
 					emailRequiredForSignup: meta.emailRequiredForSignup,
 					enableHcaptcha: meta.enableHcaptcha,
 					enableRecaptcha: meta.enableRecaptcha,
--- a/packages/backend/src/server/api/ApiCallService.ts
+++ b/packages/backend/src/server/api/ApiCallService.ts
@@ -224,8 +224,11 @@ export class ApiCallService implements OnApplicationShutdown {
 				limit.key = ep.name;
 			}

+			// TODO: 毎リクエスト計算するのもあれだしキャッシュしたい
+			const factor = user ? (await this.roleService.getUserPolicies(user.id)).rateLimitFactor : 1;
+
 			// Rate limit
-			await this.rateLimiterService.limit(limit as IEndpointMeta['limit'] & { key: NonNullable<string> }, limitActor).catch(err => {
+			await this.rateLimiterService.limit(limit as IEndpointMeta['limit'] & { key: NonNullable<string> }, limitActor, factor).catch(err => {
 				throw new ApiError({
 					message: 'Rate limit exceeded. Please try again later.',
 					code: 'RATE_LIMIT_EXCEEDED',
@@ -271,9 +274,9 @@ export class ApiCallService implements OnApplicationShutdown {
 			}
 		}

-		if (ep.meta.requireRoleOption != null && !user!.isRoot) {
-			const myRole = await this.roleService.getUserRoleOptions(user!.id);
-			if (!myRole[ep.meta.requireRoleOption]) {
+		if (ep.meta.requireRolePolicy != null && !user!.isRoot) {
+			const policies = await this.roleService.getUserPolicies(user!.id);
+			if (!policies[ep.meta.requireRolePolicy]) {
 				throw new ApiError({
 					message: 'You are not assigned to a required role.',
 					code: 'ROLE_PERMISSION_DENIED',
--- a/packages/backend/src/server/api/EndpointsModule.ts
+++ b/packages/backend/src/server/api/EndpointsModule.ts
@@ -65,7 +65,7 @@ import * as ep___admin_roles_show from './endpoints/admin/roles/show.js';
 import * as ep___admin_roles_update from './endpoints/admin/roles/update.js';
 import * as ep___admin_roles_assign from './endpoints/admin/roles/assign.js';
 import * as ep___admin_roles_unassign from './endpoints/admin/roles/unassign.js';
-import * as ep___admin_roles_updateDefaultRoleOverride from './endpoints/admin/roles/update-default-role-override.js';
+import * as ep___admin_roles_updateDefaultPolicies from './endpoints/admin/roles/update-default-policies.js';
 import * as ep___announcements from './endpoints/announcements.js';
 import * as ep___antennas_create from './endpoints/antennas/create.js';
 import * as ep___antennas_delete from './endpoints/antennas/delete.js';
@@ -399,7 +399,7 @@ const $admin_roles_show: Provider = { provide: 'ep:admin/roles/show', useClass:
 const $admin_roles_update: Provider = { provide: 'ep:admin/roles/update', useClass: ep___admin_roles_update.default };
 const $admin_roles_assign: Provider = { provide: 'ep:admin/roles/assign', useClass: ep___admin_roles_assign.default };
 const $admin_roles_unassign: Provider = { provide: 'ep:admin/roles/unassign', useClass: ep___admin_roles_unassign.default };
-const $admin_roles_updateDefaultRoleOverride: Provider = { provide: 'ep:admin/roles/update-default-role-override', useClass: ep___admin_roles_updateDefaultRoleOverride.default };
+const $admin_roles_updateDefaultPolicies: Provider = { provide: 'ep:admin/roles/update-default-policies', useClass: ep___admin_roles_updateDefaultPolicies.default };
 const $announcements: Provider = { provide: 'ep:announcements', useClass: ep___announcements.default };
 const $antennas_create: Provider = { provide: 'ep:antennas/create', useClass: ep___antennas_create.default };
 const $antennas_delete: Provider = { provide: 'ep:antennas/delete', useClass: ep___antennas_delete.default };
@@ -737,7 +737,7 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
 		$admin_roles_update,
 		$admin_roles_assign,
 		$admin_roles_unassign,
-		$admin_roles_updateDefaultRoleOverride,
+		$admin_roles_updateDefaultPolicies,
 		$announcements,
 		$antennas_create,
 		$antennas_delete,
@@ -1069,7 +1069,7 @@ const $retention: Provider = { provide: 'ep:retention', useClass: ep___retention
 		$admin_roles_update,
 		$admin_roles_assign,
 		$admin_roles_unassign,
-		$admin_roles_updateDefaultRoleOverride,
+		$admin_roles_updateDefaultPolicies,
 		$announcements,
 		$antennas_create,
 		$antennas_delete,
--- a/packages/backend/src/server/api/RateLimiterService.ts
+++ b/packages/backend/src/server/api/RateLimiterService.ts
@@ -26,7 +26,7 @@ export class RateLimiterService {
 	}

 	@bindThis
-	public limit(limitation: IEndpointMeta['limit'] & { key: NonNullable<string> }, actor: string) {
+	public limit(limitation: IEndpointMeta['limit'] & { key: NonNullable<string> }, actor: string, factor = 1) {
 		return new Promise<void>((ok, reject) => {
 			if (this.disabled) ok();

@@ -34,7 +34,7 @@ export class RateLimiterService {
 			const min = (): void => {
 				const minIntervalLimiter = new Limiter({
 					id: `${actor}:${limitation.key}:min`,
-					duration: limitation.minInterval,
+					duration: limitation.minInterval * factor,
 					max: 1,
 					db: this.redisClient,
 				});
@@ -62,8 +62,8 @@ export class RateLimiterService {
 			const max = (): void => {
 				const limiter = new Limiter({
 					id: `${actor}:${limitation.key}`,
-					duration: limitation.duration,
-					max: limitation.max,
+					duration: limitation.duration * factor,
+					max: limitation.max / factor,
 					db: this.redisClient,
 				});
 		
--- a/packages/backend/src/server/api/endpoints.ts
+++ b/packages/backend/src/server/api/endpoints.ts
@@ -64,7 +64,7 @@ import * as ep___admin_roles_show from './endpoints/admin/roles/show.js';
 import * as ep___admin_roles_update from './endpoints/admin/roles/update.js';
 import * as ep___admin_roles_assign from './endpoints/admin/roles/assign.js';
 import * as ep___admin_roles_unassign from './endpoints/admin/roles/unassign.js';
-import * as ep___admin_roles_updateDefaultRoleOverride from './endpoints/admin/roles/update-default-role-override.js';
+import * as ep___admin_roles_updateDefaultPolicies from './endpoints/admin/roles/update-default-policies.js';
 import * as ep___announcements from './endpoints/announcements.js';
 import * as ep___antennas_create from './endpoints/antennas/create.js';
 import * as ep___antennas_delete from './endpoints/antennas/delete.js';
@@ -396,7 +396,7 @@ const eps = [
 	['admin/roles/update', ep___admin_roles_update],
 	['admin/roles/assign', ep___admin_roles_assign],
 	['admin/roles/unassign', ep___admin_roles_unassign],
-	['admin/roles/update-default-role-override', ep___admin_roles_updateDefaultRoleOverride],
+	['admin/roles/update-default-policies', ep___admin_roles_updateDefaultPolicies],
 	['announcements', ep___announcements],
 	['antennas/create', ep___antennas_create],
 	['antennas/delete', ep___antennas_delete],
@@ -695,7 +695,7 @@ export interface IEndpointMeta {
 	 */
 	readonly requireAdmin?: boolean;

-	readonly requireRoleOption?: string;
+	readonly requireRolePolicy?: string;

 	/**
 	 * エンドポイントのリミテーションに関するやつ
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add-aliases-bulk.ts
@@ -8,7 +8,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/add.ts
@@ -14,7 +14,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',

 	errors: {
 		noSuchFile: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/copy.ts
@@ -14,7 +14,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete-bulk.ts
@@ -9,7 +9,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/delete.ts
@@ -10,7 +10,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/import-zip.ts
@@ -5,7 +5,7 @@ import { QueueService } from '@/core/QueueService.js';
 export const meta = {
 	secure: true,
 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/list-remote.ts
@@ -11,7 +11,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/emoji/list.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/list.ts
@@ -11,7 +11,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',

 	res: {
 		type: 'array',
--- a/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/remove-aliases-bulk.ts
@@ -8,7 +8,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-aliases-bulk.ts
@@ -8,7 +8,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/set-category-bulk.ts
@@ -8,7 +8,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',
 } as const;

 export const paramDef = {
--- a/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/emoji/update.ts
@@ -9,7 +9,7 @@ export const meta = {
 	tags: ['admin'],

 	requireCredential: true,
-	requireRoleOption: 'canManageCustomEmojis',
+	requireRolePolicy: 'canManageCustomEmojis',

 	errors: {
 		noSuchEmoji: {
--- a/packages/backend/src/server/api/endpoints/admin/meta.ts
+++ b/packages/backend/src/server/api/endpoints/admin/meta.ts
@@ -4,7 +4,7 @@ import { Endpoint } from '@/server/api/endpoint-base.js';
 import { MetaService } from '@/core/MetaService.js';
 import type { Config } from '@/config.js';
 import { DI } from '@/di-symbols.js';
-import { DEFAULT_ROLE } from '@/core/RoleService.js';
+import { DEFAULT_POLICIES } from '@/core/RoleService.js';

 export const meta = {
 	tags: ['meta'],
@@ -440,7 +440,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				deeplIsPro: instance.deeplIsPro,
 				enableIpLogging: instance.enableIpLogging,
 				enableActiveEmailValidation: instance.enableActiveEmailValidation,
-				baseRole: { ...DEFAULT_ROLE, ...instance.defaultRoleOverride },
+				policies: { ...DEFAULT_POLICIES, ...instance.policies },
 			};
 		});
 	}
--- a/packages/backend/src/server/api/endpoints/admin/roles/create.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/create.ts
@@ -25,7 +25,7 @@ export const paramDef = {
 		isModerator: { type: 'boolean' },
 		isAdministrator: { type: 'boolean' },
 		canEditMembersByModerator: { type: 'boolean' },
-		options: {
+		policies: {
 			type: 'object',
 		},
 	},
@@ -39,7 +39,7 @@ export const paramDef = {
 		'isModerator',
 		'isAdministrator',
 		'canEditMembersByModerator',
-		'options',
+		'policies',
 	],
 } as const;

@@ -70,7 +70,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				isAdministrator: ps.isAdministrator,
 				isModerator: ps.isModerator,
 				canEditMembersByModerator: ps.canEditMembersByModerator,
-				options: ps.options,
+				policies: ps.policies,
 			}).then(x => this.rolesRepository.findOneByOrFail(x.identifiers[0]));
 	
 			this.globalEventService.publishInternalEvent('roleCreated', created);
--- a/packages/backend/src/server/api/endpoints/admin/roles/update-default-role-override.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/update-default-role-override.ts
@@ -16,12 +16,12 @@ export const meta = {
 export const paramDef = {
 	type: 'object',
 	properties: {
-		options: {
+		policies: {
 			type: 'object',
 		},
 	},
 	required: [
-		'options',
+		'policies',
 	],
 } as const;

@@ -34,9 +34,9 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 	) {
 		super(meta, paramDef, async (ps) => {
 			await this.metaService.update({
-				defaultRoleOverride: ps.options,
+				policies: ps.policies,
 			});
-			this.globalEventService.publishInternalEvent('defaultRoleOverrideUpdated', ps.options);
+			this.globalEventService.publishInternalEvent('policiesUpdated', ps.policies);
 		});
 	}
 }
--- a/packages/backend/src/server/api/endpoints/admin/roles/update.ts
+++ b/packages/backend/src/server/api/endpoints/admin/roles/update.ts
@@ -33,7 +33,7 @@ export const paramDef = {
 		isModerator: { type: 'boolean' },
 		isAdministrator: { type: 'boolean' },
 		canEditMembersByModerator: { type: 'boolean' },
-		options: {
+		policies: {
 			type: 'object',
 		},
 	},
@@ -48,7 +48,7 @@ export const paramDef = {
 		'isModerator',
 		'isAdministrator',
 		'canEditMembersByModerator',
-		'options',
+		'policies',
 	],
 } as const;

@@ -79,7 +79,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				isModerator: ps.isModerator,
 				isAdministrator: ps.isAdministrator,
 				canEditMembersByModerator: ps.canEditMembersByModerator,
-				options: ps.options,
+				policies: ps.policies,
 			});
 			const updated = await this.rolesRepository.findOneByOrFail({ id: ps.roleId });
 			this.globalEventService.publishInternalEvent('roleUpdated', updated);
--- a/packages/backend/src/server/api/endpoints/admin/show-user.ts
+++ b/packages/backend/src/server/api/endpoints/admin/show-user.ts
@@ -52,7 +52,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			}

 			const isModerator = await this.roleService.isModerator(user);
-			const isSilenced = !(await this.roleService.getUserRoleOptions(user.id)).canPublicNote;
+			const isSilenced = !(await this.roleService.getUserPolicies(user.id)).canPublicNote;

 			const _me = await this.usersRepository.findOneByOrFail({ id: me.id });
 			if (!await this.roleService.isAdministrator(_me) && await this.roleService.isAdministrator(user)) {
@@ -94,6 +94,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				lastActiveDate: user.lastActiveDate,
 				moderationNote: profile.moderationNote,
 				signins,
+				policies: await this.roleService.getUserPolicies(user.id),
 				roles: await this.roleEntityService.packMany(roles, me, { detail: false }),
 			};
 		});
--- a/packages/backend/src/server/api/endpoints/antennas/create.ts
+++ b/packages/backend/src/server/api/endpoints/antennas/create.ts
@@ -92,7 +92,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			const currentAntennasCount = await this.antennasRepository.countBy({
 				userId: me.id,
 			});
-			if (currentAntennasCount > (await this.roleService.getUserRoleOptions(me.id)).antennaLimit) {
+			if (currentAntennasCount > (await this.roleService.getUserPolicies(me.id)).antennaLimit) {
 				throw new ApiError(meta.errors.tooManyAntennas);
 			}

--- a/packages/backend/src/server/api/endpoints/blocking/create.ts
+++ b/packages/backend/src/server/api/endpoints/blocking/create.ts
@@ -5,15 +5,15 @@ import type { UsersRepository, BlockingsRepository } from '@/models/index.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { UserBlockingService } from '@/core/UserBlockingService.js';
 import { DI } from '@/di-symbols.js';
-import { ApiError } from '../../error.js';
 import { GetterService } from '@/server/api/GetterService.js';
+import { ApiError } from '../../error.js';

 export const meta = {
 	tags: ['account'],

 	limit: {
 		duration: ms('1hour'),
-		max: 100,
+		max: 20,
 	},

 	requireCredential: true,
--- a/packages/backend/src/server/api/endpoints/channels/create.ts
+++ b/packages/backend/src/server/api/endpoints/channels/create.ts
@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { ChannelsRepository, DriveFilesRepository } from '@/models/index.js';
 import type { Channel } from '@/models/entities/Channel.js';
@@ -14,6 +15,11 @@ export const meta = {

 	kind: 'write:channels',

+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
+
 	res: {
 		type: 'object',
 		optional: false, nullable: false,
--- a/packages/backend/src/server/api/endpoints/clips/add-note.ts
+++ b/packages/backend/src/server/api/endpoints/clips/add-note.ts
@@ -1,10 +1,12 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import { IdService } from '@/core/IdService.js';
 import { DI } from '@/di-symbols.js';
 import type { ClipNotesRepository, ClipsRepository } from '@/models/index.js';
-import { ApiError } from '../../error.js';
 import { GetterService } from '@/server/api/GetterService.js';
+import { RoleService } from '@/core/RoleService.js';
+import { ApiError } from '../../error.js';

 export const meta = {
 	tags: ['account', 'notes', 'clips'],
@@ -13,6 +15,11 @@ export const meta = {

 	kind: 'write:account',

+	limit: {
+		duration: ms('1hour'),
+		max: 20,
+	},
+
 	errors: {
 		noSuchClip: {
 			message: 'No such clip.',
@@ -31,6 +38,12 @@ export const meta = {
 			code: 'ALREADY_CLIPPED',
 			id: '734806c4-542c-463a-9311-15c512803965',
 		},
+
+		tooManyClipNotes: {
+			message: 'You cannot add notes to the clip any more.',
+			code: 'TOO_MANY_CLIP_NOTES',
+			id: 'f0dba960-ff73-4615-8df4-d6ac5d9dc118',
+		},
 	},
 } as const;

@@ -54,6 +67,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 		private clipNotesRepository: ClipNotesRepository,

 		private idService: IdService,
+		private roleService: RoleService,
 		private getterService: GetterService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
@@ -80,6 +94,13 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				throw new ApiError(meta.errors.alreadyClipped);
 			}

+			const currentCount = await this.clipNotesRepository.countBy({
+				clipId: clip.id,
+			});
+			if (currentCount > (await this.roleService.getUserPolicies(me.id)).noteEachClipsLimit) {
+				throw new ApiError(meta.errors.tooManyClipNotes);
+			}
+
 			await this.clipNotesRepository.insert({
 				id: this.idService.genId(),
 				noteId: note.id,
--- a/packages/backend/src/server/api/endpoints/clips/create.ts
+++ b/packages/backend/src/server/api/endpoints/clips/create.ts
@@ -4,6 +4,8 @@ import { IdService } from '@/core/IdService.js';
 import type { ClipsRepository } from '@/models/index.js';
 import { ClipEntityService } from '@/core/entities/ClipEntityService.js';
 import { DI } from '@/di-symbols.js';
+import { RoleService } from '@/core/RoleService.js';
+import { ApiError } from '@/server/api/error.js';

 export const meta = {
 	tags: ['clips'],
@@ -17,6 +19,14 @@ export const meta = {
 		optional: false, nullable: false,
 		ref: 'Clip',
 	},
+
+	errors: {
+		tooManyClips: {
+			message: 'You cannot create clip any more.',
+			code: 'TOO_MANY_CLIPS',
+			id: '920f7c2d-6208-4b76-8082-e632020f5883',
+		},
+	},
 } as const;

 export const paramDef = {
@@ -37,9 +47,17 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 		private clipsRepository: ClipsRepository,

 		private clipEntityService: ClipEntityService,
+		private roleService: RoleService,
 		private idService: IdService,
 	) {
 		super(meta, paramDef, async (ps, me) => {
+			const currentCount = await this.clipsRepository.countBy({
+				userId: me.id,
+			});
+			if (currentCount > (await this.roleService.getUserPolicies(me.id)).clipLimit) {
+				throw new ApiError(meta.errors.tooManyClips);
+			}
+	
 			const clip = await this.clipsRepository.insert({
 				id: this.idService.genId(),
 				createdAt: new Date(),
--- a/packages/backend/src/server/api/endpoints/drive.ts
+++ b/packages/backend/src/server/api/endpoints/drive.ts
@@ -47,10 +47,10 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			// Calculate drive usage
 			const usage = await this.driveFileEntityService.calcDriveUsageOf(me.id);

-			const myRole = await this.roleService.getUserRoleOptions(me.id);
+			const policies = await this.roleService.getUserPolicies(me.id);

 			return {
-				capacity: 1024 * 1024 * myRole.driveCapacityMb,
+				capacity: 1024 * 1024 * policies.driveCapacityMb,
 				usage: usage,
 			};
 		});
--- a/packages/backend/src/server/api/endpoints/drive/folders/create.ts
+++ b/packages/backend/src/server/api/endpoints/drive/folders/create.ts
@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { DriveFoldersRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
@@ -14,6 +15,11 @@ export const meta = {

 	kind: 'write:drive',

+	limit: {
+		duration: ms('1hour'),
+		max: 10,
+	},
+
 	errors: {
 		noSuchFolder: {
 			message: 'No such folder.',
--- a/packages/backend/src/server/api/endpoints/federation/instances.ts
+++ b/packages/backend/src/server/api/endpoints/federation/instances.ts
@@ -63,8 +63,8 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 				case '-following': query.orderBy('instance.followingCount', 'ASC'); break;
 				case '+followers': query.orderBy('instance.followersCount', 'DESC'); break;
 				case '-followers': query.orderBy('instance.followersCount', 'ASC'); break;
-				case '+caughtAt': query.orderBy('instance.caughtAt', 'DESC'); break;
-				case '-caughtAt': query.orderBy('instance.caughtAt', 'ASC'); break;
+				case '+firstRetrievedAt': query.orderBy('instance.firstRetrievedAt', 'DESC'); break;
+				case '-firstRetrievedAt': query.orderBy('instance.firstRetrievedAt', 'ASC'); break;
 				case '+latestRequestReceivedAt': query.orderBy('instance.latestRequestReceivedAt', 'DESC', 'NULLS LAST'); break;
 				case '-latestRequestReceivedAt': query.orderBy('instance.latestRequestReceivedAt', 'ASC', 'NULLS FIRST'); break;

--- a/packages/backend/src/server/api/endpoints/following/create.ts
+++ b/packages/backend/src/server/api/endpoints/following/create.ts
@@ -6,15 +6,15 @@ import { IdentifiableError } from '@/misc/identifiable-error.js';
 import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { UserFollowingService } from '@/core/UserFollowingService.js';
 import { DI } from '@/di-symbols.js';
-import { ApiError } from '../../error.js';
 import { GetterService } from '@/server/api/GetterService.js';
+import { ApiError } from '../../error.js';

 export const meta = {
 	tags: ['following', 'users'],

 	limit: {
 		duration: ms('1hour'),
-		max: 100,
+		max: 50,
 	},

 	requireCredential: true,
--- a/packages/backend/src/server/api/endpoints/gallery/posts/create.ts
+++ b/packages/backend/src/server/api/endpoints/gallery/posts/create.ts
@@ -18,7 +18,7 @@ export const meta = {

 	limit: {
 		duration: ms('1hour'),
-		max: 300,
+		max: 20,
 	},

 	res: {
--- a/packages/backend/src/server/api/endpoints/i/update.ts
+++ b/packages/backend/src/server/api/endpoints/i/update.ts
@@ -173,7 +173,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			if (ps.mutedWords !== undefined) {
 				// TODO: ちゃんと数える
 				const length = JSON.stringify(ps.mutedWords).length;
-				if (length > (await this.roleService.getUserRoleOptions(user.id)).wordMuteLimit) {
+				if (length > (await this.roleService.getUserPolicies(user.id)).wordMuteLimit) {
 					throw new ApiError(meta.errors.tooManyMutedWords);
 				}

--- a/packages/backend/src/server/api/endpoints/i/webhooks/create.ts
+++ b/packages/backend/src/server/api/endpoints/i/webhooks/create.ts
@@ -6,6 +6,7 @@ import { webhookEventTypes } from '@/models/entities/Webhook.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
 import { RoleService } from '@/core/RoleService.js';
+import { ApiError } from '@/server/api/error.js';

 export const meta = {
 	tags: ['webhooks'],
@@ -53,7 +54,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {
 			const currentWebhooksCount = await this.webhooksRepository.countBy({
 				userId: me.id,
 			});
-			if (currentWebhooksCount > (await this.roleService.getUserRoleOptions(me.id)).webhookLimit) {
+			if (currentWebhooksCount > (await this.roleService.getUserPolicies(me.id)).webhookLimit) {
 				throw new ApiError(meta.errors.tooManyWebhooks);
 			}

--- a/packages/backend/src/server/api/endpoints/invite.ts
+++ b/packages/backend/src/server/api/endpoints/invite.ts
@@ -9,7 +9,7 @@ export const meta = {
 	tags: ['meta'],

 	requireCredential: true,
-	requireRoleOption: 'canInvite',
+	requireRolePolicy: 'canInvite',

 	res: {
 		type: 'object',
--- a/packages/backend/src/server/api/endpoints/messaging/messages/create.ts
+++ b/packages/backend/src/server/api/endpoints/messaging/messages/create.ts
@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import type { BlockingsRepository, UserGroupJoiningsRepository, DriveFilesRepository, UserGroupsRepository } from '@/models/index.js';
 import type { User } from '@/models/entities/User.js';
@@ -15,6 +16,11 @@ export const meta = {

 	kind: 'write:messaging',

+	limit: {
+		duration: ms('1hour'),
+		max: 120,
+	},
+
 	res: {
 		type: 'object',
 		optional: false, nullable: false,
--- a/packages/backend/src/server/api/endpoints/meta.ts
+++ b/packages/backend/src/server/api/endpoints/meta.ts
@@ -7,7 +7,7 @@ import { UserEntityService } from '@/core/entities/UserEntityService.js';
 import { MetaService } from '@/core/MetaService.js';
 import type { Config } from '@/config.js';
 import { DI } from '@/di-symbols.js';
-import { DEFAULT_ROLE } from '@/core/RoleService.js';
+import { DEFAULT_POLICIES } from '@/core/RoleService.js';

 export const meta = {
 	tags: ['meta'],
@@ -334,7 +334,7 @@ export default class extends Endpoint<typeof meta, typeof paramDef> {

 				translatorAvailable: instance.deeplAuthKey != null,

-				baseRole: { ...DEFAULT_ROLE, ...instance.defaultRoleOverride },
+				policies: { ...DEFAULT_POLICIES, ...instance.policies },

 				...(ps.detail ? {
 					pinnedPages: instance.pinnedPages,
--- a/packages/backend/src/server/api/endpoints/mute/create.ts
+++ b/packages/backend/src/server/api/endpoints/mute/create.ts
@@ -1,12 +1,13 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import { Endpoint } from '@/server/api/endpoint-base.js';
 import { IdService } from '@/core/IdService.js';
 import type { MutingsRepository } from '@/models/index.js';
 import type { Muting } from '@/models/entities/Muting.js';
 import { GlobalEventService } from '@/core/GlobalEventService.js';
 import { DI } from '@/di-symbols.js';
-import { ApiError } from '../../error.js';
 import { GetterService } from '@/server/api/GetterService.js';
+import { ApiError } from '../../error.js';

 export const meta = {
 	tags: ['account'],
@@ -15,6 +16,11 @@ export const meta = {

 	kind: 'write:mutes',

+	limit: {
+		duration: ms('1hour'),
+		max: 20,
+	},
+
 	errors: {
 		noSuchUser: {
 			message: 'No such user.',
--- a/packages/backend/src/server/api/endpoints/notes/favorites/create.ts
+++ b/packages/backend/src/server/api/endpoints/notes/favorites/create.ts
@@ -1,4 +1,5 @@
 import { Inject, Injectable } from '@nestjs/common';
+import ms from 'ms';
 import type { NoteFavoritesRepository } from '@/models/index.js';
 import { IdService } from '@/core/IdService.js';
 import { Endpoint } from '@/server/api/endpoint-base.js';
@@ -13,6 +14,11 @@ export const meta = {

 	kind: 'write:favorites',

+	limit: {
+		duration: ms('1hour'),
+		max: 20,
+	},
+
 	errors: {
 		noSuchNote: {
 			message: 'No such note.',
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
syuilo	d56fc41865	Merge branch 'develop'	2023-01-16 15:21:43 +09:00
syuilo	9d64ac6d6f	13.0.0	2023-01-16 15:18:37 +09:00
syuilo	e13434c2f0	update codename	2023-01-16 15:13:49 +09:00
syuilo	5416a295c1	fix spinner style	2023-01-16 14:24:24 +09:00
syuilo	119c650406	13.0.0-rc.11	2023-01-16 14:21:40 +09:00
syuilo	57386f46d2	New Crowdin updates (#9607 ) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (French) * New translations ja-JP.yml (Spanish) * New translations ja-JP.yml (Arabic) * New translations ja-JP.yml (German) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (Korean) * New translations ja-JP.yml (Polish) * New translations ja-JP.yml (Russian) * New translations ja-JP.yml (Slovak) * New translations ja-JP.yml (Ukrainian) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Vietnamese) * New translations ja-JP.yml (Indonesian) * New translations ja-JP.yml (Bengali) * New translations ja-JP.yml (Thai) * New translations ja-JP.yml (Japanese, Kansai) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Japanese, Kansai)	2023-01-16 14:21:08 +09:00
syuilo	77e491f52c	refactor	2023-01-16 14:18:11 +09:00
syuilo	6f1243f722	Update vite.config.ts	2023-01-16 13:59:14 +09:00
syuilo	fe0bb21b37	enhance(client): make possible to hide ads Resolve #9590 Resolve #8996	2023-01-16 11:21:04 +09:00
syuilo	60d9bb0218	enhance(client): add timeline flash preset	2023-01-16 10:31:30 +09:00
syuilo	956375e2e8	enhance(client): AiScriptからカスタム絵文字一覧を参照できるように	2023-01-16 10:13:14 +09:00
syuilo	0fa602a184	tweak flash omikuji preset	2023-01-16 10:07:46 +09:00
syuilo	d600296360	enhance(client): flash作成時のプリセットを追加	2023-01-16 10:04:10 +09:00
syuilo	c9f5e60f43	Update CHANGELOG.md	2023-01-16 06:40:41 +09:00
syuilo	d513848f65	13.0.0-rc.10	2023-01-16 06:38:00 +09:00
Masaya Suzuki	ae6af6aefd	Copyrightの年が今年になっているかをチェックするCI追加 (#9580 ) * Copyrightの年が今年になっているかをチェックするCI追加 * PRでは動作しないようにする	2023-01-16 06:36:53 +09:00
syuilo	a0ae9f7593	New Crowdin updates (#9589 ) * New translations ja-JP.yml (German) * New translations ja-JP.yml (German) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Romanian) * New translations ja-JP.yml (French) * New translations ja-JP.yml (Spanish) * New translations ja-JP.yml (Arabic) * New translations ja-JP.yml (Czech) * New translations ja-JP.yml (German) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (Korean) * New translations ja-JP.yml (Polish) * New translations ja-JP.yml (Russian) * New translations ja-JP.yml (Slovak) * New translations ja-JP.yml (Ukrainian) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Vietnamese) * New translations ja-JP.yml (Indonesian) * New translations ja-JP.yml (Bengali) * New translations ja-JP.yml (Thai) * New translations ja-JP.yml (Japanese, Kansai) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (German) * New translations ja-JP.yml (Korean) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (Japanese, Kansai)	2023-01-16 06:36:44 +09:00
syuilo	dace5b6940	🎨	2023-01-16 06:35:16 +09:00
syuilo	2d8b97287e	Update CHANGELOG.md	2023-01-16 06:13:32 +09:00
syuilo	ec63a50de2	fix css module	2023-01-16 06:12:43 +09:00
CyberRex	6e2d7e9792	Use pnpm for package manager (#9531 ) * Use pnpm for package manager * Fix * Change github workflow * use pnpm in workflow * fix * Fix test (e2e/jest) * Update Dockerfile for pnpm * Exclude node_modules from file search on VSCode * Update pnpm-lock.yaml * Update pnpm-lock.yaml * Move typescript from devDependencies to dependencies * Fix Dockerfile Co-authored-by: syuilo <Syuilotan@yahoo.co.jp>	2023-01-16 06:08:42 +09:00
syuilo	39349dcba5	enhance(client): プロフィールが長い場合は折りたたむ	2023-01-16 06:06:28 +09:00
syuilo	a5b1fe5d16	🎨	2023-01-16 06:06:05 +09:00
syuilo	91bbb67e4a	プロフィールの文字数制限を緩和	2023-01-16 06:05:58 +09:00
syuilo	f368bce9d5	enhance(client): カスタム絵文字一覧ページにカスタム絵文字管理ページへのリンクを追加	2023-01-16 05:35:01 +09:00
syuilo	fbfe42d6f0	enhance(client): improve usability of user select	2023-01-16 05:29:44 +09:00
syuilo	f3c5ca6cf4	refactor(client): use css modules	2023-01-16 05:26:29 +09:00
syuilo	0022267072	enhance(client): ロールのポリシーを絞り込めるように	2023-01-16 05:19:26 +09:00
syuilo	30fced38c4	refactor: rename instance.caughtAt to instance.firstRetrievedAt	2023-01-16 05:02:38 +09:00
tamaina	7e5f3dbf11	set -webkit-touch-callout (#9447 )	2023-01-16 03:38:16 +09:00
syuilo	9f0dfb5517	typo	2023-01-16 03:16:44 +09:00
tamaina	678c7d9502	Fix style of messaging form, use css module (#9602 ) * Fix style of messaging form, use css module * clean up	2023-01-16 02:37:45 +09:00
CyberRex	91a3c3943d	Dockerfile: copy fluent-emoji assets (#9605 )	2023-01-16 02:24:37 +09:00
tamaina	c46b45a467	Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop	2023-01-15 16:32:37 +00:00
tamaina	9385767b12	fix(client): add :disable-link="true" to some <MkAvatar /> Fix #9606	2023-01-15 16:32:24 +00:00
futchitwo	7795ff0c95	fix: note embedding in Pages editor (#9604 )	2023-01-15 23:47:04 +09:00
tamaina	a9acd72eb7	fix(client): Fix #9600 chat paging issue Previous chat history not shown	2023-01-15 14:28:02 +00:00
Masaya Suzuki	67d366c3ca	fix(client): エラー画像表示崩れ修正 (#9599 )	2023-01-15 21:58:09 +09:00
syuilo	1f8f051ee2	13.0.0-rc.9	2023-01-15 20:56:30 +09:00
Masaya Suzuki	94004b7a3f	Fix widget tests (#9591 )	2023-01-15 20:55:09 +09:00
A.Yamamoto	3e9f88506e	dbヘルスチェックでFATALの表示が出ないように (#9593 )	2023-01-15 20:54:20 +09:00
syuilo	81f11d8f86	refactor: rename role.options -> role.policies	2023-01-15 20:52:53 +09:00
syuilo	518b3e2f73	ロールの各オプションに優先度を設定できるように	2023-01-15 19:10:39 +09:00
syuilo	d0157b3bfd	13.0.0-rc.8	2023-01-15 16:55:08 +09:00
syuilo	7fc8d2e6d5	ロールでレートリミットを調整できるように Resolve #9584	2023-01-15 16:52:12 +09:00
Masaya Suzuki	fb0f9711ba	Update actions/github-script (#9588 )	2023-01-15 16:14:06 +09:00
syuilo	92136272b0	enhance(client): show readable error when rate limit exceeded	2023-01-15 16:13:57 +09:00
Masaya Suzuki	e1159e9ef2	Update actions/checkout (#9587 )	2023-01-15 16:03:18 +09:00
Masaya Suzuki	a2e61c6708	CI Publish Docker image (develop) をforkしたリポジトリでは実行しない (#9585 )	2023-01-15 15:59:01 +09:00
Masaya Suzuki	726959911c	Update actions/setup-node (#9586 )	2023-01-15 15:58:10 +09:00
syuilo	d59914b959	tweak style	2023-01-15 14:18:45 +09:00
syuilo	07025caee9	refactor(client): use css modules	2023-01-15 14:03:28 +09:00
syuilo	1c0289e490	Fix #9582	2023-01-15 13:46:09 +09:00
syuilo	275fcd8bbc	tweak style	2023-01-15 13:39:06 +09:00
Masaya Suzuki	0c0aa93668	GitHub Actionsとpackages/swをDependabotによるアップデート対象にする (#9572 )	2023-01-15 12:12:28 +09:00
Masaya Suzuki	bfcd5ea440	Dockerで構築する場合のconfigファイルの雛形追加 (#9577 )	2023-01-15 12:11:38 +09:00
Masaya Suzuki	3ff43cca02	frontendに@type/nodeをインストールする (#9571 )	2023-01-15 11:55:12 +09:00
Nya Candy	6bd536c526	feat: update year in COPYING file (#9578 ) Happy new year :D	2023-01-15 11:53:22 +09:00
syuilo	7738a36014	refactor(client): use css modules	2023-01-15 11:30:40 +09:00
syuilo	daddec8362	refactor(client): use css modules	2023-01-15 11:22:58 +09:00
syuilo	a3832d73fd	13.0.0-rc.7	2023-01-15 09:19:11 +09:00
syuilo	cedb4267ba	update deps	2023-01-15 09:19:02 +09:00
syuilo	9c6629d582	refactor(client): use css modules	2023-01-15 09:14:17 +09:00
syuilo	4ee4e70ee0	fix(client): Custom emojis in Inline emoji autocomplete(MkAutoComplete) is way too big Fix #9570	2023-01-15 09:09:44 +09:00
syuilo	bb7867351c	typo	2023-01-15 09:03:07 +09:00
syuilo	fea7460930	13.0.0-rc.6	2023-01-15 08:36:51 +09:00
syuilo	1bf2bf1773	New Crowdin updates (#9562 ) * New translations ja-JP.yml (Korean) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (Korean) * New translations ja-JP.yml (Korean)	2023-01-15 08:36:30 +09:00
syuilo	3d668ad10d	Update CHANGELOG.md	2023-01-15 08:36:21 +09:00
Takuya Yoshida	2801338a3c	Fix MODULE_NOT_FOUND (#9563 )	2023-01-15 08:35:36 +09:00
syuilo	b66f4ebba1	chore: use computed	2023-01-15 08:35:03 +09:00
Masaya Suzuki	9ee1b5f30a	Fix widget test (#9565 )	2023-01-15 08:34:26 +09:00
Masaya Suzuki	0f31a0548c	Fix import (#9566 )	2023-01-15 08:33:07 +09:00
syuilo	ffc29aa6f5	refactor(client): use css modules	2023-01-15 08:32:20 +09:00
syuilo	d23aa94b41	refactor(client): use css modules	2023-01-15 08:30:29 +09:00
syuilo	c1b6378951	refactor(client): use css modules	2023-01-15 08:07:11 +09:00
syuilo	bb5d2bda51	refactor(client): use css modules	2023-01-15 08:01:46 +09:00
syuilo	d075471b2d	fix(client): fix custom emoji rendering	2023-01-15 07:53:15 +09:00
Masaya Suzuki	199d98bf79	DB・Redis -> Misskeyの順に起動する (#9569 )	2023-01-15 06:24:56 +09:00
syuilo	3ae798d526	13.0.0-rc.5	2023-01-14 21:09:38 +09:00
Takuya Yoshida	e1bd61c70e	Change docker user to non-root (#9560 )	2023-01-14 21:09:11 +09:00
syuilo	0296f841c3	New Crowdin updates (#9552 ) * New translations ja-JP.yml (Thai) * New translations ja-JP.yml (German) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (English) * New translations ja-JP.yml (German) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (English)	2023-01-14 21:09:00 +09:00
syuilo	bd1f4b8d98	refactor	2023-01-14 21:04:30 +09:00
syuilo	dc19f20153	refactor	2023-01-14 21:04:20 +09:00
syuilo	f5cd809f62	refactor(client): use css modules	2023-01-14 20:51:07 +09:00
syuilo	09d5a7806a	Update style.scss	2023-01-14 20:39:47 +09:00
syuilo	4606f23ed8	refactor(client): use css modules	2023-01-14 20:31:48 +09:00
syuilo	8451e08aaa	Merge branch 'develop' of https://github.com/misskey-dev/misskey into develop	2023-01-14 20:21:06 +09:00
syuilo	2047449294	enhance(server): add rate limits for some endpoints	2023-01-14 20:21:03 +09:00
Masaya Suzuki	d61eee695f	forkしたリポジトリからのPRではCI Destroy preview environment が動作しないようにする (#9559 )	2023-01-14 20:10:09 +09:00
Masaya Suzuki	73b62797cd	CI Deploy preview environmentの不要なトリガー削除 (#9558 ) * CI Deploy preview environmentの不要なトリガー削除 * 不要な条件削除	2023-01-14 19:51:34 +09:00
Masaya Suzuki	170cfc6a0e	E2Eテスト "first widget should be removed" 修正 (#9556 ) * Fix e2e test "first widget should be removed" * E2Eテスト用クラス追加 * empty commit	2023-01-14 19:25:20 +09:00
syuilo	6bf1d7e398	13.0.0-rc.4	2023-01-14 18:50:25 +09:00
syuilo	e46e7f5252	ノートをピン留めできる数を設定可能に Resolve #9555	2023-01-14 18:04:56 +09:00
syuilo	5952f1ac24	Update roles.editor.vue	2023-01-14 17:49:02 +09:00
syuilo	a08369fe36	enhance(client): 分かりやすいエラーメッセージを表示するように	2023-01-14 17:46:45 +09:00
syuilo	6cb9612943	fix import	2023-01-14 17:40:51 +09:00
syuilo	76c049522e	enhance: ユーザーリストおよびユーザーリスト内のユーザーの作成可能数を設定可能に	2023-01-14 17:38:16 +09:00
syuilo	c41879c542	refactor(client): use css modules	2023-01-14 17:23:49 +09:00
syuilo	99bdb11d24	Update CHANGELOG.md	2023-01-14 17:02:49 +09:00
syuilo	c2009acb2d	enhance: クリップおよびクリップ内のノートの作成可能数を設定可能に	2023-01-14 16:14:24 +09:00
syuilo	46d2a8726e	fix missing import	2023-01-14 16:04:13 +09:00
syuilo	7df3ca7388	enhance(server): add rate limits for some endpoints	2023-01-14 15:59:15 +09:00
syuilo	51b8d4ae3e	13.0.0-rc.3	2023-01-14 15:08:30 +09:00
syuilo	ab1124abba	refactor(client): use css modules	2023-01-14 15:05:23 +09:00
syuilo	3db84a2e8f	refactor(client): use css modules	2023-01-14 15:02:14 +09:00
syuilo	9a78bbf0f1	refactor(client): use css modules	2023-01-14 15:01:28 +09:00
syuilo	efbec444e8	refactor(client): use css modules	2023-01-14 14:57:48 +09:00
syuilo	2f06f2a6da	New Crowdin updates (#9544 ) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (German) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Thai) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (Italian) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Thai) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (Chinese Traditional) * New translations ja-JP.yml (English) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (Chinese Simplified) * New translations ja-JP.yml (Chinese Traditional)	2023-01-14 14:20:09 +09:00
tamaina	b8da51e08c	fix css module syntax error	2023-01-14 04:52:42 +00:00
rinsuki	fcabc99303	masterブランチをmaster_securityとマージ (#9260 ) * Fix: forkbomb 2 * 12.119.2 Co-authored-by: mei23 <m@m544.net>	2022-12-04 05:34:51 +09:00
syuilo	fccd9c32e8	12.119.1	2022-12-03 18:42:19 +09:00
syuilo	58a3a0b7d4	forkbomb DOS mitigation	2022-12-03 18:42:06 +09:00
syuilo	a2a1636c10	Merge branch 'develop'	2022-09-10 19:26:43 +09:00
syuilo	46ec0303b7	Merge branch 'develop'	2022-08-08 11:39:04 +09:00
syuilo	3b1669fb6b	Merge branch 'develop'	2022-08-07 00:39:21 +09:00
syuilo	09591fa4ae	Merge branch 'develop'	2022-07-19 17:22:32 +09:00
syuilo	85ce00adc0	Merge branch 'develop'	2022-07-18 05:07:12 +09:00
syuilo	f25518af91	Merge branch 'develop'	2022-07-17 05:35:36 +09:00
syuilo	b796aacf7f	Merge branch 'develop'	2022-07-16 23:53:24 +09:00
syuilo	ff24811676	Merge branch 'develop'	2022-07-16 18:21:44 +09:00
syuilo	4c8a1867f0	Merge branch 'develop'	2022-07-15 22:45:13 +09:00
syuilo	bce48dfee9	Merge branch 'develop'	2022-07-13 21:59:47 +09:00
syuilo	c20311b8a7	Merge branch 'develop'	2022-07-09 18:32:55 +09:00
syuilo	fb14ac50b8	Merge branch 'develop'	2022-07-08 17:34:53 +09:00
syuilo	84d984bd31	Merge branch 'develop'	2022-07-07 21:23:03 +09:00
syuilo	1bc856c451	Merge pull request #8821 from misskey-dev/develop Release: 12.111.1	2022-06-13 00:41:09 +09:00